System Health Tracking and Safe Testing

1
System Health Tracking and Safe Testing

• André Bos, Arjan van Gemund
• Jonne Zutt
• Delft University of Technology

2
Contents

• The role of diagnosis in autonomous systems
• Health tracking
• Diagnosis as health tracking
• Modeling
• Safe testing
• Future work

3
The role of diagnosis in autonomous systems

• Accomplish mission goals without human
  intervention even in a harsh environment
• Harsh environment system failures
• Without human intervention identify, isolate,
  and cope with system failures automatically
• Graceful degradation

4
Accomplishing mission goals
Mission goals
5
Architecture
TC
TM
S/C
FDI
Health mode
Safe plan
Planning/recovery and safety validation
Mission goals
6
Diagnostic system requirements

• Dynamic and hybrid systems
• Accumulating faults
• Test vector generate to further isolate faulty
  components
• Easy to model
• Single model (if possible) to support diagnostic
  reasoning, test vector generation, planning, and
  simulation

7
Health tracking

• Dynamic and hybrid systems
• Variables
• U - Inputs close shutter, switch-on lamp,
• X - State shutter position, lamp current
• Y - Observables

8
Health tracking (cont.)

• Extend behavioural description
• X to include fault states
• F, H to accommodate for fault state behavior.
• Note non-deterministic system

9
Example system S/R latch
10
UpTime model-based approach (1)

• UpTime design system to construct model-based
  diagnosis systems.
• Based on our experience of constructing a
  model-based diagnosis system for the GOME
  instrument (ERS-2 satellite).

11
UpTime model-based approach (2)

• Component-based.
• Coarse formalism
• Finite Domain constraints.
• Finite state machine to capture dynamics.

• Simplified behavioral description.
• dU ? dI
• E.g. If I goes up, pressure difference goes up.
• Each component

12
UpTime Component description

• Behavioral description
• Finite State Machine.
• Inter and intra state equations.
• Both nominal and fault state changes.

in cl, st op next st cl in cl, st
st-op next st
st-op state op dI 0 state cl dI ?
dU state stuck-open dI 0
13
UpTime algorithm (3)

• Likelihood trajectory determined using
• A priori likelihood state transition per
  component.
• The number of output variables explained.

14
Example system S/R latch
sone
15
Safe-testing

• Test vectors
• As system is only partially observable, use test
  vectors to discriminate between possible (health)
  states.
• Be careful, test vectors may induce errors.

16
Hazard conditions (1)

• Hazard conditions describe conditions that should
  not happen.
• Same language and model as used for diagnostic
  system.
• Conditions on the state of the S/C.

17
Hazard conditions (2)

• Battery
• Not directly connected to ground.
• Need extra variables to describe connectedness
  behavior.
• Not always possible to give hazard conditions per
  component.

18
Test action

• Test action must
• Discriminate between possible trajectories.
• Must not violate any hazard condition.

19
Checking a test action
Sik
Si
Si1

Si-1

Sik
Si
Si1

Effect of test action
20
Future work

• Model-based approach
• Domain dependent model of the S/C
• Domain independent Reasoning methods
• diagnosis
• testing

21
Example
State
S2 stuck open
S2 ok
Time