The operation of a plant—in this description and in the attached claims this term means industrial plants, manufacturing or research equipment, various types of vehicles (e.g. aircraft or spacecraft)—is controlled usually by means of complex diagnostic systems able to detect and isolate faulty operation conditions as soon as they happen. In ground-controlled space missions, either in Earth orbit or in deep space, prominent attention is devoted to the diagnosis of the system formed by the spacecraft and its onboard equipment, and in particular to the real-time detection of system faults, to correct the malfunctions which might compromise the mission.
The basic principle of model-based diagnostics is the comparison between the expected or nominal behaviour of a system, provided by a model of the system, and the actual behaviour inferred from measurements on the system, acquired by means of a set of sensors associated to said system to detect any discrepancy (inconsistency) and to diagnose the causes (faults).
In the last few decades, research in the field of system diagnostics, based on a model describing the functions of the system components and its connectivity or topology, has been carried out essentially according to two different paths: one, the approach of Fault Detection and Isolation (FDI), exploits the complete knowledge of the system and is based on automatic control theories and statistical decisions; the other, known as DX approach, does not need the complete knowledge of the system and is based on Artificial Intelligence techniques applied to a set of assumptions on the modes of operation of the system as a whole.
The FDI approach uses for its application the Analytical Redundancy Relations (ARRs), also known as residuals or parity equations, each of them representing a different relation between measured parameters of the system. Each unsatisfied ARR indicates a discrepancy between the expected system behaviour and the actual one, and allows the detection of a system malfunction, due to some fault, compared to normal operation. If for a set of sensor measurements of the system a specific ARR is unsatisfied, then at least one of the components of the support set of that ARR, i.e. the components involved in the ARR derivation, is faulty.
A system model (System Model, SM) is defined to consist of a Behavioral Model (BM) and the Observation Model (OM). The Behavioral Model BM is a component-based description of the system and consists of a set of Primary Relations (PRs). Each component is described by the function that it performs, i.e., by one or more PRs, and its inputs and outputs, such a component-based description also includes the topology of the system. The OM is the set of relations defining the observations that are performed on the system by means of a set of sensors associated to said system.
FIG. 1 shows an example of a polybox system consisting of four Multipliers (M1, M2, M3, M4) and three adders (A1, A2, A3).
The Behavioral Model BM for this system, representing a component-based description and the topology, is given by a set of PRs and their associated components as:PR1:x=ab;  M1 PR2:y=bc;  M2 PR3:z=cd;  M3 PR4:t=de;  M4 PR5:f=x+y;  A1 PR6:g=y+z;  A2 PR7:h=z+t;  A3 
The diagnostic technique according to the FDI approach is based on the concepts of Analytical Redundancy Relation (ARR) and Fault Signature Matrix (FSM) which are briefly discussed in the following, for the sake of clarity and simplicity considering the case of single fault only in a system.
The set of variables (V) of a system, i.e. the system of FIG. 1, can be decomposed into a set of unknown (unobserved) variables (X) and a set of observed variable (O), i.e., V=X∪0.
An Analytical Redundancy Relation (ARR) is a constraint deduced from the system model (SM). ARRs can be derived from SM by eliminating the unknown (unobserved) variables from the PRs. Therefore, an ARR contains only, and hence can be evaluated from, observed variables.
The support of an ARR is the subset of components that are involved in the derivation of the ARR.
For the system of FIG. 1, if the sensors are placed at outputs f, g and h, and with known inputs a, b, c, d, e, then O={a, b, c, d, e, f, g, h} and X={x, y, z, t}.
The resulting ARRs are given in following Table 1:
TABLE 1ARR, support components, and sensors for the example in FIG. 1n.RelazioneComponentiSensoriARR1f = a b + b cM1, M2, A1fARR2g = b c + c dM2, M3, A2gARR3h = c d + d eM3, M4, A3hARR4f − g = a b − c dM1, M3, A1, A2f, gARR5g − h = b c − d eM2, M4, A2, A3g, hARR6f − g + h = ab +M1, M4, A1, A2, A3f, g, hde
ARRs are used to check the consistency of the observations with respect to SM. That is, the ARRs are satisfied if the observed system behavior satisfies the model constraint, i.e. provides observations expected from the model.
Under single-fault exoneration assumption, if a component of an ARR support is faulty, then that ARR is not satisfied.
In fact, coupled with the concept of support set, this forms the foundation of model-based diagnosis approach in the FDI community.
The Fault Signature Matrix (FSM) can be deduced from the ARRs. The FSM is defined as a binary matrix whose rows are the ARRs generated for the system under study and whose columns represent the system components (faults). An element FSMij of this matrix is assigned 1 if component Ci is part of support of ARRj, otherwise FSMij=0. The i-th column corresponding to component Ci is defined as the fault signature vector of Ci and it is denoted as FSVi=[FSVi1, . . . , FSVin]t.
For the system of FIG. 1, the FSM can be derived from Table 1 and is given in Table 2.
TABLE 2Fault Signature Matrix for System of FIG. 1ARRM1M2M3M4A1A2A3ARR11100100ARR20110010ARR30011001ARR41010110ARR50101011ARR61001111
The model-base diagnosis approach is based on evaluation of ARRs given a set of system observations.
The ARRs are instantiated with the inputs and observed values providing an observed signature. If an ARRi is satisfied based on the observation, then ARRi=0, otherwise ARRi=1. The signature of i-th observation is defined as a binary vector OSi=[OSi1, . . . , OSin]t, where OSij=0 if ARRj is satisfied by the observations, and OSi=1 otherwise.
Table 3 shows the diagnosis of the system of FIG. 1 for a subset of all possible observations.
TABLE 3Diagnosis of system of FIG. 1 using ARRs for a Subset of PossibleObservationsARRsObservationsARR1011011ARR2001010ARR3000111ARR4010001ARR5001111ARR6010111DiagnosisNoM1M2M4{M2, M4}{M1, M4}faultsororororA1A3{M2, A3}{A1, A3},or{M1, A3}or{M4, A1}
The diagnosis is given on the basis of faults accounted for in the fault signature matrix, that is, an observed signature OSi=[OSi1, . . . , OSin]t is consistent with a fault signature FSi=[FSi1, . . . , FSin]t if FSij=OSij for all j.
For example, for the system in FIG. 1 the OS=[1,0,0,1,0,1]t is equivalent to the fault signature of components M1 and A1.
Notice that this shows that, depending on the system sensors, the faults of components M1 and Al cannot be discriminated, as in the case of A3 and M4.
The criterion of detection and isolation (fault discrimination) can be described in terms of FSM. A given faulty component Ci can be detected if its signature vector FSV of the fault is not a vector with all zero elements, that is at least one ARR is affected. All faults can be detected (complete detection) if there is no null column (i.e. no FSV with all zero elements) in the FSM. Fault isolation is guaranteed by requiring that there are no two identical columns in the FSM, since this fact would imply that the two FSVs are identical and therefore the corresponding faults cannot be discriminated.
For the system of FIG. 1, as can be seen from Table 2, all faults can be detected and the faults of M2, M3, and A2 can be isolated. However, the fault of M1 from the fault of A1 as well as the fault of M4 from the fault of A3 cannot be isolated. Therefore, the ambiguity sets for the system of FIG. 1 are {M1, A1} and {M4, A3}.
The multiple faults case can be treated by expanding the columns of the FSM matrix of single fault. The signature vector FSV of a multiple fault is obtainable from the FSVk signature vectors of the single faults which occurred simultaneously by performing an OR operation among the corresponding elements of the respective signature vectors FSVk. In more rigorous terms, if a multiple fault is defined as MFSVk, corresponding to simultaneous occurrence of faults of components Ci, . . . , Cj, then the elements of MFSVk are MFSVkp=0, if FSVip, = . . . =FSVjp=0, otherwise MFSVkp=1. Therefore, in a system with n components, consideration of all possible multiple faults combinations would lead to build a FSM matrix with 2n columns.
Table 4 shows the signature fault matrix of the system of FIG. 1 with all the possible double faults. Combining Tables 2 and 4 gives the fault matrix for all single and double faults of the system.
TABLE 4Signature Matrix of Double Faults for the system of FIG. 1M1M1M1M1M1M1M2M2M2M2M2M3M3M3M3M4M4M4A1A1A2M2M3M4A1A2A3M3M4A1A2A3M4A1A2A3A1A2A3A2A3A3111111111110100100110110010111111111010101011001110011111111011111111101101111110111101011111111011111111111111011111111111111
In the diagnosis, the ARR tests can result in an observed signature that is not accounted in FSM, i.e., it is not equivalent to any FSV. In this case, the diagnosis can be done by determining multiple columns that collectively cover the signature observed, resulting in having to solve the hitting set problem that is of the minimal set of the components whose at least one of the components is accounted in each the support sets of the unsatisfied ARRs.
For example, in Table 3, the observation signature of [1,1,1,0,1,1]t is not accounted for in the FSM given in Table 2. In this case, at least one of the components of the support sets of the unsatisfied ARRs is faulty. The unsatisfied ARRs are ARR1, ARR2, ARR3, ARR5, and ARR6. The support sets of these ARRs are, respectively, {A1, M1, M2}, {A2, M2, M3}, {A3, M3, M4}, {A2, A3, M2, M4}, and {A1, A2, A3, M1, M4}. The diagnosis is then determined by calculating the hitting set of these sets, which is obtained as {M2, M4} or {M2, A3}.
As another example in Table 3, the observation signature of [1,0,1,1,1,1]t is not again accounted for in the FSM given in Table 2. The unsatisfied ARRs are ARR1, ARR3, ARR4, ARR5, and ARR6. The support sets of these ARRs are, respectively, {A1, M1, M2}, {A3, M3, M4}, {A1, A2, M1, M3}, {A2, A3, M2, M4}, and {A1, A2, A3, M1, M4}. The diagnosis is then determined by calculating the hitting set of these sets and is obtained as {M1,M4}, or {A1, A3}, or {M1,A3}, or {M4, A1}.
From the above discussion, the model-based diagnosis technique, by using ARRs, can be summarized in the following steps:                Preprocessing: Given the system model and deployed sensors for the system observation, the complete set of ARRs is derived. Then, the fault Signature matrix (FSM) for any desired number of faults is built so as to analyze the detection and isolation properties of the system and determine possible ambiguity sets;        Run-Time Diagnosis: this step is performed                    a) by calculating all the ARRs to determine unsatisfied ARRs and form the observation vector. If the observation vector matches any FSV then the diagnosis is completed. Otherwise,            b) by solving a determination problem of an hitting set among the support sets of unsatisfied ARRs, this minimal set representing, in definitive, the system diagnosis.                        
Although ARRs are important not only for system diagnostics but also for the optimization and analysis of sensor systems, which are employed in diagnostics, the development of systematic and efficient approaches for ARRs generation has not attracted so far sufficient attention.
In fact, the actual methods for ARRs generation depend on the system they describe, and the derivation of a whole set of ARRs depends substantially on the experience and knowledge of an expert programmer in manipulating analytical equations, and it cannot be easily extended to a great number of systems or plants of interest.
A key fundamental issue in application of ARRs is the completeness of the set of ARRs.
For model-base diagnosis, the importance and criticality of the completeness of the set of ARRs follows from the fact that it can significantly affect the fault detection and isolation capability of the system. That is, a predetermined set of deployed sensors in a system can indeed provide a certain level of detection and isolation but this level cannot be achieved due to incompleteness of the set of ARRs.
The inventors, in their article “A new efficient method for system structural analysis and generating analytical redundancy relations”, Proc. IEEE Aerospace Conference, March 2009, have discussed in detail the arguments related to the generation of a complete set of ARRs showing that the non-deterministic algorithms known in the art allow to compute uncomplete sets of ARRs, which differ according to the order in which the unknown variables are selected for the elimination. The most used algorithms for the generation of a complete set of ARRs have exponential complexity, thus making their application not practical for systems of interest. Otherwise, the method which is described in the article grants the efficient generation of the complete set and not redundant of ARRs whose complexity is only O(L4), in the worst case, where L is the number of relations in the system.
Another issue to be addressed by the inventors in the cited article is efficiency and in definitive the feasibility of the ARRs derivation, that is the actual processability in the derivation and computation (evaluation) of the ARRs in explicit form. As an ARR is by definition generated by combining a set of primary relations (PRs), such combination may require the inversion of the functions representing one or more PRs, expressed in analytical form. As a matter of fact, in real systems encountered in practical applications, the functions representing primary relations of some non-linear components cannot be inverted in analytical form, but can only be expressed numerically: this poses a further major obstacle, increasing the computational load of the procedure and limiting its practical applicability.
The method which is described in the cited article is based on the observation that the key step for model-based diagnosis as well as sensors optimization and analysis is the formation of the FSM. FSM describes logical relations between set of sensors and components of a controlled system or plant. This observation leads to a new appreciation and interpretation of the real power of ARRs. In fact, the power of the ARRs is in the logical relation that they establish between the set of sensors, involved in its evaluation, and the set of its support components. In order to exploit such a logical power of ARRs, we can use them in an implicit form, without any need for deriving the analytical form, at least in this phase of procedure.
In general, given the FSM of the system, it is possible to determine the capabilities of detection and isolation of faults of sensors associated to the system without any explicit evaluation of the analytical redundancy relations.
The proposed method is based on the derivation of ARRs and their supports as set operations.
This method allows the generation of implicit ARR and therefore the construction of the FSM matrix without the need to know precisely the analytic functions and their inversion by substituting equations and algebraic operations with sets and operations between sets.
However, it should be noted that for the application in the diagnosis of the system the explicit form of the ARR and therefore their assessment is always required, resulting in significant burden of calculation, even when there are no faults in the system.
In fact, according to the prior art, in a diagnosis procedure based on the analytical redundancy relations the whole set of relations for each measure for each sensor system should be assessed, as it is not possible to determine a priori a subset of ARRs which is sufficient to calculate in order to meet the incidental need of diagnosis. Moreover, the calculation of each relation may require a considerable number of numerical operations for the reason that for many practical systems of interest the set of ARRs cannot be obtained in analytical form.
For systems where the timely detection of faulty components is of prime importance, excessive computational complexity is an obstacle to the adoption of this technique.
For this reason, the number of analytical redundancy relations acquires extreme importance during the real-time diagnosis.
In summary, the drawbacks of the prior art of diagnosis based on the derivation of analytical redundancy relations are the need of completeness of the set of ARRs, the number and complexity of derivation of the ARRs, making of an analytical form of ARRs for their calculation, the complexity of calculating the ARRs and the complexity of solving problems of hitting set for the determination of the set of potential faulty components.
The process of generating a set of analytical redundancy relations developed by the inventors and described in “A new efficient method for structural system analysis and generating analytical redundancy relations”, Proc IEEE Aerospace Conference, March 2009, allows to obviate the first three drawbacks, because it teaches a method of derivation of a complete set of ARRs in implicit form efficient and practical at the same time, making this method potentially applicable to any system of interest.