Presentation on theme: "AeroSense, April 20021 System Health Tracking and Safe Testing André Bos, Arjan van Gemund Jonne Zutt Delft University of Technology."— Presentation transcript:
AeroSense, April 20021 System Health Tracking and Safe Testing André Bos, Arjan van Gemund Jonne Zutt Delft University of Technology
AeroSense, April 20022 Contents The role of diagnosis in autonomous systems Health tracking Diagnosis as health tracking Modeling Safe testing Future work
AeroSense, April 20023 The role of diagnosis in autonomous systems Accomplish mission goals without human intervention even in a harsh environment Harsh environment: system failures Without human intervention: identify, isolate, and cope with system failures automatically Graceful degradation
AeroSense, April 20024 Accomplishing mission goals Mission goals State(t j ) State(t 0 ) Action...Action plan Resources (fuel, system components,…) Health state
AeroSense, April 20025 Architecture S/C FDI Health mode TC TM Planning/recovery and safety validation Mission goals Safe plan
AeroSense, April 20026 Diagnostic system requirements Dynamic and hybrid systems Accumulating faults Test vector generate to further isolate faulty components Easy to model Single model (if possible) to support diagnostic reasoning, test vector generation, planning, and simulation
AeroSense, April 20027 Health tracking Dynamic and hybrid systems Variables: U - Inputs: close shutter, switch-on lamp,… X - State: shutter position, lamp current Y - Observables dx/dtH
AeroSense, April 20028 Health tracking (cont.) Extend behavioural description: X to include fault states F, H to accommodate for fault state behavior. Note: non- deterministic system
AeroSense, April 20029 Example system S/R latch Set Reset Set Out time Set Out time Error can be detected only here
AeroSense, April 200210 UpTime model-based approach (1) UpTime design system to construct model-based diagnosis systems. Based on our experience of constructing a model-based diagnosis system for the GOME instrument (ERS-2 satellite).
AeroSense, April 200211 UpTime model-based approach (2) Component-based. Coarse formalism Finite Domain constraints. Finite state machine to capture dynamics. Simplified behavioral description. dU dI E.g.: If I goes up, pressure difference goes up. Each component: dx/dth
AeroSense, April 200212 UpTime: Component description Behavioral description Finite State Machine. Inter and intra state equations. Both nominal and fault state changes. cl st-cl op st-op switch in = cl, st = op : next st := cl in = cl, st = st-op: next st := st-op … state = op: dI = 0 state = cl: dI dU state = stuck-open: dI = 0 …
AeroSense, April 200213 UpTime: algorithm (3) Likelihood trajectory determined using: A priori likelihood state transition per component. The number of output variables explained. Time State
AeroSense, April 200214 sone Example system S/R latch Set Reset Set Out time Set Out time Likelihood 0.195563 All Components okay Likelihood 0.083813 #S1_AB Likelihood 0.083813 #S1_AB Likelihood 0.000838 #S2_AB
AeroSense, April 200215 Safe-testing Test vectors: As system is only partially observable, use test vectors to discriminate between possible (health) states. Be careful, test vectors may induce errors. load Possible Shortage fault
AeroSense, April 200216 Hazard conditions (1) Hazard conditions describe conditions that should not happen. Same language and model as used for diagnostic system. Conditions on the state of the S/C.
AeroSense, April 200217 Hazard conditions (2) Battery: Not directly connected to ground. Need extra variables to describe “connectedness” behavior. Not always possible to give hazard conditions per component. load Possible Shortage fault
AeroSense, April 200218 Test action Test action must: Discriminate between possible trajectories. Must not violate any hazard condition.
AeroSense, April 200219 Checking a test action … S i-1 SiSi SiSi S i+1 … … S i+k Effect of test action
AeroSense, April 200220 Future work Model-based approach: Domain dependent: model of the S/C Domain independent: Reasoning methods: diagnosis testing Target system System model Safety conditions, mission goals,... S/W generator Diagnostic reasoner Simulator Planning system
AeroSense, April 200221 Example Time State Set switch closed Both S2 ok and S2 stuck open predict output high Set Reset S2 stuck open S2 ok Set switch released S2 ok: predicts output remains high S2 stuck open: predicts output low