Embed Size (px)
Citation preview
Diagnosis of Dynamic SystemsDoes Not Necessarily Require Simulation
AbstractWe present a paradigmatic example of a feedback-controlled system : an electric motor with sensor andcontroller . Diagnosis of this system is performedbased on a qualitative model that reflects deviations ofparameters and behavior from a fixed reference state .The hypothesis that has been examined in this casestudy is that detection of behavior discrepancies doesnot necessarily require simulation of behavior, but canbe done by checking (qualitative) states only. Thequalitative models and the state-based diagnosisalgorithm proved to establish a basis sufficient forfault detection and fault identification in the motorexample . Some of the general preconditions for thisare discussed .
IntroductionDynamic systems are considered as the challenge formodeling, particularly for qualitative modeling . Since theevolution of characteristics over time is the crucial aspectof such systems, it is often taken for granted thatcomputational methods for problem solving necessarilyinvolve simulation of the behavior of the respectivesystem .Numerical simulation is not applicable if there is only
partial, or qualitative, information about the system and itsinitial conditions . Qualitative simulation, designed forsuch cases, can be complex due to ambiguity in thepredicted set of behaviors . Anyway, it would be good if onecould get along without simulation .
In our project on diagnostic techniques and tools for carsubsystems, we successfully demonstrated the utility forqualitative modeling and consistency-based diagnosis fortasks such as failure mode and effects analysis (FMEA) andautomated generation of repair manuals (see [Struss-Malik-Sachenbacher 96]) . The solutions were based on staticmodels . However, many subsystems of vehicles thatdemand for automated diagnosis, such as the Anti-lockBraking System (ABS) and the Electronic Diesel Control
Andreas Malik, Peter Struss
Department ofComputer ScienceTechnical University of Munich
Orleansstr . 34, 81667 Munchen, GermanyImalik, struss) @informatik.tu-muenchen.de
(EDC), are dynamic feedback systems . "If you want todiagnose such dynamic systems, you need (qualitative)simulation" . Our response to this prejudice was a casestudy checking our working hypothesis "you can achieve alot without simulation" in preparation of work on the ABSand EDC .The example we chose was a simple feedback system
involving an electrical motor, speed sensor, and controller.Nevertheless, it constitutes a challenge in three respects :
It is a dynamic system . Is it possible to diagnose itwithout having to perform some kind of simulation?It is a continuous system. Is it possible to diagnose itbased on a qualitative model?It is a feedback system. Is it possible to diagnose itusing consistency-based diagnosis (especiallydependency-based diagnosis) despite the fact that eachobservation in the feedback loop is dependent on allcomponents in the loop?
In this paper, we present the results of this case study . Theanswer to the third question, which is not the focus here, isthat fault localization in feedback loops with limitedobservability, if possible at all, inevitably has to be basedon fault models (which is necessary for fault identificationfor even more obvious reasons, anyway). The basis is"physical negation" ([Struss-Dressler 89]), i .e . exoneratingcomponents whose entire set of fault models is refuted bythe observations .The ultimate reason for a positive answer to the second
question is that a fault is almost defined as a cause of somequalitative deviation from normal behavior . In our case,faults can be described as qualitative deviations of actualparameter values from the nominal ones .The answer to the first question, which is central to this
paper, is based on the following consideration : the essenceof consistency-based diagnosis is to refute (correct offaulty) behaviors that are inconsistent with theobservations. In qualitative reasoning, behaviors aresequences of qualitative states . If a model predicts asequence different from the observed one it obtains aninconsistency . Predicting a sequence (or a tree) of states
Malik 127
means performing some kind of simulation (orenvisionment) . However, we can do with less : if weobserve a single state that is not consistent with the(dynamic) model of a particular behavior, this suffices toestablish an inconsistency and, hence, to refute thisbehavior . For detecting this inconsistency, simulation isnot required . All we need is to check whether theobserved states are consistent with the respective behaviormodels .
In the following section, we describe the paradigmaticexample of the controlled electric motor, the faultsconsidered, and the diagnostic scenario . The models of thethree components of the circuit are based on a formalizedconcept of qualitative deviations . Then we introduce thefoundations for diagnosis of the circuit . Finally, we presentthe results of our experiment and discuss its preconditionsand limitations in more detail .
The Problem
The Control Circuit with Motor
The example deals with a direct-current motor that iscontrolled in a feedback loop (Figure 1) . The actual speedw of the axis of motor M is measured by a revolutioncounter S . The respective value w,� is fed to the controllerC . Using knowledge about the present measured motorspeed and the desired speed d, the controller adjusts thevoltage v driving the motor .
The (differential) equations of the three involved compo-nents and the physical constants are given in Table 1 .Measurement of speed is achieved by means of counting
pulses generated by a ferromagnetic toothed wheel (�pulsewheel") and an inductive sensor . This sensor has also beenmodeled in more detail which is not discussed here .
The Faults ConsideredThe example, although simplified, is taken from a real
application problem where numerical simulation alonecould not meet requirements of fault prediction and fault
128 QR-96
Table 1 : Equations and quantities of the control circuitidentification . It includes, along with the differentialequations stated above, a catalog of faults that are to bedistinguished . This set of faults was extended by some lesslikely defects . The clear-cut success criteria were definedas to how well the diagnostic system can detect, isolate anddiscriminate among the faults listed in the left-hand columnof Table 2 .
It is obvious that not all faults can be distinguished fromeach other solely by the effects on the input/outputvariables of the components . For example, a pulse wheelwith too few teeth will cause the same deviation as aconstant positive slippage does .
The Diagnostic SituationWe assumed conditions similar to on-board diagnosis . Thediagnostic system is situated in or near the controller andcan inspect the measured rotational speed (Wn), thedesired speed (d) and possibly information about thederivatives of these quantities . The current (v) and theactual speed of the motor (co) are not available to thediagnostic system .The scenario we discuss in detail here is observing the
response of the system to a stepwise change in d, i.e . adiscontinuous switching from one constant value toanother. The goal was to analyze if, and to what extent, theapplied models and the diagnostic algorithm are suitablefor"
fault detection, i .e . to detect that a fault is present,"
fault localization, i .e . to detect where the fault lies," fault identification, i .e. to determine which fault is
present .In the following sections, we will discuss whatrequirements this imposes on the applied modeling anddiagnosis techniques, which solutions were chosen, andwhat results were achieved by their implementation withrespect to these tasks .
Motor M: T * dw = cm * v - w
Controller C : cC * v = 2 * d - w� ,
Revolution counter S : cq� = CS * w
w rotational seed of the motor [s ]T inertia of the motor [s]CM constant of the motor [s V- ]v driving voltage [V]CC constant of the controller [s -'V - ](4n measured rotational speed [s ]d desired rotational seed [s - ']CS measurement coefficient [1]
Table 2 : Component faults and their behavior models
The Models
The important issues to be addressed in this case studywere" Is qualitative modeling sufficient to capture the dynamic
aspects of the example?" How are the obtained models to be used for diagnosis,
especially : is qualitative simulation inevitable?The first question is vital for the robustness and generalityof the diagnostic system ; both questions have decisiveinfluence on the complexity of the solution .
In the following, the main ideas underlying the modelingof the control circuit will be presented . Later, we willdescribe the application to diagnosis .
Qualitative Modeling of the Control Circuit
If we analyze the set of possible faults listed in the previoussection, we notice that all of them can be described by adeviation of parameters occurring in the equations of therespective component . For instance, the controller constantcan be too high, and a missing signal ct) � is given by c = 0 .Note that the list of faults actually talks about classes offaults, rather than specifying numerical distinctions . Forexample, it would be highly inappropriate to try tocharacterize slippage by exact figures . Characterizingparameters just by the direction of their deviation appearsto suffice for diagnostic purposes . This is the basis for themodels we used in this case study . For each parameter xwe introduce
AX = Xact - Xref ,the deviation of the actual value from the nominal one,which characterizes normal behavior . Only [Ax], i .e . thesign of Ax, matters . Deviation of parameters potentiallyproduces deviations in the system variables . They couldbe defined as the difference between the dynamic quantitiescorresponding to the actual behavior and a referencebehavior:
Ax(t) = xact(t) - xreflt) .Determining Ax(t) requires, besides a measurement ofx a, t(t), computation of x,f(t) for the respective time point t,i .e . simulation . However, nothing prevents us fromchoosing an arbitrary quantity for reference .
In our models, we chose fixed values of the variables asa reference which could be easily determined : the value ofthe equilibrium state of the system under correct behaviorof all components, i .e .
wtef = (An-ref = d,Vref=CC
* d,and 0 for all derivatives :
dt ~ref = ~d) ref = (at)ref = t = 0 .
In particular, we obtainAol;� =W»-d,
which can be determined from the measurements in thediagnostic scenario as defined in earlier .
Qualitative deviations of sums and products can beexpressed as qualitative sums and qualitative products .With the definition of Ax we obtain the following rules(which actually hold independently of the particular choiceof reference values) :[A(a + b)] =_ [(a + b) - (a + b)refl --- [a + b - (a,,f + bref)]
[Aa + Ab] = [Aa] ® [Ab][A(a * b)]
[(a * b) - (a * b) refl = [a * b - aref * bref]--=[a*Ab+b*Aa-Aa*AbJ
_ [a] ® [Ab] ® [b] ® [Aa] O [Aa] ® [Ab]The deviation of a product can be simplified if at least one
Malik 129
Failure cause Behavior modelMotor _flow constant too low, ferro- [cm] - [+J, [Akm ]magnetic loss to high [TJ = [+], [AT] = [_]motor constant too low [cm] _ [+], [Akm ] _ [+],
[T ] = [+] , [AT] = [-lresistance of field- and/or rotor [cm] _ [+], [Akm ] _ [-],coil too high [T ] = [+], [AT] = [+]inertia of motor too high [cm] _ [+J, [Akm ] = 0,
[T] = [+], [AT] = [+]inertia of motor too low [cm] _ [+J, [Akm] = 0,
[T ] = [+] , [AT] = [-rotor totally jammed [cm] = 0, [Akm] = [-J,
[T- 'l = 0, [AT] = [+lControllercontroller constant too high [cc] _ [+J, [Acs] = [+]controller constant too low [cc] _ [+J, [Ac ] = [-]broken wire controller-motor [cc'] = 0, [Acs ] _ [+]Revolution Countercomplete slippage, pulse wheel [cs] = 0, [Ac s] = [-],not ferromagnetic, gap pulse acs = 0wheel - sensor too big,trigger threshold too highconstant slippage, pulse wheel [cs] _ [+J, [Acs ] =with too few teeth, assumed acs = 0number of teeth too highpulse wheel with too many teeth, [c s] _ [+], [Acs ] = [+J,assumed number of teeth too ac s = 0lowsporadic slippage, missing or [c s] _ [+],broken tooth (teeth) [Ac s] or [Ac s] = 0notch in tooth, ridge between [cs] = [+],teeth of pulse wheel [Ac s] = [+] or [Ac s ] = 0displaced tooth, too early or too [cs] = [+Jlate
of the reference values, e.g . [bref], is known :[A(a * b)] - [a * Ab + Aa * bref]= [a] ® [Ab] O [Aa] ® [b,f]
Finally, LAa] can be transformed to:
IA A1]=[1-1] _ [~-~= _ [Aa ] ® [a ] ® [aref]aJ
a
are f
a * aref
For qualitative derivatives, we use the notation a :
ax :=Cdr],and DA denotes the qualitative deviation of a derivative,which is justified because
[AdtJ= [Tt Ax' = aAx .
Since all component faults can be described as parameterdeviations, the equations presented above hold for both thecorrect and the faulty behaviors . From these equations (andtheir derivatives) we obtain the following genericqualitative models of the respective components,comprising the qualitative and the A-version of the originalones :Motor :
[T] ® aw® [w] _ [cm] ® [v][AT] ® aco ® aAco ® [Aw] _ [Acm] ® [v] ® [Av]
Controller :
[cc] ® [v] ® [wn] = [d][Acc] ® [v] ® [Av] ® [AWn] = [Ad]
Rev. counter:
[on,] = [cs ] ® [co][Awm] = [Acs] ® [w] ® [Aw]awm = [cs ] (9 aw ED acs (9 [o)]
aAw,n = [Acs ] ® aw © aAco ® acs ® [co]Models of the correct and the faulty behavior are derivedfrom these generic models by conjunction with theircharacteristic constraints on signs of parameters and theirdeviations . A non-negligible, but not total, constantslippage of the sensor wheel, for instance, is given by
[Acs] = [-], [cs] = [+], ac, = 0and, hence, the behavior model
[wrtrJ= [w] = [+][Aw�] = [AMO [w] = [Aw] O [+]
aw,n = aw@Awr� = aAco o aw
if w is assumed positive . This model captures, for example,the information that the measured speed will be too low ifthe speed of the motor coincides with the reference value([Aw] = 0) .The constraints for the various fault models which
combine with the generic models are given in Table 2.One has to keep in mind that the models, being
derivations of the underlying (differential) equations, areconsidered valid at any time point, and the variables aretreated as continuous functions . This is only anapproximation, since, after all, the speed is computedwhenever a new pulse is received and then kept constant
130 QR-96
until the next computation . Hence, wn is actually a stepfunction with discontinuities at each time pointcorresponding to a pulse . As a result, the models presentedhere have limited power when it comes to discriminationbetween different faults within the sensor . For this purpose,a refined model of the sensor has been developed .
Foundations of the Diagnostic Approach
Consistency-based Diagnosis of Dynamic SystemsAs stated in the introduction, our work is based onconsistency-based diagnosis ([Dressler-Struss 96]) whichchecks consistency of a behavior model with a set ofobservations of the actual system behavior. Expressed in amore formal way, the diagnostic algorithm decides whethera set of observations, OBS, an assignment of particularmodes of behavior (correct or faulty) to the components,C i , of the system, and the structural and behavioral modelof this system together form a consistent theory or entail aninconsistency :
MODEL u { mode(C) } u OBS F- 1 .This allows for" fault detection, if there is an inconsistency with the
model ofcorrect behavior," fault localization by suspecting all components whose
models of correct behavior contribute to theinconsistency (,,dependency-based diagnosis"),
" fault identification by refuting component faults whosemodels are inconsistent with the observations .In each case, a behavioral discrepancy is the starting
point. For static models, such a discrepancy is simply givenby two contradictory states, i .e . different values of onevariable . For a system that changes state over time, adiscrepancy is obtained if there are two conflictingpredicted/observed states for the same time points . Often,it is concluded that, in order to detect this," we need simulation to derive a description of behavior
over time, and" we need numerical simulation, because different values
establish a discrepancy only if they refer to the verysame time point .
The example in our case study sheds a light on thesehypotheses . Fault detection may work with a numericalmodel : initial values of w� , and ddwn could be used tosimulate the expected behavior based on the given(differential) equations, provided there is an appropriateway to distinguish a real behavior discrepancy from avirtual one which is due to errors of the simulationalgorithm. Fault identification would be impossible, sincefor simulating the possible faults, initial values would be
required which are simply not derivable .If we apply qualitative simulation, we face the problem
of synchronization, i .e . relating observed, real time andthe qualitative representation of time in the model . Thereare several diagnosis systems that are based on runningqualitative simulation of a system concurrently with theobservation of its actual evolution (e.g. MIMIC, [Dvorak-Kuipers 92]) . Again, based on the assumption of a knowninitial state (and real-time performance of the qualitativesimulation algorithm), the detection of a (qualitative)discrepancy between predicted and observed behavior and,hence, fault detection is possible . Identification of the faultusually faces complexity problems, since simulation ofmany fault situations may be required, even though theproblem of unknown initial conditions is somewhatrelaxed : there is only a finite number of initial states tobegin with . A system like MIMIC has to assume someeffective heuristic for selecting fault models to try .
With the background given above, what simulation-based systems like MIMIC do can be described in a generaland formal way as checking consistency of a sequence ofobserved states, (Sobs 1, Sobs 2, . . ., Sobs 0, with the given(qualitative) dynamic model:
MODEL u mode C
U
S
SAt least theoretically, we can regard the conjunction of themode assignment and the model as the set (disjunction) ofpossible behavior sequences emerging from the initial state,Sobs 1, according to the model :
{ (Sobs 1, Si 2, . . ., Si n) } U { (Sobs 1, Sobs 2, . . ., Sobs0 ) ~_ 1 ,and to be consistent with this set, the observed state
process, compile empirical knowledge or first principlesinto associations between modes and resulting systemevolution . [Milne et al 94] presents an example whichmatches observations over time with given "chronicles",i .e. sequences of events including temporal constraints .As we stated earlier, we tried to prove our working
hypothesis :Model-based diagnosis of dynamic systemsdoes not necessarily require simulation .The basic idea is more than simple and may appear close tonaive : we ignore the chronological information, representobservations over time by a set of states, { Sobs i ), ratherthan a sequence, and the diagnostic engine checks eachindividual state
MODEL u { mode(C) } u {Sobs i } F- 1 for all i .This means checking whether there exists an observed statethat is not in the set of states specified by the model underthe mode assignment, although this set is not enumerated .
Rather, the usual constraint-based consistency check of the"static" consistency-based diagnostic engine applies . Wegot rid of simulation, and we do not need to assume subse-quent observations . Obviously, inconsistency of anindividual state with the model is a sufficient condition fora whole sequence that contains it to be inconsistent . Hence,our diagnostic algorithm is guaranteed to produce asuperset of the diagnoses (consistent mode assignments)generated by the state-sequence-based approach which, inturn, contains the actual diagnosis .
Because one may suspect that this diagnosis algorithm istoo weak, we use the motor example to provide someevidence for why it might work . (In the final section, weoutline a more systematic analysis of its preconditions andlimitations .)
Fault Detection and Identification in the ControlCircuit
Figure 5 depicts the possible qualitative behaviors of thecontrol circuit under normal conditions and for a particularfault ("controller constant too high") for varying initialconditions .
tl t2 t3
The difference is clearly captured by the chosen qualitativerepresentation ([Aw.], aA(L6) where (d, 0) is the referencevalue, leading to a compact description of the possiblestates as in Figure 6 .
{([+], [-])
{([+], [-]), ([+], 0)(0,0)
([-], [+]), (0, [+])([-], [+]))
([+], [+])}
Figure 6: Set of possible qualitative states for correctbehavior (left) and controller constant too low (right),
expressed in (Aco�� aAw,�)
This tells us, for instance, that state (0, 0) does notconform with the illustrated faulty behavior, whereas (0,[+]) contradicts correct behavior, and illustrates thepossibility to dispense with simulation and simply checkeach observed state for consistency with the behaviormodels currently under consideration. Suppose thecontroller fault is present, and the diagnostic engine
Malik 13 1
sequence has to be a subsequence of at least one of the Figure 5 : Development of (o n for correctpredicted ones (with or without "gaps") . This also behavior (left) and controller constant too lowsubsumes approaches that, instead of generating the (right) for different initial wmpredicted sequence concurrently with the evolving real
observes states in a snapshot manner and checks them forconsistency . Starting with the observation ([-], [+]) atsnapshot t t (in Figure 5), both cases are conceivable, butwhen state (0, [+]) at snapshot tZ is reached, correctbehavior can be excluded (fault detection) . Because thisstate also contradicts, for instance, "controller constant toohigh", this also enables fault identification .
Practical Evaluation of the Models and theDiagnosis
In this section, we first summarize the results of applyingthe state-based diagnostic algorithm to the electric motorexample . Because it worked remarkably well, we alsoprovide a more detailed analysis of why and how thesystem achieved its results for this example .
Diagnosis of the Control Circuit - Results
The models were implemented using constraint-basedcomponent-oriented modeling and evaluated in thediagnostic tasks . The change in the desired rotational speedwas chosen to be a step (i .e . ad = 0) ; observations wereavailable as described above :" d, the desired rotational speed" wm, the measured rotational speed" aw�� the (sign of the) derivative of wmFrom these observations, the system determines"
[Owm] = [co,,, - d], the qualitative deviation of co n fromthe desired rotational speed and
"
ODQ1�, = awm .Application of the models for fault detection yields thefollowing results :" Of 26 considered faults" 24 are detectable merely by checking state-consistency .The fault identification results are discussed below .
How Does it Work in Detail?
The world spanned by the qualitative representation (Awm,aAw,,,) with three possible values for each variable is quiteperspicuous .
[Owm]
Table 3 : Possible observable states . c marks states thatare consistent with correct behavior .
The numbers refer to categories in the text .
13 2 QR-96
awm = aAwm
The nine theoretically possible states are listed in Table 3 .Three of them (marked with "c") are consistent with correctbehavior of the control circuit (but also with some faultybehaviors) . The remaining cases are only consistent withfaulty behavior and are hence suitable for fault detection :l . The measured rotational speed remains constantly zero
(specialization of 2) .2 . The measured rotational speed remains constant, being
lower than the desired rotational speed .3 . The measured rotational speed remains constant, being
higher than the desired rotational speed .4 . The measured rotational speed matches or exceeds the
desired rotational speed, but increases .5 . The measured rotational speed matches or does not
come up to the desired rotational speed, but decreases .Table 4 indicates for each type of fault the instances whenthese faults are detected because they produce one of thesestates . Please note that, although the evolutions of thebehaviors are sketched for illustrative purpose, this isnothing actually generated by the system or given to it as aninput. Where fault detection is achieved over a longerperiod of time this is also indicated . Notably, some faultscan be detected quite early, with certainty after some periodof adjustment has finished . The two unrecognized faults aredue to a deviate inertia of the motor, and only manifestthemselves in a slower or faster period of adjustment . Asthe models contain no concept of "slow" or "fast", thesefaults remain undetected .
Table 5 shows how the observable qualitative states con-tribute to fault identification (states ([-], [+]) and ([+], [-])are omitted, because they are consistent with almost allbehaviors) . A tick ("r") marks those states that areconsistent with a certain cause of failure ; likewise a cross("x") marks inconsistencies . The table makes evident that,for example, state 2 is still consistent with five differentfailure causes, yet with a previous observation of state 4only three causes remain : controller constant too high,motor constant too low, and measurement coefficient toolow . It should be noted though, that even numericalsimulation cannot distinguish these three causes : all threecomponents stay suspect .
Next page, Table 4 : Failure causes, effects and detection inthe control circuit . Legend :
[-] 0 [+]
[-] 4 4 c0 2(l) c 3[+] c 5 5
Malik 133
Fault Effect of fault (w) Fault detection (wm )correct
sporadic slippage --- - . - . .--- nm .W . . . . . . . . . .
total slippage, gap too large, ~"-"----------------'pulse wheel not ferromagnetictrigger threshold too high
too few teeth,too many teeth assumed,constant slippage
too many teeth,too few teeth assumed -- . . . . . . . . . . . .. .rc ... .. ._.,.._.. ..... ........... .._ .. . .-- . . . -
missing tooth (or teeth) -- . . . . . ..._. .__. . ..~______._... .----- .- . ~q SIH .,~- ~I~
. . .
notch or ridge. . . . . . . . . . . . . . . . . . . . . .. . . .. ... .- ...__.- .._ ._. .... _._ _.._, ..._ MEMO, In mill
displaced tooth(too early or too late) =,.r- c ME
controller constant too low,motor constant too high . . . . . . . . .
.r.. . . .. . .. . . . . . . . . . . . . . . . . . . . .
'-"-
controller constant too high,flow constant too low, ""' . ., M---ferromagnetic loss too high
resistance of field- and/or rotor-coil toohigh . . . .-- . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : . .. . . . .
inertia of motor too high. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
inertia of motor too low
jammed motor, ~------~-------------broken wire controller-motor ----'-""'- ~--~ -°--° ~-°~-°-~-°
Table 5 : Consistency ( �r") and inconsistency ofbehavior and qualitative states
Extensions
The experiment can be extended to cover more generalsituations . Particularly, one can"
change the type of input and"
use a different controller.Instead of using a step function for d, a ramp could beconsidered . This input can be characterized qualitatively by
[d] = [+], ad = [+], a2d = 0
(or ad
The same reference values as before can beused :
134 QR-96
core, f = wm-ref = d>Vref = CC
* d,
dwl
_ (dwm)
= (dvl
dddt )ref -
flt
ref
dt
ref = dt'dew)
refd 2v\/ _d2d(dt2 'ref = ~ dt2 )ref = (dt2 'ref = dt2 = 0,
but now d is varying over time . Furthermore, we have toextend the component models by including equationscorresponding to the next order of derivatives .
Note that a deviation of (o (and alm) from d, i . e . Awm # 0,is consistent with the correct behavior (w does not follow dinstantaneously) . This already suggests that we also need to
dfcoinclude a2w, � :_ dt21 in the observable states in order toobtain the discrepancies required for fault detection andfault identification . One has to be aware that determiningthe second derivative may constitute a practical problem .
Secondly, different controllers can be modeled . PI-controllers are described by
which results in the qualitative modelav = [d] O [wm]
aAv = [AV] O [Ao)
With such a controller, the speed of the motor, w, does notapproach the set point asymptotically, but exhibits"overshooting" and reaches the set point in an oscillatorymanner . This implies that all states in the ([Awm], aAwm)representation space can occur in a correct behavior(except for the "degenerate case" 1) . As for the ramp,discrepancy detection requires observation of a Acwm andthe respective extensions of the component models .Basically, the important characteristic that distinguishescorrect behavior from others is
a 2w; � _ -Awm.
Discussion
The case study presented here is meant to provide an"existence proof' (as does [Dressler 95]), not more . Asystematic and formal analysis of the properties andpreconditions of the state-based approach to diagnosis ofdynamic systems is presented in another paper. Thisanalysis aims at determining restrictions on both thephysical system to be diagnosed and the modelingformalism (possibly including the simulation algorithm)and at characterizing different model representations andprediction algorithms with respect to their diagnosticpower . In the following, we summarize some of the results .The diagnostic power of the application of a particular
algorithm to a specific physical system is its ability todistinguish the correct behavior from faulty behaviors (forfault detection) and the faulty behavior from each other
rS .
Qualitative state1 2 3_10. 4 5 (0,0)
-Fault - -t-
control const too low X X ~/ X X[Acc] = [-]
control const too X ,/ X ,/ X Xhigh [Acc ] = [+]
motor const zero V V/ X X X[cM1= 0
motor const too low X V/ X V/ X X[ACMJ = [-]
motor const too high X X ~/ X ~/ X[ACMI = [+l
rotor jammed ,/ X X X X X�T = ~ .
inertia of motor too X X X X X ./low [AT] = [-]
inertia of motor too X X X X X V/high [AT] _ [+]
measure coeff. too X ~/ X ~/ X Xlow [Acs ]
(acs = [~])measure coeff. too X X V/ X V/ Xhigh [Acs ] _ [+]
(acs = [~])
correct X X X X X ./
(fault identification) . It is influenced basically by threedifferent conditions :" The physics of the device, particularly the physics of
faults, determining distinguishability of (the actual)behaviors .
" The observability of the device, i .e . which quantitiesare measurable, determining distinguishability of(actual) states (and, hence, also of behaviors) .
" The model of the device, especially its granularity w.r .t.quantities and time, determining distinguishability ofvalues, states and behaviors .
For our state-based approach to diagnosis of dynamicsystems, we derive more specific criteria :" Subsumption of sets of states : Fault detection does not
work properly, if the states of correct behavior are asuperset of the states of some faulty behavior :STATES(FAULTi) c_ STATES(CORR-BEHVR),and, likewise, for fault identification .
" Observability of inconsistent states : Fault detectionalso fails if the distinction between a faulty state that isnot consistent with the correct behavior and a correctstate does not manifest itself in the observable variables :
pobs(STATEk(FAULTi)) = pobs(STATEj(CORR-BEHVR))n STATEk(FAULTi) o STATES(CORR-BEHVR),
where po bs denotes the projection of the full staterepresentation to the observables . Again, there is theobvious analogous criterion for fault identification .Model granularity : Even in case the distinctionsbetween different states are observable in principle, themodel may fail to reveal this distinction :poys(STATEk(FAULT)) * pob~(STATI~(CORR-BEHVR))
n pobs (TQ(STATEk(FAULT))) = pobs(T,(STATFWCORR-BEHVR),where Tq denotes the transformation to a �coarser" (e .g .qualitative) domain . This may be because the obser-vables are lacking a landmark corresponding to a land-mark of some internal variable. The electric motor casestudy contains another example : the difference betweenthe correct behavior and a motor with deviating inertia,although observable with numerical measurements, iseliminated in the sign representation .
Note that the issues discussed above also affect the resultsof simulation-based diagnosis systems . However, the latterappear stronger because of additional information about thetemporal order of the states . It is possible to determine therelationship between the techniques more precisely. LetDOM(J denote the state representation for a device with avector v_ of all variables and T be some temporal universe .The step
Tset : I behvr : T --~ DOM(v_)1 -4 P(DOM(J)from a representation of behaviors as state changes overtime to the sets of states occurring in a behavior,
'[set (behvr) := behvr(T),
is a representational transformation in the sense of ourtheory of multiple models for diagnosis ([Struss 92],[Struss 94]), more specifically an abstraction . This theorythen tells us that the diagnoses obtained by our state-basedsystem is a superset of those generated by the simulation-based one. For the same reason, limited observablity ofvariables leads to a superset of diagnoses, because theprojection
pobs: DOMU --> DOM(,bs)to the subvector of observables is a representationaltransformation .
However, neither limited observability of variables, norignorance of temporal information necessarily implies thatthe diagnostic results are weaker . For diagnosis, we need toobserve the relevant inconsistencies . This is the intuitionbehind the following concept :
Definition (Complete observability of inconsisten-cies)Let (_ DOM(J) be a representational space forbehavior models and
R(behvr) cDOM(Jbe a relational model (state set) of a behavior. Theproperty of complete observability of inconsistenciesholds iff
VFA ULT, VseR(FA ULT,)VZ(CORRECT)pobs(s) ce pobJR(CORRECT)).
Proposition 1 :Fault detection is not affected by limited observabilityof variables as long as complete observability ofinconsistencies holds.
The condition may appear quite strong (actually, it can beweakened under certain conditions by replacing the secondquantifier by an existence quantifier), but the motorexample fully satisfies it, at least for single faults (note thatFAULTi in the definition refers to a fault of the entiredevice, and, hence, may correspond to multiple failures) .Also note that it is a condition on (sets of) states, ratherthan on behaviors (state sequences) .
Finally, it is worth while analyzing whether or underwhich conditions simulation-based diagnosis can be strictlystronger than state-based diagnosis .The key consideration (already discussed in [Dressler
95]) is that most qualitative simulation algorithms generatea state sequence (S,, S2, . . ., Sk) as a possible behavior, ifand only if"
each Si is consistent with the model and"
each transition (Si, Si+1 ) satisfies continuity conditions .The first condition means checking states which is what ourapproach does, as well . The second condition seems tobecome obsolete, if we assume that we obtain a gaplesssequence of observations of a continuously changing
Malik 135
system. However, one has to take into account that agapless continuous sequence of consistent observed statesmay correspond to a sequence of internal states thatcontains an inconsistent state or a discontinuity . Theproperty of complete observability guarantees that �internalinconsistencies" would be made visible by the observedstates .
Proposition 2 :Assume that" complete observability of inconsistencies holds, and
that" the sequence of observations is gapless, i.e. does not
miss an actual state.Then simulation-based and state-based diagnosis areequivalent w.r. t. their results.
But, of course, state-based diagnosis is more efficient .
AcknowledgmentsWe would like to thank the members of the MBSQR groupMunich, O. Dressler, F. Dummert, U . Heller and M.Sachenbacher, for their valuable contributions . This workwas supported in part by the German Ministry of Educationand Research (# 01 IN 50941) .
References[Dressler 95] Oskar Dressler, On-line Diagnosis of
Dynamic Systems based on Qualitative Models andDependency-based Diagnostic Engines, in : WorkingPapers of the 9`h International Workshop on QualitativeReasoning about Physical Systems (QR-95),Amsterdam, 1995 .
[Dressler-Struss 96] Oskar Dressler and Peter Struss, TheConsistency-based Approach to Automated Diagnosisof Devices, in : G . Brewka (ed .), Principles ofKnowledge Representation, CSLI, 1996 .
[Dvorak-Kuipers 92] Daniel Dvorak and BenjaminKuipers, Model-based Monitoring ofDynamic Systems,in : W. Hamscher et al . (eds .), Readings in Model-basedDiagnosis, Morgan Kaufmann Publishers, San Mateo,1992 .
[Milne et al 94] Robert Milne et al, TIGER: real-timesituation assessment of dynamic systems, in : IntelligentSystems Engineering, Vol . 3, No 3, 1994 .
[Struss 92] Peter Struss, What's in SD? Towards a Theoryof Modeling for Diagnosis, in : W. Hamscher et al .(eds .), Readings in Model-based Diagnosis, MorganKaufmann Publishers, San Mateo, 1992 .
(Struss-Dressler 89] Peter Struss, Oskar Dressler, PhysicalNegation - Integrating Fault Models into the GeneralDiagnostic Engine, in : Proceedings of the InternationalJoint Conference on Artificial Intelligence (IJCAI-89),Morgan Kaufmann Publishers, San Mateo, 1989 .
136 QR-96
[Struss-Malik-Sachenbacher 96] Peter Struss, AndreasMalik, Martin Sachenbacher, Qualitative Modeling isthe Key to Automated Diagnosis, to appear in :Proceedings of the 13th IFAC World Congress, SanFrancisco, 1996.
