Distributed Diagnosis Using a Condensed Representation of Diagnoses With Application to an Automotive Vehicle

In fault detection and isolation, diagnostic test results are commonly used to compute a set of diagnoses, where each diagnosis points at a set of components which might behave abnormally. In distributed systems consisting of multiple control units, the test results in each unit can be used to compute local diagnoses while all test results in the complete system give the global diagnoses. It is an advantage for both repair and fault-tolerant control to have access to the global diagnoses in each unit since these diagnoses represent all test results in all units. However, when the diagnoses, for example, are to be used to repair a unit, only the components that are used by the unit are of interest. The reason for this is that it is only these components that could have caused the abnormal behavior. However, the global diagnoses might include components from the complete system and therefore often include components that are superfluous for the unit. Motivated by this observation, a new type of diagnosis is proposed, namely, the condensed diagnosis. Each unit has a unique set of condensed diagnoses which represents the global diagnoses. The benefit of the condensed diagnoses is that they only include components used by the unit while still representing the global diagnoses. The proposed method is applied to an automotive vehicle, and the results from the application study show the benefit of using condensed diagnoses compared to global diagnoses.Funding Agencies|Swedish Foundation for Strategic Research||Scania CV AB|

Control and diagnosis of real-time systems under finite-precision measurement of time

A discrete event system (DES) is an event-driven system that evolves according to abrupt occurrences of discrete changes (events). The domain of such systems encompasses aspects of many man-made systems such as manufacturing systems, telephone networks, communication protocols, traffic systems, embedded software, asynchronous hardware, robotics, etc. Supervisory control theory for DESs studies the existence and synthesis of the supervisory controllers, namely, supervisors that restrict the system behaviors by dynamically disabling certain controllable events so that the controlled close-loop system could behave as desired. Extensive work on supervisory control of untimed DESs exists and the extension to the timed setting has been reported in the literature. In this dissertation, we study the supervisory control of dense-time DESs in which the digital-clocks of finite-precision are employed to observe the event occurrence times, thereby relaxing the assumption of the prior works that time can be measured precisely. In our setting, the passing of time is measured using the number of ticks generated by a digital-clock and we allow the plant events and digital-clock ticks to occur concurrently. We formalize the notion of a control policy that issues the control actions based on the observations of events and their occurrence times as measured using a digital-clock, and show that such a control policy can be equivalently represented as a digitalized -automaton, namely, an untimed-automaton that evolves over the events (of the plant) and ticks (of the digital-clock). We introduce the notion of observability with respect to the partial observations of time resulting from the use of a digital-clock, and show that this property together with controllability serves as a necessary and sufficient condition for the existence of a supervisor to enforce a real-time specification on a dense-time discrete event plant. The observability condition presented in the dissertation is very different from the one arising due to a partial observation of events since a partial observation of time is in general nondeterministic (the number of ticks generated in any time interval can vary from execution to execution of a digital-clock). We also present a method to verify the proposed observability and controllability conditions, and an algorithm to compute a supervisor when such conditions are satisfied. Furthermore we examine the lattice structure of a class of timing-mask observable languages, and show that the proposed observability is not preserved under intersection but preserved under union. Fault diagnosis for DESs is to detect the occurrence of a fault so as to enable any corrective actions. It is crucial in automatic control of large complex man-made systems and has attracted considerable attention in the literature of reliability engineering, control and computer science. For the event-driven systems with timing-requirements such as manufacturing systems, communication networks, real-time scheduling and traffic systems, fault diagnosis involves detecting the timing-faults, besides the sequence-faults. This requires monitoring timing and sequence of events, both of which may only be partially observed in practice. In this dissertation, we extend the prior works on fault diagnosis of timed DESs by allowing time to be partially observed using a digital-clock which measures the advancement of time with finite precision by the number of ticks. For the diagnosis purposes, the set of nonfaulty timed-traces is specified as another timed-automaton that is deterministic. We show that the set of timed-traces observed using a digital-clock with finite precision is regular, i.e., can be represented using a finite (untimed) automaton. We also show that the verification of diagnosability (the ability to detect the execution of a faulty timed-trace within a bounded time delay) as well as the off-line synthesis of a diagnoser are decidable by reducing these problems to the untimed setting. The reduction to the untimed setting also suggests an effective method for the off-line computation of a diagnoser as well as its on-line implementation for diagnosis. The aforementioned results are further extended to the nondeterministic setting, i.e., diagnosis of dense-time DESs using digital-clocks under nondeterministic event observation mask. We introduce the notion of lifting (associating each event with each of its nondeterministic observations), and show that diagnosis of dense-time DESs employing digital-clocks to observe event occurrence times under nondeterministic event observation mask can be reduced to that of the deterministic setting, i.e., diagnosis of the lifted dense-time DESs under the deterministic lifted event observation mask, and hence can be further reduced to diagnosis of the untimed setting

Failure diagnosis and prognosis in stochastic discrete-event and cyber-physical systems

In this dissertation we study the problem of fault diagnosis in both discrete event systems and cyber physical systems. Discrete event systems (DESs) are event-driven systems with discrete states that evolve in response to abrupt occurrences of discrete changes (called events). The stochastic DESs are used to characterize the quantitative behavior of the system, by modeling the uncertainty on the occurrence of events as random variables with certain distribution. A stochastic DES is similar to the Markov chain models, with the difference being that, in stochastic DESs, the transition is labeled with the event while the event information is omitted in a Markov chain. Many physical systems, such as manufacturing systems, communication protocols, reactive software, telephone networks, traffic systems, robotics and digital hardware, can be modeled as DESs at a certain level of abstraction. Fault diagnosis is to detect the occurrence of a fault so as to enable any fault tolerant actions. It is a crucial and challenging problem that has attracted considerable attentions in the literature of software engineering, automotive systems, power systems and nuclear engineering. In this dissertation, we propose the online detection schemes for stochastic DESs and also introduce the notions of missed detections (MDs) and false alarms (FAs), or equivalently, false-negatives and false-positives, for the schemes. The idea is that given any observation (of partially observed events), the detector recursively computes the conditional probability of the nonoccurrence of a fault and issues a fault decision if the probability of the nonoccurrence of a fault falls below an appropriately chosen threshold, and issues no-decision otherwise. We establish that S-Diagnosability is a necessary and sufficient condition for achieving any desired levels of MD and FA rates, where the notion of S-Diagnosability was proposed by Thorsley, et al. in 2005, requiring that given any tolerable ambiguity level &rho and error bound &tau , there must exist a delay bound n such that for any fault trace, its extensions, longer than n and probability of ambiguity higher than &rho, occur with probability smaller than &tau . Algorithms for determining the detection scheme parameters of detection threshold and detection delay bound for the specified MD and FA rates requirement are also presented, based on the construction of an extended observer, which computes, for each observation sequence, the set of states reached in the system model, along with their probabilities and the number of post-fault transitions executed. This dissertation also studies the fault diagnosis in cyber physical systems, where the dynamics of the physical systems over discrete sample instances are described by stochastic difference equations, and the nonfault behaviors are specified by linear-time temporal logic (LTL) formulas over sequences of requirement variables that are functions of inputs and states (just as the outputs). We first introduce the notion of an input-output stochastic hybrid automaton (I/O-SHA), and then show that it can be used to model the refinement of a given discrete-time stochastic system against its LTL specification so as to identify the system behaviors that satisfy the nonfault specification versus the ones that violate it in form of reachability of a fault location. For this we propose a refinement algorithm that refines the system model in form of discrete-time stochastic equations with respect to its specification model in form of a Buchi acceptor, and the resulting refinement can be modeled as an I/O-SHA. We further show that the fault detection problem then reduces to a state estimation problem for the I/O-SHA. The performance of the detection protocol is evaluated in terms of its FA and MD rates. We additionally propose the notion of S-Diagnosability for I/O-SHA, which can guarantee the existence of detectors that can achieve any desired FA and MD rates. We further consider the fault prognosis problem, where the goal is to predict a fault prior to its occurrence, for stochastic DESs. We introduce m-steps Stochastic-Prognosability, or simply Sm-Prognosability, requiring for any tolerance level &rho and error bound &tau , there exists a reaction bound k &ge m, such that the set of fault traces for which a fault cannot be predicted k steps in advance with tolerance level &rho, occurs with probability smaller than &tau . Similar to the fault diagnosis problem, we formalize the notion of a prognoser that maps observations to decisions by comparing a suitable statistic with a threshold, and show that Sm-Prognosability is a necessary and sufficient condition for the existence of a prognoser with reaction bound at least m (i.e., prediction at least m-steps prior to the occurrence of a fault) that can achieve any specified FA and MD rate requirement. Moreover, we provide a polynomial algorithm for verifying Sm-Prognosability

Contrôle et diagnostic décentralisés des systèmes à évènements discrets approche multi-décisionnelle

De nos jours, les systèmes technologiques sont devenus très complexes (matériel informatique, logiciel, système de télécommunication, usine manufacturière, etc.), et cette complexité croît continuellement de sorte que les anciennes techniques intuitives utilisées pour leur conception, leur étude et leur réalisation deviennent inadaptées. À cause de cette complexité croissante, la probabilité pour qu'une erreur (ou panne) inattendue survienne est de plus en plus grande. Plus encore, quelques erreurs peuvent provoquer des accidents très graves causant des pertes économiques ou humaines. C'est dans ce cadre que les méthodes formelles ont été développées pour l'analyse, la conception et la réalisation des systèmes logiciels et électroniques quelque [i.e. quelle que] soit leur complexité. Ainsi, l'étude des systèmes à événements discrets (SED) a été introduite avec l'objectif de développer des méthodes formelles pour répondre à des besoins pressants, tels que le contrôle, le diagnostic, le pronostic, le test et la vérification des comportements discrets des systèmes technologiques. Cette thèse considère et généralise les études du contrôle et du diagnostic décentralisés des SED. Le principe commun du contrôle et du diagnostic décentralisés des SED est la prise de décision décentralisée, qui est basée sur l'utilisation d'une architecture décentralisée. Cette dernière est constituée de plusieurs décideurs locaux qui observent partiellement un SED et prennent des décisions locales qui sont ensuite fusionnées par un module de fusion D. Ce dernier, en se basant sur une fonction de fusion, calcule à partir des décisions locales une décision globale. Le système englobant les décideurs locaux et le module de fusion s'appelle un décideur décentralisé. L'ensemble de tous les décideurs décentralisés ayant D comme module de fusion est appelé D-architecture. La principale contribution de cette thèse est de proposer une nouvelle approche de prise de décision décentralisée, appelée multi-décision et qualifiée de multi-décisionnelle. Le principe de la multi-décision est basé sur l'utilisation de plusieurs (disons p) décideurs décentralisés (DD[indice supérieur j)[indice inférieur j=1,...,p] qui fonctionnent simultanément et en parallèle. Chaque DD[indice supérieur J] a une architecture décentralisée parmi celles qu'on trouve dans la littérature. C'est-à-dire que chaque DD[indice supérieur J] est constitué d'un ensemble de décideurs locaux ([Dec[indice supérieur J][indice inférieur i])[indice inférieur i=1,...,n] dont les décisions locales sont fusionnées par un module de fusion D[indice supérieur j] afin d'obtenir une décision globale. Dans l'architecture multi-décisionnelle, les décisions globales des p (DD[indice supérieur j])[indice inférieur j=1,...,p] sont fusionnées par un module D afin d'obtenir une décision effective qui respecte une propriété désirée Pr. L'intérêt de la multi-décision est que l'architecture ((DD[indice supérieur j])[indice inférieur j=1,..., p], D) constituée des différents (DD[indice supérieur j])[indice inférieur j =1,...,p] et de D généralise chacune des architectures DD[indice supérieur j]. C'est-à-dire que l'ensemble des SED auxquels on peut appliquer ((DD[indice supérieur j])[indice inférieur j=1,...,p], D) englobe les différents SED auxquels on peut appliquer les différents DD[indice supérieur j] séparément. Nous avons étudié l'approche multi-décisionnelle sur deux exemples de prise de décision : le contrôle supervisé et le diagnostic. On obtient alors le contrôle et le diagnostic multi-décisionnels. Dans les deux cas, l'approche multi-décisionnelle nécessite une décomposition de langages infinis (c.-à-d., contenant un nombre infini de séquences), qui est connue comme étant un problème difficile. Pour résoudre ce problème, on a proposé, dans le cas particulier des langages réguliers, une méthode qui transforme la décomposition d'un langage infini X en une décomposition d'un ensemble fini d'états marqués. Pour arriver à cela, on a dû s'imposer une restriction en ne considérant que les décompositions de X qui respectent une condition spécifique. Cette condition présente l'avantage de rendre les conditions d'existence de solutions vérifiables. Nous avons ainsi développé des algorithmes pour vérifier les conditions d'existence de solutions pour le contrôle et le diagnostic multi-décisionnels. Ces algorithmes ont le même ordre de complexité que les algorithmes qui vérifient les conditions d'existence de solutions pour le contrôle et le diagnostic décentralisés. Il est important de noter que les conditions d'existence obtenues pour une architecture multi-décisionnelle ((DD[indice supérieur j])[indice inférieur j=1,..., p], D) sont moins contraignantes que celles obtenues pour chacune des architectures DD[indice supérieur j]