Fault Aware Systems:
Model-based Programming
and Diagnosis
Outline
ƒ Fault Aware Systems Through
Model-based Programming
ƒ Diagnosis as Detective Work
ƒ Model-based Diagnosis
Brian C. Williams
16.412J/6.834J
March 8th, 2004
courtesy of JP L
Brian C. Williams, copyright 2000
Like Storyboards, Model-based Programs
Specify The Evolution of Abstract States
Mars Polar Lander Failure
Leading Diagnosis:
• Legs deployed during descent.
• Noise spike on leg sensors
latched by software monitors.
• Laser altimeter registers 50ft.
Embedded programs evolve actions
by interacting with plant sensors
and actuators:
Model-based programs evolve
abstract states through direct
interaction:
• Read sensors
• Read abstract state
• Set actuators
• Write abstract state
• Begins polling leg monitors to
determine touch down.
• Latched noise spike read as
touchdown.
Model-based
Embedded Program
Embedded Program
Obs
Cntrl
• Engine shutdown at ~50ft.
Fault Aware Systems:
Create embedded languages
That reason and coordinate
on the fly from models
S
Plant
Programmers are overwhelmed
by the bookkeeping of reasoning
about unlikely hidden states
S’
Model-based Executive
Obs
Cntrl
S
Plant
Programmer maps between state
and sensors/actuators.
Model-based executive maps
between state and sensors/actuators.
OrbitInsert()::
(do-watching ((EngineA = Firing) OR
(EngineB = Firing))
(parallel
Descent Example
RMPL Model-based Program
Titan Model-based Executive
(EngineA = Standby)
(EngineB = Standby)
Control Program
(Camera = Off)
(do-watching (EngineA = Failed)
Turn camera off and engine on
(when-donext ( (EngineA = Standby) AND
(Camera = Off) )
Executes concurrently
(EngineA = Firing)))
z Preempts
(when-donext ( (EngineA = Failed) AND
(EngineB
= Standby) AND
states
z Queries (hidden)
(Camera = Off) )
(hidden)
state
z Asserts (EngineB
= Firing))))
z
Generates target goal states
Control on
Sequencer
conditioned
state estimates
State estimates
System Model
Tracks
Mode
EngineA
EngineB
EngineA
EngineB
0.01
0. 01
Open
Tracks
least
Mode
likely
Deductive
Controller
Estimation
Reconfiguration
cost
goal states
plant states
Valve
Open
State goals
UnUnknown
Close
0. 01
Science Camera
Science Camera
Closed
Stuck
closed
inflow iff outflow
0.01
Observations
Commands
Plant
1
State-based Execution: The model-based program sets the
state to thrusting, and the deductive controller . . . .
Model-based Programs
Oxidizer tank
Reconfigure Modes
Fuel tank
Control program specifies
state trajectories:
OrbitInsert()::
(do-watching ((EngineA = Thrusting) OR
(EngineB = Thrusting))
• fires one of two engines
Deduces that
thrust is off, and
the engine is healthy
Plans actions
to open
six valves
Deduces that a valve
failed - stuck closed
Identify Modes
(EngineA = Standby)
• prior to firing engine, camera must be
turned off to avoid plume contamination
(Camera = Off)
z
State estimates
Off
standbystandbycmd
2 kv
0v
0.01
turnoffturnoffcmd
Standby
0.01
offoffcmd
standbystandbycmd
0.01
Standby
standbystandbycmd
(power_in = zero)
AND
(shutter = closed)
X0
X1
XN-1
XN
0v
S
T
First Action
least cost reachable
goal state
ThePossible
Plant’sBehaviors
Behavior
Visualized by a Trellis Diagram
X0
0v
X1
XN-1
XN
0.01
Failed
firefirecmd
Firing
Off
XN
T
Current Belief State
Camera Model
0v
XN-1
S
Modeling Complex Behaviors through
Probabilistic Constraint Automata
Off
X1
20 v
one per component … operating concurrently
Engine Model
Plant
Fire backup
engine
X0
On
Commands
Observations
Valve fails
stuck closed
turnonturnoncmd 0.01
0v
(powe r_ in =nomina l) AND
( shutte r =open )
2 kv
Firing
0v
Failed
0.01
firestandbystandby- firecmd
cmd
Off
Mode
Reconfiguration:
Tracks least-cost
state goals
Deductive Controller
Camera Model
(powe r_ in =ze ro ) AND
( shutte r =c lo sed )
State goals
Mode
Estimation:
Tracks likely
States
0v
offoffcmd
(thrust = full) AND
(power_in = nominal)
Generates
goal states
Control
Sequencer
conditioned on state estimates
Executes concurrently
Preempts
Asserts and queries states
z Chooses based on reward
z
System Model
Engine Model
(thrust = zero) AND
(power_in = nominal)
Titan Model-based Executive
Control Sequencer:
z
deterministic and probabilistic transitions
2 kv
(EngineB = Thrusting))))
– likelihoods and costs
cost/reward
(thrust = zero) AND
(power_in = zero)
(when-donext ( (EngineA = Failed) AND
(EngineB = Standby) AND
(Camera = Off) )
RMPL Model-based Program
Control Program
described by finite domain constraints on variables…
( thr ust = f ull) AND
(powe r_ in =nomina l)
(when-donext ( (EngineA = Standby) AND
(Camera = Off) )
(EngineA = Thrusting)))
– qualitative constraints
Diagnose Failure Modes
component modes…
( thr ust =ze ro ) AND
(powe r_ in =ze ro )
(do-watching (EngineA = Failed)
• in case of primary engine failure, fire
backup engine instead
– Nominal and Off nominal
Plant Model
( thr ust =ze ro ) AND
(powe r_ in =nomina l)
(EngineB = Standby)
Plant Model describes
behavior of each component:
Determines that valves
on the backup engine
will achieve thrust, and
plans needed actions.
Repair Modes
(parallel
• sets both engines to ‘standby’
0.01
turnoffturnoffcmd
0v
2 kv
(power_in = nominal)
AND
(shutter = open)
turnonturnoncmd
0.01
S
T
20 v
On
• Complex, discrete behaviors
• modeled through concurrency, hierarchy and timed transitions.
• Anomalies and uncertainty
• modeled by probabilistic transitions
• Physical interactions
• modeled by discrete and continuous constraints
•Assigns a value to each
variable (e.g.,3,000 vars).
•A set of concurrent transitions,
one per automata (e.g., 80).
•Consistent with all state
constraints (e.g., 12,000).
•Previous & Next states
consistent with source & target
of transitions
2
arg max PT(m’)
s.t. M(m’) ^ O(m’) is satisfiable
arg min RT*(m’)
s.t. M(m’) entails G(m’)
s.t. M(m’) is satisfiable
State estimates
Optimal CSP:
Titan Model-based Executive
Control Sequencer:
Generates
goal states
Control
Sequencer
conditioned on state estimates
Executes concurrently
z Preempts
z Asserts and queries states
z Chooses based on reward
z
State goals
Mode
Estimation:
Tracks likely
States
arg min f(x)
RMPL Model-based Program
Control Program
State estimates
System Model
Mode
Reconfiguration:
Tracks least-cost
state goals
Deductive Controller
s.t. C(x) is satisfiable
D(x) is unsatisfiable
Mode
Reconfiguration:
Tracks least-cost
state goals
Deductive Controller
Commands
Observations
Commands
Observations
Plant
Valve fails
stuck closed
State goals
Mode
Estimation:
Tracks likely
States
Plant
Valve fails
stuck closed
Fire backup
engine
X0
X1
X N-1
XN
X0
S
Fire backup
engine
X1
XN-1
S
T
Current Belief State
X0
XN
T
0v
Off
offoffcmd
2 kv
standbystandbycmd
(thrust = full) AND
(power_in = nominal)
XN-1
XN
T
least cost reachable
goal state
First Action
X0
0v
X1
XN-1
XN
0.01
turnoffturnoffcmd
firefirecmd
Firing
X1
Failed
0.01
Standby
(thrust = zero) AND
(power_in = nominal)
0v
Off
(power_in = zero)
AND
(shutter = closed)
standbystandbycmd
X0
S
ThePossible
Plant’sBehaviors
Behavior
Visualized by a Trellis Diagram
Camera Model
Engine Model
XN
T
Current Belief State
Modeling Complex Behaviors through
Probabilistic Constraint Automata
(thrust = zero) AND
(power_in = zero)
X N-1
S
least cost reachable
goal state
First Action
X1
0.01
0v
turnonturnoncmd
(power_in = nominal)
AND
(shutter = open)
2 kv
0.01
S
T
20 v
On
• Complex, discrete behaviors
• modeled through concurrency, hierarchy and timed transitions.
• Anomalies and uncertainty
• modeled by probabilistic transitions
• Physical interactions
• modeled by discrete and continuous constraints
arg max PT(m’)
arg min RT*(m’)
s.t. M(m’) ^ O(m’) is satisfiable
s.t. M(m’) entails G(m’)
•Assigns a value to each
variable (e.g.,3,000 vars).
•A set of concurrent transitions,
one per automata (e.g., 80).
•Consistent with all state
constraints (e.g., 12,000).
•Previous & Next states
consistent with source & target
of transitions
Outline
s.t. M(m’) is satisfiable
State estimates
Optimal CSP:
arg min f(x)
State goals
Mode
Estimation:
Mode
Reconfiguration:
States
state goals
Deductive
Controller
Tracks likely
Tracks least-cost
s.t. C(x) is satisfiable
D(x) is unsatisfiable
ƒ Fault Aware Systems Through
Model-based Programming
ƒ Diagnosis as Detective Work
ƒ Model-based Diagnosis
Commands
Observations
Plant
Valve fails
stuck closed
Fire backup
engine
X0
X1
S
Current Belief State
X N-1
XN
X0
T
X1
S
First Action
XN-1
XN
T
least cost reachable
goal state
3
b
Issue 1: Handling Hidden Failures Requires
Reasoning from a Model: STS-93 Symptoms:
•
•
•
•
Engine temp sensor high
LOX level low
GN&C detects low thrust
H2 level possibly low
Problem: Liquid hydrogen leak
Model- ased Diagnosis as
Conflict-directed Best First Search
When you have eliminated the impossible,
whatever remains, however improbable,
must be the truth.
Effect:
• LH2 used to cool engine
• Engine runs hot
• Consumes more LOX
- Sherlock Holmes. The Sign of the Four.
1. Test Hypothesis
2. If Inconsistent, learn reason for inconsistency
(a Conflict).
3. Use conflicts to leap over similarly infeasible options
to next best hypothesis.
Compare Most Likely Hypothesis
to Observations
Isolate Conflicting Information
Helium tank
Helium tank
Oxidizer tank
Flow1 = zero
Pressure1 = nominal
Acceleration = zero
Oxidizer tank
Fuel tank
Pressure2= nominal
Fuel tank
Flow 1= zero
Main
Engines
Main
Engines
It is most likely that all components are okay.
The red component modes conflict with the model and observations.
Leap to the Next Most Likely Hypothesis
that Resolves the Conflict
New Hypothesis Exposes Additional Conflicts
Helium tank
Oxidizer tank
Fuel tank
Helium tank
Fuel tank
Pressure2= nominal
Oxidizer tank
Pressure1 = nominal
Flow 1= zero
Main
Engines
The next hypothesis must remove the conflict
Acceleration = zero
Main
Engines
Another conflict, try removing both
4
Final Hypothesis Resolves all Conflicts
Outline
Helium tank
Oxidizer tank
Pressure1 = nominal
Flow1 = zero
Fuel tank
Pressure2= nominal
Flow2 = positive
ƒ Fault Aware Systems Through
Model-based Programming
ƒ Diagnosis as Detective Work
ƒ Model-based Diagnosis
Main
Engines
Acceleration = zero
Implementation: Conflict-directed A* search.
Model-based Diagnosis
Model-based Diagnosis
Given a system with symptomatic behavior and a
model of the system, find diagnoses that account
for symptoms.
1
A
B
O
Or1
1 X
1
1
C
O
1 Y
1
D
0 E
O
A
1
A
1
F 0
Symptom
1
G 1
Z
Diagnosis as
Hypothesis Testing
Given a system with symptomatic behavior and a
model of the system, find diagnoses that account
for symptoms.
1
A
1
B
1
C
1
D
0
E
1
Or1
X
And1
1
Or2
Or3
Y
1
And2
1
F 0
Symptom
1
G 1
Z
Issue 2: Failures are Often Novel:
1. Generate candidates, given symptoms.
2. Test if candidates account for all symptoms.
Desired Properties:
• Set of diagnoses should be complete.
• Set of diagnoses should consider all
available information.
Mars Observer: Explosion due to oxidizer/fuel leakage?
5
Issue 2: How Should Diagnoses
Account for Novel Failures?
Issue 2: How Should Diagnoses
Account for Novel Failures?
Consistency-based Diagnosis: Given symptoms,
find diagnoses that are consistent with symptoms.
Suspending Constraints: Make no presumptions
about faulty component behavior.
Consistency-based Diagnosis: Given symptoms,
find diagnoses that are consistent with symptoms.
Suspending Constraints: Make no presumptions
about faulty component behavior.
1 A
1 B
1 C
1 D
0 E
Or1
Or2
1
X
And1
1
Symptom
1
F 0
Y
And2
Or3
G 1
1 A
1 B
1 C
1 D
0 E
Z
Issue 2: How Should Diagnoses
Account for Novel Failures?
Or1
Or2
1
X
And1
1
Y
And2
Or3
0 E
Or1
Or2
Issue 3: Multiple Faults Occur
• three shorts, tank-line
and pressure jacket
burst, panel flies off.
Î Divide & Conquer
1
X
And1
1
Î Diagnose each
symptom.
Î Summarize (conflicts)
Î Combine
F 0
Y
And2
Or3
G 1
Z
Consistency-based Diagnosis: Given symptoms,
find diagnoses that are consistent with symptoms.
Suspending Constraints: Make no presumptions
about faulty component behavior.
1 A
1 B
1 C
1 D
Symptom
1
F 0
G 1
Z
courtesy of NASA
APOLLO 13
Diagnosis identifies
consistent modes
Adder(i):
ƒ G(i):
Out(i) = In1(i)+In2(i)
ƒ U(i):
3
A
2
B
2
C
3
D
3
E
M1
Diagnosis identifies All
sets of consistent modes
X
A1
M2
Y
A2
M3
Z
Candidate = {A1=G, A2=G, M1=G, M2=G, M3=G}
ƒ Candidate: Assignment to all component modes.
F 10
G 12
Adder(i):
ƒ G(i):
Out(i) = In1(i)+In2(i)
ƒ U(i):
3
A
2
B
2
C
3
D
3
E
M1
X
A1
Y
M3
F 10
G 12
Z
Diagnosis = {A1=G, A2=U, M1=G, M2=U, M3=G}
ƒ Diagnosis D: Candidate consistent with model Phi and
observables OBS.
ƒ As more constraints are relaxed, candidates are more easily satisfied.
Î Typically an exponential number of candidates.
6
Representing Diagnoses
Compactly: Kernel Diagnoses
Testing Consistency
→ Propositional Logic
• DPLL Sat algorithm
• Unit propagation (incomplete)
?
3
A
2
B
M1
C
2
D
3
E
3
X
?
A1
F 10
•Finite Domain Constraints
Y
?
Z
M3
Kernel Diagnosis = {A2=U, M2=U}
“Smallest” sets of modes that remove all symptoms
Every candidate that is a subset of a kernel diagnosis
is a diagnosis.
Encoding Models In Propositional Logic
• Algebraic Constraints
• Sussman/Steele Constraint Propagation:
• Propagate newly assigned values through
equations mentioning variables.
• To propagate, use assigned values of constraint to
deduce unknown value(s) of constraint.
Summary: Consistency-based Diagnosis
ƒ Component Model + Structure:
And(i):
ƒ G(i):
Out(i) = In1(i) AND In2(i)
ƒ U(i):
Or(i):
ƒ G(i):
Out(i) = In1(i) OR In2(i)
ƒ U(i):
X ∈{1,0}
• Backtrack Search w Forward Checking, …
• AC-3/Waltz constraint propagation (incomplete)
G 12
¬(i=G) ∨ ¬(In1(i)=0) ∨ Out(i)=0
¬(i=G) ∨ ¬(In2(i)=0) ∨ Out(i)=0
¬(i=G) ∨ ¬(In1(i)=1) ∨ ¬(In2(i)=1) ∨ Out(i)=1
¬(i=G) ∨ ¬(In1(i)=1) ∨ Out(i)=1
¬(i=G) ∨ ¬(In2(i)=1) ∨ Out(i)=1
¬(i=G) ∨ ¬(In1(i)=0) ∨ ¬(In2(i)=0) ∨ Out(i)=0
X=1 ∨ X=0
¬X=1∨ ¬X=0
Outline
Model-based Diagnosis
ƒ Conflicts and Kernel Diagnoses
ƒ Generating Kernels from Conflicts
ƒ Finding Consistent Modes
ƒ Estimating Likely Modes
ƒ Conflict-directed A*
And(i):
1
A
ƒ G(i):
Out(i) = In1(i) AND In2(i)
ƒ U(i):
1
B
1
C
1
D
0
E
ALL components have
“unknown Mode” U,
Whose assignment is
never mentioned in C
Or1
X
And1
Y
Or3
F 0
G 1
Z
Diagnosis = {A1=G, A2=U O1=G, O2=U, O3=G}
ƒ Obs:
Assignment to O
ƒ Candidate Ci: Assignment of modes to X
ƒ Diagnosis Di: A candidate such that
Di ∧ Obs ∧ C(X,Y) is satisfiable.
Diagnosis by
Divide and Conquer
Given model Phi and observations OBS
ƒ 1. Find all symptoms
ƒ 2. Diagnose each symptom separately
(each generates a conflict → candidates)
ƒ 3. Merge diagnoses
(set covering → kernel diagnoses)
General Diagnostic Engine
[de Kleer & W illiams, 87]
7
Conflicts Explain How to
Remove Symptoms
6
3
A
2
B
2
C
D
M2
Y
E
M3
Z
3
M1
12
X
6
Conflicts Explain How to
Remove Symptoms
A1
A2
F 10
G
Symptom:
F is observed 10, but should be 12 if A1, M1 & M2 are okay.
6
3
A
2
B
2
C
D
M2
Y
E
M3
Z
3
M1
12
X
6
F 10
A1
G
A2
Symptom:
F is observed 10, but should be 12 if A1, M1 & M2 are okay.
Conflict:
A1=G & M1=G & M2=G is inconsistent
A1=U or M1=U or M2=U removes conflict.
i.e., at least one is broken
Find Another Symptom
3
A
M1
6
2
C
D
3
E
4
M2
3
X
B
A1
F 10
2
Z
3
3
M1
Conflict not just upstream
from symptom
X
B
2
C
D
3
E
4
M2
A1
M3
F 10
Y
A2
Z
G 12
10
Symptom:
G is observed 12, but should be 10
Conflict:
Conflict not just upstream
from symptom
X
4
C
M2
F 10
A1
Y
G 12
10
A2
M3
E
Z
A1=G & M2=G & M1=G & M3=G is inconsistent
Summary: Conflicts
… and its Conflict
6
6
Symptom:
G is observed 12, but should be 10
Conflict:
A
M1
D
G 12
10
Symptom:
G is observed 12, but should be 10 ...
A
B
Y
A2
M3
… and its Conflict
A1=G & M2=G & M1=G & M3=G is inconsistent
A1=U or A2=U or M1=U or M3=U removes conflict
Conflict:
3
A
2
B
2
C
3
D
6
M1
E
6
M2
12
X
A1
Y
A2
M3
F 10
G
Z
A set of component modes M that are
inconsistent with the model and observations.
Properties:
• Every superset of a conflict is a conflict
• Only need conflicts that are minimal under subset
• Logically, not M is an implicate of Model & Obs
8
Summary: Kernel Diagnoses
?
3 A
2 B
2 C
3 D
Kernel Diagnosis
= {A2=U & M2=U}
M1
?
X
A1
Y
?
F 10
G 12
M3
Z
3 E
Partial Diagnosis: A set of component modes M all of whose
extensions are diagnoses.
• M removes all symptoms
• M entails Model & Obs
(implicant)
Outline
Model-based Diagnosis
ƒ Conflicts and Kernel Diagnoses
ƒ Generating Kernels from Conflicts
ƒ Finding Consistent Modes
ƒ Estimating Likely Modes
ƒ Conflict-directed A*
Kernel Diagnosis: A minimal partial diagnosis K
• M is a prime implicant of model & obs
Diagnoses Found by Mapping
Conflicts to Kernels
?
3 A
2 B
2 C
3 D
E
M1
M2
M3
6
X
6
Y
A1
12
F 10
A2
G
Z
3 A
2 B
2 C
3 D
M1
3 E
M3
{A1=G, M1=U, M2=U}
conflict 1.
F 10
{A1=U, A2=U, M1=U, M3=U}
conflict 2
G 12
A1=U or M1=U or M2=U
?
X
A1
Y
?
Generate Kernels From Conflicts
Z
removes conflict 1.
A1=U or A2=U or M1=U or M3=U removes conflict 2
Conflict: A set of component modes M that are
inconsistent with the model and observations.
Kernel Diagnoses =
• not M is an implicate of Model & Obs
Kernel Diagnosis: A minimal set of component modes K that
eliminate all symptoms.
•M is a prime implicant of Model & Obs
Ö Conflicts map to Kernels by minimal set covering
“Smallest” sets of modes that remove all conflicts
(see “Characterizing Diagnosis,” de Kleer, Reiter, Mackworth)
Generate Kernels From Conflicts
Generate Kernels From Conflicts
{A1=G, M1=U, M2=U}
conflict 1.
{A1=G, M1=U, M2=U}
conflict 1.
{A1=U, A2=U, M1=U, M3=U}
conflict 2
{A1=U, A2=U, M1=U, M3=U}
conflict 2
A1=U or M1=U or M2=U
removes conflict 1.
A1=U or M1=U or M2=U
removes conflict 1.
A1=U or A2=U or M1=U or M3=U removes conflict 2
A1=U or A2=U or M1=U or M3=U removes conflict 2
Kernel Diagnoses =
Kernel Diagnoses =
{A1=U}
“Smallest” sets of modes that remove all conflicts
{M1=U}
{A1=U}
“Smallest” sets of modes that remove all conflicts
9
Generate Kernels From Conflicts
Generate Kernels From Conflicts
{A1=G, M1=U, M2=U}
conflict 1.
{A1=G, M1=U, M2=U}
conflict 1.
{A1=U, A2=U, M1=U, M3=U}
conflict 2
{A1=U, A2=U, M1=U, M3=U}
conflict 2
A1=U or M1=U or M2=U
removes conflict 1.
A1=U or M1=U or M2=U
removes conflict 1.
A1=U or A2=U or M1=U or M3=U removes conflict 2
A1=U or A2=U or M1=U or M3=U removes conflict 2
Kernel Diagnoses =
Kernel Diagnoses =
{A2=U, M2=U}
{M1=U}
{A1=U}
“Smallest” sets of modes that remove all conflicts
“Smallest” sets of modes that remove all conflicts
Single Fault Diagnoses are the
Intersection of All Conflicts
{A1=G, M1=U, M2=U}
conflict 1.
{A1=U, A2=U, M1=U, M3=U}
conflict 2
A1=U or M1=U or M2=U
removes conflict 1.
A1=U or A2=U or M1=U or M3=U removes conflict 2
Single Fault Diagnoses = {A1=U, M1=U}
Diagnosis With Only the
Unknown
00
A
X
Inverter(i):
ƒ G(i):
ƒ U(i):
Notational Note:
B
C
Y
Outline
Model-based Diagnosis
ƒ Conflicts and Kernel Diagnoses
ƒ Generating Kernels from Conflicts
ƒ Finding Consistent Modes
ƒ Estimating Likely Modes
ƒ Conflict-directed A*
Diagnosis With Only the
Known
0
Out(i) = not(In(i))
• Isolates surprises
• Doesn’t explain
Nominal and Unknown Modes
{M2=U, M3=U}
{A2=U, M2=U}
{M1=U}
{A1=U}
00
A
X
Inverter(i):
ƒ G(i):
ƒ S1(i):
ƒ S0(i):
B
Y
C
0
Out(i) = not(In(i))
Out(i) = 1
• No surprises
Out(i) = 0
• Explains
Exhaustive Fault Modes
G(i) ≡ [i = G]
10
Solution: Diagnosis as
Estimating Behavior Modes
Example Diagnoses
Sherlock
[de Kleer & Williams, 89]
Sherlock
[de Kleer & Williams, IJCAI 89]
00
A
B
X
Inverter(i):
ƒ G(i):
ƒ S1(i):
ƒ S0(i):
ƒ U(i):
C
Y
00
0
A
1
X
B
Y
C
0
Diagnosis: [S1(A),G(B),U(C)]
Out(i) = not(In(i))
Out(i) = 1
• Isolates surprises
Out(i) = 0
• Explains
Nominal, Fault and Unknown Modes
Example Diagnoses
00
A
1
B
X
Sherlock
[de Kleer & Williams, 89]
C
Y
0
Diagnosis: [S1(A),G(B),U(C)]
1. Find Symptoms & Conflicts
0
A
X
B
0
G
1
G
Y
0
C
G
1
A
0
0
B
X
?
C
Y
?
00
0
0
0
Conflict:
not [G(A), G(B) and G(C)]
Kernel Diagnosis: [U(C)]
More Symptoms & Conflicts
0
A
X
B
0
S1
1
G
Y
0
1
Not [S1(A), G(B), and G(C)]
C
0
G
0
0
More Symptoms & Conflicts
0
0
A
X
B
S0
Y
0
1
C
0
G
0
0
not [S0(B) and G(C)]
11
More Symptoms & Conflicts
0
A
B
X
Y
C
0
All Conflicts
ƒ < S1(C) >
ƒ < S0(B), G(C) >
S1
0
1
0
ƒ < S1(A), G(B), G(C) >
ƒ < G(A), G(B), G(C) >
not S1(C)
2. Constituent Diagnoses
from Conflicts
3. Generate Kernel
Diagnoses
ƒ < S1(C) >
=> G(C),S0(C) or U(C)
ƒ [G(C),S0(C),U(C)]
ƒ < S0(B), G(C) >
=> G(B),S1(B),U(B),S1(C),S0(C) or U(C)
ƒ [G(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ < S1(A), G(B), G(C) >
=> G(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C) or U(C)
ƒ < G(A), G(B), G(C) >
=> S1(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C) or U(C)
ƒ [G(B),S1(B),U(B),S1(C),S0(C),U(C)]
ƒ [S1(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [U(C)]
3. Generating Kernel
Diagnoses
3. Generating Kernel
Diagnoses
ƒ [G(C),S0(C),U(C)]
ƒ [G(C),S0(C),U(C)]
ƒ [G(B),S1(B),U(B),S1(C),S0(C),U(C)]
ƒ [G(B),S1(B),U(B),S1(C),S0(C),U(C)]
ƒ [G(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [G(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [S1(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [S1(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [U(C)]
ƒ [S0(C)]
ƒ [U(C)]
ƒ [S0(C)]
ƒ [U(B),G(C)]
12
3. Generating Kernel
Diagnoses
3. Generating Kernel
Diagnoses
ƒ [G(C),S0(C),U(C)]
ƒ [G(C),S0(C),U(C)]
ƒ [G(B),S1(B),U(B),S1(C),S0(C),U(C)]
ƒ [G(B),S1(B),U(B),S1(C),S0(C),U(C)]
ƒ [G(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [G(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [S1(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [S1(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [U(C)]
ƒ [S0(C)]
ƒ [S1(B),G(C)]
ƒ [U(B),G(C)]
ƒ [S1(B),G(C)]
ƒ [U(C)]
ƒ [S0(C)]
ƒ [U(A),G(B),G(C)]
ƒ [U(B),G(C]
3. Generate Kernel
Diagnoses
00
A
X
B
Y
C
00
Diagnoses: (42 of 64 candidates)
ƒ [G(C),S0(C),U(C)]
ƒ [G(B),S1(B),U(B),S1(C),S0(C),U(C)]
ƒ [G(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [S1(A),S0(A),U(A),S1(B),S0(B),U(B),S1(C),S0(C),U(C)]
ƒ [U(C)]
ƒ [S0(C)]
ƒ [S1(B),G(C)]
ƒ [U(B),G(C]
ƒ [S0(A),G(B),G(C)]
ƒ [U(A),G(B),G(C)]
Outline
Fully Explained Failures
Partial Explained
ƒ [G(A),G(B),S0(C)]
ƒ [G(A),U(B),S0(C)]
ƒ [G(A),S1(B),S0(C)]
ƒ [U(A),S1(B),G(C)]
ƒ [S0(A),G(B),G(C)]
ƒ [S0(A),U(B),G(C)]
...
...
Fault Isolated, But Unexplained
ƒ [G(A),G(B),U(C)]
ƒ [G(A),U(B),G(C)]
ƒ [U(A),G(B),G(C)]
Due to the unknown mode, there tends to be an
exponential number of diagnoses.
G
Model-based Diagnosis
ƒ Conflicts and Kernel Diagnoses
ƒ Generating Kernels from Conflicts
ƒ Finding Consistent Modes
ƒ Estimating Likely Modes
ƒ Conflict-directed A*
G
Good
Good
U
Candidates with
UNKNOWN failure
modes
F1
Fn
U
Candidates with
KNOWN failure
modes
But these diagnoses represent a small fraction of the
probability density space.
Most of the density space may be represented
by enumerating the few most likely diagnoses
13
00
A
B
X
C
Y
0
Candidate Initial (prior)
Probabilities
p(c) = ∏ p(m)
Assume Failure
Independence
m ∈c
p([G(A),G(B),G(C)]) = .97
)
C
)
0(
S
1(
A
),
S
U
U
(A
(B
(C
)
)
)
U
p([S1(A),S1(B),S0(C)]) = .0000005
C
.001
0(
.001
)
p([S1(A),G(B),S0(C)]) = .00006
.001
S
.008
p(U)
(B
.001
.001
1
.008
.001
S
.008
p(S0)
(A
p(S1)
)
p([S1(A),G(B),G(C)]) = .008
0
C
.99
K
B
.99
S
A
.99
O
p(G)
1.2
1
0.8
0.6
0.4
0.2
0
Posterior Probability, after
Observation x = v
p( x = v | c) p(c)
p( c | x = v) =
p( x = v)
Bayes’
Rule
P(x=v|c) estimated using Model:
ƒ If previous obs, c and Phi entails x = v
Then p(x = v | c) = 1
Normalization Term
ƒ If previous obs, c and Phi entails x <> v
Then p(x = v | c) = 0
ƒ If Phi consistent with all values for x
Then p(x = v | c) is based on priors
ƒ E.g., uniform prior = 1/m for m possible values of x
0
0
X
B
Y
C
X
B
Y
C
1
p( x = v | c)p(c)
Observe out = 1:
p( c | x = v) =
p( x = v)
ƒ C = [G(A),G(B),G(C)]
ƒ Prior: P(C) = .97
ƒ P(out = 1 | C) = ?
ƒ
=1
ƒ P(C | out = 0 ) = ?
ƒ
= .97/p(x=v)
0
A
A
A
X
B
Y
C
0
0
p( x = v | c)p(c)
Observe out = 0:
p( c | x = v) =
p( x = v)
ƒ C = [G(A),G(B),G(C)]
ƒ P(C) = .97
ƒ P(out = 0 | C) = ?
ƒ
=0
ƒ P(C | out = 0 ) = ?
ƒ
= 0 x .97/p(x=v) = 0
Example: Tracking Single Faults
• which are eliminated?
• which predict observations?
• Which are agnostic?
Priors for Single
Fault Diagnoses:
A
B
C
p(S1)
.008
.008
.001
p(S0)
.001
.001
.008
p(U)
.001
.001
.001
14
A
B
X
C
Y
A
00
B
X
C
Y
00
0
1.2
1
0.8
0.6
0.4
0.2
0
00
Top 6 of 64 = 98.6% of P
0.5
0.4
0.3
0.2
0.1
)
Leading diagnoses before output observed
Summary: Candidate Probabilities
p( c) = ∏ p(m)
Assume Failure
Independence
m ∈c
p( c | x = v) =
p( x = v | c)p(c)
p( x = v)
P(x=v|c) estimated using Model:
Bayes’
Rule
Normalization Term
ƒ If previous obs, c and Phi entails x = v
Then p(x = v | c) = 1
ƒ If previous obs, c and Phi entails x <> v
Then p(x = v | c) = 0
ƒ If Phi consistent with all values for x
Then p(x = v | c) is based on priors
)
)
(C
)S
0
)
(C
U
1
Leading diagnoses before output observed
S
S
1(
(A
U
(B
)
)
(A
0
S
U
)
(C
(B
1
S
(A
K
A
S
0
O
S
),
)
C
)
0(
(C
)
U
(B
U
(A
)
)
U
C
0(
S
(B
)
)
1
S
(A
0
S
O
K
0
Due to the unknown mode, there tends to be an
exponential number of diagnoses.
G
G
Good
Good
U
Candidates with
UNKNOWN failure
modes
F1
Fn
U
Candidates with
KNOWN failure
modes
But these diagnoses represent a small fraction of the
probability density space.
Most of the density space may be represented
by enumerating the few most likely diagnoses
ƒ E.g., uniform prior = 1/m for m possible values of x
15