- Email: [email protected]
Active Fault Management in Autonomous Systems Using Sensitivity Analysis
10th IFAC IFAC Symposium Symposium on on Fault Fault Detection, Detection, 10th Supervision and for Technical Processes 10th IFAC Symposium Detection, Available online at www.sciencedirect.com Supervision and Safety Safetyon forFault Technical Processes 10th IFACPoland, Symposium on29-31, Fault Detection, Warsaw, August 2018 Supervision and Safety Technical Warsaw, Poland, Augustfor 29-31, 2018 Processes Supervision and Safety for Technical Processes Warsaw, Poland, August 29-31, 2018 Warsaw, Poland, August 29-31, 2018
ScienceDirect
IFAC PapersOnLine 51-24 (2018) 1099–1104
Active Fault Management in Autonomous Active Fault Management in Autonomous Active Fault Management in Autonomous Systems Using Sensitivity Analysis Active Fault Management in Autonomous Analysis Systems Using Sensitivity Systems Using Sensitivity Systems Using Sensitivity Analysis Analysis
Daniel Daniel Jung Jung and and Qadeer Qadeer Ahmed Ahmed Daniel Jung and Qadeer Ahmed Daniel Jung and Qadeer Ahmed The The Ohio Ohio State State University, University, Columbus, Columbus, OH, OH, 43212, 43212, USA USA The Ohio State {jung.693,ahmed.358}@osu.edu). University, Columbus, OH, 43212, USA (e-mail: (e-mail: {jung.693,ahmed.358}@osu.edu). The Ohio State {jung.693,ahmed.358}@osu.edu). University, Columbus, OH, 43212, USA (e-mail: (e-mail: {jung.693,ahmed.358}@osu.edu). Abstract: Abstract: The The absence absence of of human human senses senses and and experience experience in in autonomous autonomous systems systems pose pose aa Abstract: The absence of human experience in effective autonomous systems pose of a variety of unforeseen unforeseen challenges. One senses of these theseand challenges is the the effective health monitoring of variety of challenges. One of challenges is health monitoring Abstract: The absence of human senses and experience in effective autonomous systems pose of a variety of unforeseen challenges. One of these challenges is the health monitoring autonomous systems. This paper proposes a comprehensive active fault management framework. autonomous systems. This paper proposes a comprehensive active fault management framework. variety of unforeseen challenges. One of these challenges is the effective health monitoring of autonomous Thisworks paper on proposes a comprehensive active faultinputs management framework. The proposed framework the signal control of the the system. system. The The proposedsystems. framework on the measured measured signal and and control inputs of The autonomous systems. Thisworks paper proposes a comprehensive active fault management framework. The proposed framework works on the measured signal and control inputs of the system. The set of residuals and isolation tests, which is part of the passive fault diagnosis system, have the set of residualsframework and isolation tests, which is part ofsignal the passive fault diagnosis haveThe the The works onunforeseen the measured and control inputs of system, the or system. set ofproposed residuals and isolation tests, which is part of the passive faultis diagnosis system, have the capability of adapting to new and scenarios. If the fault not isolable detectable capability of adapting to new and unforeseen scenarios. If the fault is not isolable or detectable set of residuals and isolation tests, which is part of the passive fault diagnosis system, have the capability of adapting new and unforeseen scenarios. If the fault is notin or detectable in magnitude, it excited by the of system aa controlled fashion. in magnitude, it will will be beto excited by manipulating manipulating the inputs inputs of the the system inisolable controlled fashion. capability of adapting to new and unforeseen scenarios. If the fault is not isolable or detectable in magnitude, be excited by manipulating inputs of the in a controlled fashion. Once the iswill confirmed, it be to the performance degradation and Once the fault faultit confirmed, it will will be mitigated mitigatedthe to minimize minimize the system performance degradation and in magnitude, itis will be excited by manipulating the inputson of the system indiagnosis a controlled fashion. Once the fault is confirmed, it will be mitigated to minimize the performance degradation and damage to the system. The later part of the framework active fault (sensitivity damage tofault the issystem. The it later part of the framework on active fault diagnosis (sensitivity Once the confirmed, will be mitigated to minimize the performance degradation and damage to the system. The later part of the framework on active fault diagnosis (sensitivity analysis based fault excitation and mitigation) has been demonstrated for a powertrain of analysis based fault excitation andpart mitigation) has been demonstrated for a powertrain of an an damage to the system. The later of the framework on active fault diagnosis (sensitivity analysis based fault excitation andsimulation mitigation) has been demonstrated for a powertrain of an autonomous electric vehicle. The results confirm the effectiveness of the proposed proposed autonomous electric vehicle. The simulation results confirm the effectiveness of the analysis based fault excitation andsimulation mitigation) has been demonstrated for a powertrain of an autonomous electric vehicle. The results confirm the effectiveness of the proposed active fault framework. active fault management management framework. autonomous electric vehicle. The simulation results confirm the effectiveness of the proposed active fault management framework. active © 2018,fault IFACmanagement (Internationalframework. Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Keywords: Keywords: Active Active Fault Fault Diagnosis, Diagnosis, Autonomous Autonomous Systems, Systems, Fault Fault Mitigation, Mitigation, Fault Fault Excitation Excitation Keywords: Active Fault Diagnosis, Autonomous Systems, Fault Mitigation, Fault Excitation Keywords: Active Fault Diagnosis, Autonomous Systems, Fault Mitigation, Fault Excitation 1. INTRODUCTION INTRODUCTION 1. 1. INTRODUCTION 1. INTRODUCTION An autonomous autonomous system system refers refers to to aa system system which which performs performs An An autonomous system refers to a system which performs tasks and makes decisions without input from a human tasks and makessystem decisions without input which from aperforms human An autonomous refers to a system tasks and These makessystems decisions without input fromin athe human operator. are commonly found field operator. systems arewithout commonly found the field tasks and These makes decisions input fromin human operator. These systems are as commonly found in avehicles, the field of robotics, aerospace such unmanned aerial of robotics, aerospace such as unmanned aerial vehicles, operator. These systems are commonly found in with the field of robotics, aerospace such as unmanned aerial vehicles, and ground robots, where the human interaction the robots, where the human interaction with the Fig. 1. Expected response of an autonomous vehicle and ground of robotics, aerospace such as unmanned aerial vehicles, and ground robots, where the human interaction with the Fig. 1. Expected response of an autonomous vehicle autonomous systems is minimal. However, these systems autonomous systems is minimal. However, these systems 1. Expected response an autonomous and increasing ground robots, the human interaction with the Fig. equipped with fault management system autonomous systems is minimal. However, these systems are in an anwhere environment where the interaction with active active faultof systemvehicle Fig. equipped 1. Expected response ofmanagement an autonomous are increasing in environment where the interaction autonomous systems is minimal. However, these systems equipped with active fault management systemvehicle are in longer an environment where the interaction withincreasing humans is is no no longer insignificant, e.g. autonomous autonomous veequipped with active fault management system with humans insignificant, e.g. veare increasing in robots an environment where the significant negative negative impact impact on on system system performance. performance. ThereTherewith humans is no longer insignificant, e.g. autonomous ve- significant hicles, humanoid etc. These systems systems are interaction essentially hicles, humanoid robots etc. These are essentially with humans is norobots longer insignificant, e.g. autonomous ve- significant negative impact on system performance. Therefore, it is sometimes necessary that the diagnosis system hicles, humanoid etc. These systems are essentially operated without a human, who is replaced by actuators, fore, it is sometimes necessary that the diagnosis system operated without robots a human, who is systems replacedare by essentially actuators, significant negative impact onthat system performance. Therehicles, humanoid etc. These fore, it is sometimes necessary that the diagnosis system can operate the system such it is possible to identify operated without a human, who is replaced by actuators, sensors, artificial artificial intelligence, intelligence, and and control control algorithms. algorithms. BeBe- can operate the system such that it isthe possible to identify sensors, fore, it is sometimes necessary that diagnosis system operated without a human, who is replaced by actuators, operate such that it is possible to identify faults, which are not or in sensors, artificial andofcontrol algorithms. Be- can sides ensuring ensuring theintelligence, performance autonomous systems, faults, whichthe aresystem not isolable isolable or detectable detectable in magnitude, magnitude, sides the performance autonomous systems, operate the such that it is operation. possible toItidentify sensors, artificial intelligence, andof control algorithms. Be- can faults, which aresystem not affecting isolable or detectable in magnitude, without significantly affecting normal is also also sides ensuring the performance of autonomous systems, their safety and reliability is also of prime significance. without significantly normal operation. It is their safety and reliability is also of prime significance. faults, which are not isolable or detectable in magnitude, sides safety ensuring performance systems, important, without significantly affecting normal that operation. It is also after aa fault is identified, the system can their andthe reliability is also of of autonomous prime significance. important, after fault is identified, that the system can without significantly affecting normal operation. It is also their safety and reliability is also of prime significance. important, after a fault is identified, that the system can continue to operate, for example going to a workshop in continue to operate, for example going to a workshop in 1.1 Problem motivation important, a fault identified, that system can 1.1 Problem motivation continue to after operate, for isexample going to the aimpact workshop in aa limp-home mode, while mitigating the of the 1.1 Problem motivation limp-home mode, while mitigating the impact of the continue to operate, for example going to a workshop in 1.1 Problem motivation afault limp-home mode, while mitigating the impact of the to the system functionality. Fig. 1 gives an idea of fault to the system functionality. Fig. the 1 gives an idea of Replacing humans in any system brings in a lot of una limp-home mode, while mitigating impact of the Replacing humans in any system brings in a lot of un- fault to the functionality. Fig. 1 gives an idea of autonomous system with active fault management system. autonomous system with active fault management system. Replacing humans in any system brings in a lot of unforeseen challenges, especially, when it comes to proper fault to the system system with functionality. Fig. 1 gives an system. idea of foreseen challenges, especially, when it comes to proper autonomous active fault management Replacing humans in any system brings in a lot of unforeseen challenges, especially, when it comes to proper The functioning and monitoring monitoring of the the system. The additional additional active fault management framework in autonomous fault management functioning and of system. The The proposed proposedsystem activewith faultactive management frameworksystem. in this this foreseen challenges, especially, when it comes to proper functioning and monitoring ofexperience the system. The additional on-board human senses and is heavily relied The proposed active fault management framework in this paper aims to address the fault diagnosis issues the on-board human senses and experience is heavily relied paper aims to address the fault diagnosis issues in the functioning and monitoring ofunderstand the system.is The additional proposed active fault management framework in this on-board human senses and experience heavily relied The upon by the manufacturers to any malfunction paper aims to address the fault diagnosis issues in the next generation of autonomous systems in a holistic way. upon by the manufacturers to understand any malfunction next generation of autonomous systems in a holistic way. on-board human senses and experience is heavily relied aims toapproach address the work fault diagnosis issues in the upon the manufacturers understand any malfunction next generation of autonomous systems in a holistic way. in the theby system, which will will be be to absent in autonomous autonomous systems. paper The proposed can with open loop or closed in system, which absent in systems. The proposed approach can worksystems with open or closed upon by the manufacturers understand any malfunction next generation of with autonomous in aloop holistic way. in thevacuum system, which willsenses be to absent in autonomous systems. The of human and experience needs to be The proposed approach can work with open loop or closed loop systems and predefined residuals and isolation The of human senses and in experience needs to be loop systems and with predefined residuals and or isolation in thevacuum system, will be absent autonomous systems. proposed approach can work with open loop closed The vacuum human senses experience needs to be The replaced by aaofwhich system which is and capable of loop systemsThe and with predefined residuals and tests isolation test cases. set of residuals and isolation are replaced by system which is capable of test cases. The set of residuals and isolation tests are The vacuum humanwhich senses experience needs to be loop systems and with predefined residuals and isolation replaced by aofsystem is and capable of test cases. The set of residuals and isolation tests are capable of adapting to the system performance. These capable of adapting to the system performance. These • Learning the system behavior to maintain its perforreplaced by a system which is capable of cases. The set ofto residuals and isolation tests are • Learning the system behavior to maintain its perfor- test capable of adapting the system performance. These residuals and isolation tests will also enable the framework residualsof and isolationto tests will also enable the framework • Learning mance. the system behavior to maintain its perfor- capable adapting the system performance. These mance. residuals and isolation tests will also enable the framework for actively managing the fault in a system. If the fault Learning the system behavior to maintain perfor- for actively managing the fault in a system. If the fault •• mance. Active manipulation, if any any malfunction malfunction is its sensed. residuals and isolationintests will also enable theIfframework • Active manipulation, if is sensed. actively managing fault in anor system. the is neither detectable magnitude isolable, mance. manipulation, is neither detectable inthe magnitude nor isolable, the fault fault • Active if any malfunction ispresence sensed. of for Adapting the unknown scenarios in the for actively managing the fault in a system. If the •• Adapting the unknown scenarios in the presence of is neither detectable in magnitude nor isolable, the fault fault excitation part in the framework would manipulate the Active manipulation, if any malfunction is sensed. part in the framework would manipulate the • Adapting the unknown scenarios in the presence of excitation external factors. is neitherinput detectable in framework magnitude norkeeping isolable, the fault factors. excitation part in the would manipulate the system’s to excite the fault, while the system • external Adapting the unknown scenarios in the presence of system’s input to excite the fault, while keeping the system external factors. excitation part in the framework would manipulate the system’s input to excite the fault, while keeping the system safe. Once the fault is detected, the fault mitigation It is important that a diagnostics system is able to identify external factors. Once theto fault isthedetected, thekeeping fault the mitigation It is important that a diagnostics system is able to identify safe. system’s input excite fault, while system It is important that stage a diagnostics system suitable is able tocounteridentify safe. Once fault iswould detected, the it mitigation part of the framework mitigate to the faults in an an early early to determine determine part of the the framework mitigate itfault to operate operate the faults in stage to suitable It is important that afault diagnostics system is and ablewill tocounteridentify safe. Once the fault iswould detected, the fault mitigation faults in before an early stage to determine suitable counterpart of the framework would mitigate it to operate the system safely. The later part of the proposed framework measures the becomes severe have a system safely. The laterwould part of the proposed framework measures before thestage fault to becomes severesuitable and willcounterhave a part faults in an early determine of the framework mitigate it to operate the measures before the fault becomes severe and will have a system safely. The later part of the proposed framework measures before the fault becomes severe and will have a system safely. The later part of the proposed framework 2405-8963 © 2018, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Sesnors? Sesnors? Sesnors? Sesnors? Sesnors?
Engine? Engine? Engine?
Sesnors? Motor? Motor? Motor?
Engine?
Motor? Motor? Motor?
Copyright © 2018 1099 Copyright © under 2018 IFAC IFAC 1099Control. Peer review responsibility of International Federation of Automatic Copyright © 2018 IFAC 1099 10.1016/j.ifacol.2018.09.730 Copyright © 2018 IFAC 1099
Engine? Engine?
Lane changing Lane changing system? Lane changing system? system? Lane changing Lane changing system? system? Stability Lane changing Stability Controller? Stability system? Controller? Controller? Stability Stability Controller? Controller? Stability Controller?
IFAC SAFEPROCESS 2018 1100 Warsaw, Poland, August 29-31, 2018
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
on fault excitation and mitigation is executed for an electrified power-train of an autonomous vehicle with dual electric machines to show the effectiveness of the proposed framework. 1.2 Related research The necessary functionality for monitoring of autonomous systems, listed in the previous section, are very important and most of the existing health monitoring/fault diagnosis frameworks address part of the requirements of autonomous systems. For example, (Raptis et al., 2013) discuss a particle filtering-based framework for real-time fault diagnosis of autonomous vehicles, (Blanke et al., 2016) elaborates on diagnosis for control and decision support for autonomous vehicles, (Li et al., 2017) diagnosed the sensor faults in an autonomous underwater vehicle based on extreme learning machine, (Realpe, M. et al., 2015) also diagnosed sensor faults for autonomous vehicles, (Hamilton et al., 2001) describes an integrated heterogeneousknowledge approach to diagnose faults in autonomous robotic vehicles. (Kawabata et al., 2002) proposed a selfdiagnosis system of an autonomous mobile robot.(Dai et al., 2007) discussed self healing and hybrid diagnosis using decision diagram, fuzzy logic and neural networks. A review of artificial immune systems for fault diagnosis is discussed in Bayar et al. (2015) and a case study can be seen in (Silva et al., 2017). Adaptive diagnosis system designs based on on-line sequential selection of residuals have been discussed in (Eriksson et al., 2012; Krysander et al., 2010). A decentralized diagnosis system design for reconfigurable systems is proposed in (Chanthery et al., 2016). It can be observed the above mentioned approaches do address autonomous systems, however, we believe that there is a need of a holistic framework to address the missing on-board human senses and experiences in autonomous systems.
Fault diagnosability properties are then defined for a given set of residuals as follows. Definition 2. (Fault detectability). A fault fi is detectable if there exists a residual generator R ∈ R that is sensitive to fi . Definition 3. (Fault isolability). A fault fi is isolable from another fault fj if there exists a residual generator R ∈ R that is sensitive to fi but not fj . The two objectives of the active fault management system considered here are fault excitation and fault mitigation. Definition 4. (Fault excitation). A process to excite a fault fi by manipulating the control variable to make it detectable and isolable from another fault fj using residual generator R ∈ R that is sensitive to fi but not fj . Definition 5. (Fault mitigation). A process to minimize the effects of a fault fi on the system performance and safe operation, by manipulating the control variable. 3. ACTIVE FAULT MANAGEMENT FRAMEWORK The proposed framework of an active fault management system is shown in Fig. 2. The framework employs measured signals and inputs to understand the autonomous system response. The detection residuals and isolation tests are part of the passive diagnostic system, which are adaptable to different scenarios and system performance degradation as shown in Fig. 3. By adaptable set of residuals and isolation tests, it is meant that if for a certain new fault the residuals or isolation tests were not designed, using online learning methods we can update the set of residuals or isolation tests. At a given instance, the framework will be running on a set of residuals and isolation tests, which will be used in active fault diagnosis.
The active fault diagnosis part in the proposed framework either excites the fault, if neither isolable nor detectable in magnitude, or mitigates it by manipulating the inputs in a controlled fashion to avoid any mishap. If the fault 2. BACKGROUND is confirmed, the mitigation part of the framework will be activated to keep the system safe with sub-optimal This section will introduce the definitions and concepts of performance. Below are some existing references that fault diagnostics used in the paper. In model-based diagnocan be explored for the individual parts of the framesis, physical-based models are used to process sensor data work. Residual generation: (Krysander et al., 2008; from the system to generate residuals. By using different Pulido and Gonz´alez, 2004), (Staroswiecki and Comtetparts of the model when creating the different residual Varga, 2001), (Patton and Chen, 1997), (Gertler, 1997) generators, each residual will be able to detect faults in a Fault isolation:(Trav´e-Massuy`es, 2014), (De Kleer and specific part of the system, while being insensitive to other Williams, 1987), (Mosterman and Biswas, 1999). Adaptfaults. Based on which residuals have significantly deviated able residuals and isolations tests:(Jung et al., 2016), from their nominal behavior, a set of fault hypotheses is (Tidriri et al., 2016) Fault excitation:(Niemann, 2006), computed (De Kleer and Williams, 1987). (Poulsen and Niemann, 2008) Fault mitigation:(Dubey An ideal residual generator is defined as follows (Sv¨ard et al., 2007),(Prokhorov, 2008). With respect to previous works in active fault diagnosis, for example (Poulsen and et al., 2013). Definition 1. (Ideal residual generator). Let M be a model. Niemann, 2008) and (Prokhorov, 2008), this paper formuA function R with sensor data z as input and a residual r lates an optimal control problem that can be used for both as output is called a residual generator for the model M if fault excitation and fault mitigation. a fault-free system implies that r = 0. 4. ACTIVE FAULT DIAGNOSIS USING SENSITIVITY ANALYSIS The most important property of residual generators is that their outputs should be affected by a fault present in the system. If there is a realization of the fault that implies Here, active fault diagnosis is formulated as an optimal that r = 0, it is said that the residual is sensitive to that control where the objective is to optimize the system inputs. Since the actual fault magnitudes are not known, fault. 1100
IFAC SAFEPROCESS 2018 Warsaw, Poland, August 29-31, 2018
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
1101
Active Fault Management System Active Fault Diagnosis
Passive Fault Diagnosis
Fault Excitation
Autonomous system
Controller
Sensors
Fault Detection
Fault Isolation Fault Mitigation
Adaptive/Online Learning
Fig. 2. Framework for a active fault management system. It is composed of adaptable residuals and isolation tests and active fault diagnosis. system state trajectory by looking at p = Petzold, 1998).
Passive Fault Diagnosis Residual 1
Residual 2 Residual 3 Residual 4 ... Residual n-1
Test 1 Test 2 Test 3 Test 4 ... Test n-1
Residual n
Test n
(Ascher and
If u does not depend on f , the sensitivity analysis can be formulated as p˙ = gx (x0 , u0 )p + gf (x0 , u0 ) (2) q = hx (x0 , u0 )p + hf (x0 , u0 )
rn x x ... x x x x r2 x x r1 f1 f2 f3 ... fn
∂y ∂x where p = ∂f and q = ∂f . The functions and partial derivatives dependencies to the fault are ignored, i.e. gx (x0 , u0 ) = gx (x0 , u0 , f0 ), if the fault is assumed small, i.e. f0 ≈ 0. The set of equations (2) describes a first order approximation of the dynamic effects of a small fault f to the system states p and sensor outputs q. The state p can be used to quantify the impact of a fault to the system dynamics.
Isolation
Detection
∂x ∂f
Adaptive/Online Learning
Control Inputs & Measurements
Fig. 3. Passive fault diagnosis part in the proposed framework with adaptable residuals and isolation tests. methods from sensitivity analysis of dynamic systems are applied to evaluate the effects of a potential fault to the system dynamics. 4.1 Sensitivity analysis of dynamic systems
The number of states doubles when adding the sensitivity analysis equations (2) to the model (1) and will be used for fault mitigation as follows. 4.2 Fault mitigation Fault mitigation, as defined in Definition 6, considers the problem of minimizing the effect of a fault on a system state. The fault mitigation problem can be formulated as T min p 2 dt u∈U
Depending on the objective of the active fault diagnosis problem, i.e. fault mitigation or fault excitation, it can be formulated as an optimal control problem where the objective is to maximize or minimize the effect of a fault to different parts of the system. First, consider a state-space model in the form x˙ = g(x, u, f ) (1) y = h(x, u, f ) where x are state variables, u are control signals, y are sensor signals, and f is a fault signal. Sensitivity analysis of the model with respect to a non-zero fault f = 0 can be performed by analyzing the effects of the fault f on the
t=0
(3) x˙ = g(x, u) p˙ = gx (x0 , u0 )p + gf (x0 , u0 ) x ∈ X, u ∈ U where x ∈ X and u ∈ U denotes the constraints on the state variables and control inputs, respectively. The objective function can minimize the norm of the whole vector p or a subset of its elements. For linear time-discrete systems and convex sets X and U , the corresponding optimization problem (3) is convex. Thus, it can be implemented as an on-line control strategy using, for example, ModelPredictive Control (MPC) (Mayne et al., 2000). Otherwise, other optimization software can be used, such as CasaDi (Andersson et al., 2012).
1101
s.t.
IFAC SAFEPROCESS 2018 1102 Warsaw, Poland, August 29-31, 2018
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
where γ is the gear ratio and η models the gear efficiency.
4.3 Fault excitation A fault excitation process, as defined in Definition 5, requires a residual generator formulated as r = ρ(u, y) and the sensitivity analysis gives that ∂r = ρy (y0 , u0 )q (4) ∂f A large value q indicates a large effect of the fault f to the residual output. However, to evaluate how easy it is to detect the fault it is important to consider the ratio between the fault impact and residual noise, see for example (Khorasgani et al., 2014). Therefore, it is assumed that all residuals are normalized such that they have similar noise variances. Note that gx and hx in (2) and ρy in (4) are independent of the fault and only gx and hx will depend on the location of f . The model equations (1), together with the sensitivity analysis equations (2) and (4), simulate the sensitivity of a residual r with respect to a fault f . Since the true value of f is not known, the true system is approximated using the nominal system model.
A dynamic model of a PMSM is given by 1 diq = (Vq − λωe − Rs iq − Ld ωe id ) dt Lq 1 did = (Vd + Lq ωe iq − Rs id ) dt Ld Te = 1.5P (λiq + (Ld + Lq )id iq )
5.2 Model for sensitivity analysis The sensitivity analysis for the nominal model can be written as Rs Ld v λ + Ld id,1 piq,1 − pid,1 − pv Lq Lq γRwh Lq γRwh Lq v Rs piq,1 − pid,1 p˙id,1 = Ld γRwh Ld Rs Ld v λ + Ld id,2 p˙ iq,2 = − piq,2 − pid,2 − pv Lq Lq γRwh Lq γRwh Lq v Rs piq,2 − pid,2 p˙id,2 = Ld γRwh Ld η1.5P (λ + (Ld + Lq )id,1 ) piq,1 p˙v = γM Rwh η1.5P (Ld + Lq )iq,1 pid,1 + γM Rwh η1.5P (λ + (Ld + Lq )id,2 ) piq,2 + γM Rwh η1.5P (Ld + Lq )iq,2 pid,2 + γM Rwh − 2cvpv p˙ iq,1 = −
t=0
x˙ = g(x, u) (5) p˙ = gx (x0 , u0 )p + gf (x0 , u0 ) q = hx (x0 , u0 )p + hf (x0 , u0 ) x ∈ X, u ∈ U However, maximizing a convex function is a complicated task and a heuristic reformulation of (5) is here considered for proof of concept by selecting a non-zero constant ζ and minimizing T (6) min ρy (y(t), u(t))q(t) − ζ 2 dt t=0
5. CASE STUDY: POWERTRAIN OF AN AUTONOMOUS VEHICLE To illustrate the proposed framework, a model of a direct-drive power-train with two Permanent-Magnet Synchronous Machine (PMSM) in series used in autonomous vehicle, is used as a case study.
(12)
Two faults are modeled, each affecting one of the two motors. The first fault f1 changes the resistance in motor one as Rs (1 + f1 ) and the second fault f2 changes the inductance in motor two as Lq (1 + f2 ).
s.t.
u∈U
(11)
The input to the system is the two voltages Vq and Vd for each of the two motors.
Finally, the fault excitation optimization problem can then be formulated as T ρy (y(t), u(t))q(t) 2 dt max u∈U
(10)
(13) (14) (15) (16) (17) (18) (19) (20) (21)
As an example, the corresponding sensitivity analysis model for fault f1 is achieved by adding the following terms Rs s −R Lq iq,1 to (13) and − Ld id,1 to (14), respectively.
5.1 Powertrain model
5.3 Simulation Results
The longitudinal dynamics of an autonomous vehicle are modeled using Newton’s second law as 1 v˙ veh = (Ftrac − Fa − Fr − Fm ) (7) m where Fa is aerodynamic friction, Fr is rolling friction and Fm is rolling resistance.
As a first case, fault excitation is considered for each of the two faults. A residual, as defined in Definition 1, is developed based on the power-train model that compares a sensor measuring the vehicle velocity vveh with an estimate vˆveh computed from the input voltages. The vehicle is running with a constant velocity of 5m/s. The control input optimization (6) is formulated where the dynamics are discretized for a given interval t = [0, T ]. As a second step, the objective is to control the system such that the effect of each fault to the vehicle velocity is mitigated. Similarly as for the fault excitation case, the dynamics in (3) are discretized and the input is optimized in both problems using the Matlab function fmincon. Velocity constraints are added to the optimization problem to
Ftrac =
Twh Rwh
vveh = Rwh ωwh
(8)
The speed and torque transfers in the final differential are modeled as (Te,1 + Te,2 ) η (9) Twh = ωwh = ωe γ γ
1102
IFAC SAFEPROCESS 2018 Warsaw, Poland, August 29-31, 2018
4
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
20
0
0.01
pv
2
-0.01
0
-0.02
Vq,1
15
Vd,1 Vq,2
10
-2
Vd,1 Vq,2
-0.04
Vd,2
-6
-0.05 50
Vd,2
pv
0 -0.01
5
-0.02
0
-0.03
-5
-0.04
-0.03
Vq,1
-4
1103
100 150 200 250 300 350 400
5.01
-10 50
-0.05
100 150 200 250 300 350 400
50
0.02
0.01
5
0
50
100 150 200 250 300 350 400
50
100 150 200 250 300 350 400
0.02
5.02 residual
5.005
100 150 200 250 300 350 400
v fault v no fault
5.015
0.01
5.01 0 5.005 -0.01
4.995
-0.01
5
v fault v no fault
residual
-0.02
4.99 50
100 150 200 250 300 350 400
50
Fig. 4. Input optimization for fault excitation of fault f1 . 2 10
-0.02
4.995 50
100 150 200 250 300 350 400
10
100 150 200 250 300 350 400
Fig. 6. Input optimization for fault excitation of fault f2 .
-4
20
3
Vq,1 Vd,1
1
Vd,2
Vd,1
2
Vq,2
10
0
pv
Vq,1
15
Vq,2
5
10 -4
Vd,2
1
5
0
-1
0 0
-5
-2
-10
-3 50
100 150 200 250 300 350 400
5.0004
50
-10
100 150 200 250 300 350 400
-2 50
0.02
100 150 200 250 300 350 400
50
100 150 200 250 300 350 400
0.02
5.0006
residual
5.0002
-1
-5
pv
residual
v fault v no fault
0.01
5.0004
0.01
5.0002
0
5
-0.01
5 0 4.9998 -0.01
4.9996
v fault v no fault
4.9994
-0.02 50
100 150 200 250 300 350 400
50
4.9998
100 150 200 250 300 350 400
-0.02 50
Fig. 5. Input optimization for fault mitigation of fault f1 . assure that the vehicle speed does not vary too much and the final speed is equal to the initial speed. Fig. 4 shows the inputs voltages, vehicle speed, ρv for f1 and the residual when f1 was excited by the optimization algorithm. Once the fault in motor 1 resistance is confirmed, the input is optimized for mitigating its effects as shown in Fig. 5. It can be observed that f1 has been actively managed by changing the input voltages of the two motors in the autonomous vehicle. Fig. 6 shows the input voltages, vehicle speed, ρv for f2 and the residual when f2 was excited by the optimization algorithm. Once the fault in motor two inductance is confirmed, the input is optimized for mitigating its effects as shown in Fig. 7, which is very different from the inputs in case of f1 . It can be observed that the f2 has been actively managed by changing the input voltages of the motor in autonomous vehicle. By comparing the simulations of the fault excitation and fault mitigation strategies, the effect of each fault to
100 150 200 250 300 350 400
50
100 150 200 250 300 350 400
Fig. 7. Input optimization for fault mitigation of fault f2 . vehicle speed, i.e. |vfault − vno fault |, varies 50x between the two strategies for fault f1 and 100x for fault f2 . The proposed method for active fault diagnosis can help control the effect from the fault. In this example, the fault mitigation strategies includes more constant input levels while fault excitation includes varying the inputs. 6. CONCLUSIONS The proposed formulation of optimization for active fault diagnosis using sensitivity analysis has been demonstrated for both fault excitation and fault mitigation in an autonomous system. This concludes one of the steps to complete the proposed framework for active fault management system, which is planned to replace the human senses and experience in autonomous systems. The next step is to develop the set of residuals and isolation adaptable to the unforeseen scenarios learned from the data collected from on-board sensors.
1103
IFAC SAFEPROCESS 2018 1104 Warsaw, Poland, August 29-31, 2018
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
REFERENCES Andersson, J., ˚ Akesson, J., and Diehl, M. (2012). CasADi: A symbolic package for automatic differentiation and optimal control. In Recent Advances in Algorithmic Differentiation, 297–307. Springer. Ascher, U. and Petzold, L. (1998). Computer methods for ordinary differential equations and differential-algebraic equations, volume 61. Siam. Bayar, N., Darmoul, S., Hajri-Gabouj, S., and Pierreval, H. (2015). Fault detection, diagnosis and recovery using artificial immune systems: A review. Engineering Applications of Artificial Intelligence, 46, 43–57. Blanke, M., Hansen, S., and Blas, M. (2016). Diagnosis for Control and Decision Support for Autonomous Vehicles. Springer International Publishing, Cham. Chanthery, E., Trav´e-Massuy`es, L., and Indra, S. (2016). Fault isolation on request based on decentralized residual generation. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 46(5), 598–610. Dai, Y.S., Hinchey, M., and Hu, Q. (2007). Consequence oriented self-healing and hybrid diagnosis integrating decision diagram, fuzzy logic and neural network. In Fourth IEEE International Workshop on Engineering of Autonomic and Autonomous Systems, 127–136. De Kleer, J. and Williams, B. (1987). Diagnosing multiple faults. Artificial intelligence, 32(1), 97–130. Dubey, A., Nordstrom, S., Keskinpala, T., Neema, S., Bapty, T., and Karsai, G. (2007). Towards a verifiable real-time, autonomic, fault mitigation framework for large scale real-time systems. Innovations in Systems and Software Engineering, 3(1), 33–52. Eriksson, D., Frisk, E., and Krysander, M. (2012). A sequential test selection algorithm for fault isolation. In 10th European Workshop on Advanced Control and Diagnosis, November 8-9, Copenhagen, Denmark. Gertler, J. (1997). Fault detection and isolation using parity relations. Control engineering practice, 5(5), 653– 661. Hamilton, K., Lane, D., Taylor, N., and Brown, K. (2001). Fault diagnosis on autonomous robotic vehicles with recovery: an integrated heterogeneous-knowledge approach. In Proceedings 2001 ICRA. IEEE International Conference on Robotics and Automation, volume 4, 3232–3237. Jung, D., Ng, K.Y., Frisk, E., and Krysander, M. (2016). A combined diagnosis system design using model-based and data-driven methods. In Control and Fault-Tolerant Systems (SysTol), 2016 3rd Conference on, 177–182. Kawabata, K., Akamatsu, T., and Asama, H. (2002). A study of self-diagnosis system of an autonomous mobile robot: expansion of state sensory systems. In IEEE/RSJ International Conference on Intelligent Robots and Systems, volume 2, 1802–1807 vol.2. Khorasgani, H., Jung, D., Biswas, G., Frisk, E., and Krysander, M. (2014). Robust residual selection for fault detection. In Decision and Control (CDC), 2014 IEEE 53rd Annual Conference on, 5764–5769. Krysander, M., ˚ Aslund, J., and Nyberg, M. (2008). An efficient algorithm for finding minimal overconstrained subsystems for model-based diagnosis. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, 38(1), 197–206.
Krysander, M., Heintz, F., Roll, J., and Frisk, E. (2010). Flexdx: A reconfigurable diagnosis framework. Engineering applications of artificial intelligence, 23(8), 1303–1313. Li, X., Song, Y., Guo, J., Feng, C., Li, G., Yan, T., and He, B. (2017). Sensor fault diagnosis of autonomous underwater vehicle based on extreme learning machine. In 2017 IEEE Underwater Technology (UT), 1–5. Mayne, D., Rawlings, J., Rao, C., and Scokaert, P. (2000). Constrained model predictive control: Stability and optimality. Automatica, 36(6), 789–814. Mosterman, P. and Biswas, G. (1999). Diagnosis of continuous valued systems in transient operating regions. IEEE Transactions on Systems, Man, and CyberneticsPart A: Systems and Humans, 29(6), 554–565. Niemann, H. (2006). A setup for active fault diagnosis. IEEE Transactions on Automatic Control, 51(9), 1572– 1578. Patton, R. and Chen, J. (1997). Observer-based fault detection and isolation: Robustness and applications. Control Engineering Practice, 5(5), 671–682. Poulsen, N. and Niemann, H. (2008). Active fault diagnosis based on stochastic tests. International Journal of Applied Mathematics and Computer Science, 18(4), 487–496. Prokhorov, D. (2008). Toyota prius hev neurocontrol and diagnostics. Neural Networks, 21(2), 458–465. Pulido, B. and Gonz´alez, C. (2004). Possible conflicts: a compilation technique for consistency-based diagnosis. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 34(5), 2192–2206. Raptis, I., Sconyers, C., Martin, R., Mah, R., Oza, N., Mavris, D., and Vachtsevanos, G. (2013). A particle filtering-based framework for real-time fault diagnosis of autonomous vehicles. In Annual Conference of the PHM Society, volume 4, 9. Realpe, M., Vintimilla, B., and Vlacic, L. (2015). Sensor fault detection and diagnosis for autonomous vehicles. MATEC Web of Conferences, 30, 04003. Silva, G., Caminhas, W., and Palhares, R. (2017). Artificial immune systems applied to fault detection and isolation: A brief review of immune response-based approaches and a case study. Applied Soft Computing, 57, 118–131. Staroswiecki, M. and Comtet-Varga, G. (2001). Analytical redundancy relations for fault detection and isolation in algebraic dynamic systems. Automatica, 37(5), 687–699. Sv¨ard, C., Nyberg, M., and Frisk, E. (2013). Realizability constrained selection of residual generators for fault diagnosis with an automotive engine application. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 43(6), 1354–1369. Tidriri, K., Chatti, N., Verron, S., and Tiplica, T. (2016). Bridging data-driven and model-based approaches for process fault diagnosis and health monitoring: A review of researches and future challenges. Annual Reviews in Control, 42, 63–81. Trav´e-Massuy`es, L. (2014). Bridging control and artificial intelligence theories for diagnosis: A survey. Engineering Applications of Artificial Intelligence, 27, 1–16.
1104
ScienceDirect
IFAC PapersOnLine 51-24 (2018) 1099–1104
Active Fault Management in Autonomous Active Fault Management in Autonomous Active Fault Management in Autonomous Systems Using Sensitivity Analysis Active Fault Management in Autonomous Analysis Systems Using Sensitivity Systems Using Sensitivity Systems Using Sensitivity Analysis Analysis
Daniel Daniel Jung Jung and and Qadeer Qadeer Ahmed Ahmed Daniel Jung and Qadeer Ahmed Daniel Jung and Qadeer Ahmed The The Ohio Ohio State State University, University, Columbus, Columbus, OH, OH, 43212, 43212, USA USA The Ohio State {jung.693,ahmed.358}@osu.edu). University, Columbus, OH, 43212, USA (e-mail: (e-mail: {jung.693,ahmed.358}@osu.edu). The Ohio State {jung.693,ahmed.358}@osu.edu). University, Columbus, OH, 43212, USA (e-mail: (e-mail: {jung.693,ahmed.358}@osu.edu). Abstract: Abstract: The The absence absence of of human human senses senses and and experience experience in in autonomous autonomous systems systems pose pose aa Abstract: The absence of human experience in effective autonomous systems pose of a variety of unforeseen unforeseen challenges. One senses of these theseand challenges is the the effective health monitoring of variety of challenges. One of challenges is health monitoring Abstract: The absence of human senses and experience in effective autonomous systems pose of a variety of unforeseen challenges. One of these challenges is the health monitoring autonomous systems. This paper proposes a comprehensive active fault management framework. autonomous systems. This paper proposes a comprehensive active fault management framework. variety of unforeseen challenges. One of these challenges is the effective health monitoring of autonomous Thisworks paper on proposes a comprehensive active faultinputs management framework. The proposed framework the signal control of the the system. system. The The proposedsystems. framework on the measured measured signal and and control inputs of The autonomous systems. Thisworks paper proposes a comprehensive active fault management framework. The proposed framework works on the measured signal and control inputs of the system. The set of residuals and isolation tests, which is part of the passive fault diagnosis system, have the set of residualsframework and isolation tests, which is part ofsignal the passive fault diagnosis haveThe the The works onunforeseen the measured and control inputs of system, the or system. set ofproposed residuals and isolation tests, which is part of the passive faultis diagnosis system, have the capability of adapting to new and scenarios. If the fault not isolable detectable capability of adapting to new and unforeseen scenarios. If the fault is not isolable or detectable set of residuals and isolation tests, which is part of the passive fault diagnosis system, have the capability of adapting new and unforeseen scenarios. If the fault is notin or detectable in magnitude, it excited by the of system aa controlled fashion. in magnitude, it will will be beto excited by manipulating manipulating the inputs inputs of the the system inisolable controlled fashion. capability of adapting to new and unforeseen scenarios. If the fault is not isolable or detectable in magnitude, be excited by manipulating inputs of the in a controlled fashion. Once the iswill confirmed, it be to the performance degradation and Once the fault faultit confirmed, it will will be mitigated mitigatedthe to minimize minimize the system performance degradation and in magnitude, itis will be excited by manipulating the inputson of the system indiagnosis a controlled fashion. Once the fault is confirmed, it will be mitigated to minimize the performance degradation and damage to the system. The later part of the framework active fault (sensitivity damage tofault the issystem. The it later part of the framework on active fault diagnosis (sensitivity Once the confirmed, will be mitigated to minimize the performance degradation and damage to the system. The later part of the framework on active fault diagnosis (sensitivity analysis based fault excitation and mitigation) has been demonstrated for a powertrain of analysis based fault excitation andpart mitigation) has been demonstrated for a powertrain of an an damage to the system. The later of the framework on active fault diagnosis (sensitivity analysis based fault excitation andsimulation mitigation) has been demonstrated for a powertrain of an autonomous electric vehicle. The results confirm the effectiveness of the proposed proposed autonomous electric vehicle. The simulation results confirm the effectiveness of the analysis based fault excitation andsimulation mitigation) has been demonstrated for a powertrain of an autonomous electric vehicle. The results confirm the effectiveness of the proposed active fault framework. active fault management management framework. autonomous electric vehicle. The simulation results confirm the effectiveness of the proposed active fault management framework. active © 2018,fault IFACmanagement (Internationalframework. Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Keywords: Keywords: Active Active Fault Fault Diagnosis, Diagnosis, Autonomous Autonomous Systems, Systems, Fault Fault Mitigation, Mitigation, Fault Fault Excitation Excitation Keywords: Active Fault Diagnosis, Autonomous Systems, Fault Mitigation, Fault Excitation Keywords: Active Fault Diagnosis, Autonomous Systems, Fault Mitigation, Fault Excitation 1. INTRODUCTION INTRODUCTION 1. 1. INTRODUCTION 1. INTRODUCTION An autonomous autonomous system system refers refers to to aa system system which which performs performs An An autonomous system refers to a system which performs tasks and makes decisions without input from a human tasks and makessystem decisions without input which from aperforms human An autonomous refers to a system tasks and These makessystems decisions without input fromin athe human operator. are commonly found field operator. systems arewithout commonly found the field tasks and These makes decisions input fromin human operator. These systems are as commonly found in avehicles, the field of robotics, aerospace such unmanned aerial of robotics, aerospace such as unmanned aerial vehicles, operator. These systems are commonly found in with the field of robotics, aerospace such as unmanned aerial vehicles, and ground robots, where the human interaction the robots, where the human interaction with the Fig. 1. Expected response of an autonomous vehicle and ground of robotics, aerospace such as unmanned aerial vehicles, and ground robots, where the human interaction with the Fig. 1. Expected response of an autonomous vehicle autonomous systems is minimal. However, these systems autonomous systems is minimal. However, these systems 1. Expected response an autonomous and increasing ground robots, the human interaction with the Fig. equipped with fault management system autonomous systems is minimal. However, these systems are in an anwhere environment where the interaction with active active faultof systemvehicle Fig. equipped 1. Expected response ofmanagement an autonomous are increasing in environment where the interaction autonomous systems is minimal. However, these systems equipped with active fault management systemvehicle are in longer an environment where the interaction withincreasing humans is is no no longer insignificant, e.g. autonomous autonomous veequipped with active fault management system with humans insignificant, e.g. veare increasing in robots an environment where the significant negative negative impact impact on on system system performance. performance. ThereTherewith humans is no longer insignificant, e.g. autonomous ve- significant hicles, humanoid etc. These systems systems are interaction essentially hicles, humanoid robots etc. These are essentially with humans is norobots longer insignificant, e.g. autonomous ve- significant negative impact on system performance. Therefore, it is sometimes necessary that the diagnosis system hicles, humanoid etc. These systems are essentially operated without a human, who is replaced by actuators, fore, it is sometimes necessary that the diagnosis system operated without robots a human, who is systems replacedare by essentially actuators, significant negative impact onthat system performance. Therehicles, humanoid etc. These fore, it is sometimes necessary that the diagnosis system can operate the system such it is possible to identify operated without a human, who is replaced by actuators, sensors, artificial artificial intelligence, intelligence, and and control control algorithms. algorithms. BeBe- can operate the system such that it isthe possible to identify sensors, fore, it is sometimes necessary that diagnosis system operated without a human, who is replaced by actuators, operate such that it is possible to identify faults, which are not or in sensors, artificial andofcontrol algorithms. Be- can sides ensuring ensuring theintelligence, performance autonomous systems, faults, whichthe aresystem not isolable isolable or detectable detectable in magnitude, magnitude, sides the performance autonomous systems, operate the such that it is operation. possible toItidentify sensors, artificial intelligence, andof control algorithms. Be- can faults, which aresystem not affecting isolable or detectable in magnitude, without significantly affecting normal is also also sides ensuring the performance of autonomous systems, their safety and reliability is also of prime significance. without significantly normal operation. It is their safety and reliability is also of prime significance. faults, which are not isolable or detectable in magnitude, sides safety ensuring performance systems, important, without significantly affecting normal that operation. It is also after aa fault is identified, the system can their andthe reliability is also of of autonomous prime significance. important, after fault is identified, that the system can without significantly affecting normal operation. It is also their safety and reliability is also of prime significance. important, after a fault is identified, that the system can continue to operate, for example going to a workshop in continue to operate, for example going to a workshop in 1.1 Problem motivation important, a fault identified, that system can 1.1 Problem motivation continue to after operate, for isexample going to the aimpact workshop in aa limp-home mode, while mitigating the of the 1.1 Problem motivation limp-home mode, while mitigating the impact of the continue to operate, for example going to a workshop in 1.1 Problem motivation afault limp-home mode, while mitigating the impact of the to the system functionality. Fig. 1 gives an idea of fault to the system functionality. Fig. the 1 gives an idea of Replacing humans in any system brings in a lot of una limp-home mode, while mitigating impact of the Replacing humans in any system brings in a lot of un- fault to the functionality. Fig. 1 gives an idea of autonomous system with active fault management system. autonomous system with active fault management system. Replacing humans in any system brings in a lot of unforeseen challenges, especially, when it comes to proper fault to the system system with functionality. Fig. 1 gives an system. idea of foreseen challenges, especially, when it comes to proper autonomous active fault management Replacing humans in any system brings in a lot of unforeseen challenges, especially, when it comes to proper The functioning and monitoring monitoring of the the system. The additional additional active fault management framework in autonomous fault management functioning and of system. The The proposed proposedsystem activewith faultactive management frameworksystem. in this this foreseen challenges, especially, when it comes to proper functioning and monitoring ofexperience the system. The additional on-board human senses and is heavily relied The proposed active fault management framework in this paper aims to address the fault diagnosis issues the on-board human senses and experience is heavily relied paper aims to address the fault diagnosis issues in the functioning and monitoring ofunderstand the system.is The additional proposed active fault management framework in this on-board human senses and experience heavily relied The upon by the manufacturers to any malfunction paper aims to address the fault diagnosis issues in the next generation of autonomous systems in a holistic way. upon by the manufacturers to understand any malfunction next generation of autonomous systems in a holistic way. on-board human senses and experience is heavily relied aims toapproach address the work fault diagnosis issues in the upon the manufacturers understand any malfunction next generation of autonomous systems in a holistic way. in the theby system, which will will be be to absent in autonomous autonomous systems. paper The proposed can with open loop or closed in system, which absent in systems. The proposed approach can worksystems with open or closed upon by the manufacturers understand any malfunction next generation of with autonomous in aloop holistic way. in thevacuum system, which willsenses be to absent in autonomous systems. The of human and experience needs to be The proposed approach can work with open loop or closed loop systems and predefined residuals and isolation The of human senses and in experience needs to be loop systems and with predefined residuals and or isolation in thevacuum system, will be absent autonomous systems. proposed approach can work with open loop closed The vacuum human senses experience needs to be The replaced by aaofwhich system which is and capable of loop systemsThe and with predefined residuals and tests isolation test cases. set of residuals and isolation are replaced by system which is capable of test cases. The set of residuals and isolation tests are The vacuum humanwhich senses experience needs to be loop systems and with predefined residuals and isolation replaced by aofsystem is and capable of test cases. The set of residuals and isolation tests are capable of adapting to the system performance. These capable of adapting to the system performance. These • Learning the system behavior to maintain its perforreplaced by a system which is capable of cases. The set ofto residuals and isolation tests are • Learning the system behavior to maintain its perfor- test capable of adapting the system performance. These residuals and isolation tests will also enable the framework residualsof and isolationto tests will also enable the framework • Learning mance. the system behavior to maintain its perfor- capable adapting the system performance. These mance. residuals and isolation tests will also enable the framework for actively managing the fault in a system. If the fault Learning the system behavior to maintain perfor- for actively managing the fault in a system. If the fault •• mance. Active manipulation, if any any malfunction malfunction is its sensed. residuals and isolationintests will also enable theIfframework • Active manipulation, if is sensed. actively managing fault in anor system. the is neither detectable magnitude isolable, mance. manipulation, is neither detectable inthe magnitude nor isolable, the fault fault • Active if any malfunction ispresence sensed. of for Adapting the unknown scenarios in the for actively managing the fault in a system. If the •• Adapting the unknown scenarios in the presence of is neither detectable in magnitude nor isolable, the fault fault excitation part in the framework would manipulate the Active manipulation, if any malfunction is sensed. part in the framework would manipulate the • Adapting the unknown scenarios in the presence of excitation external factors. is neitherinput detectable in framework magnitude norkeeping isolable, the fault factors. excitation part in the would manipulate the system’s to excite the fault, while the system • external Adapting the unknown scenarios in the presence of system’s input to excite the fault, while keeping the system external factors. excitation part in the framework would manipulate the system’s input to excite the fault, while keeping the system safe. Once the fault is detected, the fault mitigation It is important that a diagnostics system is able to identify external factors. Once theto fault isthedetected, thekeeping fault the mitigation It is important that a diagnostics system is able to identify safe. system’s input excite fault, while system It is important that stage a diagnostics system suitable is able tocounteridentify safe. Once fault iswould detected, the it mitigation part of the framework mitigate to the faults in an an early early to determine determine part of the the framework mitigate itfault to operate operate the faults in stage to suitable It is important that afault diagnostics system is and ablewill tocounteridentify safe. Once the fault iswould detected, the fault mitigation faults in before an early stage to determine suitable counterpart of the framework would mitigate it to operate the system safely. The later part of the proposed framework measures the becomes severe have a system safely. The laterwould part of the proposed framework measures before thestage fault to becomes severesuitable and willcounterhave a part faults in an early determine of the framework mitigate it to operate the measures before the fault becomes severe and will have a system safely. The later part of the proposed framework measures before the fault becomes severe and will have a system safely. The later part of the proposed framework 2405-8963 © 2018, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Sesnors? Sesnors? Sesnors? Sesnors? Sesnors?
Engine? Engine? Engine?
Sesnors? Motor? Motor? Motor?
Engine?
Motor? Motor? Motor?
Copyright © 2018 1099 Copyright © under 2018 IFAC IFAC 1099Control. Peer review responsibility of International Federation of Automatic Copyright © 2018 IFAC 1099 10.1016/j.ifacol.2018.09.730 Copyright © 2018 IFAC 1099
Engine? Engine?
Lane changing Lane changing system? Lane changing system? system? Lane changing Lane changing system? system? Stability Lane changing Stability Controller? Stability system? Controller? Controller? Stability Stability Controller? Controller? Stability Controller?
IFAC SAFEPROCESS 2018 1100 Warsaw, Poland, August 29-31, 2018
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
on fault excitation and mitigation is executed for an electrified power-train of an autonomous vehicle with dual electric machines to show the effectiveness of the proposed framework. 1.2 Related research The necessary functionality for monitoring of autonomous systems, listed in the previous section, are very important and most of the existing health monitoring/fault diagnosis frameworks address part of the requirements of autonomous systems. For example, (Raptis et al., 2013) discuss a particle filtering-based framework for real-time fault diagnosis of autonomous vehicles, (Blanke et al., 2016) elaborates on diagnosis for control and decision support for autonomous vehicles, (Li et al., 2017) diagnosed the sensor faults in an autonomous underwater vehicle based on extreme learning machine, (Realpe, M. et al., 2015) also diagnosed sensor faults for autonomous vehicles, (Hamilton et al., 2001) describes an integrated heterogeneousknowledge approach to diagnose faults in autonomous robotic vehicles. (Kawabata et al., 2002) proposed a selfdiagnosis system of an autonomous mobile robot.(Dai et al., 2007) discussed self healing and hybrid diagnosis using decision diagram, fuzzy logic and neural networks. A review of artificial immune systems for fault diagnosis is discussed in Bayar et al. (2015) and a case study can be seen in (Silva et al., 2017). Adaptive diagnosis system designs based on on-line sequential selection of residuals have been discussed in (Eriksson et al., 2012; Krysander et al., 2010). A decentralized diagnosis system design for reconfigurable systems is proposed in (Chanthery et al., 2016). It can be observed the above mentioned approaches do address autonomous systems, however, we believe that there is a need of a holistic framework to address the missing on-board human senses and experiences in autonomous systems.
Fault diagnosability properties are then defined for a given set of residuals as follows. Definition 2. (Fault detectability). A fault fi is detectable if there exists a residual generator R ∈ R that is sensitive to fi . Definition 3. (Fault isolability). A fault fi is isolable from another fault fj if there exists a residual generator R ∈ R that is sensitive to fi but not fj . The two objectives of the active fault management system considered here are fault excitation and fault mitigation. Definition 4. (Fault excitation). A process to excite a fault fi by manipulating the control variable to make it detectable and isolable from another fault fj using residual generator R ∈ R that is sensitive to fi but not fj . Definition 5. (Fault mitigation). A process to minimize the effects of a fault fi on the system performance and safe operation, by manipulating the control variable. 3. ACTIVE FAULT MANAGEMENT FRAMEWORK The proposed framework of an active fault management system is shown in Fig. 2. The framework employs measured signals and inputs to understand the autonomous system response. The detection residuals and isolation tests are part of the passive diagnostic system, which are adaptable to different scenarios and system performance degradation as shown in Fig. 3. By adaptable set of residuals and isolation tests, it is meant that if for a certain new fault the residuals or isolation tests were not designed, using online learning methods we can update the set of residuals or isolation tests. At a given instance, the framework will be running on a set of residuals and isolation tests, which will be used in active fault diagnosis.
The active fault diagnosis part in the proposed framework either excites the fault, if neither isolable nor detectable in magnitude, or mitigates it by manipulating the inputs in a controlled fashion to avoid any mishap. If the fault 2. BACKGROUND is confirmed, the mitigation part of the framework will be activated to keep the system safe with sub-optimal This section will introduce the definitions and concepts of performance. Below are some existing references that fault diagnostics used in the paper. In model-based diagnocan be explored for the individual parts of the framesis, physical-based models are used to process sensor data work. Residual generation: (Krysander et al., 2008; from the system to generate residuals. By using different Pulido and Gonz´alez, 2004), (Staroswiecki and Comtetparts of the model when creating the different residual Varga, 2001), (Patton and Chen, 1997), (Gertler, 1997) generators, each residual will be able to detect faults in a Fault isolation:(Trav´e-Massuy`es, 2014), (De Kleer and specific part of the system, while being insensitive to other Williams, 1987), (Mosterman and Biswas, 1999). Adaptfaults. Based on which residuals have significantly deviated able residuals and isolations tests:(Jung et al., 2016), from their nominal behavior, a set of fault hypotheses is (Tidriri et al., 2016) Fault excitation:(Niemann, 2006), computed (De Kleer and Williams, 1987). (Poulsen and Niemann, 2008) Fault mitigation:(Dubey An ideal residual generator is defined as follows (Sv¨ard et al., 2007),(Prokhorov, 2008). With respect to previous works in active fault diagnosis, for example (Poulsen and et al., 2013). Definition 1. (Ideal residual generator). Let M be a model. Niemann, 2008) and (Prokhorov, 2008), this paper formuA function R with sensor data z as input and a residual r lates an optimal control problem that can be used for both as output is called a residual generator for the model M if fault excitation and fault mitigation. a fault-free system implies that r = 0. 4. ACTIVE FAULT DIAGNOSIS USING SENSITIVITY ANALYSIS The most important property of residual generators is that their outputs should be affected by a fault present in the system. If there is a realization of the fault that implies Here, active fault diagnosis is formulated as an optimal that r = 0, it is said that the residual is sensitive to that control where the objective is to optimize the system inputs. Since the actual fault magnitudes are not known, fault. 1100
IFAC SAFEPROCESS 2018 Warsaw, Poland, August 29-31, 2018
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
1101
Active Fault Management System Active Fault Diagnosis
Passive Fault Diagnosis
Fault Excitation
Autonomous system
Controller
Sensors
Fault Detection
Fault Isolation Fault Mitigation
Adaptive/Online Learning
Fig. 2. Framework for a active fault management system. It is composed of adaptable residuals and isolation tests and active fault diagnosis. system state trajectory by looking at p = Petzold, 1998).
Passive Fault Diagnosis Residual 1
Residual 2 Residual 3 Residual 4 ... Residual n-1
Test 1 Test 2 Test 3 Test 4 ... Test n-1
Residual n
Test n
(Ascher and
If u does not depend on f , the sensitivity analysis can be formulated as p˙ = gx (x0 , u0 )p + gf (x0 , u0 ) (2) q = hx (x0 , u0 )p + hf (x0 , u0 )
rn x x ... x x x x r2 x x r1 f1 f2 f3 ... fn
∂y ∂x where p = ∂f and q = ∂f . The functions and partial derivatives dependencies to the fault are ignored, i.e. gx (x0 , u0 ) = gx (x0 , u0 , f0 ), if the fault is assumed small, i.e. f0 ≈ 0. The set of equations (2) describes a first order approximation of the dynamic effects of a small fault f to the system states p and sensor outputs q. The state p can be used to quantify the impact of a fault to the system dynamics.
Isolation
Detection
∂x ∂f
Adaptive/Online Learning
Control Inputs & Measurements
Fig. 3. Passive fault diagnosis part in the proposed framework with adaptable residuals and isolation tests. methods from sensitivity analysis of dynamic systems are applied to evaluate the effects of a potential fault to the system dynamics. 4.1 Sensitivity analysis of dynamic systems
The number of states doubles when adding the sensitivity analysis equations (2) to the model (1) and will be used for fault mitigation as follows. 4.2 Fault mitigation Fault mitigation, as defined in Definition 6, considers the problem of minimizing the effect of a fault on a system state. The fault mitigation problem can be formulated as T min p 2 dt u∈U
Depending on the objective of the active fault diagnosis problem, i.e. fault mitigation or fault excitation, it can be formulated as an optimal control problem where the objective is to maximize or minimize the effect of a fault to different parts of the system. First, consider a state-space model in the form x˙ = g(x, u, f ) (1) y = h(x, u, f ) where x are state variables, u are control signals, y are sensor signals, and f is a fault signal. Sensitivity analysis of the model with respect to a non-zero fault f = 0 can be performed by analyzing the effects of the fault f on the
t=0
(3) x˙ = g(x, u) p˙ = gx (x0 , u0 )p + gf (x0 , u0 ) x ∈ X, u ∈ U where x ∈ X and u ∈ U denotes the constraints on the state variables and control inputs, respectively. The objective function can minimize the norm of the whole vector p or a subset of its elements. For linear time-discrete systems and convex sets X and U , the corresponding optimization problem (3) is convex. Thus, it can be implemented as an on-line control strategy using, for example, ModelPredictive Control (MPC) (Mayne et al., 2000). Otherwise, other optimization software can be used, such as CasaDi (Andersson et al., 2012).
1101
s.t.
IFAC SAFEPROCESS 2018 1102 Warsaw, Poland, August 29-31, 2018
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
where γ is the gear ratio and η models the gear efficiency.
4.3 Fault excitation A fault excitation process, as defined in Definition 5, requires a residual generator formulated as r = ρ(u, y) and the sensitivity analysis gives that ∂r = ρy (y0 , u0 )q (4) ∂f A large value q indicates a large effect of the fault f to the residual output. However, to evaluate how easy it is to detect the fault it is important to consider the ratio between the fault impact and residual noise, see for example (Khorasgani et al., 2014). Therefore, it is assumed that all residuals are normalized such that they have similar noise variances. Note that gx and hx in (2) and ρy in (4) are independent of the fault and only gx and hx will depend on the location of f . The model equations (1), together with the sensitivity analysis equations (2) and (4), simulate the sensitivity of a residual r with respect to a fault f . Since the true value of f is not known, the true system is approximated using the nominal system model.
A dynamic model of a PMSM is given by 1 diq = (Vq − λωe − Rs iq − Ld ωe id ) dt Lq 1 did = (Vd + Lq ωe iq − Rs id ) dt Ld Te = 1.5P (λiq + (Ld + Lq )id iq )
5.2 Model for sensitivity analysis The sensitivity analysis for the nominal model can be written as Rs Ld v λ + Ld id,1 piq,1 − pid,1 − pv Lq Lq γRwh Lq γRwh Lq v Rs piq,1 − pid,1 p˙id,1 = Ld γRwh Ld Rs Ld v λ + Ld id,2 p˙ iq,2 = − piq,2 − pid,2 − pv Lq Lq γRwh Lq γRwh Lq v Rs piq,2 − pid,2 p˙id,2 = Ld γRwh Ld η1.5P (λ + (Ld + Lq )id,1 ) piq,1 p˙v = γM Rwh η1.5P (Ld + Lq )iq,1 pid,1 + γM Rwh η1.5P (λ + (Ld + Lq )id,2 ) piq,2 + γM Rwh η1.5P (Ld + Lq )iq,2 pid,2 + γM Rwh − 2cvpv p˙ iq,1 = −
t=0
x˙ = g(x, u) (5) p˙ = gx (x0 , u0 )p + gf (x0 , u0 ) q = hx (x0 , u0 )p + hf (x0 , u0 ) x ∈ X, u ∈ U However, maximizing a convex function is a complicated task and a heuristic reformulation of (5) is here considered for proof of concept by selecting a non-zero constant ζ and minimizing T (6) min ρy (y(t), u(t))q(t) − ζ 2 dt t=0
5. CASE STUDY: POWERTRAIN OF AN AUTONOMOUS VEHICLE To illustrate the proposed framework, a model of a direct-drive power-train with two Permanent-Magnet Synchronous Machine (PMSM) in series used in autonomous vehicle, is used as a case study.
(12)
Two faults are modeled, each affecting one of the two motors. The first fault f1 changes the resistance in motor one as Rs (1 + f1 ) and the second fault f2 changes the inductance in motor two as Lq (1 + f2 ).
s.t.
u∈U
(11)
The input to the system is the two voltages Vq and Vd for each of the two motors.
Finally, the fault excitation optimization problem can then be formulated as T ρy (y(t), u(t))q(t) 2 dt max u∈U
(10)
(13) (14) (15) (16) (17) (18) (19) (20) (21)
As an example, the corresponding sensitivity analysis model for fault f1 is achieved by adding the following terms Rs s −R Lq iq,1 to (13) and − Ld id,1 to (14), respectively.
5.1 Powertrain model
5.3 Simulation Results
The longitudinal dynamics of an autonomous vehicle are modeled using Newton’s second law as 1 v˙ veh = (Ftrac − Fa − Fr − Fm ) (7) m where Fa is aerodynamic friction, Fr is rolling friction and Fm is rolling resistance.
As a first case, fault excitation is considered for each of the two faults. A residual, as defined in Definition 1, is developed based on the power-train model that compares a sensor measuring the vehicle velocity vveh with an estimate vˆveh computed from the input voltages. The vehicle is running with a constant velocity of 5m/s. The control input optimization (6) is formulated where the dynamics are discretized for a given interval t = [0, T ]. As a second step, the objective is to control the system such that the effect of each fault to the vehicle velocity is mitigated. Similarly as for the fault excitation case, the dynamics in (3) are discretized and the input is optimized in both problems using the Matlab function fmincon. Velocity constraints are added to the optimization problem to
Ftrac =
Twh Rwh
vveh = Rwh ωwh
(8)
The speed and torque transfers in the final differential are modeled as (Te,1 + Te,2 ) η (9) Twh = ωwh = ωe γ γ
1102
IFAC SAFEPROCESS 2018 Warsaw, Poland, August 29-31, 2018
4
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
20
0
0.01
pv
2
-0.01
0
-0.02
Vq,1
15
Vd,1 Vq,2
10
-2
Vd,1 Vq,2
-0.04
Vd,2
-6
-0.05 50
Vd,2
pv
0 -0.01
5
-0.02
0
-0.03
-5
-0.04
-0.03
Vq,1
-4
1103
100 150 200 250 300 350 400
5.01
-10 50
-0.05
100 150 200 250 300 350 400
50
0.02
0.01
5
0
50
100 150 200 250 300 350 400
50
100 150 200 250 300 350 400
0.02
5.02 residual
5.005
100 150 200 250 300 350 400
v fault v no fault
5.015
0.01
5.01 0 5.005 -0.01
4.995
-0.01
5
v fault v no fault
residual
-0.02
4.99 50
100 150 200 250 300 350 400
50
Fig. 4. Input optimization for fault excitation of fault f1 . 2 10
-0.02
4.995 50
100 150 200 250 300 350 400
10
100 150 200 250 300 350 400
Fig. 6. Input optimization for fault excitation of fault f2 .
-4
20
3
Vq,1 Vd,1
1
Vd,2
Vd,1
2
Vq,2
10
0
pv
Vq,1
15
Vq,2
5
10 -4
Vd,2
1
5
0
-1
0 0
-5
-2
-10
-3 50
100 150 200 250 300 350 400
5.0004
50
-10
100 150 200 250 300 350 400
-2 50
0.02
100 150 200 250 300 350 400
50
100 150 200 250 300 350 400
0.02
5.0006
residual
5.0002
-1
-5
pv
residual
v fault v no fault
0.01
5.0004
0.01
5.0002
0
5
-0.01
5 0 4.9998 -0.01
4.9996
v fault v no fault
4.9994
-0.02 50
100 150 200 250 300 350 400
50
4.9998
100 150 200 250 300 350 400
-0.02 50
Fig. 5. Input optimization for fault mitigation of fault f1 . assure that the vehicle speed does not vary too much and the final speed is equal to the initial speed. Fig. 4 shows the inputs voltages, vehicle speed, ρv for f1 and the residual when f1 was excited by the optimization algorithm. Once the fault in motor 1 resistance is confirmed, the input is optimized for mitigating its effects as shown in Fig. 5. It can be observed that f1 has been actively managed by changing the input voltages of the two motors in the autonomous vehicle. Fig. 6 shows the input voltages, vehicle speed, ρv for f2 and the residual when f2 was excited by the optimization algorithm. Once the fault in motor two inductance is confirmed, the input is optimized for mitigating its effects as shown in Fig. 7, which is very different from the inputs in case of f1 . It can be observed that the f2 has been actively managed by changing the input voltages of the motor in autonomous vehicle. By comparing the simulations of the fault excitation and fault mitigation strategies, the effect of each fault to
100 150 200 250 300 350 400
50
100 150 200 250 300 350 400
Fig. 7. Input optimization for fault mitigation of fault f2 . vehicle speed, i.e. |vfault − vno fault |, varies 50x between the two strategies for fault f1 and 100x for fault f2 . The proposed method for active fault diagnosis can help control the effect from the fault. In this example, the fault mitigation strategies includes more constant input levels while fault excitation includes varying the inputs. 6. CONCLUSIONS The proposed formulation of optimization for active fault diagnosis using sensitivity analysis has been demonstrated for both fault excitation and fault mitigation in an autonomous system. This concludes one of the steps to complete the proposed framework for active fault management system, which is planned to replace the human senses and experience in autonomous systems. The next step is to develop the set of residuals and isolation adaptable to the unforeseen scenarios learned from the data collected from on-board sensors.
1103
IFAC SAFEPROCESS 2018 1104 Warsaw, Poland, August 29-31, 2018
Daniel Jung et al. / IFAC PapersOnLine 51-24 (2018) 1099–1104
REFERENCES Andersson, J., ˚ Akesson, J., and Diehl, M. (2012). CasADi: A symbolic package for automatic differentiation and optimal control. In Recent Advances in Algorithmic Differentiation, 297–307. Springer. Ascher, U. and Petzold, L. (1998). Computer methods for ordinary differential equations and differential-algebraic equations, volume 61. Siam. Bayar, N., Darmoul, S., Hajri-Gabouj, S., and Pierreval, H. (2015). Fault detection, diagnosis and recovery using artificial immune systems: A review. Engineering Applications of Artificial Intelligence, 46, 43–57. Blanke, M., Hansen, S., and Blas, M. (2016). Diagnosis for Control and Decision Support for Autonomous Vehicles. Springer International Publishing, Cham. Chanthery, E., Trav´e-Massuy`es, L., and Indra, S. (2016). Fault isolation on request based on decentralized residual generation. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 46(5), 598–610. Dai, Y.S., Hinchey, M., and Hu, Q. (2007). Consequence oriented self-healing and hybrid diagnosis integrating decision diagram, fuzzy logic and neural network. In Fourth IEEE International Workshop on Engineering of Autonomic and Autonomous Systems, 127–136. De Kleer, J. and Williams, B. (1987). Diagnosing multiple faults. Artificial intelligence, 32(1), 97–130. Dubey, A., Nordstrom, S., Keskinpala, T., Neema, S., Bapty, T., and Karsai, G. (2007). Towards a verifiable real-time, autonomic, fault mitigation framework for large scale real-time systems. Innovations in Systems and Software Engineering, 3(1), 33–52. Eriksson, D., Frisk, E., and Krysander, M. (2012). A sequential test selection algorithm for fault isolation. In 10th European Workshop on Advanced Control and Diagnosis, November 8-9, Copenhagen, Denmark. Gertler, J. (1997). Fault detection and isolation using parity relations. Control engineering practice, 5(5), 653– 661. Hamilton, K., Lane, D., Taylor, N., and Brown, K. (2001). Fault diagnosis on autonomous robotic vehicles with recovery: an integrated heterogeneous-knowledge approach. In Proceedings 2001 ICRA. IEEE International Conference on Robotics and Automation, volume 4, 3232–3237. Jung, D., Ng, K.Y., Frisk, E., and Krysander, M. (2016). A combined diagnosis system design using model-based and data-driven methods. In Control and Fault-Tolerant Systems (SysTol), 2016 3rd Conference on, 177–182. Kawabata, K., Akamatsu, T., and Asama, H. (2002). A study of self-diagnosis system of an autonomous mobile robot: expansion of state sensory systems. In IEEE/RSJ International Conference on Intelligent Robots and Systems, volume 2, 1802–1807 vol.2. Khorasgani, H., Jung, D., Biswas, G., Frisk, E., and Krysander, M. (2014). Robust residual selection for fault detection. In Decision and Control (CDC), 2014 IEEE 53rd Annual Conference on, 5764–5769. Krysander, M., ˚ Aslund, J., and Nyberg, M. (2008). An efficient algorithm for finding minimal overconstrained subsystems for model-based diagnosis. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, 38(1), 197–206.
Krysander, M., Heintz, F., Roll, J., and Frisk, E. (2010). Flexdx: A reconfigurable diagnosis framework. Engineering applications of artificial intelligence, 23(8), 1303–1313. Li, X., Song, Y., Guo, J., Feng, C., Li, G., Yan, T., and He, B. (2017). Sensor fault diagnosis of autonomous underwater vehicle based on extreme learning machine. In 2017 IEEE Underwater Technology (UT), 1–5. Mayne, D., Rawlings, J., Rao, C., and Scokaert, P. (2000). Constrained model predictive control: Stability and optimality. Automatica, 36(6), 789–814. Mosterman, P. and Biswas, G. (1999). Diagnosis of continuous valued systems in transient operating regions. IEEE Transactions on Systems, Man, and CyberneticsPart A: Systems and Humans, 29(6), 554–565. Niemann, H. (2006). A setup for active fault diagnosis. IEEE Transactions on Automatic Control, 51(9), 1572– 1578. Patton, R. and Chen, J. (1997). Observer-based fault detection and isolation: Robustness and applications. Control Engineering Practice, 5(5), 671–682. Poulsen, N. and Niemann, H. (2008). Active fault diagnosis based on stochastic tests. International Journal of Applied Mathematics and Computer Science, 18(4), 487–496. Prokhorov, D. (2008). Toyota prius hev neurocontrol and diagnostics. Neural Networks, 21(2), 458–465. Pulido, B. and Gonz´alez, C. (2004). Possible conflicts: a compilation technique for consistency-based diagnosis. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 34(5), 2192–2206. Raptis, I., Sconyers, C., Martin, R., Mah, R., Oza, N., Mavris, D., and Vachtsevanos, G. (2013). A particle filtering-based framework for real-time fault diagnosis of autonomous vehicles. In Annual Conference of the PHM Society, volume 4, 9. Realpe, M., Vintimilla, B., and Vlacic, L. (2015). Sensor fault detection and diagnosis for autonomous vehicles. MATEC Web of Conferences, 30, 04003. Silva, G., Caminhas, W., and Palhares, R. (2017). Artificial immune systems applied to fault detection and isolation: A brief review of immune response-based approaches and a case study. Applied Soft Computing, 57, 118–131. Staroswiecki, M. and Comtet-Varga, G. (2001). Analytical redundancy relations for fault detection and isolation in algebraic dynamic systems. Automatica, 37(5), 687–699. Sv¨ard, C., Nyberg, M., and Frisk, E. (2013). Realizability constrained selection of residual generators for fault diagnosis with an automotive engine application. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 43(6), 1354–1369. Tidriri, K., Chatti, N., Verron, S., and Tiplica, T. (2016). Bridging data-driven and model-based approaches for process fault diagnosis and health monitoring: A review of researches and future challenges. Annual Reviews in Control, 42, 63–81. Trav´e-Massuy`es, L. (2014). Bridging control and artificial intelligence theories for diagnosis: A survey. Engineering Applications of Artificial Intelligence, 27, 1–16.
1104