- Email: [email protected]
Qualitative Simulation for Expert Systems
Copyright © I FAC I I th Trie nnial World Congress, Tallinn. Estonia. USSR, 1990
QUALITATIVE SIMULATION FOR EXPERT SYSTEMS D. L. Dvorak, D. T. Dalle Molle, B.
J.
Kuipers and T . F. Edgar
i.:llil'Pr.lit), of Tl'xa.1 at A/I.Itill , A/I.Itill, TX 78712. CSA
A.!2HG!£L Monitoring dynamic chemical processes poses a challenging diagnostic problem when the diagnosis must be performed while the system operates, when multiple faults are common, and when observations are limited to a relatively small set of variables. The ~onitoring process involves collecting measurements from sensors, combining this data Into aplcture of the current state of the system, and assessing any departure from expected behavlOr. We present a method called MIMIC for monitoring continuous-variable dynamic systems. MIMIC relies primarily on knowledge derived from a qualitative or semiq~antitative model of the monitored system and exploits the system's temporal behavior for diagnosIS. The goal of the diagnostic system is to mimic the condition of the physical system by identifying parameter ranges in a model of the process that are consistent with the observations. Kl:
Qualitative simulation, expert control, expert systems, chemical process
control. agree with actual observations. To be precise, MIMIC maintains a set of candidate models since a given behavior might be caused by one of several faults. Each candidate model represents a possible condition of the system (state and faults). Each model may also yield multiple behaviors, depending on the values of timevarying parameters.
INTRODUCTION Process monitoring is a continuous real-time task of recognizing anomalies in the behavior of a dynamic system and identifying the underlying faults. In a typical application process monitoring poses three special difficulties: 1. Diagnosis must be performed while the system operates. Proces s s ys tems are des igned for continuous operation and are capable of operating with multiple minor faults. Shutdown for diagnosis and repair is costly .
The purpose of monitoring is to determine the possible conditions of the physical system. The role of the advising task is to present this information to the operator and assist in interpreting it and making decisions about control actions. Since the models are predictive, they can be used to predict the effect of proposed control actions and forewarn of trends leading to undesirable conditions.
2. The system is dynamic. The system exhibits time-varying behavior - parameter values vary over continuous ranges, and feedback is common. 3. Many system states and parameters are not measurable. All measurements come from sensors, which can be expensive and/or unreliable. Monitoring is typically based on a small subset of the system with little opportunity to probe all states .
DYNAMIC QUALITATIVE MODELS Two main properties are required of the simulation technique used in MIMIC - it must reveal the time-varying behavior of the system, and it must make explicit the behavioral distinctions important in diagnosis. MIMIC employs the QSIM method for qualitative simulation of dynamic systems (Kuipers, 1986). Just as modern control theory represents a dynamic system as a set of coupled first-order differential equations, QSIM represents a dynamic system as a set of coupled first-order qualitative differential equations (QDE's). Simulated dynamic behavior is represented as a sequence of states, with alternate states representing a time point or time interval in the dynamic behavior.
Automated process monitoring systems typically provide a set of alarms which are triggered whenever fixed thresholds are exceeded. A chemical plant can have over a thousand distinct alarms and many of them can be activated within a short time period. In such situations, process operators may overlook relevant information, respond too slowly and form incorrect mental models. In this paper we discuss MIMIC, a model-based method for monitoring dynamic systems in which the condition of the physical system is represented (and repeatedly updated) in a qualitative dynamic model. The intent is to mimic the condition of the physical system in the model. Two tasks are used to update the model, as shown in Figure I. The tr ack ing task advances the state of the model in step with observations from the physical system. The diagnosis task, upon identifying a particular fault, injects that fault into the current model so that the predictions of the model will continue to
Diagnosis is based largely on qualitative distinctions in behavior rather than minor changes . For instance, it is more meaningful to know that a temperature measurement has exceeded a normal range than that it rose by 0.73 degree. By using a qualitative model rather than a numeric model, an infinite number of infinitesimally close numeric behaviors is reduced to a small number of qualitatively distinct
2 17
observations, as was done for state E. If, say, the match with state G was above the threshold, then the model is retained with its state now set to G. If none of the successor states match, the model is discarded.
behaviors. Although QSIM is fundamentally qualitative, it can exploit available quantitative measurements or known ranges in system parameters to refine its predictions (Kuipers and Berleant , 1988). This is very useful in process monitoring, where much quantitative information may be available, as shown later in this paper.
It is possible that tracking could discard all of the candidate models. This condition could arise if either: (1) some type of failure was overlooked in the description of possible failures, or (2) the diagnostic knowledge failed to propose one or more faults of a combination fault. In both cases MIMIC alerts the operator, saying in effect "the sys tem contains one or more faults, some of which may be from this set of hypotheses, but cannot confirm it".
MODEL TRACKING MIMIC accomplishes tracking and diag~osis in a hypothesize-and -match cycle that combines associative and model-based reasoning. In effect, the associative component proposes fault hypotheses and the model-based component . disposes of them. The algonthm has four main steps, as shown in Figure 2: 1. Hypothesis Generation. Observations fro~ the physical system may evoke fault hypotheses via a decision tree (the decls lOn tree IS generated before-hand as described below in step 3). The fault hypoth'eses are in the form of specific failure modes, such as a stuck pressure regulator or an abnormal setpoint, and are ordered by likelihood.
LEARNING DIAGNOSTIC KNOWLEDGE The diagnostic knowledge used in MIMIC's hypothesis generation s tep is mechanically derived from the component-connection model of the dynamic system. The basic technique , as described in Bratko et al. (1986), induces fault diagnosis rules from the results of simulating qualitative models. Lee and Dvorak (1988) have extended this technique to the domain of continuous-variable dynamic systems. Diagnostic knowledge is derived through five steps: I. Component Definition. A model of each component of the physical system is created, specifying qualitative differential equations for its normal mode of operation and each of its failure modes . For example, a pump will have one set of constraints associated with its normal mode of operation and another set associated with a failed mode.
2. Model Building. Models are expressed in a component-connection language in which normal and fault modes are described for each componen t. Given a set of fault hypotheses,. the component-connection model is transformed Into the appropriate QSIM constraints, thus prodUCing a fault model. Since sensors are components, sensor faults are handled in the same way as other system faults. 3. Qualitative Simulation. Each ne-:v fault model is first initialized from the observations that evoked its con s truction , th us es tablis h ing the initial state of the model. The model is then simulated incrementally as observations change, predicting the immediate successor states. QSIM not only generates qualitative values for each parameter but, when possible , includes quantitative ranges since they Influence the nature of the actual behavior.
2. Model Building. Using the component definitions, a model-building program synthesizes the normal (fault-free) model, all single-fault models, and selected combination-fault models 3 . Qualitative Simulation . Using QSIM , each model is simulated starting from each possible initial state . The resulting behavior graph is a total envisionment of the model.
4. Matching. A similarity function computes the similarity between a state of a model and actual observations. The comparison is based on qualitative values and (where av.ailable) quantitative values. For s lmilantles above a threshold the model is ret ained as a plausible reflection' of the physical system's condition. Below the threshold, the mod el is discarded.
4. Construction of Training Set. Training instances are formed from the states of the tot al envisionment using the qualitative magnitude and qualitative direction-of-change of each observable parameter. Each instance is classified with the fault combination embodied in the model that generated the state.
When a fault model is first constructed, an attempt is made to initialize it from current observations (plus current predictions of unmeasured state . variables). If these initializing data do not admit a consistent set of values for all parameters of the fault model, then the model is discarded. If there is at least one consistent initialization, then the model becomes a member of the set of candidate models, and all of its consistent initializations (there may be more than one) are added to the "tracking set". The tracking set is a set of models, each in a state consistent with the most recent system observations.
5. Induction. The training set is compressed by an inductive learning program to a smaller body of operational diagnostic knowledge in the form of a decision tree. The induction algorithm described in Lee and Dvorak (1988) exploits the observability of each parameter, the a priori probabilities of faults, and the historical probabilities of behaviors. The resulting decision tree is used to classify observations from the monitored system, yielding fault hypotheses. As Lee and Dvorak (1988) describe, the classification procedures ranks the resulting fault hypotheses by likelihood, thus allowing MIMIC to focus attention on the most probable faults.
Tracking is a process of using the observations to follow a path through the behavior graph of a model. Consider the fragment of behavior graph in Figure 3. If a model is currently in state E, then each new set of observations is compared (using the similarity function) to the parameter values of state E. If the match is above a threshold , then the model remains in state E. Otherwise , the immediate successor states of state E are generated (via incremental simulation) and each of these states is compared with the
The learning procedure described above can consume a large amount of computer time, but it is performed only once, outside of the real-time monitoring cycle. The resulting knowledge base , as Pearce (1988) has shown, provides more complete coverage of faults than the traditional knowledge engineering approach.
218
inlet temperature. Thus, that model is discarded, leaving the possibility that either H I is bad or H2 is bad.
EXAMPLE I To illustrate MIMIC at work, consider the electric water heater shown in Figure 4. It has a single thermostat which controls whether or not power is applied to the two heating elements (on-off control). Raw sensor information comes from a temperature sensor near the thermostat, from a flow-rate sensor on the cold-water inlet, and from the electric terminals of the heating elements. In a real monitoring situation we would want to diagnose a variety of possible faults such as defective heating elements, a stuck thermostat, a faulty flow-rate sensor, and loss of electrical power. However , for simplicity we consider only the possibility of defective heating elements .
The water flow stops at time 6 (the faucet is turned off) . Since this observation is consistent with the two remaining fault models, no changes occur in the set of candidate models. Next, at time 7, the temperature is observed to be rising. This observation is qualitatively predicted by both candidate models, but the quantitative ranges differ between the two models. The observed temperature increase is high, implying that HI (the element closest to the thermostat) is working. Thus, the "bad HI" model is discarded whereas the "bad H2" model is retained.
The water heater is modeled in QS IM using an energy balance that relates heat capacity, heat flow, thermal resis tance, and temperature. In the "normal model " all the components of the water heater (tank, heating elements, thermostat, flowrate sensor) operate according to their intended design. In a fault model, a faulty component operates according to a failure mode (such as a heating element that generates no heat when power is applied).
INCORPORATING QUANTITATIVE INFORMATION IN QUALITATIVE MODELS While purely qualitative models are useful for identifying of the possible solutions of a given QDE from a particular initialization, the resulting set of behaviors may be too large to be manageable for use in MIMIC. In many cases, functional relationships are known to some degree, and parameter values or process conditions may be known with some certainty. In these situations, exploiting this partially quantitative information could improve the predictive capabilities of the otherwise purely qualitative model. Kuipers and Berleant (1988) have presented a method for representing incomplete quantitative knowledge into QSIM-type qualitative models. In their approach, called Q2, unknown monotonic functions can be constrained to lie between upper and lower curves or "envelopes." Landmarks may have known numerical ranges rather than just ordinal relations . Since a considerable amount of quantitative information is known for many systems, the number of behaviors generated by a qualitative simulation can be greatly reduced by including knowledge about functional relationships and parameter ranges. With thi s additional knowledge, qualitative states with inconsistent quantitative values can be eliminated, behaviors with quantitatively inconsistent states can be pruned, and models th at produce only inconsistent behaviors can be refuted . In this section, we present an example where quantitative information is used to reduce the number of predictions generated from a purely qualitative model of a second order system with numerator dynamics .
An example of monitoring the water heater is described in Table I , which shows how monitoring progresses over eight moments in a series of observations. The table shows, for each moment, the quantitative sensor readings, their qualitative equivalents, and the sets maintained inside MIMIC. The water heater begins in a normal quiescent state - the water in the tank is hot, the heating elements are off, and no water is flowing. MIMIC is maintaining the normal model of the water heater in this quiescent state. Now, someone starts to remove water. A high flow rate is measured but all other readings remain the same. These new readings are consistent with the normal model , so MIMIC simply updates the state of the model. As time continues, the temperature inside the tank begins to drop because of the cooler inlet water. MIMIC finds that these observations agree with an immediate successor state of the current state, so it advances the state of the model. Eventually the temperature drops to the point where the heating elements turn on (as observed on a voltage sensor). At time 4 the temperature continues to drop . Although this observation is in agreement with the qualitative model , it is inconsistent with the associated quantitative ranges. In effect, the model is saying that for this flow rate, tank capacity, thermal output, and expected inlet temperature , the temperature should not be dropping. Thus, the tracking task discards the normal model. At the same time, the associational reasoner "recognizes " the current observations as being suggestive of three possible faults - a bad upper heating element, a bad lower heating element, or both heating elements bad (denoted bad HI, bad H2, and bad HI , H2)1 . This causes three fault models to be built. Each model is successfully initialized, so MIMIC is now tracking three models.
The Q2 program employs numerical information in the form of ranges that can be attached to the landmarks of the variables in that state. The term"ranges" is used rather than "intervals" to emphasize the fact that the approach does not use interval arithmetic, but rather range bounds propagation. Numerical information is propagated between the variables in a s tate through the constraints of the model. Within a behavior , numerical information is propagated by d/dr constraints that express rate of change information of a variable between states. In Q2 the range on a landmark is interpreted as representing probability distribution functions (PDFs). The statement range [a b] represents any PDF that is positive from the lower bound a to the upper bound b, and zero otherwise . Ranges are supplied to some of landmarks of an initial state to express a priori knowledge of a particular
At time 5 the temperature stops decreasing. This observation is inconsistent with the "bad HI,H2" model since that model predicts that the temperature will drop until it matches the normal 1 In a more detailed example, other hypotheses would also be proposed, such as a faulty temperature sensor, a faulty flow meter, and scaling on the heating elements.
219
upper and lower limits of the unknown M functions. Kuipers and Berleant (1988) discussed the propagation of ranges over this type of constraint in more detail. Most of the models in this work assume known functionalities, so propagation over unknown M constraints bounded by envelopes is not done here. Unknown functionalities in this work are expressed by known functional forms (i. e., linear, exponential, etc.) with unknown or uncertain parameters (slope, pre-exponential, etc.). Propagation of ranges between states of the same behavior can be accomplished through the d/dt constraint. However, examples presented by Dalle Molle (1989) show that propagation across d/dt constraints can be weak, rarely improving the ranges on the landmarks involved. The algorithm for this type of propagation was also discussed in more detail by Kuipers and Berleant (1988).
quantity of the physical system. Because landmark values already have ordinal relationships within their quantity space, range information must also be consistent with the ordinal information. For example, if a landmark is known to be positive, and a range of [-0. I 0.5] is determined for that landmark (through range propagation), then the ordinal property of the landmark allows the range reasoner to reduce the range on the landmark to be [0.0 0.5]. This type of propagation can be applied to pairs of adjacent landmark values to assure that the maximum of a smaller landmark is not greater than the maximum of a larger landmark, and that the minimum of a larger landmark is not less that the minimum of a ~maller landmark. Ranges of adjacen t landmarks can overlap since the true values of these landmarks, which are not known, can have any value in the overlapping region so long as the ordinal relationship of the landmarks is still s atis fied.
EXAMPLE 2
Landmarks are related to one another in tu pies of corresponding values for a given constraint. Whenever the range on one of the landmarks in the tuple of corresponding values has been changed, then the ranges of other landmarks in the tuple of corresponding values also change. To propagate range in formation to other related landmarks, constraint are expanded into (possibly) multiple representations, each providing and explicit expression for each variable in the constraint. For example, the constraint (add x y z) can be expressed as the following set of mathematically equivalent expressions:
z x y
x + y z - y z - x
This example illustrates how incorporating quantitative information into the model can reduce the number of behaviors considered in MIMIC. A qualitative model has been developed for a system consisting of two first-order processes in parallel with a common input (Dalle Molle 1989). The output of the overall system is the difference between the outputs of two first-order processes with gains (kl, k2) and time constants (1:1 1(2)' see Figure 5. When this model is initializ~d wi'th a step increase in the input, 27 initial states are generated corresponding to all of the possible combinatIOns of three parameters each being negall~e, zero, or positive. In a purely qualitative analysIs, all of these 27 initial states are valid when the process parameters kl , k2, 1:1, and 1:2 are known only to be positive. When quantitative knowledge of parameter values is known, then the number of initial states can potentially be reduced.
(I)
(2) (3)
If the constraint (add x y z) has the corresponding
value tuple (a b c), then whenever the range on any landmark in the tu pie is changed, then equations involving that landmark are added to an agenda of equations through which ranges are propagated. For example, if the range on the landmark b is changed, Equations (I) and (2) are added to an agenda of expressions that are evaluated using the range bound propagation. Note that in qualitative algebra, redundant equations can yield additional useful information on the bounds.
In many systems represented by first-order transfer functions , the gain of the system can easily be determined from a simple step test of the real process or from steady-state plant data. If knowledge of process gains is included into the qualitative model, the number of behaviors generated by the model may be reduced. When the process gains are k I = [0.9 1. I] and k2 = [1. 8 2.2], the difference in the gains (k2-kl) can only be positive: [0.7 1.3]. Two-thirds of the quali:atively valid initial states can be ruled out by thiS lImIted amount of quantitative information. Five behaviors are predicted for this case. All of the behaviors have a range of [0.7 1. 3] on the final value for y, providing a more descriptive result than just being positive.
The range bound propagation algorithm is agendadnven. For example, if initially the landmarks a, b, and c has the ranges [0 I], [0 I], and [02] respectively, and the range on b is reduced (from some other constraint) to [0.25 0.5], then Equations (I) and (2) would be added to the agenda of equations to be evaluated because smaller bounds on y could possible lead to smaller bounds on x and z. Evaluating Equation (I) yields the range [0.25 1. 5] on c. Since the intersection of the old [0 2] and new [0.25 1.5] ranges reduces the range on c, its value is updated, and Equations (2) and (3) are added to the agenda. Evaluating Equation (2) (previously on the agenda) yields the range [-0.25 1. 25] on a which, when intersected with the previous range of a, does not reduce the range on a, so the range of a is not updated. Repeating the procedure for the equations still on the agenda, Equations (2) and (3), yields no new ranges on a, b, or c that are narrower than the current set [0 I], [0.25 0.5], and [0.25 1.5].
If ranges on k I and k2 are not distinct enough so that their difference is not strictly negative, then all 27 InItial states will be generated as in the case where no information is known about the gains. For example, if the gains k I and k2 both have the range [0.9 I. I], then the difference between the two gains can have the range [-0.2 0.2]. For the case where the qualitative initial state is positive the range reasoner adjusts the range on the ' positive landmark of k I - k2 to be [0 0.2] since this landmark must be greater than O. A similar result exists for the case where k I - k2 is negative. For the case where the qualitative model generates a difference of 0, then the landmark for k I - k2 has the range [0 0]. Even though this problem is not uniquely specified quantItallvely, the resulting behaviors for the 27 initial states will at least have ranges on the final
~or M+ or M- constraints, quantitative Information is specified by providing upper and lower envelopes that are functions bounding the
220
value of y, providing a somewhat more .. descriptive behavior than in the purely qualItative case.
REFERENCES Bratko, 1., 1.
MIMIC introduces a novel method for monitoring and diagnosing continuous-variable d)inamic systems. The key elements of the deSign are: (1) representation of continuous-varIable dynamlc systems in dynamic qualitative models, (2) induction of diagnostic knowledge from model simulations, (3) incremental creation of multiplefault models, and (4) tracking fault-model prediction s again s t 0 bs ervation s from the monitored system, thereby exploiting the system's behavior over time for diagnostic clues. Incorporation of parameter ranges can successfully limit the number of possible behaviors that must be analyzed.
":,
Lavra~
(1986).
r-------------1
I: I r----t
, Physical, ! System i
and N.
A£g!!i~i!iQD., Addison-Wesley, Reading, MA. Dalle Molle, D. T. (1989). Qualitative Simulation of Dynamic Chemical Processes, Ph.D. Dissertation, University of Texas, Austin, TX (1989). Dvorak, D.L., and B.J. Kuipers (1989). Modelbased Monitoring of Dynamic Systems. In Proceedings of International Joint Conference on Artificial Intelligence (IJC-89), MorganKaufman Publishers, Los Altos, CA. K uipers, B. J. (1986). Qualitative Simulation. Anin£i~UD.!l
CONCLUSIONS
,-------------1
Mozeti~,
&~Il.l
When knowledge of the process time constants is available in addition to the process gains, the number of possible behaviors can be reduced even further than with knowledge of gains only. When the gains are kl = [0.9 1.1) and k2 = [1.8 2.2) and the time constants are 'tl = [0.9 1.1) and 't2 = [3.64.4], only one initial state is consistent with the qualitative information, and it generates one behavior. Because the process time constants have no effect on the ultimate gain of y, the final range of y is the same as in the case where only the gains have been specified. The additIOnal knowledge provided by the time constants has helped rule out some of the other behaviors.
Tracking
H':,
L-_ _ _ _ _- '
l__________J--t
Diagnosis
:
'i,
Model
:
::
1-+_________J
--------D~
/
F
__ J
E-G - - K
~H
--:... L M
Figure 3: Tracking through a behavior graph.
Figure 1: The three tasks of monitoring and control.
Thennostat hypothesis generation ~----------~
hot water outlet
~----------~
'--_ _-t-_ _ upper heater
Hypotheses
2 cold water inlet
Fault Models
,'--------'
Flow-rate sensor
qualitative simulation
Figure 4: Electric water heater.
Figure 2: Hypothesize-build-simulate-match cycle.
221
lower heater
TABLE 1: Diagnosing the Water Heater from Dynamic Behavior.
3
Time Synopsis
0 quiescent
1 flow starts
2 temp dropping
Flow (gals./min.) Temp. (deg. F) dTemp (deg./min.) Power (on or off)
0 180 0 off
8 180 0 off
8 170 -15 off
O,std hot,std 0 New fault hypotheses none
high,std hot,std 0 none
high,std hot,dec nmed none
New fault model(s)
none
none
none
none
badHl bad H2 bad Hl,H2
Candidate model(s)
normal
normal
normal
normal
badHl badH2 bad Hl,H2
flow temp dtemp
heater on 8 160
-13
4 temp still dropping
5 temp stable
6 flow stops
7 temp rising
8 152 -5 on
8 145 0 on high,std warmstd 0 none
0 145 0 on
0 150
on high,std high,std (hot warm),dec (hot warm),dec nmed nlow none badHl badH2 bad Hl,H2
O,std (hot warm),inc high
none
none
none
none
none
bad HI
bad HI
bad H2
Figure 5: Block Diagram for the Difference of Two FirstOrder Processes in Parallel.
222
on
O,std warm,std 0
y (s)
u (s)
9
QUALITATIVE SIMULATION FOR EXPERT SYSTEMS D. L. Dvorak, D. T. Dalle Molle, B.
J.
Kuipers and T . F. Edgar
i.:llil'Pr.lit), of Tl'xa.1 at A/I.Itill , A/I.Itill, TX 78712. CSA
A.!2HG!£L Monitoring dynamic chemical processes poses a challenging diagnostic problem when the diagnosis must be performed while the system operates, when multiple faults are common, and when observations are limited to a relatively small set of variables. The ~onitoring process involves collecting measurements from sensors, combining this data Into aplcture of the current state of the system, and assessing any departure from expected behavlOr. We present a method called MIMIC for monitoring continuous-variable dynamic systems. MIMIC relies primarily on knowledge derived from a qualitative or semiq~antitative model of the monitored system and exploits the system's temporal behavior for diagnosIS. The goal of the diagnostic system is to mimic the condition of the physical system by identifying parameter ranges in a model of the process that are consistent with the observations. Kl:
Qualitative simulation, expert control, expert systems, chemical process
control. agree with actual observations. To be precise, MIMIC maintains a set of candidate models since a given behavior might be caused by one of several faults. Each candidate model represents a possible condition of the system (state and faults). Each model may also yield multiple behaviors, depending on the values of timevarying parameters.
INTRODUCTION Process monitoring is a continuous real-time task of recognizing anomalies in the behavior of a dynamic system and identifying the underlying faults. In a typical application process monitoring poses three special difficulties: 1. Diagnosis must be performed while the system operates. Proces s s ys tems are des igned for continuous operation and are capable of operating with multiple minor faults. Shutdown for diagnosis and repair is costly .
The purpose of monitoring is to determine the possible conditions of the physical system. The role of the advising task is to present this information to the operator and assist in interpreting it and making decisions about control actions. Since the models are predictive, they can be used to predict the effect of proposed control actions and forewarn of trends leading to undesirable conditions.
2. The system is dynamic. The system exhibits time-varying behavior - parameter values vary over continuous ranges, and feedback is common. 3. Many system states and parameters are not measurable. All measurements come from sensors, which can be expensive and/or unreliable. Monitoring is typically based on a small subset of the system with little opportunity to probe all states .
DYNAMIC QUALITATIVE MODELS Two main properties are required of the simulation technique used in MIMIC - it must reveal the time-varying behavior of the system, and it must make explicit the behavioral distinctions important in diagnosis. MIMIC employs the QSIM method for qualitative simulation of dynamic systems (Kuipers, 1986). Just as modern control theory represents a dynamic system as a set of coupled first-order differential equations, QSIM represents a dynamic system as a set of coupled first-order qualitative differential equations (QDE's). Simulated dynamic behavior is represented as a sequence of states, with alternate states representing a time point or time interval in the dynamic behavior.
Automated process monitoring systems typically provide a set of alarms which are triggered whenever fixed thresholds are exceeded. A chemical plant can have over a thousand distinct alarms and many of them can be activated within a short time period. In such situations, process operators may overlook relevant information, respond too slowly and form incorrect mental models. In this paper we discuss MIMIC, a model-based method for monitoring dynamic systems in which the condition of the physical system is represented (and repeatedly updated) in a qualitative dynamic model. The intent is to mimic the condition of the physical system in the model. Two tasks are used to update the model, as shown in Figure I. The tr ack ing task advances the state of the model in step with observations from the physical system. The diagnosis task, upon identifying a particular fault, injects that fault into the current model so that the predictions of the model will continue to
Diagnosis is based largely on qualitative distinctions in behavior rather than minor changes . For instance, it is more meaningful to know that a temperature measurement has exceeded a normal range than that it rose by 0.73 degree. By using a qualitative model rather than a numeric model, an infinite number of infinitesimally close numeric behaviors is reduced to a small number of qualitatively distinct
2 17
observations, as was done for state E. If, say, the match with state G was above the threshold, then the model is retained with its state now set to G. If none of the successor states match, the model is discarded.
behaviors. Although QSIM is fundamentally qualitative, it can exploit available quantitative measurements or known ranges in system parameters to refine its predictions (Kuipers and Berleant , 1988). This is very useful in process monitoring, where much quantitative information may be available, as shown later in this paper.
It is possible that tracking could discard all of the candidate models. This condition could arise if either: (1) some type of failure was overlooked in the description of possible failures, or (2) the diagnostic knowledge failed to propose one or more faults of a combination fault. In both cases MIMIC alerts the operator, saying in effect "the sys tem contains one or more faults, some of which may be from this set of hypotheses, but cannot confirm it".
MODEL TRACKING MIMIC accomplishes tracking and diag~osis in a hypothesize-and -match cycle that combines associative and model-based reasoning. In effect, the associative component proposes fault hypotheses and the model-based component . disposes of them. The algonthm has four main steps, as shown in Figure 2: 1. Hypothesis Generation. Observations fro~ the physical system may evoke fault hypotheses via a decision tree (the decls lOn tree IS generated before-hand as described below in step 3). The fault hypoth'eses are in the form of specific failure modes, such as a stuck pressure regulator or an abnormal setpoint, and are ordered by likelihood.
LEARNING DIAGNOSTIC KNOWLEDGE The diagnostic knowledge used in MIMIC's hypothesis generation s tep is mechanically derived from the component-connection model of the dynamic system. The basic technique , as described in Bratko et al. (1986), induces fault diagnosis rules from the results of simulating qualitative models. Lee and Dvorak (1988) have extended this technique to the domain of continuous-variable dynamic systems. Diagnostic knowledge is derived through five steps: I. Component Definition. A model of each component of the physical system is created, specifying qualitative differential equations for its normal mode of operation and each of its failure modes . For example, a pump will have one set of constraints associated with its normal mode of operation and another set associated with a failed mode.
2. Model Building. Models are expressed in a component-connection language in which normal and fault modes are described for each componen t. Given a set of fault hypotheses,. the component-connection model is transformed Into the appropriate QSIM constraints, thus prodUCing a fault model. Since sensors are components, sensor faults are handled in the same way as other system faults. 3. Qualitative Simulation. Each ne-:v fault model is first initialized from the observations that evoked its con s truction , th us es tablis h ing the initial state of the model. The model is then simulated incrementally as observations change, predicting the immediate successor states. QSIM not only generates qualitative values for each parameter but, when possible , includes quantitative ranges since they Influence the nature of the actual behavior.
2. Model Building. Using the component definitions, a model-building program synthesizes the normal (fault-free) model, all single-fault models, and selected combination-fault models 3 . Qualitative Simulation . Using QSIM , each model is simulated starting from each possible initial state . The resulting behavior graph is a total envisionment of the model.
4. Matching. A similarity function computes the similarity between a state of a model and actual observations. The comparison is based on qualitative values and (where av.ailable) quantitative values. For s lmilantles above a threshold the model is ret ained as a plausible reflection' of the physical system's condition. Below the threshold, the mod el is discarded.
4. Construction of Training Set. Training instances are formed from the states of the tot al envisionment using the qualitative magnitude and qualitative direction-of-change of each observable parameter. Each instance is classified with the fault combination embodied in the model that generated the state.
When a fault model is first constructed, an attempt is made to initialize it from current observations (plus current predictions of unmeasured state . variables). If these initializing data do not admit a consistent set of values for all parameters of the fault model, then the model is discarded. If there is at least one consistent initialization, then the model becomes a member of the set of candidate models, and all of its consistent initializations (there may be more than one) are added to the "tracking set". The tracking set is a set of models, each in a state consistent with the most recent system observations.
5. Induction. The training set is compressed by an inductive learning program to a smaller body of operational diagnostic knowledge in the form of a decision tree. The induction algorithm described in Lee and Dvorak (1988) exploits the observability of each parameter, the a priori probabilities of faults, and the historical probabilities of behaviors. The resulting decision tree is used to classify observations from the monitored system, yielding fault hypotheses. As Lee and Dvorak (1988) describe, the classification procedures ranks the resulting fault hypotheses by likelihood, thus allowing MIMIC to focus attention on the most probable faults.
Tracking is a process of using the observations to follow a path through the behavior graph of a model. Consider the fragment of behavior graph in Figure 3. If a model is currently in state E, then each new set of observations is compared (using the similarity function) to the parameter values of state E. If the match is above a threshold , then the model remains in state E. Otherwise , the immediate successor states of state E are generated (via incremental simulation) and each of these states is compared with the
The learning procedure described above can consume a large amount of computer time, but it is performed only once, outside of the real-time monitoring cycle. The resulting knowledge base , as Pearce (1988) has shown, provides more complete coverage of faults than the traditional knowledge engineering approach.
218
inlet temperature. Thus, that model is discarded, leaving the possibility that either H I is bad or H2 is bad.
EXAMPLE I To illustrate MIMIC at work, consider the electric water heater shown in Figure 4. It has a single thermostat which controls whether or not power is applied to the two heating elements (on-off control). Raw sensor information comes from a temperature sensor near the thermostat, from a flow-rate sensor on the cold-water inlet, and from the electric terminals of the heating elements. In a real monitoring situation we would want to diagnose a variety of possible faults such as defective heating elements, a stuck thermostat, a faulty flow-rate sensor, and loss of electrical power. However , for simplicity we consider only the possibility of defective heating elements .
The water flow stops at time 6 (the faucet is turned off) . Since this observation is consistent with the two remaining fault models, no changes occur in the set of candidate models. Next, at time 7, the temperature is observed to be rising. This observation is qualitatively predicted by both candidate models, but the quantitative ranges differ between the two models. The observed temperature increase is high, implying that HI (the element closest to the thermostat) is working. Thus, the "bad HI" model is discarded whereas the "bad H2" model is retained.
The water heater is modeled in QS IM using an energy balance that relates heat capacity, heat flow, thermal resis tance, and temperature. In the "normal model " all the components of the water heater (tank, heating elements, thermostat, flowrate sensor) operate according to their intended design. In a fault model, a faulty component operates according to a failure mode (such as a heating element that generates no heat when power is applied).
INCORPORATING QUANTITATIVE INFORMATION IN QUALITATIVE MODELS While purely qualitative models are useful for identifying of the possible solutions of a given QDE from a particular initialization, the resulting set of behaviors may be too large to be manageable for use in MIMIC. In many cases, functional relationships are known to some degree, and parameter values or process conditions may be known with some certainty. In these situations, exploiting this partially quantitative information could improve the predictive capabilities of the otherwise purely qualitative model. Kuipers and Berleant (1988) have presented a method for representing incomplete quantitative knowledge into QSIM-type qualitative models. In their approach, called Q2, unknown monotonic functions can be constrained to lie between upper and lower curves or "envelopes." Landmarks may have known numerical ranges rather than just ordinal relations . Since a considerable amount of quantitative information is known for many systems, the number of behaviors generated by a qualitative simulation can be greatly reduced by including knowledge about functional relationships and parameter ranges. With thi s additional knowledge, qualitative states with inconsistent quantitative values can be eliminated, behaviors with quantitatively inconsistent states can be pruned, and models th at produce only inconsistent behaviors can be refuted . In this section, we present an example where quantitative information is used to reduce the number of predictions generated from a purely qualitative model of a second order system with numerator dynamics .
An example of monitoring the water heater is described in Table I , which shows how monitoring progresses over eight moments in a series of observations. The table shows, for each moment, the quantitative sensor readings, their qualitative equivalents, and the sets maintained inside MIMIC. The water heater begins in a normal quiescent state - the water in the tank is hot, the heating elements are off, and no water is flowing. MIMIC is maintaining the normal model of the water heater in this quiescent state. Now, someone starts to remove water. A high flow rate is measured but all other readings remain the same. These new readings are consistent with the normal model , so MIMIC simply updates the state of the model. As time continues, the temperature inside the tank begins to drop because of the cooler inlet water. MIMIC finds that these observations agree with an immediate successor state of the current state, so it advances the state of the model. Eventually the temperature drops to the point where the heating elements turn on (as observed on a voltage sensor). At time 4 the temperature continues to drop . Although this observation is in agreement with the qualitative model , it is inconsistent with the associated quantitative ranges. In effect, the model is saying that for this flow rate, tank capacity, thermal output, and expected inlet temperature , the temperature should not be dropping. Thus, the tracking task discards the normal model. At the same time, the associational reasoner "recognizes " the current observations as being suggestive of three possible faults - a bad upper heating element, a bad lower heating element, or both heating elements bad (denoted bad HI, bad H2, and bad HI , H2)1 . This causes three fault models to be built. Each model is successfully initialized, so MIMIC is now tracking three models.
The Q2 program employs numerical information in the form of ranges that can be attached to the landmarks of the variables in that state. The term"ranges" is used rather than "intervals" to emphasize the fact that the approach does not use interval arithmetic, but rather range bounds propagation. Numerical information is propagated between the variables in a s tate through the constraints of the model. Within a behavior , numerical information is propagated by d/dr constraints that express rate of change information of a variable between states. In Q2 the range on a landmark is interpreted as representing probability distribution functions (PDFs). The statement range [a b] represents any PDF that is positive from the lower bound a to the upper bound b, and zero otherwise . Ranges are supplied to some of landmarks of an initial state to express a priori knowledge of a particular
At time 5 the temperature stops decreasing. This observation is inconsistent with the "bad HI,H2" model since that model predicts that the temperature will drop until it matches the normal 1 In a more detailed example, other hypotheses would also be proposed, such as a faulty temperature sensor, a faulty flow meter, and scaling on the heating elements.
219
upper and lower limits of the unknown M functions. Kuipers and Berleant (1988) discussed the propagation of ranges over this type of constraint in more detail. Most of the models in this work assume known functionalities, so propagation over unknown M constraints bounded by envelopes is not done here. Unknown functionalities in this work are expressed by known functional forms (i. e., linear, exponential, etc.) with unknown or uncertain parameters (slope, pre-exponential, etc.). Propagation of ranges between states of the same behavior can be accomplished through the d/dt constraint. However, examples presented by Dalle Molle (1989) show that propagation across d/dt constraints can be weak, rarely improving the ranges on the landmarks involved. The algorithm for this type of propagation was also discussed in more detail by Kuipers and Berleant (1988).
quantity of the physical system. Because landmark values already have ordinal relationships within their quantity space, range information must also be consistent with the ordinal information. For example, if a landmark is known to be positive, and a range of [-0. I 0.5] is determined for that landmark (through range propagation), then the ordinal property of the landmark allows the range reasoner to reduce the range on the landmark to be [0.0 0.5]. This type of propagation can be applied to pairs of adjacent landmark values to assure that the maximum of a smaller landmark is not greater than the maximum of a larger landmark, and that the minimum of a larger landmark is not less that the minimum of a ~maller landmark. Ranges of adjacen t landmarks can overlap since the true values of these landmarks, which are not known, can have any value in the overlapping region so long as the ordinal relationship of the landmarks is still s atis fied.
EXAMPLE 2
Landmarks are related to one another in tu pies of corresponding values for a given constraint. Whenever the range on one of the landmarks in the tuple of corresponding values has been changed, then the ranges of other landmarks in the tuple of corresponding values also change. To propagate range in formation to other related landmarks, constraint are expanded into (possibly) multiple representations, each providing and explicit expression for each variable in the constraint. For example, the constraint (add x y z) can be expressed as the following set of mathematically equivalent expressions:
z x y
x + y z - y z - x
This example illustrates how incorporating quantitative information into the model can reduce the number of behaviors considered in MIMIC. A qualitative model has been developed for a system consisting of two first-order processes in parallel with a common input (Dalle Molle 1989). The output of the overall system is the difference between the outputs of two first-order processes with gains (kl, k2) and time constants (1:1 1(2)' see Figure 5. When this model is initializ~d wi'th a step increase in the input, 27 initial states are generated corresponding to all of the possible combinatIOns of three parameters each being negall~e, zero, or positive. In a purely qualitative analysIs, all of these 27 initial states are valid when the process parameters kl , k2, 1:1, and 1:2 are known only to be positive. When quantitative knowledge of parameter values is known, then the number of initial states can potentially be reduced.
(I)
(2) (3)
If the constraint (add x y z) has the corresponding
value tuple (a b c), then whenever the range on any landmark in the tu pie is changed, then equations involving that landmark are added to an agenda of equations through which ranges are propagated. For example, if the range on the landmark b is changed, Equations (I) and (2) are added to an agenda of expressions that are evaluated using the range bound propagation. Note that in qualitative algebra, redundant equations can yield additional useful information on the bounds.
In many systems represented by first-order transfer functions , the gain of the system can easily be determined from a simple step test of the real process or from steady-state plant data. If knowledge of process gains is included into the qualitative model, the number of behaviors generated by the model may be reduced. When the process gains are k I = [0.9 1. I] and k2 = [1. 8 2.2], the difference in the gains (k2-kl) can only be positive: [0.7 1.3]. Two-thirds of the quali:atively valid initial states can be ruled out by thiS lImIted amount of quantitative information. Five behaviors are predicted for this case. All of the behaviors have a range of [0.7 1. 3] on the final value for y, providing a more descriptive result than just being positive.
The range bound propagation algorithm is agendadnven. For example, if initially the landmarks a, b, and c has the ranges [0 I], [0 I], and [02] respectively, and the range on b is reduced (from some other constraint) to [0.25 0.5], then Equations (I) and (2) would be added to the agenda of equations to be evaluated because smaller bounds on y could possible lead to smaller bounds on x and z. Evaluating Equation (I) yields the range [0.25 1. 5] on c. Since the intersection of the old [0 2] and new [0.25 1.5] ranges reduces the range on c, its value is updated, and Equations (2) and (3) are added to the agenda. Evaluating Equation (2) (previously on the agenda) yields the range [-0.25 1. 25] on a which, when intersected with the previous range of a, does not reduce the range on a, so the range of a is not updated. Repeating the procedure for the equations still on the agenda, Equations (2) and (3), yields no new ranges on a, b, or c that are narrower than the current set [0 I], [0.25 0.5], and [0.25 1.5].
If ranges on k I and k2 are not distinct enough so that their difference is not strictly negative, then all 27 InItial states will be generated as in the case where no information is known about the gains. For example, if the gains k I and k2 both have the range [0.9 I. I], then the difference between the two gains can have the range [-0.2 0.2]. For the case where the qualitative initial state is positive the range reasoner adjusts the range on the ' positive landmark of k I - k2 to be [0 0.2] since this landmark must be greater than O. A similar result exists for the case where k I - k2 is negative. For the case where the qualitative model generates a difference of 0, then the landmark for k I - k2 has the range [0 0]. Even though this problem is not uniquely specified quantItallvely, the resulting behaviors for the 27 initial states will at least have ranges on the final
~or M+ or M- constraints, quantitative Information is specified by providing upper and lower envelopes that are functions bounding the
220
value of y, providing a somewhat more .. descriptive behavior than in the purely qualItative case.
REFERENCES Bratko, 1., 1.
MIMIC introduces a novel method for monitoring and diagnosing continuous-variable d)inamic systems. The key elements of the deSign are: (1) representation of continuous-varIable dynamlc systems in dynamic qualitative models, (2) induction of diagnostic knowledge from model simulations, (3) incremental creation of multiplefault models, and (4) tracking fault-model prediction s again s t 0 bs ervation s from the monitored system, thereby exploiting the system's behavior over time for diagnostic clues. Incorporation of parameter ranges can successfully limit the number of possible behaviors that must be analyzed.
":,
Lavra~
(1986).
r-------------1
I: I r----t
, Physical, ! System i
and N.
A£g!!i~i!iQD., Addison-Wesley, Reading, MA. Dalle Molle, D. T. (1989). Qualitative Simulation of Dynamic Chemical Processes, Ph.D. Dissertation, University of Texas, Austin, TX (1989). Dvorak, D.L., and B.J. Kuipers (1989). Modelbased Monitoring of Dynamic Systems. In Proceedings of International Joint Conference on Artificial Intelligence (IJC-89), MorganKaufman Publishers, Los Altos, CA. K uipers, B. J. (1986). Qualitative Simulation. Anin£i~UD.!l
CONCLUSIONS
,-------------1
Mozeti~,
&~Il.l
When knowledge of the process time constants is available in addition to the process gains, the number of possible behaviors can be reduced even further than with knowledge of gains only. When the gains are kl = [0.9 1.1) and k2 = [1.8 2.2) and the time constants are 'tl = [0.9 1.1) and 't2 = [3.64.4], only one initial state is consistent with the qualitative information, and it generates one behavior. Because the process time constants have no effect on the ultimate gain of y, the final range of y is the same as in the case where only the gains have been specified. The additIOnal knowledge provided by the time constants has helped rule out some of the other behaviors.
Tracking
H':,
L-_ _ _ _ _- '
l__________J--t
Diagnosis
:
'i,
Model
:
::
1-+_________J
--------D~
/
F
__ J
E-G - - K
~H
--:... L M
Figure 3: Tracking through a behavior graph.
Figure 1: The three tasks of monitoring and control.
Thennostat hypothesis generation ~----------~
hot water outlet
~----------~
'--_ _-t-_ _ upper heater
Hypotheses
2 cold water inlet
Fault Models
,'--------'
Flow-rate sensor
qualitative simulation
Figure 4: Electric water heater.
Figure 2: Hypothesize-build-simulate-match cycle.
221
lower heater
TABLE 1: Diagnosing the Water Heater from Dynamic Behavior.
3
Time Synopsis
0 quiescent
1 flow starts
2 temp dropping
Flow (gals./min.) Temp. (deg. F) dTemp (deg./min.) Power (on or off)
0 180 0 off
8 180 0 off
8 170 -15 off
O,std hot,std 0 New fault hypotheses none
high,std hot,std 0 none
high,std hot,dec nmed none
New fault model(s)
none
none
none
none
badHl bad H2 bad Hl,H2
Candidate model(s)
normal
normal
normal
normal
badHl badH2 bad Hl,H2
flow temp dtemp
heater on 8 160
-13
4 temp still dropping
5 temp stable
6 flow stops
7 temp rising
8 152 -5 on
8 145 0 on high,std warmstd 0 none
0 145 0 on
0 150
on high,std high,std (hot warm),dec (hot warm),dec nmed nlow none badHl badH2 bad Hl,H2
O,std (hot warm),inc high
none
none
none
none
none
bad HI
bad HI
bad H2
Figure 5: Block Diagram for the Difference of Two FirstOrder Processes in Parallel.
222
on
O,std warm,std 0
y (s)
u (s)
9