Minimal Diagnosis and Diagnosability of Discrete-Event Systems Modeled by Automata

In the last several decades, the model-based diagnosis of discrete-event systems (DESs) has increasingly become an active research topic in both control engineering and artificial intelligence. However, in contrast with the widely applied minimal diagnosis of static systems, in most approaches to the diagnosis of DESs, all possible candidate diagnoses are computed, including nonminimal candidates, which may cause intractable complexity when the number of nonminimal diagnoses is very large. According to the principle of parsimony and the principle of joint-probability distribution, generally, the minimal diagnosis of DESs is preferable to a nonminimal diagnosis. To generate more likely diagnoses, the notion of the minimal diagnosis of DESs is presented, which is supported by a minimal diagnoser for the generation of minimal diagnoses. Moreover, to either strongly or weakly decide whether a minimal set of faulty events has definitely occurred or not, two notions of minimal diagnosability are proposed. Necessary and sufficient conditions for determining the minimal diagnosability of DESs are proven. .e relationships between the two types of minimal diagnosability and the classical diagnosability are analysed in depth.


Introduction
In recent years, several disasters, including the nuclear leakage that occurred in Fukushima (Japan) in 2011 and the blackout that occurred in nearly the entire country of India in 2012, have greatly threatened the safety of society and even the lives of many people. To prevent such disasters, determining faulty events/components is a very important topic. To this end, model-based fault diagnosis techniques may be very effective.
However, as far as we know, one of the current main problems is that, in most approaches to diagnosing DESs, all possible candidate diagnoses are derived, even if many candidates are proper supersets of some other candidates. In other words, nonminimal (redundant) diagnoses are generated.
In this paper, we extend the idea of a minimal diagnosis, first presented in [39], via additional theoretical analyses, formal proofs, examples, and comparisons with related work.
Example 1. Among candidate diagnoses (sets of possible faulty events) f 1 , f 2 , f 3 , f 1 , f 2 , f 3 , f 1 , f 3 , f 4 , and f 2 , f 3 , f 4 , only {f 1 } and f 2 , f 3 are minimal according to the set-inclusion relationship, as all other candidates contain f 1 or f 2 , f 3 and include additional faults (f 2 and/or f 3 and/or f 4 ). Minimal diagnosis differs from minimal-cardinality diagnosis. In our example, the only minimal-cardinality diagnosis is f 1 . In this paper, we focus on minimal diagnosis rather than minimal-cardinality diagnosis. In addition, in our example, even if we cannot definitely know whether f 4 has occurred or not, we know that minimal diagnoses {f 1 } and {f 2 , f 3 } are generally more probable than others.
In theory, all possible fault sets need to be diagnosed. However, considering a scenario like Example 1, although there are a large number of possible candidate diagnoses that can explain the current observation sequence, there may exist set-inclusion relationships among some of them. e two principles of parsimony and joint-probability distribution, which are briefly described as follows: (i) e principle of parsimony: also called "Occam's razor" [40], parsimony is a principle of succinctness often adopted in logic and problem solving which states that, among competing hypotheses, the hypothesis with the fewest assumptions should be selected. e principle of parsimony has also been introduced for the minimal diagnosis of static systems [41]. (ii) e principle of joint-probability distribution: a widely used assumption in the literature, in this paper, a joint-probability distribution means that each fault is independent of one another and that the prior probability of each fault is equal.
Minimal diagnoses (based on the set-inclusion relationship (for instance, we assume that there are three candidate diagnoses f 1 , f 1 , f 2 , and f 2 , f 3 , f 4 , f 5 . en, f 1 and f 2 , f 3 , f 4 , f 5 are minimal diagnoses, even if f 2 , f 3 , f 4 , f 5 has a bigger cardinality than f 1 , f 2 but without a set-inclusion relationship between them.)) are more likely than the corresponding nonminimal ones. As a result, just like the minimal diagnosis of static systems [41,42], determining only the minimal diagnoses of DESs is bound to reduce the complexity, as additional nonminimal diagnoses are not considered. e benefit of a minimal diagnosis is related to both cognition and computation. Cognition is relevant to the human who is responsible for the monitoring of the DES. Consider, for instance, the operator in the control room of a power network, who is responsible for the correct behaviour of the network. When a misbehaviour occurs, such as a short circuit on a transmission line, several actions can be triggered by the protection system to isolate the shorted line, e.g., opening breakers and reconfiguring the power load to avoid a blackout. If the reaction of the protection system is abnormal, a possibly large number of alarms and messages will be generated. Since the operator is expected to activate specific recovery actions, it is essential that the (possibly overwhelming) stream of information generated by the system, namely, the observation, be interpreted correctly under stringent time constraints.
is is why automated diagnosis becomes a key factor in supporting the operator in performing his/her critical job. To this end, the diagnosis engine may generate diagnosis information in a relatively short amount of time. Specifically, a set of candidate diagnoses are presented to the operator, who is expected to make critical decisions regarding the safety of the involved population. However, if the number of candidates is large, the operator may be confused about which diagnoses should deserve more attention. Choosing minimal diagnoses is a good heuristic, as they are more probable and, as such, more worthy of attention.
Computation involves the efficient generation of candidate diagnoses. Since a key factor in real applications of automated diagnosis is the time response, that is, the delay between the occurrence of a faulty event and the generation of candidate diagnoses, it is of paramount importance that the diagnosis engine is not only effective but also efficient. Being free of the burden of nonminimal candidates, minimal diagnosis allows the diagnosis engine to be more efficient compared with nonminimal diagnosis with respect to both processing speed and memory space.
In summary, the main contribution of the paper is that the theoretical concepts of minimal diagnosis and minimal diagnosability of DESs are proposed, and meanwhile, the minimal diagnosis of DESs is not a purely academic exercise; it may drive attention to the actual cause of a misbehaviour effectively (cognition) and efficiently (computation). e rest of the paper is organized as follows. e terminology and preliminary concepts related to the modelbased diagnosis of DESs are given in Section 2. Several novel concepts, including minimal diagnosis, minimal diagnoser, and minimal diagnosability of DESs, are presented in Section 3. Related work is discussed in Section 4. Conclusions and future work are presented in Section 5.

Background
In this section, the classical notions of the diagnosis, diagnoser, and diagnosability of DESs [16] are recalled.

Classical Diagnosis of DESs.
A DES is a deterministic finite state machine (FSM), namely, G � (Q, Σ, T, q 0 ), where Q is the set of states. Σ is the set of events, including two disjoint sets of observable events (Σ o ) and unobservable events (Σ uo ); T ⊆ Q × Σ × Q is the set of transitions, where a transition from state q to state q ′ , when event e is activated on state q, is equivalently denoted by (q, e, q ′ ) ∈ T, q ⟶ e q ′ , or T(q, e) � q ′ .
q 0 ∈ Q denotes the initial state of the system. e behaviour of G consists of all possible traces generated from q 0 to some state in G, which form a prefix-closed language L(G), abbreviated as L, with L ⊆ Σ * (Σ * is the set of all possible strings composed of events in Σ, including the empty string ε). For simplicity, we assume that language L is live, that is, For each state q ∈ Q, there exists at least one event σ ∈ Σ such that q ⟶ σ q ′ holds, where q ′ ∈ Q (with q ′ being nonnecessarily different from q).
In addition, similar to [16], we assume that there does not exist any cycle of unobservable events, that is, We denote the empty trace as ε and extend one transition event to a string of transition events as follows: q ⟶ ε q always holds For s ∈ Σ * and σ ∈ Σ, q ⟶ s σ q ′ holds whenever q ⟶ s q ″ and q ″ ⟶ σ q ′ hold for q ″ ∈ Q Denoting a transition in which the entered state is missing, q ⟶ s indicates that, for s ∈ Σ * , there exists at least one state q ′ ∈ Q such that q ⟶ s q ′ holds. e notation L/s represents the postlanguage of L after string s ∈ L, that is, L/s � t | t ∈ Σ * , st ∈ L { }. Two types of projection are given: Prj Σ o (on observation) and P Σ f (on faults). Assuming that σ ∈ Σ and s ∈ Σ * , Prj Σ o :Σ * ⟶ Σ * o represents how a trace is projected onto a sequence of observable events: (1) . P Σ f : Σ * ⟶ 2 Σ f denotes how a (possibly empty) trace s ∈ Σ * is mapped onto a set of faults: Let s e denote the last event of a nonempty trace s ∈ Σ + , where Σ + � Σ * − ε { }, and F ⊆ Σ f . en, S F � s | s ∈ L, { P Σ f (s) � F, s e ∈ F} denotes the set of all traces ending with one fault of F and containing all the faulty events of F.
We use L(G, q) to denote all traces in G starting from state q. Let L o (G, q) � s | s ∈ L(G, q), s � uσ, u ∈ Σ * uo , σ ∈ Σ o } denote all traces starting from state q up to the first observable event and L σ (G, q) � {s | s ∈ L o (G, q), s e � σ} denote all traces starting from q up to the first observable event σ.
nondeterministic (a nondeterministic FSM is a state in G which may reach more than one state via the same transition event. Accordingly, in Figure 1(b), state 1 can reach four different states (2, 7, 14, and 18) via the same observation α)) is defined as follows: and all observable states.
Example 4. With reference to Example 2, Figure 1(b) presents a diagrammatic representation of G o , with G being displayed in Figure 1(a). Based on the abovementioned notions, the notion of the diagnosis of a DES is given in Definition 1.

Definition 1.
Let G � (Q, Σ, T, q 0 ) be a DES, L be the corresponding language of G, and obs ∈ Σ * o be the current observation sequence for G. A subset F ⊆ Σ f is called a candidate diagnosis (or just a diagnosis) of a DES for observation sequence obs (written as F ⇝ obs) iff there is a string of events s ∈ L with s e ∈ Σ o such that In other words, a diagnosis of a DES is a set of faulty events (unlike the diagnosis of static systems (e.g., [41,42]), where a diagnosis is defined as a set of faulty components.) in a trace whose mapping onto observable events equals only the current observation sequence obs. Note that the condition s e ∈ Σ o must be satisfied in the definition, as we generally use the currently received observation sequences immediately after the DES fails to work properly to infer a set of faults to explain observation obs (this is also a fundamental principle of finding the diagnosis of DESs).
Example 5. With reference to Example 2, for the DES G displayed in Figure 1(a), if we get the current observation sequence obs � αβθ, then all candidate diagnoses are ∅, f 1 , and f 1 , f 2 , with αβθ, f 1 αβθ, and f 1 αβf 2 θ being the corresponding traces of events, respectively.

Classical
where q d ⊆ 2 (Q o ×Δ) is the set of states. q 0 d � (q 0 , N) (since the fault label associated with q 0 is N, G is assumed to be normal at the initial state.) Any In subsequent set-theoretic operations in the minimal diagnoser, we replace N with the empty set ∅. e range function R: q d × Σ o ⟶ q d is defined as follows: where LP: Q o × Δ × Σ * ⟶ Δ denotes the fault label propagation function. Given q o ∈ Q o , l ∈ Δ, and s ∈ L o (G, q o ), fault label l is propagated by LP over string s from q o in the following way: en, the label correction function LC: q d ⟶ q d is defined as follows: e label correction function LC and the label A can be explained as follows. When the system moves along trace s and transitions from some state into a state q o with at least two different fault labels, we cannot be sure that some faults In other words, assuming that the current state in diagnoser G d is q 1 d , while the next observable event is σ, we generate the new state q 2 d of G d in the following way: (1) For each (q o , l) ∈ q 1 d , compute the set S(q o , σ) of reachable states of G from q o using observation σ: uo , and σ ∈ Σ o (note here that S(q o , σ) is a finite set of observable states, as we have made an assumption (in Section 2.1) that there does not exist any cycle of unobservable events [16]).
(2) Given q o′ ∈ S(q o , σ) with T(q o , uσ) � q o′ , propagate label l associated with q o to label l ′ associated with q o′ according to the following rules: { } ∪ F with F ⊆ Σ f and s contains a set F ′ of faulty events, then label l ′ is updated to F ∪ F ′ (in cases (c), (d), and (e) above, we do not propagate label A from one state to the next. As noted in [16], while this leads to a reduction in the state space of the diagnoser, no information necessary for either determining the diagnosability properties of a language or for implementing diagnostics is lost).
(3) Let q 2 d be the set of all pairs (q o′ l ′ ) generated by (1) and (2) above for each (q o , l) ∈ q 1 d . Replace all (q o′ , l ′ ), . at is, if the same state q o′ appears more than once in q 2 d with different labels, then associate all the common faults with q o′ as well as the ambiguous label A with q o′ . Example 6. With reference to Example 2 and Example 4, Figure 1(c) presents the classical diagnoser G d relevant to DES G displayed in Figure 1(a) (where pairs (q, l) are written as ql, while "{}" is omitted for each nonempty fault label l for simplicity). According to G d in Figure 1(c), we can easily obtain the definite diagnosis {f 1 }, for a given observation sequence αβθcc, online by synchronizing diagnoser G d with the sequence.

Classical Diagnosability of DESs.
To decide whether or not a faulty event in a DES has definitely occurred, the classical notion of diagnosability presented by [16] is rephrased in Definition 2 (Definition 2 is slightly different from the original definition of diagnosability in [16]. Specifically, "∃n i (n i ∈ N)" is placed after "∀s(s ∈ L, s e � f i )", while n i in [16] becomes the greatest n i for all s in Definition 2.
is adjustment, while not affecting the virtual meaning of diagnosability, allows us to provide a formalization that is more consistent with the notions of minimal diagnosability introduced below).

Definition 2.
A prefix-closed and live language L is said to be diagnosable iff, for any fault f i ∈ Σ f , we have where the diagnosability condition D is defined as follows: In other words, if a DES G is diagnosable, then any faulty event f i of G will definitely be detected after its occurrence, provided that the observation sequence after f i is long enough.
Example 7. From Definition 2, we know that DES G in Figure 1(a) is not diagnosable, since for observation sequences αρ k , k ∈ N, we cannot decide whether fault f 2 has definitely occurred or not.

Minimal Diagnosis of DESs
In this section, in a way similar to the minimal diagnosis of static systems [41,42], a notion of the "minimal diagnosis" of DESs is proposed. en, the related "minimal diagnoser" for DESs is presented to generate all minimal diagnoses. Finally, the relevant "minimal diagnosability" is put forward and compared with classical diagnosability.

Minimal Diagnosis of DESs.
Based on Definition 1 and Example 5, for a given observation sequence, there are three possible candidate diagnoses. Generally, given a DES G with language L, there is usually more than one string in L, with each string having a projection on the set of observable events equal to the current observation sequence obs. Hence, there may be more than one candidate diagnosis set according to the different strings. However, as noted above, minimal diagnoses are very valuable. For example, for a batch of new products from a factory, the qualification rate is usually very high (generally required to be more than 95%). e probability of a product with a fault is very low (less than 5%). According to the principles of joint probability distribution (usually, in the literature, it is assumed that faults are independent of one another and have equal probability of occurrence), the probability of a product with two or more faults is significantly lower.
To obtain more likely candidates and to reduce the space complexity (with less space to store diagnoses with fewer faults), we provide a definition below to formalize the Complexity 5 concept of the minimal diagnosis of DESs based on setinclusion relationship. Let F 1 and F 2 be two candidate diagnoses for an observation sequence obs, namely, (F 1 ⇝ obs) ∧ (F 2 ⇝ obs). e following notation is defined: In other words, if a fault set F is a minimal diagnosis of G, then none of its proper subsets is a diagnosis. Furthermore, according to the principle of joint-probability distribution, a minimal diagnosis (with fewer number of faults) is more probable than the corresponding nonminimal diagnosis (with additional faults). As a result, some faulty events may not appear in the minimal diagnosis, although they can also be used to explain the current observation sequence. e following example explicitly verifies this conclusion.
Example 8. With reference to Example 5, for the DES G displayed in Figure 1(a), when the current observation sequence is obs � αβθ, we find that all the possible candidate diagnoses are ∅ (or N), f 1 , and f 1 , f 2 . en, we get the minimal diagnosis N, i.e., the system is probably working normally. Although two fault sets f 1 and f 1 , f 2 can also be used to explain the current observation sequence, they are not minimal diagnoses.

Minimal Diagnoser for DESs.
In this section, we propose a type of minimal diagnoser based on a revised diagnoser.

Revised Diagnoser.
In order to properly and briefly define the concept of a minimal diagnoser, we first introduce a revised diagnoser G d based on the classical notion of diagnoser G d presented in [16]. where In other words, assume that q d 1 is the current state in the revised diagnoser G d and that σ is the next observable event.
e new state q d 2 of G d is generated in the following way (the revised diagnoser can also be computed by performing a parallel composition between G and the label automaton Al, as suggested in the book by Cassandras and Lafortune [14], where Al is an automaton whose initial state is N, whose remaining (2 p− 1 ) states are nonempty subsets of {f 1 , f 2 , . . . , f p }, with p being the number of faulty events, and whose transition events are f 1 , f 2 , . . . , f p when appropriate): 2 be the set of all pairs (q o′ , l ′ ), generated by the above steps (1) and (2), for each (q o , l) ∈ q d 1 . According to the definitions of G d and G d , we can find that for each state in G d , there is a corresponding state in G d ; the contrary, however, is not always the case. In addition, an important difference between G d and G d is that the symbol A is not introduced in G d . Hence, we can retain more relevant fault information (for obtaining the minimal diagnosis). For example, if one state  Figure 1(c)). In contrast, all possible fault information is preserved in the revised diagnoser G d .
Example 9. With reference to Example 2 and Example 4, Figure 1(d) presents the revised diagnoser G d relevant to the DES G displayed in Figure 1(a) (similar to Example 6, each pair (q, l) is written as ql, while, for the sake of simplicity, "{}" is omitted for each nonempty fault label l).
Notice how all possible fault information is maintained in G d , which can be conveniently exploited by a minimal diagnoser for the minimization of fault sets. 6 Complexity

Minimal Diagnoser.
To efficiently generate all minimal diagnoses of a DES online, we propose a novel notion of minimal diagnoser, which can be generated offline.
, a minimal diagnoser for G is an FSM: where More specifically, T m and Q m are generated as follows: In other words, all the pairs labelled with nonminimal fault labels will be dropped.  (1) and (2). (4) Trim operation: if any two minimal states share not only the same contents but also the same transitions from them (to the same states), they will be seen as the same state and be merged into one state. Otherwise, they will not be merged even if they have the same contents.
From the definition of minimal diagnoser, any state in the revised G d is transformed into a state in the minimal diagnoser G m , though generally with the same or fewer labels (there may be several different states in G d that have been transformed into one state in G m ).
In other words, the minimal diagnoser G m , with the same number of states and the same isomorphic transition structure as those of the classical diagnoser G d , is a deterministic (and trim) FSM, where each state is generally smaller than the corresponding state in G d (although the space complexity of G m is still exponential regarding the number of states of the system model, since only the minimal fault labels are retained, less space is required. Although, for simplicity, the theoretical definition of minimal diagnoser is based on that of the revised diagnoser G d , we would actually like to consider some algorithms that generate a minimal diagnoser based only on the DES G in some special situations, without the need to generate G d again. is is an interesting topic that should be analysed in future research).

Remark 1.
Based on the definition of a "minimal diagnoser," it seems that some nonminimal diagnoses will be lost as well as the diagnosis completeness of the requirement in model-based diagnosis. As a matter of fact, the property of minimal-diagnosis completeness is indeed preserved by the minimal diagnoser, that is, most probable diagnoses are retained in the diagnosis results.
Remark 2. Like the classical diagnoser, the minimal diagnoser can generally be built offline and used for online efficient diagnosis.
Example 10. Figures 2(a) and 2(b) show two different DESs and their different diagnosers G d , G d , and G m . We can see that G m is isomorphic to the corresponding G d . Also, note that in Figure 2(a), two states of G d , namely, (3N 3f 1 ) and (3N 3f 2 ), are merged into one state (3N) in G m after minimization. By contrast, in Figure 2(b), two states of G d , namely, (4N 5f 1 ) and (4N 6f 2 ), are not merged into one state (4N) in G m , as they have different transitions from themselves (to different states).
According to Definition 4, a number of relevant properties of minimal diagnoser G m are given below (which will be used to prove the subsequent related lemmas/ propositions): , P Σ f (s) � l, P Σ f (s ′ ) � l ′ , and either l � l ′ or l ≺ ≻ l ′ . (P 3 ) Let q m ∈ Q m . ere may exist (q o , l), (q o , l ′ ) ∈ q m , that is, the system might reach the same observable state q o with different minimal fault labels (l ≠ l ′ ). (P 4 ) For each q m ∈ Q m and for each (q o , l), (q o′ , l ′ ) ∈ q m , we have After (offline) building the minimal diagnoser G m for DES G and assuming that the current observation is obs, we can (online) synchronize obs with G m to reach the corresponding state in G m to directly obtain the minimal diagnoses within the state.
Example 11. Consider the DES G outlined in Figure 1(a) and assume obs � αβθ. According to the minimal diagnoser G m outlined in Figure 1(e), we obtain the current minimal diagnosis N, that is, no fault is produced by (4, N). In addition, when we receive the additional observation c, we obtain the new minimal diagnosis f 1 (while the nonminimal diagnosis f 1 , f 2 in label (10, f 1 , f 2 ) of G d is avoided).

Minimal Diagnosability of DESs.
Just as the classical diagnosability was defined to determine whether a classical diagnosis has definitely occurred or not, it is natural to define minimal diagnosability to determine whether a set of faults has definitely occurred or not.
In this section, to either strongly or weakly determine whether a set of faults has definitely occurred or not, two notions (strong and weak) of the minimal diagnosability of DESs are proposed.
To introduce the formalizations for the minimal diagnosability of a DES G, we define the domain F L to denote the collection of all possible fault sets of G (with behaviour L) as follows: Obviously, F L � ∪ s∈L ∧ s e ∈Σ o P Σ f (s) .

Strong Minimal Diagnosability of DESs
Definition 5. A prefix-closed and live language L is said to be strongly minimally diagnosable if, for any fault set F ∈ F L and for any string s ∈ S F , the following properties hold: where the strong minimal diagnosability conditions D 1 m and D 2 m are defined as follows: In other words, assume that s is a trace in G ending with one fault of F and containing exactly the faulty events of F: (i) For any continuation t of string s without any new fault, the DES will always reach an observable state after a continuation t ′ of t (i.e., (tt ′ ) e ∈ Σ o ), also without any new fault, such that if F is a minimal fault set for st, then F will be the unique minimal diagnosis for any trace with the same observation sequence in stt ′ (here, we make an implicit assumption that a faulty event may be triggered by a string many times. In other words, if all faulty events in F have been triggered by string s, then some faults in F may still be triggered again in a suffix string t after s). (ii) In addition, it is required that there is always a natural number n such that when any continuation t   Complexity of s is long enough (i.e., the length of t is not less than n), if F is a minimal fault set for st, then F will be the unique minimal diagnosis for any trace with the same observation sequence in st.
Note: in contrast with the notion of classical diagnosability (Definition 2), here, we add two additional conditions, namely, P Σ f (t) ⊆ F and P Σ f (t ′ ) ⊆ F, to restrict later subsequences, after the complete occurrence of F, such that they do not contain any new fault, except those in F, to ensure that F is still retained as a candidate diagnosis.
In [16], the notion of classical diagnosability is proposed for checking any single fault f i of G (Definition 2), whereas our notion of minimal diagnosability is proposed for a set F of faulty events of G, which must be minimal (compared to other related candidates). Both require that any fault f i or any minimal fault set F must be definitely detected after their occurrences (within a finite delay).
However, there is no logic entailment between the classical diagnosability and our strong minimal diagnosability, as shown in the following example.
Example 12. According to Definition 2 and Definition 5, DES G in Figure 1(a) is strongly minimally diagnosable yet not diagnosable (we can verify the strong minimal diagnosability of the DES in Figure 1(a) based on Proposition 1 below.
at is, we can check the minimal diagnoser in Figure 1(e). It is much easier to find that the minimal diagnoser satisfies the following two conditions in Proposition 1: (1) there is no F-indeterminate cycle and (2) there is no F-incomparable state. us, the DES in Figure 1(a) is strongly minimally diagnosable). By contrast, DES G 3 in Figure 3(e) is diagnosable yet not strongly minimally diagnosable.
Before introducing the necessary and sufficient conditions for the strong minimal diagnosability of DESs, a number of related definitions and relevant lemmas are provided below. Definition 6. A state q m ∈ Q m is said to be F-certain if, for any two pairs (q o , l), (q o′ , l ′ ) ∈ q m (where q o′ can possibly equal q o ), we always have l ′ � l.
A state q m ∈ Q m is said to be F-incomparable if there exist two pairs (q o , l), (q o′ , l ′ ) ∈ q m (where q o′ can possibly equal q o ) such that l ≺ ≻ l ′ .
For instance, the state exactly labelled with 4f 1 , 5f 2 in Figure 3 is F-incomparable, whereas other states of minimal diagnosers in Figure 3 are all F-certain. e basic properties of the two types of states are described by the following lemma.

Lemma 1. For the minimal diagnoser G m of DES G, the following properties hold.
Let T m (q m 0 , s) � q m , s ∈ Σ * o . If state q m with fault label l is F-certain, then for each ω ∈ Prj − 1 Σ o (s), we have l ≼ P Σ f (ω). If a state q m ∈ Q m is F-incomparable, then for any two pairs (q o , l), (q o′ , l ′ ) ∈ q m with l ≠ l ′ , there exist two strings t, t ′ ∈ L with t e , t e ′ ∈ Σ o such that T(q 0 , t) � q o , In other words, if a state q m is F-certain, then any trace ω with the same observation projection as observation sequence s will necessarily contain fault set l. Otherwise, if a state q m is F-incomparable, then there exist at least two different traces t and t ′ having the same observation projection but with two incomparable fault sets l and l ′ .
Based on Definition 7, an interesting lemma is given below.

Lemma 2. Assume that q m
1 , q m 2 , . . ., q m n ∈ Q m are a set of F-incomparable states forming an F-indeterminate cycle, where with i, j ∈ [1 · · · n] and len i, len j denoting the number of pairs in q m i and q m j , respectively. en, we have l i 1 , l i 2 , . . . , l i len i � l j 1 , l j 2 , . . . , l j len j .
In other words, in an F-indeterminate cycle, any state has the same set of different fault labels. Intuitively, on the one hand, a fault in the current state will stay in the next state (we assume that the faults are persistent); on the other hand, since all states form a cycle, the previous state of the current one can also be seen as the next state. erefore, all states share the same faults (in fact, Lemma 2 is true for all kinds of cycles. at is, the conclusion is much clearer when all states in the cycle are F-certain).

Lemma 3.
Given a prefix-closed language L, if F ⇝ min Prj Σ o (s) holds for a fault set F ∈ F L and a string s ∈ L with s e ∈ Σ o and P Σ f (s) � F, then for any string t ∈ L/s with In other words, if a fault set F of a trace s is a minimal diagnosis for the observation projection of s, then F is still a minimal diagnosis for any subsequent longer trace from s, provided there is no new fault in the subsequent trace.
then for each string t ∈ L/s with t e ∈ Σ o , the following holds:

Complexity 9
In other words, if F is the unique minimal diagnosis for a string s (and its projection on the observation is Prj Σ o (s)), then any trace with the same observation Prj Σ o (st) will still contain all the faults in F.
Given the definitions and lemmas introduced above, we now present the necessary and sufficient conditions for the strong minimal diagnosability of a DES G in Proposition 1, based on its minimal diagnoser G m .

Proposition 1. A language L generated by an FSM G is strongly minimally diagnosable iff its minimal diagnoser G m satisfies the following two conditions:
(C 1 ) ere is no F-indeterminate cycle in G m (C 2 ) For each F-incomparable state q m ∈ Q m and for each pair (q o , l) ∈ q m , there exist a state q m′ ∈ Q m and a nonempty observation sequence s o ∈ Σ + o such that T m (q m , s o ) � q m′ , and for each pair (q o′ , l ′ ), we have l ′ � l, that is, q m′ (after q m ) is an F-certain state with the unique minimal fault label l Remark 3. Condition (C 1 ) is almost identical to the first condition for checking the classical diagnosability in [16], with the exception that "F i -indeterminate cycle" is replaced by "F-indeterminate cycle". However, Condition (C 2 ) is more complex than the corresponding one for checking the classical diagnosability (where only one statement is needed, namely, "No state q ∈ q d is ambiguous"), as the strong minimal diagnosability is conceptually more complex.
Example 13. Consider the three DES models G 1 , G 2 , and G 3 in Figure 3, where f 1 , f 2 , and f 3 are faults, while the other events are observable. eir minimal diagnosers G m 1 , G m 2 , and G m 3 are also depicted in Figure 3. According to the three minimal diagnosers, we can find that only G 1 is strongly minimally diagnosable. G 2 is not strongly minimally diagnosable because it does not fulfil Condition (C 1 ): there does exist an F-indeterminate cycle including state (4, f 1 ), (5, f 2 )} and the cyclic transition event o 4 in G m 2 . G 3 is also not strongly minimally diagnosable because it does not fulfil Condition (C 2 ): there does exist an F-incomparable state q m � (4, f 1 ), (5, f 2 ) in G m 3 , but there are no states such as (4 ′ , f 1 ) or (5 ′ , f 2 ) after q m in G m 3 .

Weak Minimal Diagnosability of DESs.
As mentioned above, according to Definition 5, it is required that any minimal fault set F be the unique minimal diagnosis after a finite delay but before a new faulty event (not in F) occurs. In theory, the condition is very strong. erefore, we provide the following notion of the weak minimal diagnosability of a DES.

Definition 8.
A prefix-closed and live language L is weakly minimally diagnosable if the following condition holds: where the minimal diagnosability condition D m is defined in the following way: In other words, assume that s is a trace of G ending with a set F of faulty events. For each continuation trace t of s, there always exists a natural number n such that when the length of trace t is greater than or equal to n, and if F is still the minimal fault set for st, then fault set F will be the unique minimal diagnosis for any trace with the same observation projection on st. 6 8 4 2 If the language of a DES has the property of weakly minimal diagnosability, when a trace is long enough (i.e., the length of its continuation t is not less than a given integer n), and if the set of faulty events in the trace is still minimal, then it will definitely be the unique minimal diagnosis. According to the above analysis, the condition of Definition 8 is weaker than that provided in Definition 5 and Definition 2. e following proposition shows the relations between the representation of classical diagnosability and our two representations of minimal diagnosability.

Proposition 2.
Let G be a DES with language L. If L is strongly minimally diagnosable, then L is also weakly minimally diagnosable. If L is diagnosable, then L is also weakly minimally diagnosable.
However, based on the following example, we can show that the contrary of Proposition 2 does not hold.

Example 14.
According to our definitions, we can see that DES G 3 in Figure 3(e) is weakly minimally diagnosable yet not strongly diagnosable. In contrast, the DES G in Figure 1(a) is weakly minimally diagnosable yet not diagnosable.

Remark 4.
e notion of minimal diagnosability allows missed detection. at is, it is possible that some of the failures are not detected by a minimal diagnoser. For example, the occurrence of f 2 cannot be detected in the DES model shown in Figure 1(a), although the DES is also weakly minimally diagnosable. After all, only subset-minimal diagnoses are taken into account in our framework.
In the following, we give the necessary and sufficient conditions for the weak minimal diagnosability of a DES.

Proposition 3. A language L generated by an FSM G is weakly minimally diagnosable iff its minimal diagnoser G m does not include any F-indeterminate cycle.
Remark 5. Compared with the necessary and sufficient conditions for the strong minimal diagnosability of DESs in Proposition 1, the conditions for weak minimal diagnosability for the DESs in Proposition 3 are much weaker.
Example 15. Consider the three DESs and the related minimal diagnosers shown in Figure 3. Based on the three minimal diagnosers, we conclude that both G 1 and G 3 are weakly minimally diagnosable. Instead, G 2 is not weakly minimally diagnosable, as there is an F-indeterminate cycle that includes the only state (4, f 1 ), (5, f 2 ) and the corresponding cyclic transition event o 4 in G m 2 .

Related Work and Comparison
Several works aimed at finding only the minimal diagnosis of DESs are based on either AI planning [43,44] or SAT approaches [45]. Significantly, they require first to transform a diagnosis problem description into the corresponding knowledge representation, generally with the bottleneck of quickly solving planning or SAT problems for online diagnosis. However, we generate minimal diagnoses by minimal diagnoser only, which is the main advantage of our approach.
In addition, we compared our method with many other related approaches for diagnosis in different views: (1) Minimal diagnosis of static systems vs. minimal diagnosis of DESs: Similarity: Like the minimal diagnosis of static systems [41,42], the minimal diagnosis of DESs is also quite valuable.
(a) First, a diagnosis with fewer faults is more probable than one with more faults (b) Second, some space is saved by a minimal diagnosis than corresponding superset diagnoses with very large sizes Difference: a superset diagnosis of the static system is still a diagnosis, but a superset may not be a diagnosis for a given observation sequence of a DES. Bayesian/probabilistic reasoning [32][33][34][35] can offer precise diagnoses in a mathematically rigorous way. However, the shortcomings of these approaches may be twofold.
(i) First, the prior probability of each faulty event is required, which may be difficult to obtain in practice (ii) Second, adding the probability of each faulty event will possibly make the diagnosis process more complex

Conclusions
In this paper, to focus on the more likely diagnoses, a notion of minimal diagnosis of DESs is proposed, where only subset-minimal fault sets are considered as the most probable explanations for the given observation sequences. en, the notion of a minimal diagnoser is proposed for the online minimal diagnosis of DESs. Moreover, two sorts of minimal diagnosability are presented for deciding whether a DES is strongly/weakly minimally diagnosable or not, along with necessary and sufficient conditions for testing the minimal diagnosability, which are based on the notion of a minimal diagnoser. Finally, the basic relationships among the three types of diagnosability (classical diagnosability and the two novel notions of minimal diagnosability) are presented.
However, since the generation of the minimal diagnoser requires the availability of the whole DES model, a problem of complexity may arise if the DES is large (which is normal for real, possibly distributed systems). To cope with this problem, as in previous approaches to developing decentralized diagnosers, a challenging goal for future research is the decentralization/distribution of minimal diagnoses. Complexity e paper is conceived to provide a theoretical/formal foundation for the minimal diagnosis and minimal diagnosability of DESs. Unfortunately, as far as we know, although there are several real case studies on the diagnosis of DESs (e.g., the hydraulic circuit case [46]), there are still no widely used artificially well-designed or widely used realapplication benchmarks for the diagnosis of DESs to be applied for testing the diagnosis approaches. Accordingly, practical applications are one interesting subject for future research as well as an effective/efficient algorithm for constructing a minimal diagnoser of a DES with a sound space complexity.
A polynomial "twin-plant" approach has been proposed in [47,48] for efficiently testing the diagnosability of DESs. Designing similar polynomial approaches to check the minimal diagnosability of DESs is also an interesting future topic.
Still, a number of important issues must be considered in future research. An essential assumption of this paper is the independence of faults. Although this may be reasonable in a wide variety of contexts, the question remains: how will the notion of the minimal diagnosis of DESs change when fault dependence actually occurs? Another challenging task is the injection of minimal diagnosis into other approaches for the diagnosis of DESs, including those that do not require the generation of a diagnoser (which may be impractical in realapplication domains), such as the diagnosis of active systems [21]. Like our model-based distributed minimal diagnosis of static systems [49] or the decentralized/distributed diagnosis of DESs [27][28][29]50], the decentralized/distributed minimal diagnosis of DESs is also an interesting and challenging topic. Eventually, only the application of minimal diagnosis to real DESs will provide evidence of its practical utility.

Proofs for Properties, Lemmas, and Propositions
Properties of minimal diagnoser G m : Let q m ∈ Q m . ere may exist (q o , l), (q o , l ′ ) ∈ q m , that is, the system might reach the same observable state q o while having different minimal fault labels (l ≠ l ′ ). (P 4 ) For each q m ∈ Q m and for each (q o , l), (q o′ , l ′ ) ∈ q m , we have Proof.
(P 1 ) According to case (1) of the definition (Definition 4) of a minimal diagnoser, for each q d i ∈ Q d , there exists a state q m i ∈ Q m with (q o , l) ∈ q d i , with l being the minimal fault label in q d i . On the contrary, for each q m i ∈ Q m , we can apply a backforward process to G d to find at least a state q d i with (q o , l i ) ∈ q d i , as well as for any other (q o′ , l i ′ ) ∈ q d i (if they exist), such that l i ≺ l i ′ . (P 2 ) According to the definitions of the revised diagnoser (especially the two functions S and T d ) and the minimal diagnoser, for (q o , l), (q o′ , l ′ ) ∈ q m , we can find two corresponding traces s, s ′ ∈ L, with s e , s e ′ ∈ Σ o , such that T(q 0 , s) � q o (i.e., to reach the observable state q o ), T(q 0 , s ′ ) � q o′ , Prj Σ o (s) � Prj Σ o (s ′ ) (since s and s ′ reach the same state q m , they may have the same observation sequence), and P Σ f (s) � l and P Σ f (s ′ ) � l ′ . Because q o may equal q o′ , then l � l ′ may hold; otherwise, l ⊄ l ′ and l ′ ⊄ l (i.e., l ≺ ≻ l ′ ). If, for example, l ⊂ l ′ , then l ′ will not be a minimal diagnosis. Hence we get the conclusion. (P 3 ) As in (P 2 ), when q o � q o′ , i.e., s and s ′ reach the same observable state, but with l � P Σ f (s) ≠ P Σ f (s ′ ) � l ′ and l ≺ ≻ l ′ , then l ≠ l ′ . (P 4 ) Because q m is a minimal state, any two fault labels l and l ′ in q m are minimal. en, (a) If l ⊆ l ′ , then l � l ′ , since otherwise, if, for instance, l ⊆ l ′ but l ≠ l ′ , then l ⊂ l ′ , that is, l is the minimal fault set. However, l ′ is not, which contradicts the idea that l ′ is in q m . On the contrary, if l � l ′ , then obviously l ⊆ l ′ . us, l � l ′ ⟺ l ⊆ l ′ holds. (b) If l ≠ l ′ , then suppose that l ⊂ l ′ or l ′ ⊂ l. In the former case, l ′ is not minimal, which contradicts the idea that l ′ is in q m ; in the latter case, l is not minimal, which also contradicts the idea that l is in q m . us, l ≺ ≻ l ′ holds. On the contrary, if l ≺ ≻ l ′ , then according to the definition of ≺ ≻ , obviously l ≠ l ′ . erefore, l ≠ l ′ ⟺ l ≺ ≻ l ′ holds.
(P 5 ) According to the method for the propagation of labels using T d (i.e., case (2) , l ′ in the next state is a superset of the label l in the previous state. Accordingly, l j in q m j is a superset of the label l i in the previous state q m i . us, l i ⊆ l j holds.
□ Lemma A.1. For the minimal diagnoser G m of DES G, the following properties hold: (ii) If a state q m ∈ Q m is F-incomparable, then for any two pairs (q o , l), (q o′ , l ′ ) ∈ q m with l ≠ l ′ , there exist two strings t, t ′ ∈ L with t e , t e ′ ∈ Σ o such that T(q 0 , t) � q o , , and l ≺ ≻ l ′ .
(i) For property (i) In the revised diagnoser G d for DES G, consider any pair (q o , holds, that is, there exist at least two different fault labels in q m , then it contradicts the idea that q m is F-certain. erefore, only l � P Σ f (ω) holds, which is also consistent with property (P 1 ) of a "minimal diagnoser". (b) On the other hand, if (q o , P Σ f (ω)), according to the first condition in Definition 4, we obtain l ≺ P Σ f (ω). In other words, P Σ f (ω) is not a minimal diagnosis for observation Prj Σ o (s). Based on the above analysis, we have l ≺ P Σ f (ω).

(b) For property (ii)
It is easy to draw a conclusion from property (P 2 ) of a "minimal diagnoser." □ Lemma A.2. Assume that q m 1 , q m 2 , . . ., q m n ∈ Q m are a set of Fincomparable states forming an F-indeterminate cycle, where with i, j ∈ [1 · · · n] and len i and len j denotes the number of pairs in q m i and q m j , respectively. en, we have l i 1 , l i 2 , . . . , l i len i � l j 1 , l j 2 , . . . , l j len j . (A.2) Proof. For any two adjacent states q m i and q m (i+1) in the Findeterminate cycle, according to property (P 5 ) of a "minimal diagnoser," we have the following.
For any pair (q o . en, we have and then we obtain Because q m 1 , q m 2 , . . . , q m n form a cycle, then for a pair (q 1 j 1 , l 1 j 1 ) ∈ q m 1 , according to property (P 5 ) of a "minimal diagnoser," there exists a pair (q n k n , l n k n ) ∈ q m n such that l n k n ⊆ l 1 j 1 . Proof. According to the definition of a "minimal diagnosis" (Definition 1 and Definition 3), to prove that F ⇝ min Prj Σ o (st), we have to prove the following two statements: For the second statement, by contradiction, assume that . en, we have two possible cases regarding the relations between F and P Σ f (s ′ ): For case (B), from F ≺ ≻ P Σ f (s ′ ), we get P Σ f (s ′ ) ⊄ F, and then P Σ f (s ′ t ′ ) ⊄ F, that is, P Σ f (s ″ ) ⊄ F; thus, we get F ″ ⊄ F, which also contradicts the assumption that F ″ ⊂ F. erefore, the second statement also holds. Hence, we get the conclusion.

□ Lemma A.4.
Given a prefix-closed language L, F ⇝ min Prj Σ o (s) holds for a fault set F ∈ F L and a string s ∈ L with s e ∈ Σ o and P Σ f (s) � F. If F is the unique minimal diagnosis for observation Prj Σ o (s), i.e., then for each string t ∈ L/s with t e ∈ Σ o , and the following holds: Let erefore, we obtain the following conclusion: □ Proposition A.1. A language L generated by an FSM G is strongly minimally diagnosable iff its minimal diagnoser G m satisfies the following two conditions: For each F-incomparable state q m ∈ Q m and for each pair (q o , l) ∈ q m , there exist a state q m′ ∈ Q m and a nonempty observation sequence s o ∈ Σ + o such that T m (q m , s o ) � q m′ , and for each pair (q o′ , l ′ ), we have l ′ � l, that is, q m′ (after q m ) is an F-certain state with the unique minimal fault label l.
Proof. Necessity: firstly, we prove that if L is strongly minimally diagnosable, then it satisfies condition (C 1 ). By contradiction, assume there exist q m 1 , q m 2 , . . . , q m n ∈ Q m such that they form an F-indeterminate cycle, and let where k is the number of different fault labels in q m i , and (A.14) For any two pairs (q , there exist two strings s, s ′ ∈ L with s e , s e ′ ∈ Σ o such that l 1 . Consider the following two traces: ω � s s 1 σ 1 s 2 σ 2 · · · s z σ z p ; ω ′ � s ′ s 1 ′ σ 1 s 2 ′ σ 2 · · · s z ′ σ z p ; (A. 15) with p ∈ N and p ≥ 1 being arbitrarily large, s q , s q ′ ∈ Σ * uo , and σ q ∈ Σ o (q ∈ [1 · · · z]).
Let P Σ f (s q ) ⊆ l 1 1 j and P Σ f (s q ′ ) ⊆ l 1 1 m for each q (q ∈ [1 · · · z]). en, we have Let F � l 1 1 j and t ∈ L/s such that ω � st; then, t � (s 1 σ 1 s 2 σ 2 · · · s z σ z ) p , t e ∈ Σ o , and P Σ f (t) ⊆ F. By choosing p to be arbitrarily large, we can obtain ‖t‖ ≥ n for any given n ∈ N, and then we have: m of the definition of a "strong minimal diagnosability" (Definition 5).
us, for two such traces, according to Definition 5, L is not strongly minimally diagnosable. erefore, condition (C 1 ) must be satisfied. en, we prove that if L is strongly minimally diagnosable, then it satisfies condition (C 2 ). By contradiction, assume that there exists an F-incomparable state q m ∈ Q m and that there also exists a pair (q o , l) ∈ q m but there does not exist a state q m′ ∈ Q m such that T m (q m , s o ) � q m′ (where s o ∈ Σ + o ), and for each (q o′ , l ′ ) ∈ q m′ , l ′ � l. en, for each q m′ , there exist only two possible distinct cases: (1) For each (q o′ , l ′ ) ∈ q m′ , l ′ ≠ l (2) ere exist (q o′ 1 , l 1 ′ ), (q o′ 2 , l 2 ′ ) ∈ q m′ such that l 1 ′ � l and l 2 ′ ≠ l For case (1), because (q o , l) ∈ q m , according to property (P 2 ) of a "minimal diagnoser," there exists s ′ ∈ Σ * with s e ′ ∈ Σ o such that T(q 0 , s ′ ) � q o and P Σ f (s ′ ) � l.
Let s ′ � st with s e ∈ Σ f , P Σ f (s) � l (i.e., s ∈ s l ), t e � s e ′ ∈ Σ o , and P Σ f (t) � ∅ ( ⊆ l). en, for condition (i) of Definition 5, we cannot find a trace t ′ ∈ L/(st), (tt ′ ) e ∈ Σ o , and P Σ f (t ′ ) ⊆ l such that (l ⇝ min Prj Σ o (st)) ⟹ D 1 m . By contradiction, assume that there exist t ′ ∈ L/(st), (tt ′ ) e ∈ Σ o , and P Σ f (t ′ ) ⊆ l (then, according to Lemma A.3, l ⇝ min Prj Σ o (s ′ t ′ )). Let s o � Prj Σ o (t ′ ) and T m (q m , s o ) � q m′ ; then, there must exist a pair (q o′ , l ′ ) ∈ q m′ with l ′ � l (because l ⇝ min Prj Σ o (s ′ t ′ )), which contradicts case (1), in which ∀(q o′ , l ′ ) ∈ q m′ , l ′ ≠ l. Even if s o (i.e., Prj Σ o (t ′ )) is ε, the condition D 1 m of Definition 5 will not be satisfied, or else q m will be F-certain with the unique fault label l, which contradicts the assumption that q m is F-incomparable.

Complexity
Sufficiency: assume that the minimal diagnoser G m satisfies conditions (C 1 ) and (C 2 ). For any fault set F ∈ F L , pick any s ∈ L with s ∈ S F . Pick any t ∈ L/s with t e ∈ Σ o (based on the assumption that there is no infinite sequence of unobservable events in L, we let a natural number n 0 denote the maximum length of any sequence of unobservable events; thus, t ≤ (n 0 + 1)).
Let T(q 0 , st) � q o i , and then we get the corresponding state q m j � T m (q m 0 , Prj Σ o (st)) in G m . Since P Σ f (st) � F, according to the conditions of Definition 5, we suppose that F ⇝ min Prj Σ o (st), and then we get (q o i , F) ∈ q m j . en, we have two distinct cases to consider: (a) q m j is F-certain (b) q m j is F-incomparable For case (a), in which q m j is F-certain, according to Lemma A.1-(i), we have us, there exists t ′ � ε such that t ′ ∈ L/(st), (tt ′ ) e ∈ Σ o (because tt ′ � t and t e ∈ Σ o ), and P Σ f (t ′ ) ⊆ F. If F ⇝ min Prj Σ o (st), then D 1 m of Definition 5 holds: us, the first condition (i) of Definition 5 holds (F ⇝ min Prj Σ o (st)) ⟹ D 1 m . According to Lemma A.4, for each t ″ ∈ L/(st) with t e ″ ∈ Σ o , en, for the second condition (ii) of Definition 5, let n � t; for each string u with u ∈ L/s and u e ∈ Σ o , when u ≥ n, we have the following: If F ⇝ min Prj Σ o (su), then i.e., D 2 m holds . (A.20) us, the second condition (ii) of Definition 5 holds. For case (a), since the conclusion is true for any F ∈ F L , L is strongly minimally diagnosable.
For case (b), if q m j is F-incomparable, according to condition (C 1 ) (there is no F-indeterminate cycle), there must exist m ∈ N and r ∈ Σ + o . When r ≥ m, the diagnoser will reach the first F-certain state q m′ j with the unique fault label F ′ via observation sequence r only in two possible distinct scenarios: (b1) F ⊂ F ′ for each (q o′ i , F ′ ) ∈ q m′ j (b2) F � F ′ for each (q o′ i , F ′ ) ∈ q m′ j For scenario (b1), because F is no longer a minimal diagnosis, we do not care about this scenario.
Scenario (b2) is just condition (C2). According to (C2), there exists s o ∈ Σ + o such that T m (q m j , s o ) � q m′ j ; then, there exists t ′ ∈ L/(st) with Prj Σ o (t ′ ) � s o , P Σ f (t ′ ) ⊆ F, and t e ′ ∈ Σ o (also (tt ′ ) e ∈ Σ o ) such that T(q 0 , stt ′ ) � q o′ i and (q o′ i , F) ∈ q m′ j . By Lemma A.1-(i), we have at is, D 1 m of Definition 5 holds. us, the first condition (i) of Definition 5 holds. For any t ″ ∈ L/(stt ′ ) with t e ″ ∈ Σ o , according to Lemma A.4, we have In other words, ∃n � tt ′ , ∀u(u ∈ L/s, u e ∈ Σ o ). When u ≥ n, we have the following. If F ⇝ min Prj Σ o (su), then at is, the second condition (ii) of Definition 5 holds. Hence, L is strongly minimally diagnosable. □ Proposition 3.18. Let G be a DES with language L. If L is strongly minimally diagnosable, then L is also weakly minimally diagnosable. If L is diagnosable, then L is also weakly minimally diagnosable. Proof.
(1) From the second condition (ii) of Definition 5 ("strong minimal diagnosability") and the condition of Definition 8 ("weak minimal diagnosability"), we can clearly see that the former condition is just the latter one. erefore, if G is strongly minimally diagnosable, then G is necessarily weakly minimally diagnosable. (2) Let a DES G with language L be diagnosable. Pick any fault set F ∈ F L , with F � f 1 , f 2 , . . . , f p . According to Definition 2, for each f i ∈ F and for each s ∈ L, s e � f i , there exists n ∈ N such that ∀t t ∈ L/s, t e ∈ Σ o , (‖t‖ ≥ n ⟹ D), (A.24) where the diagnosability condition D is defined as follows: Hence, us, we obtain (A. 28) erefore, if G is diagnosable, then G is also weakly minimally diagnosable. □ Proposition 3.20. A language L generated by an FSM G is weakly minimally diagnosable iff its minimal diagnoser G m does not include any F-indeterminate cycle.
Proof. (sketch)Based on the proof of Proposition 3.15, we can see that condition (C 1 ) is only required by the second case (ii) of "strong minimal diagnosability" (Definition 5), which is the same as "weak minimal diagnosability" (Definition 8). erefore, only condition (C 1 ) of Proposition 3.15 is required for the current proposition. at is, a language L generated by an FSM G is weakly minimally diagnosable iff its minimal diagnoser G m does not include any F-indeterminate cycle.

Data Availability
e data used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare that they have no conflicts of interest.