Conference PaperPDF Available

Diagnosing Hybrid Cyber-Physical Systems using State-Space Models and Satisfiability Modulo Theory

Authors:

Abstract and Figures

Diagnosing faults in large cyber-physical production systems is hard and often done manually. In this paper we present an approach to leverage methods from the fault detection and isolation community as well as model-based diagnosis to diagnose faults. Given a model of the production system we capture its dynamic behaviour with a state-space model. Then we translate the state-space model into satisfiability theory modulo linear arithmetic over reals. This translation converts numerical information in symbolic logic. These symbols can be used to diagnose faults with Re-iter's diagnosis algorithm. We use a four-tank model as a demonstration use case. Under the assumption that the use-case is fully-observable (i.e. all components except the water tanks can be observed) our methodology detects all injected faults.
Content may be subject to copyright.
Diagnosing Hybrid Cyber-Physical Systems using State-Space Models and
Satisfiability Modulo Theory
Alexander Diedrich1and Oliver Niggemann2
1Fraunhofer IOSB-INA, Lemgo, Germany
2Institute Industrial IT, Lemgo, Germany
e-mail: alexander.diedrich@iosb-ina.fraunhofer.de
oliver.niggemann@hs-owl.de
Abstract
Diagnosing faults in large cyber-physical produc-
tion systems is hard and often done manually.
In this paper we present an approach to lever-
age methods from the fault detection and isolation
community as well as model-based diagnosis to
diagnose faults. Given a model of the production
system we capture its dynamic behaviour with a
state-space model. Then we translate the state-
space model into satisfiability theory modulo lin-
ear arithmetic over reals. This translation converts
numerical information in symbolic logic. These
symbols can be used to diagnose faults with Re-
iter’s diagnosis algorithm.
We use a four-tank model as a demonstration use
case. Under the assumption that the use-case is
fully-observable (i.e. all components except the
water tanks can be observed) our methodology de-
tects all injected faults.
1 Introduction
For operators of large industrial cyber-physical production
systems (CPPS) it is often a hard task to precisely detect,
identify, and isolate technical faults [1]. This is especially
the case in large production plants in the process industry or
in pharmacological processes which often extend over sig-
nificant physical distances, consist of highly interdependent
components, and involve many parallel paths in the form of
pipe and valve networks. The correct behaviour of a biolog-
ical reactor, for example, depends on the exact amount of
different ingredients, their pressure, their temperature, their
viscosity, the ambient temperature and pressure, or other im-
portant process values. Further, subsequent processes heav-
ily depend on the correct amount, quality, and time of dis-
charge from the biological reactor. Since these systems are
interdependent it is hard for human operators to physically
locate the root-cause of a fault. For example, a valve might
break and block the flow of some liquid into the reactor. Due
to this blocked flow, the pressure and temperature within the
reactor might change and degrade the material by changing
its viscosity. The degraded material might then go on into
a stamping and forming process. Consequently, due to the
changed viscosity, the presses will register changed pres-
sures within their control systems. For a human operator,
all these components will at some point sound an alarm in-
dicating that parameters are outside their normal operating
conditions. In modern industrial plants, the amount of these
alarms can quickly overwhelm an operator and thus keep
him from finding the faulty component that caused the fault
[2].
Identifying and isolating faults in large industrial plants can
take precious time which can quickly lead to a significant
deterioration of the produced material or even physical de-
struction of involved components. For operators of these
plants this can lead to high costs. These high costs occur
even in smaller scale enterprises, due to low quality output,
costs to locate and repair the broken component, and costs
to ramp up production again after the fault.
In the presented approach we attempt to perform fault de-
tection and isolation (FDI) through model-based diagnosis
over satisfiability modulo theory (SMT). For this, a model of
the physical process is created manually. Industrial cyber-
physical production systems are dynamic because their pa-
rameters change over time and contain hybrid signals which
can be either binary or continuous. Here we use state-space
models to capture the dynamic behaviour of hybrid and
cyber-physical production systems. We limit our use case
to a multiple tanks model. The behaviour of the tanks is
modelled using differential equations, while the connection
between components is modelled using predicate logic. A
set of piecewise functions translates the state space model
into satisfiability theory modulo linear arithmetic over re-
als (LRA). Through the translations it is possible to lever-
age standard model-based diagnosis algorithms, once devel-
oped to diagnose binary circuits, to diagnose hybrid cyber-
physical production systems. The outcome of this trans-
lation is a set of tuples which states for each component
whether or not it is currently faulty < comp, status >.
This tuple is converted into predicate logic and combined
with the connection model of the plant. We employ Reiter’s
diagnosis lattice [3]to find the minimum cardinality diagno-
sis and thus isolate the fault that caused the production plant
to fail.
In this work we demonstrate how our described approach
can be used with a multiple tanks model, how we translate
the numerical state-space model into predicate logic, and
how we can perform diagnosis using Reiter’s well-known
algorithm [3]. We show that in case of a fully-observable
system our approach is able to find all faults as part of
the minimum cardinality diagnosis. By fully-observable we
mean that we can observe the behaviour of all components
except the water level within the tank. The water level is
inferred through calculation in the state-space model. We
also give ideas how the approach can be extended to semi-
observable and non-observable systems.
This paper makes the following contributions:
1. We show how to capture timing behaviour for model-
based diagnosis on the basis of hybrid and dynamic
cyber-physical systems.
2. We demonstrate how diagnosis methods (i.e. Reiter’s
algorithm) from the model-based community can be
successfully combined with approaches from the fault
detection and isolation (FDI) community.
3. We show how satisfiability modulo theory can help to
perform diagnosis in hybrid and dynamic systems by
keeping the amount of computations low.
2 Demonstration Use Case
For this work we will use the four tank system depicted in
Figure 1 as a running example. The system consists of four
t0
t1t2
t3
p1p2
p3
p4p5
p6
p0
Figure 1: The demonstration use case showing a four-tanks
model
water tanks t, seven electric valves pwith integrated flow
sensors, an unlimited water source and an unlimited water
sink (not shown). Valve p0controls water from the unlim-
ited water source, for example the public water mains, into
tank t0. From there three pipes with an equal diameter lead
to valves p1,p2, and p3. Valve p1leads into tank t1and
valve p2leads into tank t2. Valve p3bypasses both tanks
and is directly connected to tank t3. Over valves p4and p5
the two tanks can be drained into tank t3. Finally, valve p6
drains tank t3into the unlimited water sink, for example a
river or a processing facility.
Each tank has two binary sensors which indicate overflow
and underflow, respectively. There are no provisions to di-
rectly measure the water level. Each valve has a switch
which indicates whether or not the valve is enabled. In ad-
dition, each valve has an associated flow sensor. For the
present system the following assumptions are made:
Assumption 1 (Pipes).Pipes are invisible to the system,
have ideal physical properties and cannot break
Assumption 2 (Measurement errors).Measurements from
the flow sensors and over- and underflow switches are al-
ways perfect without measurement error. If necessary, it is
stated when this assumption is relaxed.
Justification for assumption 1 is that it suffices to simu-
late faults within the valves and tanks. Modelling the pipes
with physical properties would dramatically increase the
model size and thus reduce the clarity. Assumption 2 is
taken to simplify the used equations. When necessary this
assumption is relaxed.
This demonstration use case can be imagined as a prepro-
cessing stage in a larger industrial plant within the process
industry. A reliable external water supply is provided by
the facilities of the industrial park. The water flows from
the supply line into a buffer tank t0. From there it can go
into one or both or the two intermediate tanks or bypass
both tanks to go directly into tank t3. The two intermediate
tanks can be thought of as a mixing stage (not modelled)
where ingredients are added to the water until it reaches the
holding tank t3. From the holding tank the water flows to
subsequent process steps.
The water level in tanks can be described by well-known
differential equations. Laubwald [4]provided a comprehen-
sive overview about modelling multiple water-tank systems.
A single tank can be described with the differential equation
Qi(t)Qo(t) = Adh
dt (1)
which describes the time derivative of the height hgiven
the tank area A.Qiis the inflow to the tank and Qois the
outflow. However, in the real world tanks are subjected to
gravity and properties of their materials. Therefore the out-
flow of a tank is calculated by
Qo=Cda2gh (2)
where Cdis the discharge coefficient taking into account all
fluid characteristics, losses, and irregularities and gis the
gravitational constant. ais the cross sectional area of the
orifice within the tank. All tanks have a perfectly circular
bottom and a cylindrical shape. Combining equations 1 and
2 one can create
Qi(t) = Cda2gh +Adh
dt (3)
and reformulating this to bring dh
dt on the left-hand side
dh
dt =1
A(QiCda2gh)(4)
To calculate a new tank height hat time t, given the previous
height h0one can use
h(t) = h0+ ∆h(5)
Through substitution into equation 4 this results in
h(t) = h(t1) + 1
A(Qi(t)Cda2gh(t1)) (6)
which describes that, given the discharge coefficient, the
gravitation, and the diameter of the orifice it is possible
to calculate a new height from a given input with only the
knowledge of the previous water level.
These differential equations can be used to create a simu-
lation of the four-tank system depicted in 1. The following
Parameter Element Value Unit
Area
A t04.0 m2
t12.0 m2
t22.0 m2
t36.0 m2
Height
H t020.0 m
t110.0 m
t210.0 m
t320.0 m
Discharge Coefficient
Cdt01.0 None
t11.0 None
t21.0 None
t31.0 None
Orifice
a p00.3 m2
p10.1 m2
p20.1 m2
p30.1 m2
p40.1 m2
p50.1 m2
p60.3 m2
Gravitational Constant g 9.81 m/s2
Table 1: Parameters of the four-tank system for the demon-
stration use case
parameters were used to run the system simulation: The pa-
rameters in table 1 have been chosen to represent a typical
industrial use case. At the same time, noise parameters such
as the discharge coefficient are kept neutral to further the ar-
gument. The parameters area and height for each tank have
been chosen such that they are big enough to hold and store
some water while the experiments are running. This way
occurring errors will also have a longer time to propagate.
Further, the orifices for each tank are quite small. This pro-
longs the time it takes to drain the tanks in case the water
supply stop through the occurrence of a fault.
3 Related Work
Struss [5]published a paper on the fundamentals of MBD of
dynamic systems. In this he described how hybrid systems
can be modelled without resorting to a complete simulation
of the system under investigation. He proposed to capture
the temporal and dynamic behaviour of a hybrid system in a
set of modes which model the system. Each mode has dis-
tinct state and temporal constraints in addition to so called
Continuity, Integration, and Derivatives (CID) constraints
that affect all modes. For one mode, all variables have a do-
main which captures the permissible states (i.e. values) for
this variable. Diagnosis is performed by checking whether
the set of constraints together with the observations from
sensors is consistent. He demonstrates his approach on a
car’s anti-braking system and claims to find all usually oc-
curring faults.
When dealing with hybrid systems there always exists the
problem of discretization. Provan used a composite au-
tomaton for this. Struss divides his system into modes by
discretizing the underlying sensor values. Lin [6]already
showed in 1994 that online and offline diagnosis for discrete
event systems (DES) can be realised by using simple Moore
and Mealy automata.
Daigle et al. [7]have adapted a discrete event approach to
diagnose continuous systems. They claim that each fault
that occurs in a continuous system has a unique fault sig-
nature. A fault signature denotes a qualitative effect that a
fault occurs in an observation. They also claim that there ex-
ists a measurement ordering that describes which sequence
measurements deviate until a fault occurs. To capture fault
ordering they manually construct a temporal causal graph.
Under the assumption that all fault signatures and measure-
ment orderings are known, they employ a diagnoser that
traces the states through the temporal causal graph based on
measurements. The output of the diagnoser is a fault trace.
A second diagnosis algorithm takes this fault trace and de-
termines which components must be faulty to explain this
trace. This second diagnosis step is similar to the diagnosis
lattice introduced by Reiter.
Grastien et al. [8]have developed an approach to extend
Reiter’s diagnosis algorithms which was described for bi-
nary circuits to include discrete event systems and hybrid
systems. Their approach is similar to Daigle et al, Struss,
and Provan in that they transform the continuous parts of a
model into qualitative states. Following this, their preferred-
first algorithm goes through Reiter’s diagnosis lattice and
computes valid hypothesis with the goal of finding a mini-
mum cardinality diagnosis. An improvement over previous
work is that they implement their hypotheses tests with a
SAT solver.
Roychoudhury et al. [9] [10]have shown how to use hybrid
bond graphs (HBG) to diagnose hybrid systems. HBGs ab-
stractly model the system by describing causal, continuous
relationships between components. In Daigle et al. [7]they
have shown how to employ the developed HBGs to diag-
nose a spacecraft power distribution system. Prakash et al.
[11]have used an extended framework with HBGs to make
improvements in diagnosing two-tank systems.
Grastien [12]used SMT for the diagnosis of hybrid systems.
He discretizes values in a hybrid system into a set of dis-
tinct states. Each observation < τ , A >is understood as a
behaviour Aat time τ, where Ais a partial assignment of
the variables in a state. Measurement errors are included by
including constraints which state that the observed voltage
must be between two tolerance thresholds. Each variable is
augmented with an indicator stating at which time-step the
variable expression is valid.
Fraenzle et al. [13]have augmented SMT with stochas-
tic in order to analyse stochastic hybrid systems. By using
bounded-model checking together with probabilistic hybrid
automata, piecewise deterministic Markov processes, and
stochastic differential equations they are able to create an
analysis system without the need to formulate intermediate
finite-state abstractions as the methods mentioned above do.
In another work Khorasgani and Biswas [14]describe a
hybrid system model through hybrid minimal structurally
overdetermined sets (HMSOs). These are sets of differential
equations and (in-) equations which model the behaviour of
a hybrid system. Their FDI algorithm works as follows: The
algorithm detects the current system mode and generates an
appropriate model. From this it generates a minimal set of
HMSOs for this mode. The residuals are computed for each
HMSO and can then be combined with fault signature to
perform diagnosis.
In contrast to Struss, Provan, and Lin we do not use au-
tomatons and mode estimation to partition the system into
different states. Instead, we only sample the system at some
suitable interval and use the obtained information directly
to model the states in the state-space representation. Un-
like to space-craft in the case of Daigle in industrial systems
fault signatures and measurement orderings are unknown,
which requires us to pursue a more uninformed approach.
Our approach can be more seen as an alternative to hybrid
bond graphs used by Roychoudhury et al., while they are
at the same time an extension to the work of Grastien and
Khorasgani and Biswas. In comparison to Grastien we do
not singly use satisfiability modulo theory, but instead cap-
ture system behaviour in a state-space representation. We
expect this to reduce the required computational effort. We
also make use of (in-) equations and differential equations
as were used by Khorasgani and Biswas, but augment these
with the diagnostic reasoning of traditional model-based di-
agnosis. Compared to Fraenzle, we do not make use of
stochastic SMT at this point to keep the system more ex-
plainable for users.
4 Modelling a Hybrid System
This section first shows the requirements for developing and
evaluating a FDI method for hybrid, cyber-physical systems.
Then it shows the concept to realise these requirements. The
developed approach makes use of MBD by modelling the
hybrid system with a state-space representation. This model
is augmented with an observer, which determines boolean
residuals. These residuals indicate whether or not a compo-
nent is faulty. The information about which components in-
dicate faults are merged with sensor observations and make
up the diagnostic part of the approach. Diagnosis is done
through Reiter’s diagnosis lattice.
The formal form of a state-space representation is:
x(t+ 1) = (A+ ∆A)x(t)+(B+ ∆B)u(t)+
Bddk(t) + Bafa(t) + Bcfc(t)
y(t) = (C+ ∆C)x(t) + Dsfs(k) + Dωω(k)
(7)
x(t)is the systems’s state, u(t)the control input, y(t)
the observed output, fa(t)the unexpected actuator fault,
fc(t)a component fault, fs(t)a sensor fault dk(t)
a process disturbance, and ω(t)measurement noises.
A, B, C, Bd, Ba, Bc, D , s, Dωare known parameter matri-
ces and A, B, Cmodelling parameter errors.
For observer-based methods and to calculate residuals these
equations can reformulated to:
ˆx(t+ 1) = Aˆx(t) + Bu(t) + Kr(t)
r(t) = y(t)ˆy(t)
ˆy(t) = Cˆx(t)
(8)
Here, ˆx(t)and ˆy(t)are estimates of the state and output val-
ues. r(t)is the calculated residual signal, and Kis a gain
factor.
According to assumption 2 we can safely neglect the factors
the and ωterms in equation 7. Further, in this approach
we will only model component faults. Therefore, we can
remove fa(t),fs(t), and through assuming that there are no
disturbances within the process we can also remove dk(t).
This leaves only the system’s observable input, observable
output, state, and component fault in equation 7. Through
these simplifications equation 7 becomes closer to equation
8. To perform model-based diagnosis according to the prin-
ciples proposed by Reiter [3]it is necessary to separate the
diagnostics part from the state propagation. Therefore, we
will not calculate classical residuals as in equation 8 and can
further remove the gain factor and residuals Kr(t).
For this work the state-space model needs to be described
more abstractly. First the top-level information flow is de-
scribed. This shows how the state is propagated within the
system. Here, the model is general enough to be extended
and adapted to many use cases. After that the state-space
model is described on the demonstration use case introduced
in section 2. In a third step the diagnosis part is described
which fusions the calculation of binary residuals with an ex-
pression in predicate and SMT logic. The state is propagated
through
x(t+ 1) = f(x(t),u(t))
y(t) = g(x(t),u(t), τ )(9)
where x(t+ 1) is a vector of the state in the next time step,
x(t)is the current state vector, u(t)is the observable input
vector, y(t)is the observable output vector, and τis a vector
of threshold values.
According to the demonstration use case the water level can-
not be measured directly. Therefore, each tank’s water level
needs to be calculated through its inflow and outflow. The
inflow and outflow can be measured through the associated
valves in each in- and outflow pipe. Since each tank has
sensors to indicate under- and overflow, these are used for
the target (output). For the state, input, and output vectors
we thus have:
x=
h0
h1
h2
h3
u=
flow0
flow1
.
.
.
flow6
y=
overf low0
.
.
.
overf low3
underf low0
.
.
.
underf low3
The function f(x,u)models the current state and its current
input and from this computes the next state. Therefore we
can write:
f(x(t),u(t)) = A(x,u, t) + Bu(t)(10)
with the connection matrices being
A=
1000
0100
0010
0001
and
B=
1111 0 0 0
0 1 0 0 1 0 0
001001 0
0001111
Ashows that each current state only influences the exact
next state. For the demonstration use case this means each
differential equation which models a tank will only affect
the state of this single tank. Matrix Bshows the connec-
tions between the system’s components, which in this case
are the pipes between the tanks. The first row describes how
the system’s primary input is connected as an input (indi-
cated by the number 1 in the first column) to tank 1. The
three values of 1in the first row show there are three pipes
that are used as the output of tank 1.
To model the water level in each tank it is possible to use dif-
ferential equations. Each differential equation has the form
introduced in section 2:
h(t) = h(t1) + 1
A(Qi(t)Cda2gh(t1)) (11)
Using the parameters from the state-space system this is
written as
x(t+ 1) = 1
A(u(t)Cda2gx(t)) (12)
A vector (x,u, t)can be created with the right-hand side
of these equations:
(x,u, t) =
x0(t+ 1) = 1
A0(u0(t)Cd,0a02gx0(t))
x1(t+ 1) = 1
A1(u1(t)Cd,1a12gx1(t))
x2(t+ 1) = 1
A2(u2(t)Cd,2a22gx2(t))
x3(t+ 1) = 1
A3(u3(t)Cd,3a32gx3(t))
With this model it is possible to propagate the state of
the system as it evolves through time. Differential equa-
tions calculate the water level in the tank for the next state,
given the current water level and the inflow obtained by
reading the valve flow sensors. However, given this infor-
mation a control system cannot yet determine the full be-
haviour of the system. For this, the output vector y(t) =
g(x(t),u(t), τ )needs to be calculated.
g(x(t),u(t), τ ) = C
o(h0, τ o
0)
.
.
.
o(h3, τ o
3)
l(h0, τ l
0)
.
.
.
l(h3, τ l
3)
(13)
and
C=
10000000
01000000
00100000
00010000
00001000
00000100
00000010
00000001
τis a vector of threshold values which indicate at what
height the tank is overfull or underfull. For notation we use
τo
ito denote the threshold for the upper limit of tank iand
τl
ito denote the lower limit of tank i. The diagonal matrix
Cmaps the results of the functions o(h, τ )and l(h, τ)into
the output vector y. The function o(h, τ )indicates when the
water level within the tank has approached the upper limit.
This is calculated by
o(hi, τ o
i) = {0if hiτo
i
1else (14)
Likewise, the lower limit of the water level can be calculated
l(hi, τ l
i) = {0if hiτl
i
1else (15)
To diagnose faults within the described state-space system
it is necessary to obtain health information about single
components. In the presented demonstration use case two
fault models for tanks and valves exist, respectively. Tanks
fail, when the water level within the tank reaches either
the upper limit (overflow) or the lower limit (underflow).
Pumps fail when the measured flow deviates more than a
certain amount from the expected flow.
Classical MBD uses observations(OBS), a system
description(SD), and a component description(COMPS)
for describing a system. After having described the
actual behaviour of the hybrid system with state-space
equations, it is now important to translate this into diag-
nostic information. OBS are given by the input vector
u(t). The component behaviour COMPS is described
by the differential equations in the case of tanks and by
assuming no further properties for the valves, resulting
in input(valvei) = output(valvei).SD is given in two
parts. For normal operation this is the incidence matrix B, a
predicate logic description of the inputs and outputs of the
system, and a fault model. For the given demonstration use
case it suffices to specify a weak-fault model (WFM). A
WFM to model the fault modes of the tanks can be specified
as
σT,i :HT ,i → ¬o(i)∧ ¬l(i)(16)
For valves the statement is specified as
σP,i :HP,i (f lowl
iflowi)(f lowu
iflowi)(17)
In this case the health variables Hdo not describe a proba-
bility for the component being faulty, but are instead binary.
The terms σt,i and σp,i can be written as a vector
C= [σT,0. . . σT,3σP,0. . . σP,6]T
If Cis semantically interpreted through an SMT solver C=
I(C), we obtain the diagnosis vector
C= [c0c1. . . c10]T
with ci∈ {⊤,⊥}. This vector shows for each component
whether it is faulty or not, given the current observations
from the sensors.
The numerical information for the statements σT,i and σP ,i
is obtained from the state space model. Within the state-
ments the state vector x(t)represents the water level hiand
the input vector u(t)represents the flow values flowi. By
interpreting the statements it is possible to translate the sub-
symbolic, numerical data within the state-space model into
symbolic information used for diagnosis through the vector
C
Equation 9 shows the propagations of the state vector
through time. For each new time step the statements 16
and 17 have to be reformulated. To capture this time-related
behaviour we adopt the notation of Grastien [12]and state
that varname@tstands for the variable varname at time
t, where tN0. From this, we can state the value for each
variable at each observed time step. When the observations
are only carried out while the system is in normal operation
it is possible to create a logical representation of all obser-
vations so far:
t
σT,i @t
t
σP,i@t
which describes the logical conjunction of all σT,i and σP ,i
over all time steps. Adding the statements in each time
step to the knowledge base as described by Grastien will
increase the required space linearly and still take exponen-
tial time to check the consistency. Especially in large in-
dustrial plants where observations run for months with in-
dividual observations being performed at second intervals,
a linearly growing knowledge base is infeasible. For exam-
ple, when observing 200 signals with a sampling rate of one
second a knowledge base would grow by 17,280,000 data
points per day. Therefore, in this work we will focus only
on the observations in the current time step. This keeps the
knowledge base size constant and adds no additional com-
putational complexity. More observations can bring a higher
precision in locating a fault. In this case, the number of ob-
servations can be increased by some constant factor, taking
for example always the last three observations into account.
A hybrid system can be represented through a directed-
acyclic graph (DAG) showing the connections and causal
relationships between components. Depending on the loca-
tion of the component within the graph a fault in one com-
ponent may cause several other components to fail as well.
In the demonstration use case, for example, if valve p0fails,
all the other valves and the tanks will also exhibit anoma-
lous behaviour. The goal in diagnosis is therefore to find
the smallest amount of components which would explain a
fault. This search for minimum cardinality diagnoses can
be done with Reiter’s diagnosis lattice. First, a power set
P=P(COMPS) is constructed. This contains all sets of
sets of components. From this the diagnosis lattice can be
created. On the bottom is the empty set which denotes no
faulty components. In the row above are all sets that con-
tain exactly one component. In the row above that are sets
that contain exactly two components and so forth. Each
observation of the sensors within the system leads to a re-
computation of the set of possible faulty components C. By
computing the hitting sets of all these observations it is pos-
sible to close in on the faulty components. In the diagnosis
lattice this is done by searching the lattice bottom-up and
refuting all branches which include a component that can be
proven to be healthy through observations. Once the lattice
has been searched the solutions with the minimum number
of components are the minimum cardinality diagnoses ω.
Once the diagnosis framework has been set up three possible
usages can be identified: fully-observable, semi-observable,
and non-observable. In the first type of usage the diagnoser
can observe every property of the physical system, except
the water level described by the state vector x(t). In the sec-
ond type of usage, only a subset of sensors are accessible to
the diagnoser. Thus, some values need to be approximated.
In the third type of usage only the primary inputs and pri-
mary outputs can be observed, while all other values need to
be inferred. The following three sub-sections describe these
types of usage in detail.
5 Observability
In this paper we will focus on diagnosis of fully-observable
systems. This simplifying use case makes it easier to de-
scribe the methods, while the extension to semi-observable
systems, and non-observable systems is reserved for future
work. However, this section gives some ideas on how to ex-
tend the developed methodology to include semi- and non-
observable systems.
Fully-observable system
In full-observable systems we assume that each component
can be observed. For the demonstration use case this means
that we can measure the water flow through each valve
at each point in time. This is also a realistic assumption
for many smaller scale application and most demonstration
plants which are built with observability in mind. Older and
more complex industrial plants, however, contain more of-
ten component whose parameters can not be observed.
Semi-observable system
In the case that the system is semi-observable, not all com-
ponents’ behaviour can be observed with sensors. This is the
case in most real-world industrial plants where its either too
expensive to add sensors for every machine parameter or it
is infeasible due to physical constraints or historical reasons.
A diagnostic system which cannot observe every parameter
has to work with partial information. If necessary the miss-
ing values need to be estimated. In the case boolean circuits
this can be done straightforward. For every component in a
boolean circuit the behaviour model is known. Further, the
system description SD is known. If only parts of the com-
ponents can be observed a diagnostic reasoning system can
infer the missing values.
In hybrid, physical systems inferring values is more dif-
ficult. Some real-world components may behave non-
linearly, stochastically, or very unpredictable. Further, sig-
nal propagation may not be instantaneous as in boolean cir-
cuits, but a change in one parameter may only be notice-
able some time later. This is the case, for example, in bio-
reactors. If the temperature in a reactor changes, the sub-
stance may only exhibit a change in an observable property
some time later.
In the demonstration use case the tanks are modelled
through differential equations and the valves have the
throughput that is maximally allowed by the outflow of a
tank. Thus, even if not all sensors can be observed it is still
possible to infer missing values.
Non-observable system
In non-observable systems only the primary inputs and out-
puts are observable. A diagnostic system needs to measure
the primary input signals, the primary output signals and
combine these with the model SD and COMPS of the hy-
brid system. To perform diagnosis, every intermediate value
must be assumed by propagating the primary input values
through the system. This approach is the most computing
intensive, since assumable values need to be computed in se-
quence. Diagnosis is performed by comparing the expected
primary output values with the observed primary output val-
ues and then going through the circuit back-to-front to find
diagnosis candidates.
6 Experiments
To show that the developed diagnostic methodology works
as intended 16 experiments with the simulation of the
demonstration use case were carried out. These are divided
into two sets. In the first set the primary input to the demon-
stration use case was a constant stream of water. We expect
in this case that during normal operation the water level in
the tanks will reach a constant height and remain there until
a fault occurs. In the second set of experiments the primary
input was changed to a sinusoidal water stream. For this we
used the function
in(t) = {O+αsin(2t)if tT π
0else (18)
Equation 18 shows the form of the sinusoidal wave with pe-
riod T. We use an offset Cto ensure a constant basic input
stream into tank 1. The gain factor Aadjusts the period such
that we achieve variability within the tank water levels, but
without triggering and under- or overflow. Further, we use
a piecewise function to cut off the negative half-wave of the
sinusoidal input wave for convenience and ease of interpre-
tation.
For both sets of experiments the normal operating condition,
five cases of single-faults, and two cases of double-faults
were simulated. For each experiment 300 time steps were
carried out, with the respective faults being injected at time
step 100 and being removed at time step 200.
We split the developed method into two parts. Part one is
the quantitative simulation of the demonstration use case
described in section 2. Part two is the diagnosis algorithm
consisting of the state-space model, the SMT logic, and the
diagnosis lattice. Both parts have been written in Python
3.4.5. The quantitative simulation provides the user with
functionalities to inject faults and generate normal process
data. The location and number faults can be specified as
well as the type of input (for example, if the water inflow
is constant or sinusoidal). The output of the simulation is a
.csv file which contains all process data as well as the diag-
nostic information. This method was chosen to be close to
real industrial use cases.
SD is modelled through predicate logic. In the fully-
observable case for the demonstration use case it suffices to
explicitly model the connections between components, in-
puts, and outputs. Therefore, only three functions are used
for the predicate logic: The function component(c)with
arity 1, and the function input(i, c)and output(o, c)with
arity 2. These model the names of components in the sys-
tem and the number and names of their inputs and outputs.
In addition the relation connects(ci, cj)specifies which in-
put is connected to which output. For the present use case
the constants source and sink are used to denote primary
inputs and primary outputs, respectively. With this logic it
is possible to describe the connections between components
in the form:
component(t0)
. . .
component(p6)
input(t0.i0, t0)
. . .
output(p6.o0, p6)
connects(source, p0.i0)
. . .
connects(t3.o0, p6.i0)
connects(p6.o0, sink)
7 Results
Table 2 shows the experiments for constant and sinusoidal
input streams, the injected fault and whether or not the fault
was detected. An xin the column detected denotes that the
injected fault was among the result set of the diagnosis algo-
rithm. This means the algorithm is complete. An xdenotes
that only the injected fault was detected, which corresponds
to soundness of the algorithm. It must be noted here, how-
ever, that finding only the injected faults depends heavily on
the granularity of the underlying data source. For example,
Constant Sinusoidal
Index # Faults Detected # Faults Detected
0p0x* p0x*
1p3x* p3x*
2p5x* p5x*
3p6x* p6x*
4p1, p3x* p1, p3x*
5p4, p5x* p4, p5x*
Table 2: Recognized faults for experiments with constant
input stream or sinosoidal input stream at time-step 100
Constant Sinusoidal
Index # Faults Detected # Faults Detected
0p0x (11) p0x (11)
1p3x (3) p3x (3)
2p5x (3) p5x (3)
3p6x (3) p6x (3)
4p1, p3x (5) p1, p3x (7)
5p4, p5x (6) p4, p5x (6)
Table 3: Recognized faults for experiments with constant
input stream or sinosoidal input stream at time-step 199
if valve 5 stops working its flow would almost immediately
go to 0. The sampling frequency is high enough to detect
this decrease in the flow rate early enough that the water
level in the tanks is not yet significantly affected. However,
in large industrial plants sampling rates are often far lower.
A faulty component might then only be recognised once its
effects have propagated into other observations from other
components. Further, in the semi- and non-observable cases
not every status of every component is known. In this case,
too, the set of possible faulty components will grow in size.
As the criterion in table 2 we evaluated the output of the di-
agnosis algorithm in the time step 101 which was directly
after the fault had been injected. It is evident that due to
the SMT logic statement in equation 17 every unexpected
change in the throughput of a valve would be immediately
detected.
However, table 3 shows the results when the output of the
diagnosis algorithm was evaluated directly before removing
a fault at time-step 199. The number in brackets denotes the
size of the minimum-cardinality set, while xstill denotes
whether or not the fault was within the result set. As was
the case in table 2, all faults were detected, though the re-
sults set also contained components which were not faulty.
Figure 2 shows the development of the water level in tank
3 for the experiment with a constant water input and the
fault being injected at valve p5. In this case, the flow from
tank 2 into tank 3 is blocked. In the figure the grey line
represents normal working behaviour and the black line ab-
normal working behaviour. The shaded area indicates the
time during which p5is simulated to be faulty. From time-
step 0 until 100 it is evident that the water level in tank 3 is
the same in both conditions. The tank was initialised with
a water level of 7m, which first drains as not enough water
is flowing into the tank. Then, once tanks 0, 1, and 2 have
reached their normal operating conditions tank 3 stabilises.
Once the fault is injected the water level in tank 3 becomes
unsteady. This results from the implementation of the model
which only models tank levels until they reach their upper
limit. Thus, with p5being disabled tank 2 begins to over-
flow. This in turn redistributes the water pressures in all the
other tanks. Once the fault is removed, however, all flows
reach their maximum level and the water level in tank 3 in-
creases.
Figure 2: Development of the water level in tank 3 over
time in normal conditions (grey) and with a fault in valve 5
(black)
8 Conclusion
This paper shows for the limited domain of a fully-
observable, hybrid, dynamic industrial production system
that we can model its behaviour with state-space equations
and then translate it into satisfiability modulo theory and
perform diagnosis. So far, operators in the process industry
rely only on fault identification techniques such as support-
vector machines, artificial neural networks, Bayesian ap-
proaches etc. In this work we present an approach which can
be used to also bring fault isolation into cyber-physical pro-
duction systems. Given a suitable model of the production
system the presented method is able to capture behaviour
over time while preserving the ability to directly react to
faults. With a suitably chosen data sampling frequency the
potentially huge knowledge-base proposed by Grastien [8]
can be avoided.
For future work we will show how to extend this approach to
deal with semi- and non-observable systems. For these we
need better models of single components by, for example,
creating assumables with the help of differential equations
specified in SMT logic.
Another direction for further research is the automatic gen-
eration and learning of system models. Nowadays, models
of systems need to be created manually which is not gener-
alizable and time consuming. The state-space equations and
their translations into logic are simple and can be specified
algorithmically. Therefore, an attempt should be made to
at least semi-automatically learn parts of these models from
descriptions of meta-data.
References
[1]Rolf Isermann and Peter Balle. Trends in the appli-
cation of model-based fault detection and diagnosis
of technical processes. Control engineering practice,
5(5):709–719, 1997.
[2]Marta Fullen, Peter Schüller, and Oliver Niggemann.
Defining and validating similarity measures for indus-
trial alarm flood analysis. In Industrial Informatics
(INDIN), 2017 IEEE 15th International Conference
on, pages 781–786. IEEE, 2017.
[3]Raymond Reiter. A theory of diagnosis from first prin-
ciples. Artificial intelligence, 32(1):57–95, 1987.
[4]Elke Laubwald. Coupled tanks systems 1. control-
systems-principles. co. uk, 2015.
[5]Peter Struss. Fundamentals of model-based diagno-
sis of dynamic systems. In IJCAI (1), pages 480–485,
1997.
[6]Feng Lin. Diagnosability of discrete event systems
and its applications. Discrete Event Dynamic Systems,
4(2):197–212, 1994.
[7]Matthew J Daigle, Indranil Roychoudhury, Gautam
Biswas, Xenofon D Koutsoukos, Ann Patterson-Hine,
and Scott Poll. A comprehensive diagnosis method-
ology for complex hybrid systems: A case study on
spacecraft power distribution systems. IEEE Transac-
tions on Systems, Man, and Cybernetics-Part A: Sys-
tems and Humans, 40(5):917–931, 2010.
[8]Alban Grastien, Patrik Haslum, Sylvie Thiébaux, et al.
Conflict-based diagnosis of discrete event systems:
Theory and practice. In KR, 2012.
[9]Indranil Roychoudhury, Matthew J Daigle, Gautam
Biswas, and Xenofon Koutsoukos. Efficient simula-
tion of hybrid systems: A hybrid bond graph approach.
Simulation, 87(6):467–498, 2011.
[10]Sriram Narasimhan and Gautam Biswas. Model-based
diagnosis of hybrid systems. IEEE Transactions on
systems, man, and cybernetics-Part A: Systems and hu-
mans, 37(3):348–361, 2007.
[11]Om Prakash and AK Samantaray. Model-based diag-
nosis and prognosis of hybrid dynamical systems with
dynamically updated parameters. In Bond Graphs for
Modelling, Control and Fault Diagnosis of Engineer-
ing Systems, pages 195–232. Springer, 2017.
[12]Alban Grastien. Diagnosis of hybrid systems by con-
sistency testing. In 24th International Workshop on
Principles of Diagnosis (DX-13), pages 9–14. Cite-
seer, 2013.
[13]Martin Fränzle, Holger Hermanns, and Tino Teige.
Stochastic satisfiability modulo theory: A novel tech-
nique for the analysis of probabilistic hybrid systems.
In International Workshop on Hybrid Systems: Com-
putation and Control, pages 172–186. Springer, 2008.
[14]Hamed Khorasgani and Gautam Biswas. Structural
fault detection and isolation in hybrid systems. IEEE
Transactions on Automation Science and Engineering,
2017.
... Similar to Weber [4] we use the Bayesian inference algorithm to learn new knowledge and output diagnosis hypotheses. We then provide an optional step that if multiple observations exist we apply a consistency-based diagnosis algorithm [19] to get minimal diagnoses. The methodology to find minimum cardinality diagnoses is similar to De Kleer et al. [20], Reiter [21], or Stern et al. [22]. ...
... All these observations are added to a propositional logic knowledge base and fused with a propositional logic model indicating the connections within the system. The knowledge base is then evaluated with a SAT-solver, whose minimum unsatisfiable core is the minimal cardinality diagnosis (the diagnosis with the least amount of components) [19], [1]. ...
Conference Paper
Full-text available
Service technicians serving machines in small- and medium sized enterprises face the challenge to diagnose machines with increasing complexity in less time. To help them cope with the task of diagnosis (i.e. finding faults) this article introduces a novel fault diagnosis algorithm, and a web-based implementation for industrial fault diagnosis. When a fault occurs the diagnosis algorithm proposes observations for the service technicians and generates likely causes according to the observations taken. This helps technicians to find faults faster, facilitates management of expert knowledge, and ultimately decreases system downtime. We have evaluated our approach with a Monte Carlo simulation of an industrial packaging machine and through the implementation of some prototype software. Both evaluations show that our approach is usable for realworld service technicians and operators of production machinery.
... We will use the four-tank system (Diedrich & Niggemann, 2018) depicted in figure 1 as a running example. The figure shows four tanks connected though pipes and valves. ...
... System 1 is an injection molding machine. System 2 is a simulation of a four-tank system, which has extensively been used in consistency-based diagnosis research (Diedrich & Niggemann, 2018;Diedrich, Maier, & Niggemann, 2019). System 3 is a compounding process for rubber pre-products. ...
Article
Full-text available
This article presents a novel approach to diagnose faults in injection molding machines. A novel data-driven approach is presented to learn an approximation of dependencies between variables using Spearman correlation. It is further shown, how the approximation of the dependencies are used to create propositional logic rules for fault diagnosis. The article presents two novel algorithms: 1) to estimate dependencies from process data and 2) to create propositional logic diagnosis rules from those connections and perform consistency-based fault diagnosis. The presented approach was validated using three experiments. The first two show that the presented approach works well for injection molding machines and a simulation of a four-tank system. The limits of the presented method are shown with the third experiment containing sets of highly correlated signals.
... We will use the four-tank system (Diedrich & Niggemann, 2018) depicted in figure 1 as a running example. The figure shows four tanks connected though pipes and valves. ...
... System 1 is an injection molding machine. System 2 is a simulation of a four-tank system, which has extensively been used in consistency-based diagnosis research (Diedrich & Niggemann, 2018;Diedrich, Maier, & Niggemann, 2019). System 3 is a compounding process for rubber pre-products. ...
Conference Paper
Full-text available
This article presents a novel approach to diagnose faults in production machinery. A novel data-driven approach is presented to learn an approximation of dependencies between variables using Spearman correlation. It is further shown, how the approximation of the dependencies are used to create propositional logic rules for fault diagnosis. The article presents two novel algorithms: 1) to estimate dependencies from process data and 2) to create propositional logic diagnosis rules from those connections and perform consistency-based fault diagnosis. The presented approach was validated using three experiments. The first two show that the presented approach works well for injection molding machines and a simulation of a four-tank system. The limits of the presented method are shown with the third experiment containing sets of highly correlated signals.
... With a common methodology for physical systems, each of these algorithms can be used for any kind of system, relying on the developed theory of fault propagation. RQ 2 -Extension of Consistency-based Diagnosis: Previous works [9,4] have shown that consistency-based diagnosis is well suited for production systems-mainly since their root cause→symptom models resemble typical physical models and are supported by available data. ...
Article
In this article we describe a novel diagnosis methodology for physical systems such as industrial production systems. The article consists of two parts: Part one analyzes the differences between using sensor values and using residual values for fault diagnosis. Residual values denote the health of a component by comparing sensor values to a predefined model of normal behaviour. We further analyse how faults propagate through components of a physical system and argue for the use of residual values for diagnosing physical systems. In part two we extend the theory of established consistency-based diagnosis algorithms to use residual values. We also illustrate how users of the presented diagnosis methodology are free to substitute the residual generating equations and the diagnosis algorithm to suit their specific needs. For diagnosis, we present the algorithm HySD, based on Satisfiability Modulo Linear Arithmetic. We present an implementation of HySD using threshold values and a symbolic diagnosis approach. However, the approach is also suitable to integrate modern machine learning methods for anomaly detection and combine them with a multitude of diagnosis approaches. Through experiments on the process-industry benchmark Tennessee Eastman Process and another benchmark consisting of multiple tank systems we show the feasibility of our approach. Overall we show how our novel diagnosis approach offers a practical methodology that allows industry to advance from current state of the art anomaly detection to automated fault diagnosis. Keywords: Diagnosis; Fault detection and isolation; Qualitative physics; Satisfiability
Article
In this article we describe a novel diagnosis methodology for physical systems such as industrial production systems. The article consists of two parts: Part one analyzes the differences between using sensor values and using residual values for fault diagnosis. Residual values denote the health of a component by comparing sensor values to a predefined model of normal behaviour. We further analyse how faults propagate through components of a physical system and argue for the use of residual values for diagnosing physical systems. In part two we extend the theory of established consistency-based diagnosis algorithms to use residual values. We also illustrate how users of the presented diagnosis methodology are free to substitute the residual generating equations and the diagnosis algorithm to suit their specific needs. For diagnosis, we present the algorithm HySD, based on Satisfiability Modulo Linear Arithmetic. We present an implementation of HySD using threshold values and a symbolic diagnosis approach. However, the approach is also suitable to integrate modern machine learning methods for anomaly detection and combine them with a multitude of diagnosis approaches. Through experiments on the process-industry benchmark Tennessee Eastman Process and another benchmark consisting of multiple tank systems we show the feasibility of our approach. Overall we show how our novel diagnosis approach offers a practical methodology that allows industry to advance from current state of the art anomaly detection to automated fault diagnosis.
Chapter
Research on cyber-physical systems has gained importance and we see an increasing number of applications ranging from ordinary cars to autonomous systems. The latter are of increasing interest requiring additional functionality like self-healing capabilities for improving availability. For autonomous systems, it is not only important to detect failures during operation, but also to come up with their causes. In this paper, we contribute to the foundations of diagnosis. We introduce a method for modeling cyber-physical systems considering behavior over time, in order to make use of model-based reasoning for computing diagnosis candidates. In particular, we discuss a thermal model coupled with a controller for keeping temperature within pre-defined values and show how this contributes to the computation of diagnoses given an unexpected behavior. The discussed modeling principles can be used as a blueprint for similar systems where controllers are coupled with a physical system. Diagnosis results obtained when using the thermal model and the observed diagnosis time, which was a fraction of a second, seem to indicate the applicability of the presented approach for industrial applications.
Chapter
This paper uses a new convolutional neural network framework to collect data on leading indicators including historical prices and their futures and options, and use arrays as the input map of the CNN framework for stock prices trend prediction. Experiments are then conducted by the stock markets of the United States and Taiwan using historical data, futures and options as data sets to predict the stock prices. After that, genetic algorithm is then utilized to find trading signals. Results showed that the designed model achieves good return of the investments.
Article
Full-text available
This paper develops a structural diagnosis approach for fault detection and isolation in hybrid systems. Hybrid systems are characterized by continuous behaviors that are interspersed with discrete mode changes in the system, making the analysis of behaviors quite complex. In this paper, we address the mode detection problem in hybrid systems as the first step in diagnoser design. The proposed method uses analytic redundancy methods to detect the operating mode of the system even in the presence of system faults. We define hybrid minimal structurally overdetermined (HMSO) sets for hybrid systems. For residual generation, we develop the HMSO selection problem, formulated as a binary integer linear programming optimization problem to minimize the number of selected HMSOs and reduce online computational costs of the diagnosis algorithm. The proposed structural approach does not require preenumeration of all possible modes in the diagnoser design step. Therefore, our approach is feasible for hybrid systems with a large number of switching elements, implying that the system can have a large number of operating modes. The case study demonstrates the effectiveness of our approach. We discuss the results of our case study, and present directions for future work.
Chapter
Full-text available
This chapter presents an integrated approach to model-based diagnosis and prognosis for hybrid dynamical system with sequential multiple fault of unknown nature or type. Bond graph modelling is used as a common framework for system modelling, virtual prototyping, fault diagnosis rule development, parameter and system identification, and remaining useful life (RUL) estimation. In a hybrid dynamical system, faulty discrete events may occur in addition to parametric faults of unknown natures/types. The procedure developed in this chapter can detect and isolate sequential multiple faults of different types, i.e., discrete mode faults, abrupt and progressive parametric faults; and also predict the RUL if the isolated fault is of progressive type. Residual sensitivity signature with the global fault sensitivity signature matrix (GFSSM) and mode change sensitivity signature matrix (MCSSM) is used to determine a smaller set of possible fault candidates after detection of a fault. It is shown that use of fault direction information from GFSSM and MCSSM improves the fault isolation process for discrete or parametric fault and also improves the parameter estimation process and RUL estimation. The proposed method is tested on a benchmark two-tank hybrid system model through simulation and is further validated with real experimental data collected from a reduced-scale equivalent hybrid electrical/electronic circuit model of the considered two-tank system.
Article
Full-text available
We present a conflict-based approach to diagnosing Discrete Event Systems (DES) which generalises Reiter's Diagnose al-gorithm to a much broader class of problems. This approach obviates the need to explicitly reconstruct the system's be-haviors that are consistent with the observation, as is typi-cal of existing DES diagnosis algorithms. Instead, our al-gorithm explores the space of diagnosis hypotheses, testing hypotheses for consistency, and generating conflicts which rule out successors and other portions of the search space. Under relatively mild assumptions, our algorithm correctly computes the set of preferred diagnosis candidates. We in-vestigate efficient symbolic representations of the hypotheses space and provide a SAT-based implementation of this frame-work which is used to address a real-world problem in pro-cessing alarms for a power transmission system.
Technical Report
Full-text available
The application of model-based diagnosis schemes to real systems introduces many significant challenges, such as building accurate system models for heterogeneous systems with complex behaviors, dealing with noisy measurements and disturbances during system operation, and producing valuable results in a timely manner with limited information and computational resources. The Advanced Diagnostics and Prognostics Testbed (ADAPT), deployed at NASA Ames Research Center, is a representative spacecraft electrical power distribution system that embodies a number of these challenges for developing realistic diagnosis and prognosis algorithms. ADAPT contains a large number of interconnected components, along with a number of circuit breakers and relays that enable a number of different power distribution configurations. The system includes electrical dc and ac loads, mechanical subsystems, such as motors, and fluid systems, such as pumps. The system components are susceptible to different types of faults that include unexpected changes in parameter values, discrete faults in switching elements, and sensor faults. This paper presents Hybrid TRANSCEND, a comprehensive model-based diagnosis scheme to address these challenges. The scheme uses the hybrid bond graph modeling language to systematically develop computational models and algorithms for hybrid state estimation, robust fault detection, and efficient fault isolation. The computational methods are implemented as a suite of software tools that enables analysis and testing through simulation, diagnosability studies, and deployment on the experimental testbed. Simulation and experimental results demonstrate the effectiveness of this methodology in efficient diagnosis of heterogeneous components for an embedded system.
Conference Paper
Full-text available
The analysis of hybrid systems exhibiting probabilistic be- haviour is notoriously difficult. To enable mechanised analysis of such sys- tems, we extend the reasoning power of arithmetic satisfiability-modulo- theory solving (SMT) by a comprehensive treatment of randomized (a.k.a. stochastic) quantification over discrete variables within the mixed Boolean- arithmetic constraint system. This provides the technological basis for a fully symbolic analysis of probabilistic hybrid automata. Generalizing SMT-based bounded model-checking of hybrid automata (2,11), stochas- tic SMT permits the direct and fully symbolic analysis of probabilistic bounded reachability problems of probabilistic hybrid automata without resorting to approximation by intermediate finite-state abstractions.
Article
After a short view on the historical development of model-based fault detection some proposals for the terminology in the field of supervision, fault detection and diagnosis are stated based on the work within the IFAC Technical Committee SAFEPROCESS. Some basic fault detection and diagnosis methods are briefly considered. Then, an evaluation of publications during the last 5 years shows some trends in the application of model-based fault detection and diagnosis methods.
Article
As man-made systems become more and more complex, diagnostics of component failures is no longer an easy task that can be performed based on experience and intuition. Therefore, it is important to develop a systematic approach to diagnostic problems. Diagnostics can be done either on-line or off-line. By on-line diagnostics, we mean diagnostics performed while the system to be diagnosed is in normal operation. On the other hand, in off-line diagnostics, the system is not in normal operation. We will study both on-line and off-line diagnostics in this paper and identify main features and differences of these two types of diagnostics. We will also introduce the concept of diagnosability and study its properties, all in the framework of discrete event systems. This study is motivated by diagnostic problems in the automotive industry and we will emphasize its applications.
Article
Suppose one is given a description of a system, together with an observation of the system's behaviour which conflicts with the way the system is meant to behave. The diagnostic problem is to determine those components of the system which, when assumed to be functioning abnormally, will explain the discrepancy between the observed and correct system behaviour.We propose a general theory for this problem. The theory requires only that the system be described in a suitable logic. Moreover, there are many such suitable logics, e.g. first-order, temporal, dynamic, etc. As a result, the theory accommodates diagnostic reasoning in a wide variety of practical settings, including digital and analogue circuits, medicine, and database updates. The theory leads to an algorithm for computing all diagnoses, and to various results concerning principles of measurement for discriminating among competing diagnoses. Finally, the theory reveals close connections between diagnostic reasoning and nonmonotonic reasoning.