On detectability of labeled Petri nets and finite automata

Detectability is a basic property of dynamic systems: when it holds an observer can use the current and past values of the observed output signal produced by a system to reconstruct its current state. In this paper, we consider properties of this type in the framework of discrete-event systems modeled by labeled Petri nets and finite automata. We first study weak approximate detectability. This property implies that there exists an infinite observed output sequence of the system such that each prefix of the output sequence with length greater than a given value allows an observer to determine if the current state belongs to a given set. We prove that the problem of verifying this property is undecidable for labeled Petri nets, and PSPACE-complete for finite automata. We also consider one new concept called eventual strong detectability. The new property implies that for each possible infinite observed output sequence, there exists a value such that each prefix of the output sequence with length greater than that value allows reconstructing the current state. We prove that for labeled Petri nets, the problem of verifying eventual strong detectability is decidable and EXPSPACE-hard, where the decidability result holds under a mild promptness assumption. For finite automata, we give a polynomial-time verification algorithm for the property. In addition, we prove that strong detectability is strictly stronger than eventual strong detectability for labeled Petri nets and even for deterministic finite automata.


Introduction
Detectability is a basic property of dynamic systems: when it holds an observer can use the current and past values of the observed output signal produced by a system to reconstruct its current state [7,22,19,20,6,26,36,17,31,12,10].This property plays a fundamental role in many related control problems such as observer design and controller synthesis.Hence for different applications, it is meaningful to characterize different notions of detectability.This property also has different terminologies, e.g., in [7,26,17], it is called "observability" while in [6,36], it is called "reconstructibility".In this paper, we uniformly call this property "detectability", and call another similar property "observability" implying that the initial state can be determined by the observed output signal produced by a system (e.g., [28,21,34,35]).

Finite automata
For discrete-event systems (DESs) modeled by finite automata, the detectability problem has been widely studied [22,19,32,12,31] in the context of ω-languages, i.e., taking into account all output sequences of infinite length generated by a DES.These results are usually based on two assumptions that a system is deadlock-free and that it cannot generate an infinitely long subsequence of unobservable events.These requirements are collected in Assumption 1 formally stated in the following sections: when it holds, a system will always run and generate an infinitely long observation.
Two fundamental definitions are those of strong detectability and weak detectability [22].Strong detectability implies1 that: (A) there exists a positive integer k such that for all infinite output sequences σ generated by a system, all prefixes of σ of length greater than k allow reconstructing the current states.
Weak detectability implies that: (B) there exists a positive integer k and some infinite output sequence σ generated by a system such that all prefixes of σ of length greater than k allow reconstructing the current states.
Weak detectability is strictly weaker than strong detectability.Consider the finite automaton shown in Fig. 1, where events a and b can be directly observed.It is weakly detectable but not strongly detectable.The automaton can generate infinite event sequences a ω and b ω , where (•) ω denotes the concatenation of infinitely many copies of •.When any number of a's were observed but no b was observed, the automaton could be only in state s 0 .Hence it is weakly detectable.When any number of b's were observed but no a was observed, it could be in states s 1 or s 2 .Hence it is not strongly detectable.
Strong detectability can be verified in polynomial time while weak detectability can be verified in exponential time [22,19] the usual Assumption 1.
In addition, checking weak detectability is PSPACE-complete in the numbers of states and events for finite automata, where the hardness result holds for deterministic finite automata whose events can be directly observed [32].The hardness result even holds for more restricted deterministic finite automata having only two events that can be directly observed [12].

Petri nets
Detectability of free-labeled Petri nets with unknown initial markings (i.e., states) has been studied in [7], where several types of detectability called "(strong) marking observability", "uniform (strong) marking observability", and "structural (strong) marking observability" are proved to be decidable2 by reducing them to several decidable home space properties [5] that are more general than the reachability problem of Petri nets (with respect to a given marking).
Some detectability properties of labeled Petri nets 3 have also been studied.In [17], a notion of detectability called "structural observability" is characterized.This property implies that for every initial marking, each observed label (i.e., output) sequence determines the current marking.It is pointed out that the "structural observability" is important, because "the majority of existing control schemes for Petri nets rely on complete knowledge of the system state at any given time step" [17].It is shown that structural observability can be verified in polynomial time [17].In the same paper, in order to make a labeled Petri net structurally observable, the problem of placing the minimal number of sensors on places and the problem of placing the minimal number of sensors on transitions are studied, respectively.The former problem is proved to be NP-complete, while the latter is shown to be solvable in polynomial time, both in the numbers of places and transitions.
In [9], for labeled Petri nets, a concept of determinism is characterized, where this concept implies that each label sequence generated by a net can be used to determine the current marking.It is proved that verifying determinism is as hard as verifying coverability for Petri nets [15,11], hence EXPSPACE-complete.Note that the "structural observability" studied in [17] requires a labeled Petri net to satisfy the determinism property at each initial marking.
The above mentioned detectability results for labeled Petri nets apply to finitelength languages of the nets, i.e., the set of all words (of finite length) that a net can generate.In the sequel, we always use terminology "language" to denote "finitelength language" for short, and use "ω-language" to denote a "language" consisting of several infinite-length label sequences.However, a few authors have recently studied detectability properties of ω-languages extending to labeled Petri net models the notions of strong and weak detectability which Shu and Lin have originally studied in the context of finite automata.
Weak detectability of labeled Petri nets with inhibitor arcs has been proved to be undecidable in [33] by reducing the well known undecidable language equivalence problem [8,Theorem 8.2] of labeled Petri nets to the inverse problem of the weak detectability problem, i.e., the non-weak detectability problem.
Decidability and complexity of strong detectability and weak detectability for labeled Petri nets are also studied in [13].Under (i) of Assumption 1 and another assumption that a net cannot generate an infinite unobservable sequence which is actually equivalent to (ii) of Assumption 1 for Petri nets, strong detectability has been proved to be decidable with EXPSPACE-hard complexity by reducing its negation to the satisfiability of a Yen's path formula [27,1].Weak detectability has been proved to be undecidable by reducing the undecidable language inclusion problem [8,Theorem 8.2] to the non-weak detectability problem, thus improving the related result given in [33].

Contribution of the paper
In this paper, we propose some new notions of detectability in the context of ωlanguages, and characterize the related decision problems (in terms of decidability or computational complexity) for both finite automata and labeled Petri nets.
To motivate the interest for this work, let us recall that the theory of ω-languages is a rich and important domain of computer science [14].We mention, in addition, that these languages have a practical interest in automatic control because they can describe the infinite behavior of a system: for this reason they find significant applications in the very active area of verification with discrete-event and hybrid systems -in particular model checking with temporal logic.

Instant detectability
The notions of strong and weak detectability considered in [22,19,13] assume that an observer may be able to reconstruct the current state of a system only after a transient period characterized by a number k of generated outputs/labels.However, in many applications, e.g., those concerning safety-critical systems, it may be necessary to reconstruct the current value of the state at all times and thus this transient should have length k = 0. We denote this notion by instant detectability.
It may be possible to consider this notion in different settings.When languages are considered, the strong version of this property is equivalent to the classical notion of determinism [9].In the case of Petri nets, the further requirement that the property holds for every initial marking leads to even stronger notion of structural observability [17].
In the case of ω-languages, the stronger version of this property is strictly weaker than determinism as we will show in Fig. 4. In this paper, we study instant strong detectability which implies that all prefixes of all infinite output sequences generated by a system allow reconstructing the current states.This notion has been studied in [20] for finite automata satisfying Assumption 1 and is called (0, 0)-detectability.Actually, a more general (k 1 , k 2 )-detectability is characterized in [20] which describes strong detectability with computation delays, and a polynomial-time verification algorithm is given under Assumption 1.
We will prove that instant strong detectability of labeled P/T nets is decidable, by reducing its negation to the satisfiability of a Yen's path formula.We will also prove that the corresponding decision problem is EXPSPACE-hard by reducing the coverability problem of Petri nets to the non-instant strong detectability problem.For finite automata, we will give a polynomial-time verification algorithm for instant strong detectability without any assumption by using a concurrent-composition method, which strengthens the corresponding algorithm given in [20] under Assumption 1.
We point out that it may also be possible to consider the dual notion of instant weak detectability which implies that there exists some generated infinite output sequence such that all its prefixes allow reconstructing the current states.However, we are not going to study this property in this paper.

Eventual detectability
Let us consider again the notion of strong dectability implied by condition (A) stated above.An alternative definition could be based on the following definition: (A') for every infinite output sequence σ generated by a system, there exists a positive integer k σ such that all prefixes of σ of length greater than k σ allow reconstructing the current states, where the length k σ of the transient before the state can be reconstructed may depend on a particular output sequence σ.
Obviously, condition (A) implies condition (A') but the converse implication does not hold, because there may exist infinitely many strings of infinite length and thus a maximal value among all k σ may not be computed (this will be formally proved in Proposition 6).
We point out some similarities with the notion of diagnosability introduced by Lafortune and co-authors [18] which requires the occurrence of a fault to be detected within a finite delay.The original definition in [18] assumes this delay may depend on the string that produces the fault, i.e., it is similar to condition (A') above.A different condition, similar to condition (A) above and called K-step diagnosability, is considered in [2]: it assumes the length of the delay is bounded for all strings.Note however a difference with respect to the detectability results we present here: the two notions of diagnosability and K-step diagnosability are equivalent in the case of finite automata, thanks to the well-known Myhill-Nerode characterization of a regular language by the finiteness of its set of residuals.They only differ for infinite-state systems, such as labeled Peri nets.
Based on condition (A'), we consider a new type of detectability, which we call eventual strong detectability.Formally, eventual strong detectability implies that for every infinite output sequence σ generated by a system, there exists a positive integer k σ such that each prefix σ ′ of σ with length greater than k σ allows reconstructing the current state.We will prove that eventual strong detectability is strictly weaker than strong detectability and strictly stronger than weak detectability, for labeled Petri nets and even for deterministic finite automata satisfying Assumption 1.
We will also prove that eventual strong detectability can be verified in polynomial time for finite automata.For labeled Petri nets, we show that the property is decidable and the corresponding decision problem is EXPSPACE-hard: note that this decidability result holds under the promptness assumption (collected in (ii) of Assumption 2) that is actually equivalent to condition (ii) of Assumption 1 for labeled Petri nets.

Approximate detectability
State estimation is usually a preliminary step that a plant operator must address so that, depending on the state value, a suitable action may be taken.Examples include computing a control input in supervisory control, raising an alarm in fault diagnosis, inferring a secret in an opacity problem, reacting to the detection of a cyber-attack, etc.The number of these possible actions is usually finite and this naturally determines a finite partition of the system's state space into equivalence classes, each one corresponding to states for which the same action should be taken.In such a context, it is not necessary to solve a detectability problem, i.e., determine the exact value of the state, but just to solve an approximate version of it, i.e., determine to which class the state belongs.
The notion of approximate detectability applies to all previously defined detectability notions, weak or strong, instant or eventual.Here we just study one of them, namely weak approximate detectability which implies that, given a finite partition of the state space, there exists an integer k and an infinite output sequence gener-

⇐
(Fig. 2) Weak detectability undecidable ( [13]) Table 1 Relationships among different detectability notions for labeled Petri nets, where ⇒ means "imply by definition", means "does not imply", the decidability result for strong detectability proved in [13] is based on Assumption 1, and can be strengthened to hold only based on the promptness assumption which is actually (ii) of Assumption 1 for labeled Petri nets by using our proposed extended concurrent composition method similarly as in the proof of Theorem 4. The decidability result for eventual strong detectability is also based on the promptness assumption.ated by a system each of whose prefixes of length greater than k allows determining the partition cell to which the current state belongs.In this paper, we will prove that weak approximate detectability is undecidable for labeled P/T nets.For finite automata, we will prove that deciding this property is PSPACE-complete.The undecidable result is obtained by reducing the undecidable language equivalence problem for labeled P/T nets to negation of the weak approximate detectability problem.The result for finite automata is obtained by using related results for weak detectability of finite automata [32,22].

Paper structure
To help the reader better understand the contribution of the paper, the relations among the different detectability properties studied in this work are shown in Tabs. 1 and 2. The table also includes known results on strong detectability and weak detectability of finite automata and labeled Petri nets proved in [13,32].
The remainder of the paper is as follows.Section 2 introduces necessary preliminaries, including finite automata, labeled Petri nets, the language equivalence problem, and the coverability problem, together with necessary tools such as Dickson's lemma, Yen's path formulae, etc. Section 3 collects the results on weak approximate detectability for finite automata and labeled Petri nets.Section 4 consists of the results on instant strong detectability and eventual strong detectability also for both models, and a new verification algorithm for strong detectability of finite automata.Section 5 ends up with a short conclusion.We first study weak approximate detectability because fewer tools are needed than in studying instant strong detectability and eventual strong detectability.

⇐
(Fig. 2) Table 2 Relationships among different detectability notions for finite automata, where s and e are the numbers of states and events, ⇒ means "imply by definition", means "does not imply"; the polynomial-time verification algorithm for strong detectability given in [19] applies to finite automata satisfying Assumption 1, but generally does not apply to finite automata not satisfying Assumption 1; the exponential-time verification algorithm for weak detectability given in [19] actually applies to finite automata satisfying the assumption of non-emptiness of generated ω-languages that is weaker than Assumption 1, and in this paper we will characterize how to verify the weaker assumption and how to deal with the case when the weaker assumption is not satisfied.

Labeled state-transition systems
In order to formulate detectability notions in a uniform manner, we introduce labeled state-transition systems (LSTSs) as follows, which contain finite automata and labeled Petri nets as special cases.An LSTS is formulated as a sextuple where X is a set of states, T a set of events, X 0 ⊂ X a set of initial states, →⊂ X × T × X a transition relation, Σ a set of outputs (labels), and ℓ : T → Σ ∪ {ǫ} a labeling function, where ǫ denotes the empty word.As usual, we use ℓ −1 (σ) to denote the preimage {t ∈ T |ℓ(t) = σ} of an output σ ∈ Σ.A state x ∈ X is called deadlock if (x, t, x ′ ) / ∈→ for any t ∈ T and x ′ ∈ X. S is called deadlock-free if it has no deadlock state.Events with label ǫ are called unobservable.Other events are called observable.Denote T =: T o ∪T ǫ , where T o and T ǫ are the sets of observable events, and unobservable events, respectively.For an observable event t ∈ T , we say t can be directly observed if ℓ(t) differs from ℓ(t ′ ) for any other t ′ ∈ T .Labeling function ℓ : T → Σ ∪ {ǫ} can be recursively extended to ℓ : T * ∪ T ω → Σ * ∪ Σ ω as ℓ(t 1 t 2 . . . ) = ℓ(t 1 )ℓ(t 2 ) . . .and ℓ(ǫ) = ǫ.For all x, x ′ ∈ X and t ∈ T , we also denote where n is a positive integer.We say a state x ′ ∈ X is reachable from a state x ∈ X if there exist t 1 , . . ., t n ∈ T such that x t1...tn − −−− → x ′ , where n is a positive integer.We say a subset X ′ of X is reachable from a state x ∈ X if some state of X ′ is reachable from x. Similarly a state x ∈ X is reachable from a subset X ′ of X if x is reachable from some state of X ′ .We call a state x ∈ X reachable if either x ∈ X 0 or it is reachable from an initial state.For an LSTS S, we call the new LSTS the accessible part (denoted by Acc(S)) of S that is obtained from S by removing all non-reachable states.An LSTS S is called deterministic if for all x, x ′ , x ′′ ∈ X and all t ∈ T , if (x, t, x ′ ) ∈→ and (x, t, x ′′ ) ∈→ then x ′ = x ′′ .
Next we introduce necessary notions that will be used throughout this paper.Symbols N and Z + denote the sets of natural numbers and positive integers, respectively.For a set S, S * and S ω are used to denote the sets of finite sequences (called words) of elements of S including the empty word ǫ and infinite sequences (called configurations) of elements of S, respectively.As usual, we denote S + = S * \ {ǫ}.For a word s ∈ S * , |s| stands for its length, and we set |s ′ | = +∞ for all s ′ ∈ S ω .For s ∈ S and natural number k, s k and s ω denote the k-length word and configuration consisting of copies of s's, respectively.For a word (configuration) s ∈ S * (S ω ), a word s ′ ∈ S * is called a prefix of s, denoted as s ′ ⊏ s, if there exists another word (configuration) s ′′ ∈ S * (S ω ) such that s = s ′ s ′′ .For two natural numbers i ≤ j, [i, j] denotes the set of all integers between i and j including i and j; and for a set S, |S| its cardinality and 2 S its power set.For a word s ∈ S * , where S = {s 1 , . . ., s n }, ♯(s)(s i ) denotes the number of s i 's occurrences in s, i ∈ [1, n].

Finite automata
A DES can be modeled by a finite automaton or a labeled Petri net.In order to represent a DES, we consider a finite automaton as a finite LSTS S = (X, T, X 0 , →, Σ, ℓ), i.e., when X, T, Σ are finite.Such a finite automaton is also obtained from a standard finite automaton [23] by removing all accepting states, replacing a unique initial state by a set X 0 of initial states, and adding a labeling function ℓ.In the sequel, a finite automaton always means a finite LSTS.Transitions x t − → x ′ with ℓ(t) = ǫ are called ǫtransitions (or unobservable transitions), and other transitions are called observable transitions.

Labeled Petri nets
A net is a quadruple N = (P, T, P re, P ost), where P is a finite set of places graphically represented by circles; T is a finite set of transitions graphically represented by bars; P ∪ T = ∅, P ∩ T = ∅; P re : P × T → N and P ost : P × T → N are the pre-and post-incidence functions that specify the arcs directed from places to transitions, and vice versa.Graphically P re(p, t) is the weight of the arc p → t and P ost(p, t) is the weight of the arc t → p for all (p, t) ∈ P × T .The incidence function is defined as C = P ost − P re.
A marking is a map M : P → N that assigns to each place of a net a natural number of tokens, graphically represented by black dots.For a marking M ∈ N P , the restriction of M to a subset P ′ of P is denoted by M | P ′ .For a marking M ∈ N P , a transition t ∈ T is called enabled at M if M (p) ≥ P re(p, t) for all p ∈ P , and is denoted by M [t , where as usual N P denotes the set of maps from P to N.An enabled transition t at M may fire and yield a new making M ′ (p) = M (p) + C(p, t) for all p ∈ P , written as M [t M ′ .As usual, we assume that at each marking and each time step, at most one transition fires.For a marking M , a sequence t We write the firing of t 1 . . .t n at M as M [t 1 . . .t n for short, and similarly denote the firing of t or a place/transition net (P/T net), where N = (P, T, P re, P ost) is a net, M 0 : P → N is called the initial marking, and the Petri net evolves initially at M 0 as transition sequences fire.Denote the set of reachable markings of the Petri net by R(N, where N is a net, M 0 is an initial marking, Σ is an alphabet (a finite set of labels), and ℓ : T → Σ ∪ {ǫ} is a labeling function that assigns to each transition t ∈ T a symbol of Σ or the empty word ǫ, which means when a transition t fires, its label ℓ(t) can be observed if ℓ(t) ∈ Σ; and nothing can be observed if ℓ(t) = ǫ.A transition t ∈ T is called observable if ℓ(t) ∈ Σ, and called unobservable otherwise.Particularly, a labeling function ℓ : T → Σ is called ǫ-free, and a P/T net with an ǫ-free labeling function is called an ǫ-free labeled P/T net.A Petri net is actually an ǫ-free labeled P/T net with an injective labeling function.For a labeled P/T net G = (N, M 0 , Σ, ℓ), the language generated by G is denoted by L(G) := {σ ∈ Σ * |∃s ∈ T * , M 0 [s , ℓ(s) = σ}, i.e., the set of labels of finite transition sequences enabled at the initial marking M 0 .We also say for each σ ∈ L(G), G generates σ.For σ ∈ Σ ω , we say G generates σ if an infinite event sequence t 1 t 2 . . .∈ T ω is enabled at M 0 (denoted M 0 [t 1 t 2 . . . ) and ℓ(t 1 t 2 . . . ) = σ.The set of infinite label sequences generated by G is denoted by L ω (G) (which is an ω-language).Note that for a labeled P/T net G = (N, M 0 , Σ, ℓ), when we observe a label sequence σ ∈ Σ * , there may exist infinitely many firing transition sequences labeled by σ.However, for an ǫ-free labeled P/T net, when we observe a label sequence σ, there exist at most finitely many firing transition sequences labeled by σ.Denote by

The language equivalence problem
The undecidable result proved in this paper is obtained by using the following language equivalence problem.
Proposition 1 [8,Theorem 8.2] It is undecidable to verify whether two ǫ-free labeled P/T nets with the same alphabet generate the same language.

Dickson's lemma
Let P be a finite set.For every two elements x and y of N P , we say x ≤ y if and only if x(p) ≤ y(p) for all p in P .We write x < y if x ≤ y and x = y.For a subset S of N P , an element x ∈ S is called minimal if for all y in S, y ≤ x implies y = x.Dickson's lemma [4] shows that for each subset S of N P , there exist at most finitely many distinct minimal elements.This lemma follows from the fact that every infinite sequence with all elements in N P has an increasing infinite subsequence, where such an increasing subsequence can be chosen component-wise [16,Theorem 2.5].We will use Dickson's lemma to prove some decidable results for labeled P/T nets.

The coverability problem
We also need the following Proposition 2 on the coverability problem to obtain some main results on complexity.
Proposition 2 [15,11] It is EXPSPACE-complete to decide for a Petri net G = (N, M 0 ) and a destination marking M ∈ N P whether G covers M , i.e., whether there exists a marking In [11], it is proved that deciding coverability for Petri nets requires at least 2 cn space infinitely often for some constant c > 0, where n is the number of transitions.In [15], it is shown that deciding this property for a Petri net requires at most space 2 cm log m for some constant c, where m is the size of the set of all transitions.For a Petri net ((P, T, P re, P ost), M 0 ), each transition t ∈ T corresponds to a |P |-length vector P ost(•, t) − P re(•, t) =: c(t) whose components are integers.The size of t is the sum of the lengths of the binary representations of the components of c(t) (where the length of 0 is 1).The size of T is the sum of the sizes of all transitions of T , and is set to be the above m.

Infinite graphs
Let (V, E) be a directed graph, where V is the vertex set, and E ⊂ V × V the edge set.For each edge (v, v ′ ) ∈ E, also denoted by v → v ′ , v and v ′ are called the tail and the head of the edge, respectively, v is called a parent of v ′ and v ′ is called a child of v.A directed graph is called infinite if it has infinitely many vertices.A path is a sequence of vertices connected by edges with the same direction, i.e., a path is of one of the forms: E) is called a tree if there is a vertex v 0 without any parent (called root), any other vertex is a descendant of v 0 and the head of exactly one edge.A tree is called locally finite if each vertex has at most finitely many children.

Yen's path formulae for Petri nets
The final tool that we will use to prove some decidable results is Yen's path formula [27,1] for Petri nets.In [27], a concept of Yen's path formulae is proposed and some upper bounds for verifying the satisfiability of the formulae are studied.In addition, it is shown that many problems, e.g., the boundedness problem, the coverability problem for Petri nets, can be reduced to the satisfiability problem of some Yen's path formulae.In [1], a special class of Yen's path formulae called increasing Yen's path formulae is proposed.The main results of [1] are stated as follows.

Proposition 3 ([1]) The reachability problem for Petri nets can be reduced to the satisfiability problem of some Yen's path formula, and the satisfiability problem of each Yen's path formula can be reduced to the reachability problem for Petri nets with respect to the marking with all places empty, all in polynomial time. In addition, the satisfiability of each increasing Yen's path formula can be verified in EXPSPACE.
For a Petri net (N, M 0 ), where N = (P, T, P re, P ost) is a net, each Yen's path formula consists of the following elements: 1. Variables.There are two types of variables, namely, marking variables M 1 , M 2 , . . .and variables for transition sequences s 1 , s 2 , . . ., where each M i denotes an indeterminate function in Z P and each s i denotes an indeterminate finite sequence of transitions, Z is the set of integers.2. Terms.Terms are defined recursively as follows. (a (b) Marking predicates.
-Type 1. M (p) ≥ c and M (p) > c are predicates, where M is a marking variable and c ∈ Z is constant.
where T 1 , T 2 are terms and i, j ∈ T .4. F 1 ∨ F 2 and F 1 ∧ F 2 are predicates if F 1 and F 2 are predicates.A Yen's path formula f is of the following form (with respect to Petri net (N, M 0 ), where N = (P, T, P re, P ost)): where Given a Petri net G and a Yen's path formula f , we use G |= f to denote that f is true in G.The satisfiability problem is the problem of determining, given a Petri net G and a Yen's path formula f , whether G |= f .A Yen's path formula ( 1) is called increasing if F does not contain transition predicates and implies The unboundedness problem can be formulated as the satisfiability of the increasing Yen's path formula The coverability problem can be formulated as the satisfiability of the increasing Yen's path formula where M is the destination marking.

Weak approximate detectability
The concept of weak detectability is formulated as follows.
Definition 1 (WD) Consider an LSTS S = (X, T, X 0 , →, Σ, ℓ).System S is called weakly detectable if there exists a label sequence σ ∈ L ω (S) such that for some positive integer k, |M(S, σ ′ )| = 1 for every prefix σ ′ of σ satisfying |σ ′ | ≥ k.Sometimes, we do not need to determine the current state of an LSTS, but only need to know whether the current state belongs to some prescribed subset of reachable states.Then the concept of weak approximate detectability is formulated as below.
Definition 2 (WAD) Consider an LSTS S = (X, T, X 0 , →, Σ, ℓ).Given a positive integer n > 1 and a partition {R 1 , . . ., R n } of the set of its reachable states, S is called weakly approximately detectable with respect to partition {R 1 , . . ., R n } if there exists a label sequence σ ∈ L ω (S) such that for some positive integer k, for every prefix

Labeled Petri nets
One directly sees that if an LSTS is weakly detectable, then it is weakly approximately detectable with respect to every finite partition of its state space.However, if it is weakly approximately detectable with respect to some finite partition of its state space, then it is not necessarily weakly detectable.See the following example.
Example 1 Consider a labeled Petri net G in Fig. 2. We have L ω (G) = {a ω , b ω }.We also have for all k ∈ Z + , M(G, a k ) = {(0, 1, 0, 0, 0), (1, 0, 0, 0, 0)}, M(G, b k ) = {(0, 0, 0, 1, 0), (0, 0, 0, 0, 1)}, where the components of a marking is in the order (p −2 , p −1 , p 0 , p 1 , p 2 ).These observations show that the net is not weakly detectable.It is weakly approximately detectable with respect to the partition: of the set of its reachable markings.Also, this net is actually a deterministic finite automaton if we regard labels a and b as labels of events, and (0, 0, 1, 0, 0) as the unique initial state.Similarly we have the automaton is also weakly approximately detectable with respect to partition (2) but not weakly detectable.For the weak approximate detectability of labeled P/T nets, the following result holds.
Theorem 1 Let n > 1 be a positive integer.It is undecidable to verify for an ǫfree labeled P/T net and a partition {R 1 , . . ., R n } of the set of its reachable markings, whether the labeled P/T net is weakly approximately detectable with respect to {R 1 , . . ., R n }.
Proof We prove this result by reducing the language equivalence problem of labeled Petri nets (Proposition 1) to the problem under consideration.The proof is divided into three cases: n = 2, n = 3, and n > 3.
Let l ≥ 3 be an integer.Arbitrarily given two ǫ-free labeled P/T nets G is specified as follows: (1) Add l + 2 places p 0 , p 1  1 , p   For net G, initially only transition t 1 0 or t 2 0 can fire.After t 1 0 (t 2 0 ) fires, the unique token in place p 0 moves to place ) moves the token in place p 1 1 (p 2 1 ) to place p 2 (p l ), and terminates the running of G 1 (G 2 ), yielding that the token in p 2 (p l ) can move along the direction p 2 → • • • → p l → p 2 periodically forever, but G 1 (G 2 ) will never run again.Hence net G may fire only infinite transition sequences Note that for some nets G 1 and G 2 , the corresponding net G never fires t 1 0 s ′ or t 2 0 r ′ as above, e.g., when L(G 1 ) ∪ L(G 2 ) is finite; but for all G 1 and G 2 , the corresponding G fires t 1 0 st Let l = 3.We partition the set R(N G , M G 0 ) of reachable markings of net G as follows: If L(G 1 ) = L(G 2 ), without loss of generality, we assume that there exists σ ∈ where k mod 2 means the remainder of k divided by 2. That is, net G is weakly approximately detectable with respect to partition (3).
Next we assume that L(G 1 ) = L(G 2 ).Note that net G generates only configurations σ G σ ′ or σ G σ(σ G ) ω , where σ ′ ∈ Σ ω , σ ∈ Σ * .For the former case, for each prefix σ ′′ of σ ′ , there exist firing sequences s where k is an arbitrary positive integer, we have there exist firing sequences s ∈ (T 1 ) * of net G 1 and r ∈ (T 2 ) * of net G 2 such that ℓ G (s) = ℓ G (r) = σ and net G can fire both t 1 0 ss ′ and t 2 0 rr ′ , where s ′ and r ′ are k length prefixes of (t 2 t 3 ) ω and (t 3 t 2 ) ω , respectively.Since G will fire both t 1 0 ss ′ and t 2 0 rr ′ , we have We have checked all label sequences generated by G, hence G is not weakly approximately detectable with respect to partition (3).n = 3: Let l = 3.We partition the set R(N G , M G 0 ) of reachable markings of net G as follows: Similarly to the case n = 2, we also have that L(G 1 ) = L(G 2 ) if and only if net G is weakly approximately detectable with respect to partition (4).
n > 3: Similarly we also have that L(G 1 ) = L(G 2 ) if and only if net G is weakly approximately detectable with respect to partition (5).

Finite automata
Next, we study the complexity of deciding weak approximate detectability of finite automata.
An exponential-time algorithm for verifying weak detectability of a finite automaton S under Assumption 1 is given in [19], but the algorithm actually applies to every S satisfying L ω (S) = ∅ which is weaker than Assumption 1. Automaton S such that L ω (S) = ∅ is naturally weakly detectable and weakly approximately detectable (with respect to very finite partition of its set of reachable states) as well, and the condition L ω (S) = ∅ can be verified in polynomial time (see Proposition 4).Note that in Assumption 1, (ii) is actually a little weaker than the counterpart in [22,19], as in these two papers, there is no requirement "reachable from an initial state".However, one easily sees that existence of a cycle not reachable from an initial state consisting of only unobservable events does not violate the verification results for weak detectability given in [19].
Assumption 1 An LSTS S = (X, T, X 0 , →, Σ, ℓ) satisfies (i) S is deadlock-free, (ii) no cycle in S reachable from an initial state contains only unobservable events, i.e., for every reachable state x ∈ X and every nonempty unobservable event sequence s, there exists no transition sequence In Assumption 1, (i) guarantees that the automaton never halts, (ii) ensures that for each infinite event sequence generated by the automaton, the corresponding label sequence is also of infinite length.

Proposition 4
The property L ω (S) = ∅ for a finite automaton S can be verified in linear time of the size of S.
Proof Consider a finite automaton S = (X, T, X 0 , →, Σ, ℓ), it is not difficult to see that L ω (S) = ∅ if and only if there is an infinite transition sequence x 0 and only if there exists a transition sequence x 0 Construct an observation automaton in linear time of the size of S, where − → x such that x 0 ∈ X 0 , s, s ′ ∈ {ε, ǫ} * , and ℓ ′ (s ′ ) = ǫ.Next, we show that this condition can be trivially verified in linear time of the size of S.
Firstly, find the accessible part Acc(Obs(S)), which takes linear time.Secondly, compute all strongly connected components of Acc(Obs(S)).There are well-known algorithms for computing all strongly connected components of Acc(S) in linear time, e.g., the slight variant of the depth-first search.Thirdly, observe that the condition holds if and only if in some strongly connected component, there is an observable transition, because each cycle belongs to only one strongly connected component.This can also be checked trivially in linear time.
Theorem 2 1.The weak approximate detectability of finite automata can be verified in PSPACE.2. Deciding weak approximate detectability of deterministic finite automata whose events can be directly observed is PSPACE-hard.
Proof Consider a finite automaton S = (X, T, X 0 , →, Σ, ℓ) and a partition R = {R 1 , . . ., R n } of X.If S satisfies that L ω (S) = ∅, then it is naturally weakly approximately detectable with respect to R. By Proposition 4, the property L ω (S) = ∅ can be verified in polynomial time.Otherwise, continue the following procedure.
Construct a new automaton for all r, r ′ ∈ R and t ∈ T , (r, t, r ′ ) ∈→ ′ if and only if there exist x ∈ r and x ′ ∈ r ′ such that (x, t, x ′ ) ∈→.One directly sees that S is weakly approximately detectable with respect to R if and only if S ′ is weakly detectable.Hence the weak approximate detectability of finite automata can be verified in PSPACE, since the weak detectability of finite automata can be verified in PSPACE [32].
To prove the hardness result, we consider a deterministic S whose events can be directly observed and the partition R = {{x}|x ∈ X}.For such an automaton, it is weakly approximately detectable with respect to R if and only if it is weakly detectable.By the PSPACE-hardness result of deciding weak detectability of deterministic finite automata whose events can be directly observed [32, Theorem 4.2], we conclude the PSPACE-hardness of weak approximate detectability for the same model.

Remark 1
The notion of weak approximate detectability can be extended from a finite partition of the set of reachable states to a finite cover of that set.Such an extension may have potential applications in supervisor reduction of supervisory control theory.In supervisory control theory, the optimal solution to the control problem associated with a DES is the supremal supervisor (the supremal controllable sublanguage), and it is important to reduce the size of the supremal supervisor together with preserving some corresponding control actions [3,24,25], where the reduction is done based on a notion of control cover that is actually a cover of the state set.Under this extension, it is not difficult to see that the extended weak approximate detectability of finite automata can also be verified in PSPACE by the powerset con-struction used to verify weak detectability in [19], and it is undecidable to verify this notion for labeled Petri nets (from Theorem 1).

Instant strong detectability
The concept of instant strong detectability is formulated as follows.It implies that each prefix of each infinite label sequence generated by an LSTS allows reconstructing the current state.
Note that instant strong detectability is a weaker form of determinism [9].In fact determinism implies that the condition |M(S, σ ′ )| = 1 holds on all finite label sequences σ ′ generated by S, while the definition of instant strong detectability only requires that condition to hold on the finite prefixes of infinite label sequences generated by S.
It is trivial to see that instant strong detectability is strictly weaker than determinism.Consider labeled Petri net G = (N, M 0 , Σ, ℓ) (Fig. 4), where N = ({p 1 , p 2 , p 3 }, {t 1 , t 2 , t 3 }, P re, P ost), P re and P ost are shown in Fig. 4, M The language and ω-language generated G are By definition the net is instantly strongly detectable but does not satisfy determinism.Since G has only finitely many markings, it is also a deterministic finite automaton.The automaton is also instantly strongly detectable but does not satisfy determinism.Fig. 4 A labeled Petri net that is instantly strongly detectable but does not satisfy determinism, where each arc is with weight 1.

Finite automata
Consider a finite automaton S, we next construct its concurrent composition CC A (S).
Using CC A (S) we will verify different notions of strong detectability for S. The pro- Fig. 5 A finite automaton (left) and its concurrent composition (right, only the accessible part illustrated).
posed method applies to all finite automata even to those that do not satisfy Assumption 1.
Consider a finite automaton S = (X, T, X 0 , →, Σ, ℓ).We construct its concurrent composition as follows: 1 For an event sequence s ′ ∈ (T ′ ) * , we use s ′ (L) and s ′ (R) to denote its left and right components, respectively.Similar notation is applied to states of X ′ .In addition, for every s ′ ∈ (T ′ ) * , we use ℓ(s ′ ) to denote ℓ(s ′ (L)) or ℓ(s ′ (R)), since ℓ(s ′ (L)) = ℓ(s ′ (R)).In the above construction, S ′ aggregates every pair of transition sequences of S producing the same label sequence.In addition, S ′ has at most |X| 2 states and at most |X| 2 (2|T ǫ ||X| + σ∈Σ |ℓ −1 (σ)| 2 |X| 2 ) transitions, where the number does not exceed . For the special case when all observable events can be directly observed studied in [19], the complexity reduces to O(2|X| 3  Consider a finite automaton S = (X, T, X 0 , →, Σ, ℓ).In order to verify different notions of detectability for finite automata, we also need to construct a bifurcation automaton in linear time of the size of S, where are called fair transitions, transitions x ǫ − → x ′ are called bifurcation transitions, for every two states i, j ∈ X, (1) (j, ǭ, i), (j, ǫ, i) / Ones sees that both fair transitions and bifurcations transitions can be ǫ-transitions or observable transitions.Next we explain the relation between Bifur(S), the original automaton S, and the concurrent composition CC A (S).Here (1) holds if there is no transition from state j to state i in S; (2) holds if there exists a transition from j to i, and none of such transitions has a bifurcation in S; and (3) holds if there is a transition from j to i that has a bifurcation also in S. For the case that (3) holds, if A 1 holds but A 2 does not hold, then for S one has {j} M({j}, ǫ) and hence |M({j}, ǫ)| > 1, for CC A (S) there is a transition (j, j) (ǫ, t) − −− → (j, i ′ ) with ℓ( t) = ǫ and i ′ = j; if A 1 and A 2 hold but A 3 does not hold, then for S one has |M({j}, ǫ)| = 1, {i} M({j}, ℓ( t′ )), and hence |M({j}, ℓ( t′ ))| > 1 for some t′ ∈ T with ℓ( t′ ) = ǫ and (j, t′ , i) ∈→; for CC A (S) there is a transition (j, j) ( t′ , t′ ) −−−→ (i, i ′ ) with i ′ = i for the above t′ .
One also has that for all states x and x ′ , there is a transition from x to x ′ in S if and only if there is a transition from x to x ′ in Obs(S) if and only if there is a transition from x to x ′ in Bifur(S).This obvious observation is helpful in verify different notions of detectability for finite automata.

Theorem 3 The instant strong detectability of finite automata can be verified in linear time.
Proof Consider a finite automaton S = (X, T, X 0 , →, Σ, ℓ) and its bifurcation automaton Bifur(S) defined by (8).If L ω (S) = ∅, then S is naturally instantly strongly detectable.By the proof of Proposition 4, it takes linear time of the size of S to check whether L ω (S) = ∅.Next we assume that L ω (S) = ∅.If additionally |X 0 | > 1, then by definition S is not instantly strongly detectable either.Next we additionally assume that there is a unique initial state.
We claim that S is not instantly strongly detectable if and only if in S, there is a transition sequence there is a bifurcation transition x 1 ǫ − → x 2 in Acc(Bifur(S))."if": This holds since the cycle x 3 s3 − → x 3 with positive-length label sequence can be extended to an infinite-length transition sequence with infinite-length label sequence, and whether ∈→ by the notion of bifurcation automaton.
Xc Xc bifurcation + Fig. 6 A sketch for verifying instant strong detectability of finite automata.
"only if": If S is not instantly strongly detectable, then there is an infinite transition sequence x 0 s1 − → x s2 − → and a finite transition sequence x 0 , s 2 ∈ T ω , and ℓ(s 2 ) ∈ Σ ω .Then s 1 , s ′ 1 ∈ T + since at least one of x and x′ differs from x 0 .Moreover, |M({x 0 }, ℓ(s 1 ))| > 1.By the finiteness of X and ℓ(s 2 ) ∈ Σ ω , in S there is a cycle with positive-length label sequence reachable from x.
We next check the above equivalent condition for instant strong detectability under the above two assumptions without loss of generality.See Fig. 6 for a sketch.

Construct the accessible part Acc(Obs(S)) of the observation automaton Obs(S)
of S defined by ( 6). 2. Compute the set X c of all states of Acc(S) that belong to a cycle of Acc(S) with positive-length label sequence.(Then we have X c = ∅ by the proof of Proposition 4 since previously we assume that L ω (S) = ∅.) 3. Compute Acc(Bifur(S)).

Check whether there is a bifurcation transition
The first step and the third step both take linear time of S. For the second step, we firstly compute all strongly connected components of Acc(Obs(S)) in linear time of S. Observe that for each strongly connected component, if it contains a transition, then it contains a cycle containing all its states and transitions.One then has that the set X c consists of all states of all strongly connected components of Acc(Obs(S)), where each of these components has at least one observable transition.Hence X c can be computed in linear time.
Recall that Acc(Bifur(S)) and Acc(Obs(S)) have the same set of states, and for every two states x and x ′ , there is a transition from x to x ′ in Acc(Bifur(S)) if and only if there is a transition also from x to x ′ in Acc(Bifur(S)).Then the fourth step consumes linear time of S by traversing from X c all paths along the inverse direction of transitions.The bifurcation transition x 1 ǫ − → x 2 in the fourth step exists if and only if transition sequence (9) exists.
Example 3 Reconsider the finite automaton S in Example 2 (in the left part of Fig. 5).Its observation automaton and bifurcation automaton are seen in Fig. 7.It has a unique initial state and generates a nonempty ω-language.In addition, all its states are reachable.According to the proof of Theorem 3, one then has X c = {s 0 , s 1 }, and in its bifurcation automaton there is a transition s 0 ǫ − → s 1 such that s 1 in X c is reachable from s 1 in the transition.Then S is not instantly strongly detectable.

Labeled Petri nets
In this subsection we discuss the decidability and complexity of instant strong detectability for labeled Petri nets.
If a labeled Petri net G satisfies L ω (G) = ∅, then it is naturally instantly strongly detectable.Actually whether the property L ω (G) = ∅ holds can be verified in EX-PSPACE, and can also be guaranteed by the following Assumption 2 that is weaker than the widely used Assumption 1 in detectability studies of DESs.

Proposition 5 Verifying whether a labeled Petri net
Proof Consider a labeled Petri net G = (N = (P, T, P re, P ost), M 0 , Σ, ℓ).Observe that L ω (G) = ∅ if and only if there exists an infinite firing sequence For G, a sequence (10) exists if and only if G satisfies the following Yen's path formula The "if" part follows from M 1 [ s 2 M 2 being a repetitive firing sequence (hence can consecutively fire for infinitely many times) and |ℓ( s 2 )| > 0.

Assumption 2 (i) A labeled P/T net G does not terminate, i.e., there exists an
infinite firing sequence at the initial marking, and (ii) it is prompt, i.e., there exists no repetitive firing sequence labeled by the empty string.
Note that the deadlock-freeness assumption (see (i) of Assumption 1) implies (i) of Assumption 2, but not vice versa; (ii) of Assumption 2 is actually equivalent to (ii) of Assumption 1 for labeled Petri Petri nets.Note also that for a labeled P/T net G, L ω (G) = ∅ implies that G does not terminate, but not vice versa, because transitions could be labeled by ǫ.Verifying termination of Petri nets (the first part of Assumption 2) is EXPSPACE-complete by the results of [15,11].Verifying promptness of labeled Petri nets belongs to EXPSPACE [1].In addition, promptness is equivalent to all infinite firing sequences being labeled by infinite-length sequences.
In order to characterize instant strong detectability for labeled Petri nets, we introduce the concurrent composition of a labeled Petri net.Given a labeled P/T net G = (N = (P, T, P re, P ost), M 0 , Σ, ℓ), we construct in polynomial time its concurrent composition as a Petri net which aggregates every pair of firing sequences of G producing the same label sequence.Denote P = {p 1 , . . ., p|P | } and T = { t1 , . . ., t|T | }, duplicate them to Then we specify G ′ as follows: Fig. 8 A labeled Petri net G, where event a is unobservable, but b can be directly observed.
Fig. 9 Concurrent composition of the net in Fig. 8.
Fig. 10 Extended concurrent composition of the net in Fig. 8.
A labeled Petri net and its concurrent composition are shown in Fig. 8 and Fig. 9, respectively.
Next we reduce the non-instant strong detectability problem to the satisfiability of a Yen's path formula.Then by Proposition 3, the instant strong detectability of labeled Petri nets is decidable.
It can be seen that a labeled Petri net G = (N = (P, T, P re, P ost), M 0 , Σ, ℓ) with L ω (G) = ∅ is not instantly strongly detectable if and only if there is an infinite label sequence σ ∈ L ω (G) such that for some prefix σ ′ ⊏ σ, one has |M(G, σ ′ )| > 1.By this observation, we claim that G is not instantly strongly detectable if and only if there exists a firing sequence such that |M(G, ℓ(s 1 ))| > 1, M 2 ≤ M 3 , and ℓ(s 3 ) ∈ Σ + .The sufficiency follows from M 2 [s 3 M 3 is a repetitive firing sequence and can fire for infinitely many times, that is, the infinite firing sequence To prove the necessity, we assume that G is not instantly strongly detectable and choose an arbitrary infinite firing sequence satisfying t i ∈ T for all i ∈ Z + , ℓ(t 1 t 2 . . . ) ∈ L ω (G), and there exists l By Dickson's Lemma, in (14), there are totally finitely many distinct minimal markings.Choose an arbitrary number k > l such that {M 0 , M 1 . . ., M k } contains the largest number of distinct minimal markings of (14).Choose k ′ > k such that at least one of t k+1 , . . ., t k ′ is observable and where (13).
We then have for CC E N (G), (20) holds if and only if CC E N (G) ′ satisfies the Yen's path formula (2) Proof of the hardness result: Next we prove the hardness result by reducing the coverability problem to the non-instant strong detectability problem in polynomial time.
We are given a Petri net G = (N = (P, T, P re, P ost), M 0 ) and a destination marking M ∈ N P , and construct a labeled P/T net as follows (see Fig. 11 as a sketch): 1. Add three places p 0 , p 1 , p 2 , where initially p 0 contains exactly one token, but p 1 and p 2 contains no token; 2. add three transitions t 0 , t 1 , t 2 , and arcs with weight 1; for every p ∈ P , add arcs p → t 1 and p → t 2 , both with weight It is clear that if M is not covered by G then G ′ shown in (23) is instantly strongly detectable.If M is covered by G, then there exists a firing sequence M 0 [σ 1 M 1 with M 1 ≥ M .Furthermore, there exist two infinite firing sequences (p 1 ) = 0; in both sequences, after t 1 , all firing transitions are t 0 .Also by ℓ(t 1 ) = ℓ(t 2 ), we have G ′ is not instantly strongly detectable.This reduction runs in time linear of the number of places of G and the number of tokens of the destination marking M .Since the coverability problem is EXPSPACE-hard in the number of transitions of G, deciding non-instant strong detectability is EXPSPACE-hard in the numbers of places and transitions of G ′ and the number of tokens of M , hence deciding instant strong detectability is also EXPSPACE-hard, which completes the proof.Remark 2 By using the extended concurrent composition and a similar procedure as the proof of Theorem 4, the decidability result for strong detectability of labeled Petri nets proved in [13] can be strengthened to hold only based on the promptness assumption.
Remark 3 The concept of instant strong detectability of labeled Petri nets is a uniform concept.That is, a labeled Petri net is instantly strongly detectable if and only if it is instantly strongly detectable when its initial marking is replaced by each of its reachable markings.Formally, for a labeled Petri G = (N, M 0 , Σ, ℓ), G is instantly strongly detectable if and only if G ′ = (N, M, Σ, ℓ) is instantly strongly detectable for each M ∈ R(N, M 0 ).The sufficiency naturally holds since M 0 ∈ R(N, M 0 ).For the necessity, if there exists M 1 ∈ R(N, M 0 ) such that labeled Petri net G 1 = (N, M 1 , Σ, ℓ) is not instantly strongly detectable, then there exist e., G is not instantly strongly detectable.Hence if a labeled Petri net is instantly strongly detectable, in order to determine the current marking, one does not need to care about when the net started to run.

Eventual strong detectability
The concepts of strong detectability and eventual strong detectability are given as follows.The former implies there exists a positive integer k such that for each infinite label sequence generated by a system, each prefix of the label sequence of length greater than k allows reconstructing the current state.The latter implies that for each infinite label sequence generated by a system, there exists a positive integer k (depending on the label sequence) such that each prefix of the label sequence of length greater than k allows doing that.Hence the former is stronger than the latter.Definition 4 (SD) Consider an LSTS S = (X, T, X 0 , →, Σ, ℓ).System S is called strongly detectable if there exists a positive integer k such that for each label sequence σ ∈ L ω (S), |M(S, σ ′ )| = 1 for every prefix σ ′ of σ satisfying |σ ′ | > k.
Definition 5 (ESD) Consider an LSTS S = (X, T, X 0 , →, Σ, ℓ).System S is called eventually strongly detectable if for each label sequence σ ∈ L ω (S), there exists a positive integer k σ such that |M(S, σ ′ )| = 1 for every prefix σ ′ of σ satisfying By definition, strong detectability implies eventual strong detectability.The following Proposition 6 shows that they are not equivalent.
Proposition 6 Strong detectability strictly implies eventual strong detectability for labeled P/T nets and finite automata.
The net can be regarded as a deterministic finite automaton satisfying Assumption 1 when a and b are regarded as labels of events.By a direct observation, it is also eventually strongly detectable, but not strongly detectable.Fig. 12 A labeled P/T net G that is eventually strongly detectable, but not strongly detectable.

Finite automata
We next use the concurrent composition, the observation automaton, and the bifurcation automaton of a finite automaton S defined by ( 7), (6), and (8) to verify its strong detectability and eventual strong detectability without any assumption.These results extend the related results given in [22,19], since the verification methods for strong detectability in these papers generally do not apply to finite automata that do not satisfy Assumption 1.

Theorem 5
The strong detectability of finite automata can be verified in polynomial time.
Proof Consider a finite automaton S = (X, T, X 0 , →, Σ, ℓ) and another finite automaton Acc(CC A (Acc(S))) = (X ′ , T ′ , X ′ 0 , → ′ ) that is the accessible part of the concurrent composition of Acc(S).We claim that S is not strongly detectable if and only if in Acc(CC A (Acc(S))), there exists a transition sequence Xe Xe + + Fig. 13 A sketch for verifying (24).
Example 4 Recall the finite automaton S in Example 3 (in the left part of Fig. 5).Following the procedure in the proof of Theorem 5, we have X ′ oc = {(s 0 , s 0 ), (s 1 , s 1 )}, X ′ e = {(s 1 , s 2 ), (s 2 , s 1 )}, X 0 = {s 1 , s 2 }.Replace all initial states of its observation automaton (shown in the left part of Fig. 7) by states of X 0 , one then has the corresponding automaton S ′ generates a nonempty ω-language, since a cycle s 1 ǭ − → s 1 is reachable from s 1 in Obs(Acc(S ′ )).Then S is not strongly detectable.

Theorem 6
The eventual strong detectability of finite automata can be verified in polynomial time.
One observes by definition that S is not eventually strongly detectable if and only if there is an infinite transition sequence x 0 s1 − → such that (26a) x 0 ∈ X 0 , ℓ(s 1 ) ∈ Σ ω and for every n ∈ Z + , there is a prefix (26b) We claim that (26) holds if and only if one of the following items holds: (1) In Acc(CC A (S)), there exists an infinite transition sequence ) In S, there exists an infinite transition sequence such that x 0 ∈ X 0 , for all i ∈ Z + , s i ∈ T * , ℓ(s i+1 ) ∈ Σ + , and |M({x i }, σ)| > 1 for some σ ⊏ ℓ(s i+1 ).
It is trivial to see that either Item (1) or Item (2) implies (26).
Conversely suppose that (26) holds but Item (2) does not hold.Then for S, there is an infinite transition sequence Fig. 14 A sketch for verifying (32).
Next we show that both Item (1) and Item (2) can be verified in polynomial time.
Observe that Item (1) holds if and only if in Acc(CC A (S)), there is a finite transition sequence Next we verify (32) in polynomial time.See Fig. 14 for a sketch.
2. Compute all strongly connected components of Obs(Acc(CC A (S))). 3. Denote the set of states (x, x) of Obs(Acc(CC A (S))) with x = x that belong to a cycle with nonempty label sequence by X ′ c , check whether Each of the first two steps costs linear time of CC A (S).Note that X ′ c = ∅ if and only if (32) holds.Observe that X ′ c = ∅ if and only if in one of the obtained strongly connected components, there is an observable transition and a state (x ′ , x′ ) with x ′ = x′ .Hence the third step also costs linear time.Overall, verifying Item (1) costs linear time of CC A (S), at most O(|X| 4 |T | 2 ).
Also observe that Item (2) holds if and only if in S, there exists a finite transition sequence Next we show that (33) can be verified in polynomial time.See Fig. 15 for a sketch.
1. Compute Obs(Acc(S)) and Bifur(Acc(S)). 2. Compute X oc and X bc , where X oc (resp.X bc ) is the set of states of Acc(S) that belong to a cycle containing an observable transition (resp.a bifurcation transition).3. Check whether X oc ∩ X bc = ∅.
Note that a state x of Acc(S) belongs to a cycle containing an observable transition (resp.a bifurcation transition) if and only if x is any state of any strongly connected component of Obs(Acc(S)) (resp.Bifur(Acc(S))) that contains an observable transition (resp.a bifurcation transition).Then one has X oc ∩ X bc = ∅ if and only if (33) holds.Hence it takes linear time of S to check whether Item (2) holds.
Example 5 Recall the finite automaton S in Example 4 (in the left part of Fig. 5).Following the procedure in the proof of Theorem 6, by Figs. 5 and 7, we have X oc = {s 0 , s 1 }, X bc = ∅, X oc ∩X bc = ∅ (implying that Item (2) does not hold), and X ′ c = ∅ (implying that Item (1) does not hold either), then S is eventually strongly detectable.
Remark 4 Let us analyse the computational complexity of using [19,Theorem 5] to verify strong detectability of finite automata satisfying Assumption 1.In [19] However, this method generally does not apply to a finite automaton that does not satisfy Assumption 1.For example, let us consider the finite automaton S in the left part of Fig. 5. Remove the self-loop on s 1 , and denote the new automaton by S. Then one directly sees that L ω ( S) = {a ω }, and S is strongly detectable.However, in the corresponding G det , which consists of a self-loop with label a on {s 0 } and a transition from {s 0 } to {s 1 , s 2 } with label b, there is a state {s 1 , s 2 } with cardinality 2 reachable from a cycle, hence S is not strongly detectable by [19,Theorem 5].Actually, the verification method does not apply to this example because, two deadlock states s 1 and s 2 are not in any infinite-length transition sequence, but reachable from a state s 0 that belongs to an infinite-length transition sequence with infinite-length label sequence.
By Proposition 6, we have shown that generally strong detectability is not equivalent to eventual strong detectability even for deterministic finite automata satisfying Assumption 1.However, using the method in [19], we can prove that these two notions are equivalent for deterministic finite automata satisfying Assumption 1 each of whose events can be directly observed (see Proposition 7).Furthermore, by using the proofs of Theorems 5 and 6, we can prove an even stronger result: these two notions are equivalent for a deterministic finite automaton such that each of its events can be directly observed (see Proposition 8).
Proposition 7 Strong detectability is equivalent to eventual strong detectability for deterministic finite automata satisfying Assumption 1 each of whose events can be directly observed.
Proof Consider a deterministic finite automaton S = (X, T, X 0 , →, Σ, ℓ) satisfying Assumption 1 and each of its events can be directly observed.Construct the corresponding nondeterministic finite automaton G det as in [19,Theorem 5], which shows that S is strongly detectable if and only if in G det , every state reachable from a cycle is a singleton.Actually, using similar procedure, one can prove that S is eventually strongly detectable if and only if in G det , each state of each cycle is a singleton.Since S is deterministic and each of its events can be directly observed, for each transition q σ − → q ′ in G det , we have |q ′ | ≤ |q|.Hence if each state of each cycle in G det is a singleton, then each state reachable from a cycle is also a singleton.That is, eventual strong detectability is stronger than strong detectability, and hence they are equivalent.
Proposition 8 Strong detectability is equivalent to eventual strong detectability for a deterministic finite automaton such that each of its events can be directly observed.
Proof Consider a deterministic finite automaton S = (X, T, X 0 , →, Σ, ℓ) such that each of its events can be directly observed.Construct another finite automaton Acc(CC A (S)) = (X ′ , T ′ , X ′ 0 , → ′ ), i.e., the accessible part of the concurrent composition of S.
Since by definition strong detectability is stronger than eventual strong detectability, we only need to prove that if such an S is not strongly detectable, then it is not eventually strongly detectable either.
Assume that S is not strongly detectable.Then by the proof of Theorem 5, one has X ′ oc , X ′ e , and X e (also see Fig. 13) are all nonempty, where X e is the set of states of S to which some cycle with nonempty label sequence is reachable; X ′ e is the set of states (x, x ′ ) of Acc(CC A (S)) such that x = x ′ and at least one of x and x ′ , say x, belong to X e or X e is reachable from x; X ′ oc is the set of states (x ′′ , x ′′′ ) of Acc(CC A (S)) such that (x ′′ , x ′′′ ) belong to a cycle with nonempty label sequence, and, either (x ′′ , x ′′′ ) belong to X ′ e or X ′ e is reachable from (x ′′ , x ′′′ ).Then in Acc(CC A (S)), there is a transition sequence Since S is deterministic and each of its events can be directly observed, we have T ′ = {(t, t)|t ∈ T }, and for each state of (38), its left component differs from its right component.Then x ′ 1 (L) = x ′ 1 (R), and the corresponding set X ′ c in the proof of Theorem 6 (also see Fig. 14) is nonempty, where X ′ c is the set of states (x, x ′ ) of Acc(CC A (S)) belonging to a cycle with nonempty label sequence and satisfying x = x ′ .That is, Item (1) in the proof of Theorem 6 holds.Hence S is not eventually strongly detectable.
Remark 5 Similar to instant strong detectability, eventual strong detectability is also a uniform concept.That is, a labeled Petri net is eventually strongly detectable if and only if it is eventually strongly detectable when its initial marking is replaced by any of its reachable markings.Formally, for a labeled Petri net G = (N, M 0 , Σ, ℓ), G is eventually strongly detectable if and only if G ′ = (N, M, Σ, ℓ) is eventually strongly detectable for each M ∈ R(N, M 0 ).
Example 6 Let us consider a labeled P/T net G shown in Fig. 16, where a is the label of all transitions.We have L ω (G) = a ω , |M(G, a)| = 2, |M(G, a n+2 )| = 1 for all n ∈ N. Hence the net is strongly detectable, but not instantly strongly detectable.A deterministic finite automaton satisfying Assumption 1 can be obtained from the net when a is regarded as labels of all events.The obtained automaton is also strongly detectable, but not instantly strongly detectable.Fig. 17 A labeled P/T net G that is weakly detectable, but not eventually strongly detectable.

Labeled Petri nets
We next characterize eventual strong detectability for labeled P/T nets.Similar to instant strong detectability, if a labeled Petri net G satisfies L ω (G) = ∅, then it is eventually strongly detectable.Different from giving the decidability result of instant strong detectability without any assumption (Theorem 4), we will prove the decidability result of eventual strong detectability under (ii) of Assumption 2. Checking strong detectability for labeled P/T nets is proved to be decidable and EXPSPACE-hard in the size of a labeled P/T net [13] under Assumption 1 (it is not difficult to see that the assumption "there does not exist an infinite unobservable sequence" used in [13] [1,27].Hence the size of a labeled P/T net can be defined as the sum of the size of its Apparently if Item (1) or Item (2) holds, then G is not eventually strongly detectable.
Suppose that G is not eventually strongly detectable.Then there exists an infinite firing sequence such that ℓ(s i ) ∈ Σ + and |M(G, ℓ(s 1 . . .si ))| > 1 for all i ∈ Z + .Next we fix such a sequence (42).Furthermore, suppose that Item (1) does not hold.Then (42) and each infinite firing sequence of G staring at M 0 and having the same label sequence as (42) has will merge after a finite time, since the label sequence of ( 42 .Collecting all such firing sequences M 0 [ s k M k , k ∈ Z + , we obtain a locally finite, infinite tree T with M 0 the root.Also collect all such markings M k , k ∈ Z + , to obtain a set M. Observe that in T, M 0 has infinitely many descendants of M. Also observe in T that one of the finitely many children of M 0 also has infinitely many descendants of M, denote such a child of M 0 by M 1 , then we obtain a firing sequence M 0 [ t 1 M 1 of G, where t 1 ∈ T .Since T is locally finite, repeating the process of looking for M 0 [ t 1 M 1 , we can obtain an infinite firing sequence of G such that for each i ∈ Z + , M i has infinitely many descendants of M in T. By (ii) of Assumption 2, we have (43) is labeled by an infinite-length label sequence.Also, since for each i ∈ Z + , M 0 [ t 1 . . .t i M i is a prefix of some path of T, we have ℓ( t 1 t 2 . . . ) = ℓ(s 1 s2 . . .).Then it is not difficult to see that (43) and (42) can be combined into an infinite firing sequence of CC N (G) satisfying the requirement in Item (1), which is a contradiction.Next we prove that the satisfiability of Item (1) or Item (2) are both decidable, completing the proof of the decidability result of eventual strong detectability.

Conclusion
In this paper, we obtained a series of results on detectability of discrete-event systems.We proposed one new notion of weak detectability and two new notions of strong detectability.We proved that (1) the problem of verifying weak approximate detectability of labeled Petri nets is undecidable; (2) the problem of verifying instant strong detectability of labeled Petri nets is decidable and EXPSPACE-hard; (3) the problem of verifying eventual strong detectability of labeled Petri nets is decidable and EXPSPACE-hard under the promptness assumption; (4) for finite automata, the problem of verifying weak approximate detectability is PSPACE-complete, and the other two properties can be verified in polynomial time.(5) The relationships between thse notions of detectability were also characterized, and it was proved that no two of them are equivalent.
Among the relationship between these notions, the open question whether there exists a reduction from weak detectability to weak approximate detectability is an

Fig. 2 A
Fig.2A labeled P/T net G, where letters beside transitions denote their labels, each arc is with weight 1.

Fig. 3
Fig. 3 Sketch for the reduction in the proof of Theorem 1, where all transitions outside G 1 ∪ G 2 are with the same label.
|T ǫ | + |X| 4 |T o |).See the following example.Example 2 A finite automaton S and its concurrent composition CC A (S) are shown in Fig. 5.

Fig. 7
Fig. 7 Observation automaton (left) and bifurcation automaton (right) of the automaton in the left part of Fig. 5.

Fig. 11
Fig. 11 Sketch for the reduction in the hardness proof of Theorem 4.

Fig. 16 AExample 7
Fig.16A labeled P/T net G that is strongly detectable, but not instantly strongly detectable.
is equivalent to promptness by Dickson's lemma).Here the size of a P/T net G = (N = (P, T, P re, P ost), M 0 ) is ⌈log |P |⌉ + ⌈log |T |⌉+ the size of {P re(p, t)|p ∈ P, t ∈ T } ∪ {P ost(p, t)|p ∈ P, t ∈ T } ∪ {M 0 (p)|p ∈ P }, where the last term means the sum of the lengths of the binary representations of the elements of {P re(p, t)|p ∈ P, t ∈ T }∪{P ost(p, t)|p ∈ P, t ∈ T }∪{M 0 (p)|p ∈ P } ) is of infinite length.Next we prove that Item (2) holds.If in (42), infinitely many ofM 0 [s 1 M 1 , M 1 [s 2 M 2 , . . .have bifurcations, then (42) is a firing sequence satisfying the requirement in Item (2).Next we assume that there are only finitely many of them having bifurcations, and reach a contradiction.Without loss of generality, we assume that only M 0 [s 1 M 1 has a bifurcation.Then for each k ∈ Z + , there exists a firing sequenceM 0 [ s k M k such that ℓ( s k ) ⊏ ℓ(s 1 s2 . . .), |ℓ( s k )| > k,and some prefix of (42) and M 0 [ s k M k can be combined to obtain a firing sequenceM ′ 0 [s ′ k M ′ k of CC N (G) such that the label sequence of the right component of s ′ k equals ℓ( s k ), M ′ k | P2 = M k , and M ′ k | P1 = M ′ k | P2

Fig. 20 A
Fig. 20 A labeled P/T net G.
there exists t ∈ T such that (x, t, x ′ ) ∈→ and for all t ′ ∈ T with (x, t ′ , x ′ ) ∈→, ℓ(t ′ ) = ǫ.Here the label function ℓ ′ is also naturally extended to ℓ ′ : {ε, ǫ} * ∪ {ε, ǫ} ω → {ǫ} * ∪ {ǫ} ω .One sees that L ω (S) = ∅ if and only if in Obs(S) there is a transition sequence x 0 s − → x s ′ [19]r a finite automaton S (satisfying Assumption 1), a nondeterministic finite automaton G det with at most |X| 2 /2 + |X|/2 + 1 states and at most (|X| 2 /2 + |X|/2 + 1) 2 |T | transitions is constructed to verify its strong detectability, where every state of G det is a subset of states of S with cardinality 1 or 2, except for the initial state of G det being a superset of X 0 .The time consumption for computing G det is as follows:|X| 2 (2|T o ||X| + |Σ||X||T ǫ ||X| + |Σ||X| 2 ) |X|(|T o ||X| + |Σ||X||T ǫ ||X| + |Σ||X| 2 ) |T o | + |X| 4 |Σ||T ǫ | + |X| 4 |Σ|).For the special case when all observable events can be directly observed studied in[19], the complexity isO(2|X| 3 |T o | + |X| 4 |T o ||T ǫ | + |X| 4 |T o |).Actually, this construction tracks sets of states of S with consistent observations, which is similar to the powerset construction that is of exponential size of S. It is proved that S is strongly detectable if and only if every state of G det reachable from a cycle is a singleton.This condition can be check in linear time of G det by computing strongly connected components of G det .