Outline 1. Introduction to fault diagnosis of DES 2. Seminal work - - PowerPoint PPT Presentation

1

Janan Zaytoon

University of Reims Champagne Ardenne, France

Janan.zaytoon@univ-reims.fr

On Fault Diagnosis Methods of

Discrete Event Systems

2

1. Introduction to fault diagnosis of DES 2. Seminal work of Sampath-Sengupta-Lafortune-Sinnamohideen- Teneketzis 3. Classification of diagnosis methods with respect to: Fault compilation, modeling tools, fault representation, decision structure and architecture 4. Related and induced problems Fault prediction, design problems, sensor selection & reliability, robust diagnosis, active diagnosis, fault-tolerant control 5. Contribution of our research team 6. Conclusion

Outline

3

1. Introduction to fault diagnosis of DES 2. Seminal work of Sampath et al. 3. Classification of diagnosis methods with respect to:

Fault compilation, modeling tools, fault representation, decision structure and architecture

4. Related and induced problems

Fault prediction, design problems, sensor selection and reliability, robust diagnosis, active diagnosis, fault-tolerant control

5. Contribution of our research team 6. Conclusion

Outline

4

 Fault causes a non desired deviation of a system or one

• f its components from its normal or intended behavior
• Fault : Tolerant deviation of system performance
• Failure : Critical deviation (breakdown)

 Fault diagnosis has two tasks

• Fault detection: confirms whether a system works in normal

conditions or a fault has occurred

• Fault isolation: localizes responsible element(s) and fault

nature (criticality, size, importance, ...)

Modeling for fault diagnosis

5

Modeling for fault diagnosis

Normal behavior model

GN

Diagnostic result (N, Fi),

{1,..., } i d ∈

System Real input u Real output y Predicted

• utput y

+

• Faults f

GF1 GFd

Faulty behaviors models Fault detection Fault isolation

 Faults are considered as an additional input for the system modeling  Faults are usualy partitioned into set of fault partitions, each associated with a fault model and fault label Fi

6

 With respect to their dynamics (time dependency)

• permanent faults (motor failure)
• Incipient faults (drift-like)
• Intermittent faults (bad contact, vibration)

Fault classification

Time Time Time Normal functioning Faulty behavior permanent faults Drift-like faults Intermittent faults

 With respect to the related physical elements

• Sensors faults: Discrepancies between measured and real values of system

variables (Sensors offset, Sensors stuck-off/stuck-on)

• Actuators faults: Discrepancies between input commands of actuators and their

real output (Actuators stuck-off/stuck-on)

• Plant faults: Changes in system dynamics (Tanks leakages, corked pipes, …)

7

 Partial observation and observability: Caines et al. 1991; Cieslak et al. 1988; Lin and Wonham 1988; Ramadge 1986

• not directly concerned with the partition of failures and the identification
• f failure types
• (initial) state estimation and supervisory control

 State-based approach to diagnosability (Lin 1994):

• off-line and on-line diagnosis
• computing a sequence of test commands for diagnosing failures

 Sensor optimisation for diagnosis: Bavishi and Chong 1994  Petri net based fault detection:

• monitoring the tokens in P-invariants (Prock 1991)
• backfiring transitions to determine if a given state is invalid (Sreenivas

and Jafari 1993)

Historical Background

8

1. Introduction to fault diagnosis of DES 2. Seminal work of Sampath, Sengupta, Lafortune, Sinnamohideen, Teneketzis (1995) 3. Classification of diagnosis methods with respect to:

Fault compilation, modeling tools, fault representation, decision structure and architecture

4. Related and induced problems

Fault prediction, design problems, sensor selection and reliability, robust diagnosis, active diagnosis, fault-tolerant control

5. Contribution of our research team 6. Conclusion

Outline

9

Automata modeling for fault diagnosis

Some of the events are unobservable (no sensors)!!

10

Dealing with unobservable events

 What are the faults that explain the observations?

 build a state observer (deterministic automaton) staring from the

• riginal automaton:

Transitions are due to observable events A state is an estimation of the state of the original model Observer size is exponential in the size of the model

a a 5 4 b 2 f uo

1

3 a b {1,3} {2,4,5} {4,5} {3} a a a a b b 2 consecutive a is a symptom

• f f

a

Diagosability of a fault

s f t

Sampath, Sengupta, Lafortune, Sinnamohideen, Teneketzis (1995)  A fault is (n-)diagnosable if it can be detected with certainty within a finite number of (n) observable events after its occurrence  A fault f is diagnosable if: for every trace s ending with f, there exists a sufficiently long continuation t such that: … any other trace indistinguishable from st (producing the same record

• f observable events) contains f (are also faulty)

11

12

Diagnoser

 Refine the observer: add labels F (f occurred) and N (f didn’t occur)  Diagnoser: FSM based on off-line compilation of observed trajectories:

• can be used off-line or on-the-fly

 F-indeterminate cycle in diagnoser: presence of 2 cycled traces with the same observable projection, such that F occurs in the 1st trace but not in the 2nd

• Condition for diagnosability: no indeterminate cycles in the diagnoser for

all fault types

a a 5 4 b 2 f uo

1

3 a b a a a b b {1N} {2N,4F} {1N,3F} {4F,5F} {3F} Indeterminate cycle: f is not diagnosable! a a F-certain state ambiguous state

13

 General hypothesis: system is live, no cycle of unobservable events

 A diagnoser is an ideal and efficient machine: having a diagnoser implies

• a complete characterization of the diagnosis problem: every state of the

diagnoser is a possible diagnosis & every possible diagnosis is a state of the diagnoser

• an efficient diagnosis algorithm : updating the diagnosis after a new observation
• nly requires the firing of a transition

 But having a diagnoser is an utopia: constructing a diagnoser implies

• availability of an exhaustif and correct fault model
• complex calculations and state explosion: Worst case diagnoser size = 2X x 2F
• example: a system with 4 components, 10 states per component, 5 faults:

worst case size of diagnoser =1010000 ! (number of atoms in the universe: 1080)

 Twins machine (Jiang et al. 2001; Yoo-Lafortune 2002):

• polynomial test for diagnosability without constructing a diagnoser: a fault f is

diagnosable if there is no couple of infinite traces having the same observation such that f occurs in the first trace but not in the second

Diagnosability and Diagnosers

14

Roadmap

1995 New Models Diagnoser approach New Properties New Algorithms Efficient solutions On going Slide from A.Paoli, CASY 2007

15

1 to 3 papers/year in JDEDS since 1998 Publications ≈ 20-23%

• f DCDS

papers ≈10-12% of WODES papers

16

1. Introduction to fault diagnosis of DES 2. Seminal work of Sampath et al. 3. Classification of diagnosis methods with respect to:

Fault compilation, modeling tools, fault representation, decision structure and architecture

4. Related and induced problems

Fault prediction, design problems, sensor selection and reliability, robust diagnosis, active diagnosis, fault-tolerant control

5. Contribution of our research team 6. Conclusion

Outline

17

Classification of Diagnosis methods wrt fault compilation

 Off-line compilation of a diagnoser: system in test-bed

• All observations are known in advance
• Efficient in terms of diagnosis response time but computationally

intractable!  On-line computation of the set of faults after each observed event:

system is operational

• Higher on-line computational effort (higher time to do diagnosis), but

gain in memory space because no need to store the complete diagnoser

18

Classification of diagnosis methods wrt the modeling tool

 Diagnoser is built using:

• Automata and their extensions: Sampath et al., 1995; Debouk et

al., 2000; Wang et al., 2007

• Petri nets: Lefebvre-Delherm, 2007; Ramírez-Treviño, 2007;

Genc-Lafortune, 2007; Cabasino et al, 2010; Dotoli et al., 2009; Basile et al., 2008

• Statecharts – hierarchical state machines: Paoli-Lafortune, 2008;

Idghamishi-Zad, 2004

Timed and Probabilistic Automata

 Timed Systems based on special class of timed automata: Chan-Provan, 1997; Tripakis, 2002; Bouyer et al., 2005; Cassez, 2009; Jiang-Kumar, 2006:

• time diagnosability requiring the diagnosability condition to hold after

a bounded time interval, instead of a bounded number of events

• Issues: time semantics (tick event or dense times), diagnosability,

diagnoser construction, complexity, relation with untimed systems, …

 Probabilistic systems and probabilistic diagnosers: Fabre- Jezequel, 10; Thorsley et al., 2008; Wang et al., 2004, Athanasopoulou-Hadjicostis, 2005; Lunze and Schröder, 2001:

• build deterministic FSM that gives the probability distribution on

states and diagnosis values, given any observed sequence

• diagnosability notions for stochastic and probabilistic automata

19

Fault diagnosis of Petri nets (PN)

 Aim:

• use the structure, the mathematical background and the intrinsically

distributed nature of PN, where the notion of state and action is local, to reduce the computational complexity of diagnosis problems and avoid exhaustive enumeration of the system state space

• deal with some classes of infinite state systems
• some diagnosability results within the frame of PN

 Observability of the marking of certain places: Ramirez-Trevino et al., 07; Wu and Hadjicostis, 2005; Ghazel et al., 2005; Hernandez-Flores et al., 2011; Lefebvre and Delherm, 2007; Miyagi and Riascos, 2010; Ushio et al., 1998; Chung, 2005; Wen et al., 2005  Unobservable net markings: Genc and Lafortune, 2007, Benveniste et al., 2003, Cabasino et al., 2011; Haar et al., 2003; Basile et al., 2009; Jiroveanu-Boel 09; Fanti et al., 2011, Dotoli et al., 2008; Fabre et al., 2005

20

Fault diagnosis of PN

 Cabasino et al., 10, 11: Labeled PN

• Given a sequence of observable events, w, characterize minimal

sequences of unobservable events interleaved with w, whose firing explains w (explanations), and characterize the resulting reachable marking subset (basis marking) using linear algebraic constraints

• On-line diagnoser associating a diagnosis state to each observation w and

to each fault class: matrix multiplications & manipulations of integer constraint sets

• Off-line computation of a basis reachability graph for bounded net systems
• Fluidification to extend the class of PN to which the method can be applied

and to exploit the convexity property of fluid PN to improve computational cost of the diagnosis in some cases (Mahulea et al. 2012)  Basile-Chiacchio-De Tommasi 09; Dotoli et al. 09; Fanti et al. 11:

• On-line diagnosis for PN using ILP constraints

21

22

 Roth-Lesage-Litz, 2009:

• identify the fault-free model of the closed-loop manufacturing system
• a fault is detected for any system behavior that is not part of the identified model

 Fault localization: inspired by residual techniques of continuous systems: compare

• bserved & expected

sequences to deliver a small set of (unexpected & missed) fault candidates  Heuristic candidates set reduction algorithm

 Fault diagnosis using fault-free models:

• compare system’s output with the model’s output: a fault is detected if an
• bserved behavior of the system cannot be reproduced by the model
• fault localization is more ambitious because the model doesn’t include faulty

behavior: diagnosability of given faults is not guaranteed

Classification of diagnosis methods wrt fault representation

Diagnosis

23

Diagnosis using models including faulty behavior

 Execution of an event (Sampath et al., 1995)  Reaching a faulty state (Zad-Kwong-Wonham, 2003; Lin, 1994)

• no need to initialize the system and the diagnoser simultaneously: the

diagnoser may be initialized at any time while the system is in operation

 Execution of a supervision pattern: a temporal property related to the

• ccurrence of a set of trajectories/events to diagnose (Jéron et al., 2006)
• generalize the properties to diagnose &

clarify the separation between diagnosis

• bjectives & system specifications
• overcome the difficulty of reusing

existing results: different diagnosability notions, ad hoc algorithms to construct diagnosers & verify diagnosability f2 f2

• ccurrence
• f 2 faults:

f1 & f2

 Provide good results for predictable faults: only faults explicitly considered in the system model can be detected and localized  Require knowledge of faulty system behavior: it is not always realistic to exhaustively foresee all the faults

E - {f1, f2} E E - {f2} E - {f1}

24

Classification wrt the decision structure

 Centralized diagnosis

 Decentralized diagnosis

• Unconditional structure (Wang et al., 07), without coordinator (Lafortune et
• al. 05)
• Conditional structure (Wang et al., 2007)
• Coordinated structure (Debouk et al., 2000, Wang 05)

 Distributed diagnosis (Fabre 02, Pencolé 05, Qiu 05, Su 04)

• Local consistency approaches (Su and Wonham, 2005)
• Global consistency approaches (Su and Wonham, 2005)

Plant Mask Diagnoser

Sequences of observable & unobservable events Sequences of observable events

 Decentralized structure: each site knows the system model, has local observations & exchange limited information with others  Problem: how can the sites jointly discover the occurrence of a fault  Available information: ambiguous, incomplete, delayed, possibly erroneous  requires minimum communication between diagnosers to resolve ambiguity  Debouk-Lafortune-Teneketzis, 2000: 3 protocols using Coordinator with varying but limited memory & processing capabilities

Decentralized architecture – Coordinated diagnosis

System Model

Local Observer Local Diagnoser

Coordinator (memory &

processing constraints)

Site 1

Local Observer Local Diagnoser

Site 2

Communication Constraints

Fault information

 Objective:

• design a set of protocols, analyze their "complexity–performance” tradeoff
• build diagnosers and verify diagnosability

26

System Local site 1 Local site 2 Local

• bservations

Local diagnosis Local diagnosis, globaly consistent

Distributed resolution protocol

Local

• bservations

Local diagnosis Local diagnosis, globaly consistent

 Local diagnosers with communications: communication protocol, delay, losses, order preservation, consistency, conflicts  Lower memory usage, local diagnosis improving scalability and robustness

Subsystem 1 Subsystem 2

Distributed / Modular / Hierarchical Diagnosis

 Different settings and model structures: Contant et al. 06; Ricker- Fabre 00; Su-Wonham 06; Pencolé et al. 06; Zhou et

• al. 08; Grastien-Torta 11

 (too) Many codiagnosability notions & properties defined and analyzed: Qiu-Kumar 06; Sengupta 98; Sengupta-Tripakis 02; Pencolé 04; Wang-Yoo-Lafortune 05, 07

27

1. Introduction to fault diagnosis of DES 2. Seminal work of Sampath et al. 3. Classification of diagnosis methods with respect to:

Fault compilation, modeling tools, fault representation, decision structure and architecture

4. Related and induced problems

Fault prediction, design problems, sensor selection and reliability, robust diagnosis, active diagnosis, fault-tolerant control

5. Contribution of our research team 6. Conclusion

Outline

Predicting Faults

 Predict a fault before its occurrence based on the string of observable events to initiate corrective actions in advance (Genc-Lafortune, 06; Jiang-Kumar, 04; Jéron et al., 2008, Kumar-Takai, 2008)

• definition and polynomial verification of predictability
• construction of on-line predictors, and decentralized predictors

t ∈ L(Ω, FΩ), t < s Observations Compatible trajectories P(.) u ∈ [P(t)] s ∈ L(Ω, FΩ)

 A fault is predictable if it possess a non-faulty prefix such that any indistinguishable trace will inevitably lead to the fault within a bounded number of steps

v ∈ L(G)/u n steps

28

Design I ssues: Sensor Selection and Dynamic Activation

 One way to ensure diagnosability and build diagnosable systems, is to

change the observability set by equipping the system with an appropriate set

• f sensors:
• Which sensors to use? How many of them? Where to place them?
• Motivation: economic and energy considerations (cost of measures, sensor

availability & their span time, battery power, security concerns…)

• Select: a minimal subset of sensors (Debouk et al. 02; Yoo-Lafortune 02;

Jiang et al. 03), a least expensive set of sensors (Ribot et al. 08), an optimal sensor configuration to balance the cost-performance tradeoffs (Lin et al. 10, 12)

 Dynamic activation and deactivation of sensors: dynamically changing the set of events to observe: Thorsley-Teneketzis 07; Cassez-Tripakis 08; Wang et al. 11; Dallal-Lafortune 10; Shu et al., 10

• in communication networks, sensors are not purchased for the whole duration
• f the process and a small cost is incurred every time the sensor is used
• which sensors to activate (which information is really needed) after the
• ccurrence of a trace of events?
• Issues: diagnosability, minimal policy, minimize cost & commutation frequency

Sensor Reliability (Thorsley-Yoo-Garcia, 2008)

 Motivation: sensors reading observable events are not perfectly reliable

• misclassification: a sensor reports an incorrect reading
• misdetection: a sensor does not make a reading when event occurs

 Given a sequence of observations, use Markov chain construction to generate

a stochastic diagnoser to determine the probability that a fault has occurred

30

Sensor output automaton

1 2 3 (u,.5) (f,.5) (a,.9) (b,.1) (a,1) (b,1)

Stochastic

automaton

Stochastic diagnoser

Robust diagnosis: diagnosable system despite sesors failure

 Rohloff 2005: Robust controller synthesis when the system is subject to sensor failure – uncertainties in the observable events  Lima et al. 10; Basilio-Lafortune 09; Basilio et al. 12; Carvalho et al. 12: deploy the redundancy within the subset of observable events that guarantee diagnosability to verify diagnosability and design a robust diagnoser despite sensor failure:

• run a set of partial diagnosers in parallel, each designed to work correctly

under certain combination of sensor failures

• guarantee that at least one diagnoser will issue the correct diagnostic decision

about unobservable faults and identify this diagnoser

 Uncertainties in the system model (Takai , 2010, 2012): system given by a set of models (multiple configurations) over a common event set:

• Robust diagnosability: conditions for the existence of a single diagnoser that

detects faults in any possible model within a bounded number of steps

31

32

Active Diagnosis and Fault Tolerant Control

 Integrated approach to fault diagnosis and supervisory control: design a controller that restricts the behavior of the system in a way that satisfies specified control objectives and results in a diagnosable controlled system (Sampath-Lafortune-Teneketzis, 1998; Pencolé et al. 2006):

• determine the supremal controllable, observable and diagnosable sublanguage
• f a given language (desired behavior) and synthesize the corresponding

controller ensuring diagnosability & a diagnoser for on-line fault dignosis

• design procedure is based on the elimination of the traces that go through

indeterminate cycles in the diagnoser

 Develop a supervisor guaranteeing that every post-fault behavior becomes non-faulty in a bounded number of steps (Wen et al., 2008)  Detect faults & then restrict system’s behavior in such a way that prevents these faults from developing into failures that could cause safety hazards (Paoli-Lafortune, 2005)  Design a parameterized controller to update the control law to faulty behavior on the basis of on-line diagnosis (Paoli-Sartini-Lafortune, 2011)

33

1. Introduction to fault diagnosis of DES 2. Seminal work of Sampath et al. 3. Classification of diagnosis methods with respect to:

Fault compilation, modeling tools, fault representation decision structure and architecture

4. Related and induced problems

Fault prediction, design problems, sensor selection and reliability, robust diagnosis, active diagnosis, fault-tolerant control

5. Contribution of our research team 6. Conclusion

Outline

Requirements for practical applications

 Diagnostic engine must be easy to develop and simple to implement  Diagnosis may need to be achieved with decentralized information  Impossibility to foresee all faults  Need to model drift-type faults in sensors or small changes in dynamics of actuators  Need of expertise and learning methods

34

Boolean DES-based approach

 Philippot et al, 2007; Sayed-Mouchaweh et al., 2008: combination

• f condition templates and (state & event based) diagnoser approaches

for decentralized diagnosis of manufacturing systems

• condition templates (Pandali-Holloway, 2000) monitor the time behavior of

the system & detect the unexpected & missing events within their defined time interval: exploit control loop causality to localize expected consequents of control actions

• state-based diagnosis to avoid the requirement of simultaneous initialization
• f the diagnoser and the model (difficult to achieve in manufacturing systems)
• codiagnosabilty notion, very limited communication between local diagnosers
• library of standard component models

35

 Fault-free models (Sayed-Mouchaweh et al., 09, 12)

36

/E E d q1 /d q0 A B Mstop q0 Mrot q1 A1.B2 B1.B2 + A1.A2 B1.A2 B1.B2 + A1.A2

A.t := ∆ A, Ts->∆ B, Ts->∆ B, t->∆ A, t->∆ B.t := ∆

VIN q1 V-> q*2 VOUT q3 V<- q*4

B A

q0 A.t := ∆ A, Ts->∆ B, Ts->∆ B, t->∆ A, t->∆ B.t := ∆ C C

B A C

Constitution of almost independent plant elements requiring limited communication by composition of their Parts from a Library

Control specifications (GRAFCET) PE1 Equivalent Graph (EG) PEn Controlled Plant Element 1 (CPE1) Controlled Plant Element n (CPEn) (1) Extraction (3) Local composition (2) Language Restriction Restricted EG for PE1 (REGPE1) Restricted EG for PEn (REGPEn)

⇒ Representation of the local desired behaviour: CPEi

Educational manufacturing plateform

37

38

Conveyor 1 Conveyor 2 Conveyor 3

Cylinder 1 Cylinder 2 Cylinder 3

Small piece Large piece ct2 ct3 cp3 cp2 p2ar p3ar p1ar a b a) SFC for the pieces sorting b) SFC for the rotation

• f conveyors 2 and 3

2 Out1 cp2 4 In2 p2ar a 8 In1 p1ar C1 b 5 Out1 cp3 6 Out3 ct3 7 In3 p3ar 3 Out2 ct2 In1 In1 In1 In1 1 10 M 11 C2 M C3

Boolean DES-based approach

39

1 2*

↑Out

8 3 5

↑ yE

7 6*

↑In

↓ yR ↓In ↓Out 1000 1010 0010 0110 1001 0101 0100

4

↑ yR 0001 ↓ yE

Desired behavior

• f y axis

t Out =1

? yR ? yE t1 t2

max

R

y

Δ

↓

t3 t4

max

E

y

Δ

↑

yR yE Out In

 Statistical learning to estimate the probability densities of consequent reactions  Expert knowledge to identify faults related to missing & unexpected events  Progressive monitoring to reduce the set of fault candidates after the

• ccurrence of new observable events

Extension to drift-like FD (Sayed-Mouchaweh et al., 2012)

 A drift-like fault is observed as a change in probability density of component reactions to commands over time  An indicator observes a drift of the PDF and provides warning when deviating from normal behavior prior to failure occurrence

40

 Sometimes a system gradually changes its functioning mode from normal to failure due to deviation in some system parameters drift levels: normal, warning, confirmed

41

1. Introduction to fault diagnosis of DES 2. Seminal work of Sampath et al. 3. Classification of diagnosis methods with respect to:

Fault compilation, modeling tools, fault representation decision structure and architecture

4. Related and induced problems

Fault prediction, design problems, sensor selection and reliability, robust diagnosis, active diagnosis, fault-tolerant control

5. Contribution of our research team 6. Conclusion

Outline

42

 Fault Diagnosis of DES is a mature scientific area:

• established and well-recognized formal methods and models

 Many extension of initial results: modeling tools, system structure, algorithmic efficiency, design methods,

• but too many diagnosability notions & ad hoc algorithms to construct

diagnosers & verify diagnosability

 Complexity of calculations due to the curse of dimensionality:

• see Cassez 11 for issues related to complexity & decidability for different FD

configurations of timed and untimed systems

• Heuristics & abstractions to optimize the search space for diagnosability

 Need to develop (software) tools

 Need to combine DES based methods with techniques from:

• AI, PR & machine learning to provide practical diagnosis approaches for

complex systems

• continuous systems to deal with hybrid system dynamics

Conclusion

43

Evolving and adaptive FMECA Pretreatment & data analysis Prognosis Fault classification Decision Stop

• peration

Predictive maintenance Reconfiguration Change

• peration

C S

Fault detection Fault Identification Fault diagnosis

Measurements Time-to-failure prediction Condition-based maintenance Critical components Reliability-Centered Maintenance Prognosis & Health management Performance degradation trending Performance metrics for diagnosis

Conclusion

 designing a reliable, safe and secure system requires developing global structures and integrated models to link Diagnosis with other aspects, including: Control, Identification, Prognosis, Predictive maintenance