4.2 Automated FPA
4.2.2 Sensor Configuration and Disturbing Events
ye1
ye2 ye3
ye4 d1,f1
uf1
uf3
uf4
d3,f3
d4,f4
ye1 ye3
d4,3 d2,3
d4,1
(a)
ye1
d3,2 ye2
ye3 ye4 d1,4
d3,1
(b)
Figure 4.6: The graphsGf (Fig (a)) andGe(Fig. (b)) after edges are cutted.
Definition 4.2.4 (Faults and Disturbing Events) Define the set of all possible events in (4.8) asF = Sn
i=1Fi where each Fi is the set of events associated with theith component andnis the number of components in the system. This set can be split into a set which should be detectedFf ⊆ F and a set which should notFd ⊆ F, where Ff∩ Fd=∅.FdandFfdenote the set of disturbing events and faults repectively.
From (4.9) it is seen that the end-effects are given byedi ←Ad·diin the no fault case, i.e.f = 0. Hereediis the effect vector generated by theithdisturbing event vector di ∈ Fd. Likewise, it is seen that the end-effects are given byef j←Af·fk+Ad·dj
in the case of the fault vectorfk ∈ Ffand thejthdisturbing event vectordj ∈ Fd. For a fault vectorfk to distinguishable from the no fault case all possible effect vectors in the faulty caseef jmust be different from all possible effect vectors in the no fault case edi, i.e.
ef j6=edi ∀di,dj∈ Fd (4.10)
whereef j ← Af ·fk +Ad ·dj andedi ← Ad ·di. If this expression is true for alldi,dj ∈ Fd the given faultfk is said to be detectable in a logical sense. This is formalized in the following definition.
Definition 4.2.5 (Logical Robust Fault Detectability) The fault vectorfk ∈ Ff is log-ical detectable if the effect vectoreendin the case of the fault vectorfkis different from the effect vectoreendin the no fault case. This must be true for all possible combinations of disturbing events in both the fault and in the no fault case.
From (4.10) it is seen that for a fault to be logical detectable in a robust manner, it is necessary that at least one of the effects of the fault cannot be corrupted by any disturbing events. The following theorem states the conditions for this to be possible.
Theorem 4.2.2 (Logical Robust Fault Detectability) LetIfbe the set of vectors with only 1 element different from zero. Letfk ∈ If be a vector with only thekthelement different from zero, and letAf andAdbe defined as in (4.9). Let(Af)j,kbe thej, kth element inAf and likewise for(Ad)j,k, then the fault described byfk is logically de-tectable iff,
∃j∈ {1,2,· · ·, ne} : (Af)j,k= 1and
nd
X
i=1
(Ad)j,i= 0 (4.11) whereneis the number of end-effects andnd is the number of disturbing events. This is the same as saying thatfk can be distinguished from all possible combinations of disturbing events.
Proof: (Af)j,k = 1implies that thejthelement ofefk ← Affkis equal to 1 forfk ∈ Ff. Moreover,Pn
i=1d(Ad)j,i = 0implies that thejthelement ined ← Addis equal to zero for
alld ∈ Fd, i.e. thejthelement ofewill always be equal to zero in the no fault case. This again implies that, only faults can affect thejthelement ine. Therefore, if thejthelement of e←Aff+Addis different from zero it must be due tof.fkwill cause thejthelement ineto be different from zero, therefore (4.11) implies thatfkis robust detectable.
Now assume thatefk6=ed, where
efk←Af·fk+Ad·d (4.12a)
ed←Ad·d. (4.12b)
This implies that there exists an elementjin efk and ed, such that thejth element inefk is different from thejthelement ined. For this to be true thejthelement inedmust be equal to zero, as the termAd·dis part of both (4.12a) and (4.12b). Foredto be zero for alld∈ Fdthe jthrow ofAdmust equal zero, i.e.Pn
i=1d(Ad)j,i= 0. Therefore, for thejthelement ofefkto be different from thejthelement ofed, thejthelement ofefkmust be different from zero. This implies that(Af)j,k= 1for the faultfkto be detectable. ¤
Remark 4.2.4 From Theorem 4.2.2 it is seen that ifFd=∅, meaning that no disturbing events exist in the system, then the demand for detectability offkreduces to(Af)j,k= 1 for somej∈ {1,2,· · ·, ne}.
If Theorem 4.2.2 is fulfilled for a given fault in a system, then this fault is detectable despite of the disturbing events affecting the system.
In some cases not all disturbing events are independent. As an example there could exist two disturbing eventsd1andd2;d1saying that an input to a given component is increasing andd2 saying that the same input is decreasing. In this cased1andd2 are mutually excluded ord1= 1→d2 = 0andd2 = 1→d1= 0. When this is the case Theorem 4.2.2 is too restrictive.
In general such dependencies between disturbing events can be described by, di1 = 1, di2= 1,· · · , diα = 1 → dj1 = 0, dj2= 0,· · · , djβ = 0 (4.13) where there areαdisturbing eventsdi1 todiα, which excludeβ disturbing eventsdj1
todjβ. The following Corollary relaxes the demands for logical robust fault detection, whenhdependencies on the form (4.13) are assumed.
Corollary 4.2.1 (Logical Robust Fault Detectability) For thecthdependency expres-sion on the form (4.13), defineα+ 1fault propagation matrices, whereαmatrices are formed by setting theithl column equal 0,l ∈ {1,2,· · · , α}, and one matrix is formed by setting thej1th, jth2 ,· · · , jthβ columns equal 0. These matrices form the set,
Ac={Ad,i1,Ad,i2,· · ·,Ad,iα,Ad,j}. (4.14) If there arehdependency expression there existA1toAhof this sets each corresponding to one dependency expression. This means that there existsh0=Qh
x=1(αc+1)different
combinations given by the set,
Ah= (
Ah|Ah=
^h
c=1
Ac, Ac ∈ Ac
) .
Iff Theorem 4.2.2 holds for a faultfk ∈ If for allAh ∈ Ah, then the fault is logical detectable.
Proof: Before stating the proof a set of disturbing event vectors is defined. From Theorem 4.2.2 it is obvious that all end-effects, which can be affected by disturbing events, will be affected if all elements indis equal to 1. Let this worst case vector be given by1d. When there are mutual excluded disturbing events, as given in (4.13), the vector1dbecomes too restictive. In this case the vectors with the maximal possible number of elements equal to one, must form the set of worst case vectors. Let this set be given by,
Dc={d1,d2,· · ·,dm}
Examining (4.13) the firstm−1vectors must be formed by setting one of the elementsi1toiα
equal to zero. Themthvector is formed by setting the elementsj1,· · ·, jβequal to zero. From this it is deduced that there existm=α+ 1independent vectors inDcdescribing the possible worst case disturbing event vectors, when the mutual exclusion (4.13) exists. If there existhof these mutual exclusions, forminghsets of vectorsD1,D2,· · ·,Dhall possible worst case vectors can be defined as,
D={d|d=d1∧d2∧ · · · ∧dh, whered1∈ D1, d2∈ D2,· · ·,dh∈ Dh} where∧is the logical "and" operator. Each of the elements inDis formed byαc+ 1vectors, meaning that the total number of vectors becomesΠhc=1(αc+ 1).
To prove Corollary 4.2.1 recognise that Theorem 4.2.2 holds for allAh∈ Ah. This implies thatfk is logical robust detectable with respect to each Ah ∈ Ah, which again implies that ef 6=edwhereef ←Affk+Ahdanded←Ahd. Ah=Vh
c=1Ac, whereAc ∈ Acis on the form described in the corollary. From the definition ofAcit is seen that for eachAc ∈ Ac
there corresponds exactly onedc∈ Dcsuch thatAc1d=Addc. Using this the following is true for eachAh∈ Ah,
Ah1d= Ã h
^
c=1
Ac
! 1d=
à h
^
c=1
Ac1d
!
= Ã h
^
c=1
Addc
!
=Ad
à h
^
c=1
dc
!
=Add whered∈ D. Due to the one to one correspondency betweendc∈ DcandAc∈ Acthe above equation implies that if Theorem 4.2.2 hold for eachAh∈ Ah, thenfkis logical robust detectable for every disturbing event vectord∈ D. In the start of the proof it was argued that all worst case disturbing event vectors are contained inD. Therefore,fkis detectable for all possible disturbing event vectors.
To show sufficiency just reverse the proof. ¤
Theorem 4.2.2 and alternatively Corollay 4.2.1 states the demands for a fault to be robust detectable in a logical sense. If this is the case for a set of faults in a system, it
is interesting to know if the faults in this set can be distinguished from each other i.e.
efk 6= efi wheneverfk 6= fi wherefk, fi ∈ If. The following theorem states the demands for this to be possible,
Theorem 4.2.3 (Logical Fault Identification) LetIf be the set of vectors with only 1 element different from zero. Letfk ∈ If be the vector describing thekthfault and let (Af)k denote thekthcolumn inAfthen the fault described byfkcan be distinguished from all otherf ∈ If in a logical sense iff,
(Af)k6= (Af)i ∀i6=k, i∈ {1,2,· · ·, n}. (4.15) Proof: Two faultsfk andfi (fk 6= fi,fk,fi ∈ If) are distinguishable ifefk 6= efi, where efk←Affkandefi←Affi. Letfkbe a vector with only thekthelement different from zero.
Thenefkequals thekthcolumn inAf, i.e.(Af)k. Likewise, letfibe a vector with only theith element different from zero. Thenefi equals theithcolumn inAf, i.e. (Af)i. From this it is immediately seen that (4.15) implies thatefk 6=efiwheneverfk6=fi, wherefk, fi∈ If. This completes the proof. ¤
Remark 4.2.5 It should be noted that the effects used for fault identification must not be corrupted by disturbing events. Therefore if there are disturbing events in the system only the end-effectsej associated withPnd
i=1(Ad)j,i = 0 should be used in Theorem 4.2.3.
Remark 4.2.6 In (Blanke et al., 2003) a methods for defining the logical connection from the effects to the faults is given, i.e. f ← B¯ewhere¯is a special operator defined in (Blanke et al., 2003). Using this expression it is possible to identify a given fault from the measurable effects, whenever Theorem 4.2.3 is fulfilled for the system.
If both Theorems 4.2.2 and 4.2.3 are fulfilled for a set of faults in a system, then this set of faults are said to be robust identifiable in a logical sense. Whenever this is the case it is possible to measure a set of effect in the system, and from these measurements detect and isolate the faults.
Unfortunately for many systems it is not possible to find a set of measurable effects where both Theorems 4.2.2 and 4.2.3 are fulfilled. However, in many cases Theorem 4.2.3 is fulfilled but not Theorem 4.2.2. In these cases the problem is that the disturbing events cannot be distinguished from the faults in a logical sense. However, it might still be possible to quantitatively decouple the disturbing events from the faults using model-based techniques.