Copyright© IFACArtificial Intelligence in Real-TimeControl, DelftThe Netherlands, 1992

LOGIC-BASED PROCESS DIAGNOSIS UTILISINGTHE CAUSAL STRUCTURE OF DYNAMICAL

SYSTEMS

J. Lunze and F. Schiller

Technische UniversitasHamburg-Harburg, Arbettsbereicn Regelungstechnik, EijJentWrjer StrajJe 40,D-W2100 Hamburg 90. Germany

Abstract. A method for logic-based process diagnosis is propos~dthat utilise the causal structure of the dynamic syst~m unter conS1­deration to restrict the search space of the resolut10n system. Thebasis for this is given by a qualitative model of the dynamicalprocess, which is formulated in assertional logic . formulae, as wel:as a causality graph, which describes the direc~1ons ,of the causeeffect relations. It is shown that the overall d1agnos1s probl7m canbe decomposed into a series of subproblems such that the solut10n ofthe subproblems is necessary and sUfficient for the solution of theoverall problem. This decomposition reduces the search space con~i­derably and makes the diagnosis algorithm applicable under real-t1meconstraints.

d P d I agnos I s , knowledge-based systems, dynamical~eywor s. rocess. •systems, causality, real-time expert systems

INTRODUCTION

Process diagnosis concerns the problems ofdetecting abnormal states of a dynamicalsystem and of finding the ultimate faultsthat have caused this perturbation. In thecontrol engineering literature, thesesteps are also called fault detection orfault isOlation , respectively .

The majority of diagnosis methods, whichhave been elaborated and tested in practi­ce until now, starts from an analyticalmodel of the process under consideration ,which is usually brought into the form

where x, u and yare the vectors of thesystem state, input or output, respective­ly. Since the fault is reflected in thismodel by changes of the parameter vectora, the diagnosis problem can be solved bymeans of parameter estimation methods orby state observers, cf (patton, Frank andClark, 1988), (Isermann, 1989).

However, a lot of diagnosis problems arecharacterised by one or more of the follo­wing features:

* The fault yields structural perturbati­ons of the process, which cannot bereasonably described by parameterchanges. For example, a valve is bloc­ked, or a pipe is broken.

* The on-line information available is notgiven as quantitative measurements ofthe system output yet) but by qualita­tive assessments (eg. "water level ishigh/low") or by alarm messages. Thenthe model (1) cannot be used for pro­cessing this information.

x = f (x, u, a), y = g(x, u, a) (1)

* The model (1) is not available.

In this situation, the diagnos is problemmust be solved by means of knowledge aboutdiscrete cause-effect relations occuringin the process rather than by the model(1). This provides the motivation forusing knowledge-based systems for proc7ssdiagnosis, since knowledge repres~ntat10n

formalisms and knowledge process1ng me­thods provide an appropriate basis fordealing with qualitative descriptions ofthe system under consideration. However,it is still a problem of current researchto adapt the rather general methods deve­loped in the field of artifical intelli­gence, cf (Puppe, 1986), (Milne, 1987),(de Kleer and Williams, 1987) , to thespecific circumstances encountered in ,on­line supervision and control of dynam1calsystems. It is the aim of this paper tocontribute to this step.

A severe open quest ion asks how to makeknowledge-based diagnosis applicable underreal-time constraints. Knowledge proces­sing and, in particUlar, theorem provingby means of the resolution method leads tosearch problems with extensive searchspaces (cf Lunze and Schwarz 1990), whichcannot be solved sufficiently quickly forprocesses with rapid dynamical phenomena .Hence knowledge processing methods haveto be' elaborated that utilise specificfeatures of dynamical systems in order torestrict the search space and to accelera­te the diagnosis algorithm.

Only a few papers have concerned themethodological background of knowledge­based diagnosis. Lunze (1990, 1991) hasproposed a method in which all searchproblems are solved before the first alarm

279

occurs. It became obvious that the logicdescription of the cause-effect relationsthat become effective within the processafter faults have occured makes a moredetailed description of the process possi­ble than classical event trees, which havebeen used, for example, by Narayanan andViswanadham (1988). Sticher and Tolle(1990) solved the diagnosis problem byinterval analysis.

In the following, a completely new way isused where the causal structure of thedynamical system under consideration isused to restrict the search space of theresolution system so that the diagnosisalgorithm becomes applicable under real­time constraints.

signals change dynamically and, eventual­ly, activate a set of alarms

(5)

The problem is to find the fault set F.o(Fig. 1).

Diagnosis Problem: For given sets ~ andZo of control actions and operationconditions find the fault set Eo C F. forwhich the process yieldS a given set Aoof alarm messages.

2. THE ASSERTIONAL-LOGIC DESCRIPTION OFTHE PROCESS

particular but important forms of generalrelations describe the current controlautions or states. These formulae have thesimple form

The basis for the diagnosis is provided bya logic-based description of the process.This section describes how this model hasto be set up.

mean that exact one of the symptoms p3h,p3m and p3l has the truth value "true",which is reasonable if these literals saythat a level p3 is either high or mediumor low.

A symptom exists or does not exist. So itis possible to assign a literal assertionsi (literal) to each symptom: The validi­ty of a symptom is represented by assig­ning the truth value "true" to the lite­ral, otherwise the truth value "false".

(6)p3h v p3m v p3l-p3h v -p3m-p3h v -p3l-p3m v -p31

2.1. A logic-based qualitative descriptionof dynamical processes

The model refers to qualitative phenomenathat occur within the dynamical process.These phenomena are characterised typical­ly by the fact that signals or parametersexceed given bounds or have values of aprecribed interval. If such conditions aresatisfied, it is said that a symptom sioccurs.

with these literal assertions, well-formedformulae of assertional logic can be setup. This will be explained now for twoclasses for formulae that are referred toas general relations or cause-effect­relations, respectively.

General relations. Relations among sym­ptoms can be written down as arbitrarywell-formed formulae. For example,

The paper concerns a typical situation ofprocess supervision where the existence offaults is indicated by alarm messages andwhere the fault isolation problem has yetto be solved. The problem is to find theprimary fault that has brought about suchdeviations of the process signals fromtheir nominal trajectories that a givenset of alarms has been alerted. Since thefault and the alarm messages refer todiscrete phenomena, the process has to bedescribed as a sequence of these and othersymptoms independently of whether theprocess under consideration is really adiscrete or a continuous system. For thisreason, control actions and the generaloperating conditions are also described interms of such symptoms (Fig. 1). The setof all symptoms is denoted by ~. Alarmmessages ai' control actions ui' faultsfi and operation conditions zi formd~sjoint subsets of ~:

1. THE DIAGNOSIS PROBLEM

The paper is organised as follows. Thediagnosis problem given in section 1 issolved by means of an assertional-logicdescription of dynamical systems that willbe introduced in Section 2. On this basisthe diagnosis problem can be reformulatedin assertional logic as explained insection 3. As discussed in Section 4, thedirect application of the resolutionmethod to this problem is impossible forpractical applications where the processmodel consists of hundreds of logic formu­lae and, thus yields a huge search spaceof the resolution system. This is thereason for introducing the causality graphin section 5 in order to utilise thestructure of the system during the diagno­sis. The basis of the diagnosis algorithmis provided by the decomposition principledescribed in section 6. This principle isused in the diagnosis system whose struc­ture is explained in section 7. An examplegiven in section 8 illustrates the propo­sed method.

The remaining symptoms are denoted by ki

uiZj (7)

that say that the control action ui isactive and the state has the qualitativedescription Zj'

Cause-effect relations. A special symbol"< __ " is introduced in order to simplifythe model creation. Cause-effect relationshave the general form

(2)

(4)

11. c ~.F. c ~,

K = {k l , k2 , ... } = ~\(A U Q U F. U 11.). (3)

It is assumed that the current processstate and control activities, which occurprior to the appearance of the faUlts, aredescribed by the sets

and that these sets are known. After thefaults fi E Eo have occured, the process

280

where the set on the right-hand side

mean that the symptom a is the effect ofanother symptom d or of the simultaneousexistence of the two symptoms band c.

g '" {Si' Sj"'" sk"'" Sl} (9)

describes the symptoms whose simultaneousoccurrence makes the symptom s to occur.For instance,

2.2. Reformulation of the model in asser­tional loqic

At first sight, the arrow notation (8) canhe interpreted as implications, e.g.

If such a proof exists, the tentativefault set F.e described by (16) is a solu­tion to the diagnosis problem.

4. DIRECT SOLUTION OF THE DIAGNOSISPROBLEM BY MEANS OF THE RESOLUTIONMETHOD

Given:(1) General relations like (6) or (7)

describing the sets ~ and ~ of thecurrent control actions and operationconditions

(2) Process model B of the form (12)(3) Formula (16) describing a tentative

fault set Eo

Find:A proof that the assertion (15) followsfrom this given set of formulae.

(10)a <-- b & ca <-- d

a W({b, a})a W({d})

It is referred to as the causal structureof (8) saying that s is the effect ofthe simultaneous occurrence of all sym­ptoms included in g. For the example (10)

holds.The overall model. In summary, the logicaldescription R consists of formulae Bcoming from the cause-effect-relations anaof formulae ~ describing all generalrelations:

5.1. The causality graph

5. THE CAUSAL STRUCTURE OF DYNAKXCALSYSTEMS

In principle, the diagnosis problem can besolved by means of a resolution system.After all formulae have been brought intoclause form, the negation of the assertion(15) has to be added to the clause set andit has to be proved that the resulting setof formulae is contradictory (Fig. 2.).

However, this way of solution includes acomplex search problem. The resolutionmethod consists of resolution steps. Eachstep connects two clauses of the Wholeclause set in order to eventually producethe empty clause, which makes the elemen­tary contradiction visible. As it is notknown which sequence of resolution stepswill generate the empty Clause, the pro­blem of finding the proof is a searchproblem. Two properties of this searchproblem are important for diagnosis:

* The dimension of the search spaceincreases rapidly with the number ofmodel formulae. Hence, the diagnosisproblem is NP-complete.

* Structural properties of the set offormulae Be are not utilised.

Therefore, another way of solution isproposed now, which exploits the causalstructure of the formulae (8) that isdescribed by formulae of the form (13).The basis for this is provided by thecausality graph, which will be introducednow.

(11)

(13)

(12)

(14)

a <"'=> (b & c) v d.

a <"'= b & ca <"'= d.

s = Wig) •

Hence, the process model, which is set upwith the notation (8), can be reformulatedas a set of equivalences like (12).

Note that eqn (12) does no longer show inwhich way the symptoms a, b, c, dareconnected as causes or effects, respecti­vely. Therefore, from the arrow notation(8) another formula is derived that hasthe form

However, if it is known that the right­hand sides of (10) or (11) describe allcauses that may bring about the effect a(alosed-world assumption (Nilsson 1982»,then the arrows or implication signs haveto be interpreted as equivalence

with the definitions above, the alarm set(5) can be represented by

ai & ••• & aj & -ak &••• & -al' (15)

and the fault set Eo by

fi & ... & fj & -fk &... & -fl, (16)

where both positive or negative assertionson ai ~ A or fi e E can be made.

The causality graph of a dynamical systemhas been introduced by Lunze and Schiller(1991) for dynamical systems that aredescribed by implications in assertionallogic. Its definition is briefly surveyedhere.

Definition ~:eonsider a dynamical system,which is described by the model B intro­duced in section 2. The causality graph ofthis system is defined to be a directedgraph G(~~ with the following proper­ties:

3. STATEMENT OF THE DIAGNOSIS PROBLEM INASSERTIONAL LOGIC

The diagnosis problem described in Section1 can be stated now as a problem of theo­rem proving:

1. For every symptom s· € S there isexactly one vertex in the graph. Boththe symptom and the vertex are denotedby the same symbol si'

2. There exists a directed edge

281

(s ., s·) E.!t from s i towards s .(i~j) J if there is a cause-effectrelation of the form (13) with thestructure

with

3. There exist directed edges(si' s.) E.!tand (s., si) EE. (ifj)if the~e is a gene;al relation thatrefers to both symptoms si and Sj'

Fig.3. gives an example.

Every vertex S f ~ is associated withall general relations in which s occursand with all formulae (8) that have thecausal structure s ~ W(£) for some set ~.

The causality graph shows in which way theeffects of the faUlts propagate throughthe system. Although the graph representsless information about the system than themodel EU it makes several important pro­perties obvious:

.. A given fault f E.E yields an alarmmessage Ao E a only if there is apath within the causality graph from ftowards all ai E Ao '

.. If there is a path from some nodesi E ~ towards some node Sj E ~ viatne nodes sk' sl'" sm' than thesymptoms si' sk' sl"'" sm' Sj occurexactly in th1s order if the cause­effect relations among these symptomsas described by the graph become effec­tive.

5.2. The aqqregated causality graph

The causality graph can be analysed bygraph-theoretic means in order to obtainan aggregate description of the causalstructure. Two nodes s·, s· E ~ (S'TS')are strongly connected i¥ id G(~,E) theteexist a path from si to si and a pathfrom s· to si' It is known in graphtheory, Jt h a t the property of strong con­nection constitutes an equivalence relati­on. The set ~ of nodes of G(~,~) can bepartitioned into equivalence classes

least one pair s· f Bi and Sj e S·for which (si' Sjf E E holds.

-J

3. With each node si a of Ga allformulae Rk E Ii are associated thatbelong to some node s· E S· of thecausality graph. This set is -Jenoted byRia.

Hence, the aggregated causality graphgives rise to a decomposition of the modelR into n disjointed subsets Ria:

nU Ria = R, Ria n Rja = ~ (ifj) (18)

i=l

Note that the aggregated causality graphdoes not have any loop as the exampleshown in Fig.3.

6. A DECOMPOSITION PRINCIPLE FOR THEDIAGNOSIS PROBLEM

Lunze and Schiller (1992) have shown thatthe whole diagnosis problem can be brokendown i~to several subproblems in such away that the whole problem has a solutionif and only if the sUbproblems have solu­tions. The basis for this is given by themodel decomposition (18) and the followingtheorems. These theorems use the notation

Kl(Ri) = {Si I e~ther si or -si is a11teral of formula Ri}

to indicate which symptoms occur in themodel formula Ri'

Theorem 1. consider the aggregated causa­lity graph

Ga({fa,ga,ha}, {(fa, ga),(ga, hal}),

where fa, ga, h a represent the sets lJ ~H of symptoms. Assume that the sets offormulae

Rf' Bg, Rh

are assigned to the nodes fa, ga and h a.consider further a clause Th with

nU ~i '" ~,

i=l(17)

A clause Tf with

Kl (Tf) Q .rsuch that any two nodes sl' s2 f ~ arestron~ly connected if and only if thevbelong to the same set ~i in (17).

The partition (17) brings about a partiti­on of the graph G(~, E.) into sUbgraphsGi(~i' ~i) where

~i = {(sk' sl) E ~ I sk' sl E ~i}'

If these sUbgraphs are aggregated to hypernodes, the aggregated causality graph isconstructed.

Defipition~: For a given causality graphG~~,}J the aggregated aausali ty graphG (~ , ~a) is defined as follows:

1. For each equivalence class ~i in eqn(17) there exists one node si a f ~a(this correlation is visible by thesame index).

2. There exists a directed edge (sia,s.a)E Eia, if and only if there eX1sts Jat

can be deduced from the set of formulae

Rf U Rg U Rh U {Th},

if and only if it is possible to deduce aclause Tg with

Kl(Tg) Q Q

from

and the clause Tf from

That is, the search of the resolutionsystem can be limited to a search insubsets ~ and Rh' respectively, withoutrestricti~g the solvability of the pro­blem.

282

Theorem 2. Consider the aggregated causa­lity graph

Ga({fa,ga,ha}, {(fa, ga),(fa, hal}),

where fa, ga, ha represent the sets ~ ~H of symptoms. Assume that the sets offormulae

which are described by a theorem to bereformulated and that part Ei of themodel which has to be used for this re­formulation (cf Theorems 1 and 2). withthe answer to the subproblems, new subpro­blems are determined until the result is aformulaof the form (16) in which exclusi­vely literals fi f.E occur.

.Bf' Bg, Eh

are assigned to the nodes fa, ga and ha•Consider further a clause Tgh with

Kl(Tgh) Q g U H.

A clause Tf with

Kl(Tf) Q.E

8. EXAMPLE

The diagnosis algorithm will be illustra­ted now by considering the water supplysystem depicted in Fig. 5. The systemconsists of three water tanks. Levelcontrol loops, which operate on the valvesensure that the water levels are indepen­dent of the consumed amount of water.

can be deduced from the set of formulae

.Bf U Rg U Eh U {Th},

if and only if it is possible to deducetwo clauses Tf 1 and Tf 2 with

As system output the operator receives thefollowing alarm messages:

a1 "Level of tank 1 is too low"a2 = "Level of tank 2 is too low"a3 = "Level of tank 3 is too low"

The following faults are be considered:

Then, the system model ~ has the follo­wing formulae:

The process can have one of the followingqualitative states:

zl "Tank 3 has low water level"z2 = "Tank 3 has medium water level"z3 = "Tank 3 has high water level"

Further symptoms, which have to be consi­dered, are

kl "Level of tank 1 sinks below limit"k2 "Level of tank 2 sinks below limit"k3 "Level of tank 3 sinks below limit"

"Valve 1 is closed and blocked""Valve 2 is closed and blocked""Pipe is blocked"

(19)

flf2f3

General relations ER:

zl v az v z3-zl v -z2-z2 v -z3-zl v -z3

T f = Tfl v Tf2

holds.

These theorems have a nice intuitiveinterpretation. They say that the problemof finding the cause described by Tf forthe known effect Th or T h can bedecomposed if the efrect re~ults fromseries or parallel cause-effect relations.Then the deduction can be reduced intosucceeding or parallel deduction problems.Since the aggregated causality graph isfree of loops, the overall diagnosisproblem can be decomposed completely into'series or parallel problems'.

.Bh U {Th},

respectively, such that

from

7. THE DIAGNOSIS SYSTEM

The architecture of the diagnosis systemis depicted in Fig. 4. The process isdescribed by the model ~ and the causa­lity graph. For a given alarm message (15)the diagnosis systems finds the fault set.Eo described in the form (16).

The figure shows that the diagnosis algo­rithm consists of two parts. The firstpart concerns the model preparation phase,which can be accomplished before the firstalarm occurs. In this phase, the aggrega­ted causality graph is determined and themodel ~ decomposed accordingly. Thisstep includes graph search problems, butsince these search problems can be solvedbefore the alarm occurs, they are nottime-cri tical.

The execution phase concerns the solutionof an actual diagnosis problem after a setof alarms have been alerted. The algorithmconsists of two interconnected parts. The'upper level algorithm' decomposes thewhole diagnosis problem into sUbproblems,

Cause-effect relations Ec:f1 --> k1k1 --> a1f2 --> k2 (20)k2 --> a2k1 & k2 --> kJk2 & f3 --> k3k3 --> a3(k1 v k2) & (z1 v z2) --> k3

From the cause-effect relations in arrownotation the following set of logicalformulae is obtained:

f1 <==> k1 (21)k1 <==> a1 (22)f2 <==> k2 (23)k2 <==> a2 (24)(kl & k2) v (k2 & f3) v «kl v k2) &

& (Zl v Z2) <==> k3 (25)k3 <;==> a3 (26)

The causality graph consists of ten sub­graphs with which the following formulaeare associated:

283

Graph consistingof nodes

flk1zl, Z2, z3

Formula

no formula(21)...(1.9)

Sticher, T.; Tolle, H. (1990) 'Alarmbe­handlunq mittel. wissensbasierter Inter­vallanalyse', Automatislerungstechnik 38,292-298.

If the alarm message a1 & -a3 & -a2is received the diagnosis algorithm stepsforward in the following way (cf thecausality graph).1. The first sUbproblem is to replace theassertion -a3 by some assertion concer­ning k3 by means of (26), since a3 isthe vertex at the right of the graph, withthis vertex the formula (26) is associatedand the only way towards the vertex a3comes from the vertex k3. This subproblemhas the solution -k3, which replaces -a3in the alarm message, i.e. the new asser­tion is a1 & -k3 & -a2.2. The next subproblem is to replace -k3by some assertion that includes the sym­ptoms k1, zl, Z2, z3, k2, f3 by means of(25). The result is -zl & -z2 & z3 & -k2and, hence, the new assertional & -z1 & -z2 & z3 & -k2 & -a2.3. Now, three 'parallel' problems occur:

-zl & -z2 & Z3 have to be resolved bymeans of (19), since this hyper node hasno antecedent. Obviously, this assertiondoes not contradict (19).

-a2 has to be replaced by a termincluding k2 by means of (24), whichresults in -k2.

a1 has to be replaced by a term inclu­ding k1 by means of (22), which resultsin ki.,The resulting assertion is -k2 & kl.4. -k2 has to be replaced by a formulaincluding f2 by means of (23), whichresults in -f2.5. kl has to be replaced by a formulaincluding f1 by means of (21), whichresults in f1.The final assertion

-f2 & f1

has the form (16). It says that the singlefailure f1 has caused the alarm message.

RIlPERBIICES

de Kleer, J.; Williams, B.C. (1987)'Diagnosing multiple faults', ArtificialIntelligence 32, 97-130.Isermann, R. (1989) 'Beispiele fUr dieFehlerdiagnose mittels Parameterschat­zung', Automatisierungstechnik 37, 336-343and 445-447.Lunze, J. (1990) 'Ein Verfahren zur Pro­zeBdiagnose auf der Grundlage dar Aussa­genlogik', Messen, steuern, Regeln 33,530-536.Lunze, J. (1991) 'A method for logic-bas,·'fault diagnosis I I IFAC-Symposium on FaultDetection, Supervision and Safety rorTechnical Proaesses, Baden-Baden, Vol. 2,45-50.Lunze, J.; Schiller, F. (1992) 'Logikba­sierte ProzeBdiagnose unter Nutzung darkausalen Struktur dynamischer Systeme',1.utomatisierungstechnik, Hefte 2 und 3.Lunze, J.i Schwarz, W. (1990) KUnstlicheIntelligenz. Verlag Technik, Berlin.Narayanan, N.H.; Viswanadham, N. (1987) 'Amethodclogy for knowledge acquisition andreasoning in failure analysis. IEEE Trans.8KO-17, 274-288.Nilsson, N.J. (1982) principles of Artifi­cial Intelligence. Springer-Verlag, Ber­lin-Heidelberg-New York.Patton, R.; Frank, P.II.; Clark, R. (1980/Fault Diagnosis of Dynamic Systems, Pren­tice-Hall, London.Puppe, F. (1986) Diagnostisches Problemlo­nen mit Expertensystemen. Springer-Verlag,Berlin.

284

ControllJ o

Fault Eo~

ProcessAlarmmessage Ao

~

Fig 1.Dynal1\icalprocesswith fault

State Zo

Alarm message (15) 'yes'rno'

Resolution system

Fig 2. solution of the diagnosis problem by re$olution mp.r~~d

Fig 3. Causality graph and

aggregated causality graph

htlEPrsDaration Dhass xecu on pAle

ISet of fo;mulae B I Alarm message II Fault

i (15) (16)

Determination of the

aggregated

causality graph

jjAggregated IiDeoomposltion of the

oausallty graph diagnosis problem

Subproblem Solution

Structured

knowledge base f- Modified resolution systema

R • U R

Flg 4. Diaqnos~s util~slnq the causal structure of the process

f1

Fig 5. A tank system

tank 1 f3

12

!a1 I:l~verflow

----- 0~ tank z Lr ~,~'''..r

! a2

285