Isolation of unstructured system failures in dynamic systems

This paper presents a method for isolating unstructured system failures in linear, timeinvariant dynamic systems. System failures are related to components modeled by the A and B matrices, as opposed to sensor failures which are related to the C matrix of the model. Unstructured failures are those which cannot be modeled as changes in parameters of the unfailed system. The proposed failure isolation method is capable of isolating the failure to within a subsystem of the model of the monitored system. It is illustrated using a simulated turbofan engine. Introduction Recent advances in microprocessor technology have brought the computational speed of singleboard computers to the 10 Millions of Instructions per Second (Mips) range, and that of transputerbased multiprocessors to the 50 Mips range. This computational capability is sufficient for implementing Failure Detection and Isolation (FDI) systems which provide complete coverage of failures in complex industrial systems. An FDI system capable of providing complete coverage of failures in systems must perform the following functions: 1. Failure detection in the presence of: (a) modeling errors and (b) noise 2. Sensor failure isolation 3. System failure isolation Methods for failure detection and sensor failure isolation in the presence of noise have been available for over two decades. ' l 2 However, since these methods address only a subset of the problems of FDI, there are very few sophisticated FDI systems in use today. Modeling errors, rather than noise, are the main problem for FDI in most practical application. They limit the sensitivity of FDI in all systems which include mechanical parts and thermo-fluid processes, such as flight controls, jet engines and servoactuators. An effective solution to the problem of modeling errors, the Reachable Measurement Intervals pethod, has been introduced only recently. ' Failure isolation, the determination of the location and details of a detected failure, was limited until recently to sensors. Isolation of sensor failures can be achieved by executing several failure detection algorithms in parallel, and is just a minor step beyond failure detection. ember of Technical Staff Copyright @ American Institute of Aeronautics and Astronautics, Inc., 1989. All rights reserved. This problem is quite simple compared to the isolation of system failures, such as a broken mechanical component, which change the dynamics of the open-loop system. Recently, a method has been developed which can isolate structured system failures, i.e. failures which can be modeled as changes in the5 parameters of the model of the unfailed system. This paper presents a method for isolation of unstructured system failures, those which cannot be modeled as parameter changes because of their time-varying, random and nonlinear nature. Analysis of the Failure Isolation Problem Failures in dynamic systems can be classified as system failures, actuator failures, and sensor failures. They are related to the A, B, and C matrices of a state-space model, respectively. Sensor failures are relatively easy to detect because they do not change the eigenstructure of the system, which is determined by the system matrix A. Therefore, it is possible to decouple the sensor isolation process from the dynamics of the system, thus reducing the complexity of the problem to that.of sensor failure isolation in a static system. Sensor failures can be isolated by executing several failure detection algorithms in parallel, each one based on a different subset of the system measurements. The failed sensor is then isolated by examining the failurelno-failure decisions of the detection algorithms which3use that sensor and those which do not use it. In many systems the actuators cannot be modeled by the input distribution matrix B alone. Those with non-negligible dynamics, such as hydraulic actuators, must be included in the system matrix A. In that case only the static gains of the actuators appear in the matrix B. Even instantaneously-responding actuators are frequently modeled so that their gains appear both in the A and the B matrices. To facilitate the development of a general approach to actuator failure isolation, it is convenient to include all the parameters related to the actuators in the system matrix A. This can be accomplished by augmenting the matrix A with additional state variables v which are proportional to the inputs u within the bandwidth of the system. The new state variables are defined by i=-Kv+Ku, where u is a system input and K is a diagonal matrix of large gains. In the augmented system, terms of the type bv in the new system matrix replace the original input terms bu. The input matrix of the augmented system is K, which is known exactly and does not contain any system parameters. The system augmentation transforms the actuator failure isolation problem into system failure isolation, which we solve as described next. The fundamental problem for system failure isolation is that after the onset of failure and prior to its isolation a model describing the system dynamics is not available, thus making model-based failure isolation difficult. Since very little can be accomplished without a model, the key to system failure isolation lies in efficient utilization of the model of the unfailed system in isolating the failure. The problem can be summarized as follows. The model of the unfailed system is available. The response of the failed monitored system is completely different from that predicted by the model, because of the failure. The challenge is to isolate the failure based on the outputs of the failed monitored system and the model of the unfailed system. There are two possible approaches to this problem, according to the type of the failure. If the failure has a structure which can be anticipated and modeled as parameter changes of the original model, it can be isolated by testing for agreement between the measurements from the monitored systems and the outputs of the model of the unfailed system modified to include the effects of a hypothetical failure. If agreement is found, the failure hypothesis is correct and the failure has been isolated. In this case the structured failure has been also been identified, i.e., its size has been estimated. The details of this 5isolation method have been published previously. Failures which do not have a specific structure cannot be identified, because no algorithm can guess the details of the failure out of the infinite number of possible random, non-linear and time-varying events that could be happening. The goal in this case is isolating the failure to within a subsystem of the model of the unfailed system. This can be accomplished by partitioning the system into subsystems and applying fallure detection algorithms to them. A failure has been isolated if a subsystem is found failed, while all subsystems excluding it are unfailed. An effective method for isolation of unstructured failures is the main result of this paper, and is detailed in the next section.