Discrete and hybrid methods for the diagnosis of distributed systems

Many important activities of modern society rely on the proper functioning of complex systems such as electricity networks, telecommunication networks, manufacturing plants and aircrafts. The supervision of such systems must include strong diagnosis capability to be able to effectively detect the occurrence of faults and ensure appropriate corrective measures can be taken in order to recover from the faults or prevent total failure. This thesis addresses issues in the diagnosis of large complex systems. Such systems are usually distributed in nature, i.e. they consist of many interconnected components each having their own local behaviour. These components interact together to produce an emergent global behaviour that is complex. As those systems increase in complexity and size, their diagnosis becomes increasingly challenging. In the first part of this thesis, a method is proposed for diagnosis on distributed systems that avoids a monolithic global computation. The method, based on converting the graph of the system into a junction tree, takes into account the topology of the system in choosing how to merge local diagnoses on the components while still obtaining a globally consistent result. The method is shown to work well for systems with tree or near-tree structures. This method is further extended to handle systems with high clustering by selectively ignoring some connections that would still allow an accurate diagnosis to be obtained. A hybrid system approach is explored in the second part of the thesis, where continuous dynamics information on the system is also retained to help better isolate or identify faults. A hybrid system framework is presented that models both continuous dynamics and discrete evolution in dynamical systems, based on detecting changes in the fundamental governing dynamics of the system rather than on residual estimation. This makes it possible to handle systems that might not be well characterised and where parameter drift is present. The discrete aspect of the hybrid system model is used to derive diagnosability conditions using indicator functions for the detection and isolation of multiple, arbitrary sequential or simultaneous events in hybrid dynamical networks. Issues with diagnosis in the presence of uncertainty in measurements due sensor or actuator noise are addressed. Faults may generate symptoms that are in the same order of magnitude as the latter. The use of statistical techniques,within a hybrid system framework, is proposed to detect these elusive fault symptoms and translate this information into probabilities for the actual operational mode and possibility of transition between modes which makes it possible to apply probabilistic analysis on the system to handle the underlying uncertainty present

Fault diagnosis of hybrid systems with applications to gas turbine engines

Stringent reliability and maintainability requirements for modern complex systems demand the development of systematic methods for fault detection and isolation. Many of such complex systems can be modeled as hybrid automata. In this thesis, a novel framework for fault diagnosis of hybrid automata is presented. Generally, in a hybrid system, two types of sensors may be available, namely: continuous sensors supplying continuous-time readings (i.e., real numbers) and threshold sensitive (discrete) sensors supplying discrete outputs (e.g., level high and pressure low). It is assumed that a bank of residual generators (detection filters) designed based on the continuous model of the plant is available. In the proposed framework, each residual generator is modeled by a Discrete-Event System (DES). Then, these DES models are integrated with the DES model of the hybrid system to build an Extended DES model. A "hybrid" diagnoser is then constructed based on the extended DES model. The "hybrid" diagnoser effectively combines the readings of discrete sensors and the information supplied by residual generators (which is based on continuous sensors) to determine the health status of the hybrid system. The problem of diagnosability of failure modes in hybrid automata is also studied here. A notion of failure diagnosability in hybrid automata is introduced and it is shown that for the diagnosability of a failure mode in a hybrid automaton, it is sufficient that the failure mode be diagnosable in the extended DES model developed for representing the hybrid automaton and residual generators. The diagnosability of failure modes in the case that some residual generators produce unreliable outputs in the form of false alarm or false silence signals is also investigated. Moreover, the problem of isolator (residual generator) selection is examined and approaches are developed for computing a minimal set of isolators to ensure the diagnosability of failure modes. The proposed hybrid diagnosis approach is employed for investigating faults in the fuel supply system and the nozzle actuator of a single-spool turbojet engine with an afterburner. A hybrid automaton model is obtained for the engine. A bank of residual generators is also designed, and an extended DES is constructed for the engine. Based on the extended DES model, a hybrid diagnoser is constructed and developed. The faults diagnosable by a purely DES diagnoser or by methods based on residual generators alone are also diagnosable by the hybrid diagnoser. Moreover, we have shown that there are faults (or groups of faults) in the fuel supply system and the nozzle actuator that can be isolated neither by a purely DES diagnoser nor by methods based on residual generators alone. However, these faults (or groups of faults) can be isolated if the hybrid diagnoser is used

RULES BASED MODELING OF DISCRETE EVENT SYSTEMS WITH FAULTS AND THEIR DIAGNOSIS

Failure diagnosis in large and complex systems is a critical task. In the realm of discrete event systems, Sampath et al. proposed a language based failure diagnosis approach. They introduced the diagnosability for discrete event systems and gave a method for testing the diagnosability by first constructing a diagnoser for the system. The complexity of this method of testing diagnosability is exponential in the number of states of the system and doubly exponential in the number of failure types. In this thesis, we give an algorithm for testing diagnosability that does not construct a diagnoser for the system, and its complexity is of 4th order in the number of states of the system and linear in the number of the failure types. In this dissertation we also study diagnosis of discrete event systems (DESs) modeled in the rule-based modeling formalism introduced in [12] to model failure-prone systems. The results have been represented in [43]. An attractive feature of rule-based model is it\u27s compactness (size is polynomial in number of signals). A motivation for the work presented is to develop failure diagnosis techniques that are able to exploit this compactness. In this regard, we develop symbolic techniques for testing diagnosability and computing a diagnoser. Diagnosability test is shown to be an instance of 1st order temporal logic model-checking. An on-line algorithm for diagnosersynthesis is obtained by using predicates and predicate transformers. We demonstrate our approach by applying it to modeling and diagnosis of a part of the assembly-line. When the system is found to be not diagnosable, we use sensor refinement and sensor augmentation to make the system diagnosable. In this dissertation, a controller is also extracted from the maximally permissive supervisor for the purpose of implementing the control by selecting, when possible, only one controllable event from among the ones allowed by the supervisor for the assembly line in automaton models

Discrete Event System Methods for Control Problems Arising in Cyber-physical Systems.

We consider two problems in cyber-physical systems. The first is that of dynamic fault diagnosis. Specifically, we assume that a plant model is available in the form of a discrete event system (DES) containing special fault events whose occurrences are to be diagnosed. Furthermore, it is assumed that there exist sensors that can be turned on or off and are capable of detecting some subset of the system’s non-faulty events. The problem to be solved consists of constructing a compact structure, called the most permissive observer (MPO), containing the set of all sequences of sensor activations that ensure the timely diagnosis of any fault event’s occurrence. We solve this problem by defining an appropriate notion of information state summarizing the information obtained from the past sequence of observations and sensor activations. The resulting MPO has a better space complexity than that of the previous approach in the literature. The second problem considered in this thesis is that of controlling vehicles through an intersection. Specifically, we wish to obtain a supervisor for the vehicles that is safe, non-deadlocking, and maximally permissive. Furthermore, we solve this problem in the presence of uncontrolled vehicles, bounded disturbances in the dynamics, and measurement uncertainty. Our approach consists of discretizing the system in time and space, obtaining a DES abstraction, solving for maximally permissive supervisors in the abstracted domain, and refining the supervisor to one for the original, continuous, problem domain. We provide general results under which this approach yields maximally permissive memoryless supervisors for the original system and show that, under certain conditions, the resulting supervisor will be maximally permissive over the class of all supervisors, not merely memoryless ones. Our contributions are as follows. First, by constructing DES abstractions from continuous systems, we can leverage the supervisory control theory of DES, which is well-suited to finding maximally permissive supervisors under safety and non-blocking constraints. Second, we define different types of relations between transition systems and their abstractions and, for each relation, characterize the class of supervisors over which the supervisors obtained under our approach are maximally permissive.PHDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/108720/1/edallal_1.pd

State Estimation of Timed Discrete Event Systems and Its Applications

Many industrial control systems can be described as discrete event systems (DES), whose state space is a discrete set where event occurrences cause transitions from one state to another. Timing introduces an additional dimension to DES modeling and control. This dissertation provides two models of timed DES endowed with a single clock, namely timed finite automata (TFA) and generalized timed finite automata (GTFA). In addition, a timing function is defined to associate each transition with a time interval specifying at which clock values it may occur. While the clock of a TFA is reset to zero after each event occurs and the time semantics constrain the dwell time at each discrete state, there is an additional clock resetting function associated with a GTFA to denote whether the clock is reset to a value in a given closed time interval. We assume that the logical and time structure of a partially observable TFA/GTFA is known. The main results are summarized as follows. 1. The notion of a zone automaton is introduced as a finite automaton providing a purely discrete event description of the behaviour of a TFA/GTFA of interest. Each state of a zone automaton contains a discrete state of the timed DES and a zone that is a time interval denoting a range of possible clock values. We investigate the dynamics of a zone automaton and show that one can reduce the problem of investigating the reachability of a given timed DES to the reachability analysis of a zone automaton. 2. We present a formal approach that allows one to construct offline an observer for TFA/GTFA, i.e., a finite structure that describes the state estimation for all possible evolutions. During the online phase to estimate the current discrete state according to each measurement of an observable event, one can determine which is the state of the observer reached by the current observation and check to which interval (among a finite number of time intervals) the time elapsed since the last observed event occurrence belongs. We prove that the discrete states consistent with a timed observation and the range of clock values associated with each estimated discrete state can be inferred following a certain number of runs in the zone automaton. In particular, the state estimation of timed DES under multiple clocks can be investigated in the framework of GTFA. We model such a system as a GTFA with multiple clocks, which generalizes the timing function and the clock resetting function to multiple clocks. 3. As an application of the state estimation approach for TFA, we assume that a given TFA may be affected by a set of faults described using timed transitions and aim at diagnosing a fault behaviour based on a timed observation. The problem of fault diagnosis is solved by constructing a zone automaton of the TFA with faults and a fault recognizer as the parallel composition of the zone automaton and a fault monitor that recognizes the occurrence of faults. We conclude that the occurrence of faults can be analyzed by exploring runs in the fault recognizer that are consistent with a given timed observation. 4. We also study the problem of attack detection in the context of DESs, assuming that a system may be subject to multiple types of attacks, each described by its own attack dictionary. Furthermore, we distinguish between constant attacks, which corrupt observations using only one of the attack dictionaries, and switching attacks, which may use different attack dictionaries at different steps. The problem we address is detecting whether a system has been attacked and, if so, which attack dictionaries have been used. To solve it in the framework of untimed DES, we construct a new structure that describes the observations generated by a system under attack. We show that the attack detection problem can be transformed into a classical state estimation/diagnosis problem for these new structures