Fault Aware Systems. Model-based Programming and Diagnosis Brian c. williams 16412J/6.834J March 8th. 2004 courtesy of JPL nes Four launches in 7 months MERS CSAIL Mars climate orbiter: 12/11/98 Mars polar lander: 1/3/99 Stardust: 2/7/99 Quickscat: 6/19/98 courtesy of JPL
courtesy of JPL Fault Aware Systems: Model-based Programming and Diagnosis Brian C. Williams 16.412J/6.834J March 8th, 2004 Brian C. Williams, copyright 2000 Four launches in 7 months Mars Climate Orbiter: 12/11/98 Mars Polar Lander: 1/3/99 Stardust: 2/7/99 QuickSCAT: 6/19/98 courtesy of JPL
Outline MERS CSAIL Fault aware Systems and Model-based Programming Model-based Diagnosis Multiple-fault Diagnosis based on Conflicts Mode estimation tlaa Why model-based Programming? MERS Leading Diagnosis .Legs deployed during descent loise spike on leg senso latched by monitors Laser altimeter registers 50ft Begins polling leg monitors to determine touch down Latched noise spike read as Image courtesy of JPL touchdown Engine shutdown at -50ft Mars 98 Climate Orbiter · Mars polar lander Create Embedded Languages That Reason on the fl from Commonsense models
Outline • Fault Aware Systems and Model-based Programming • Model-based Diagnosis • Multiple-fault Diagnosis based on Conflicts • Mode Estimation Why Model-based Programming? Create Embedded Languages That Reason on the Fly from Commonsense Models Leading Diagnosis: •Legs deployed during descent. • Noise spike on leg sensors latched by monitors. • Laser altimeter registers 50ft. • Begins polling leg monitors to determine touch down. • Latched noise spike read as touchdown. • Engine shutdown at ~50ft. Mars 98: • Climate Orbiter • Mars Polar Lander Image courtesy of JPL
MERS CSAIL WORLD observations Plant actions P(S sense act Diagnostic Agent AGENT · Monitors diagnoses Repairs avoids Symptom-based Probes and tests Consistency-based Model-based Programs MERS CsAIL Interact Directly with State Embedded programs interact with Model-based programs plant sensors/actuators interact with plant state · Read sensors Read state Set actuators Write state ,,, Model-based Embedded Program Embedded Program obs Cntrl Plant Plant Programmer must map between Model-based executive maps state and sensors/actuators between sensors actuators to states
sense P(s) WORLD observations actions AGENT Diagnostic Agent: • Monitors & Diagnoses • Repairs & Avoids • Probes and Tests Plant act Symptom-based Consistency-based Model-based Programs Interact Directly with State Embedded programs interact with plant sensors/actuators: • Read sensors • Set actuators Model-based programs interact with plant state: • Read state • Write state Embedded Program S Plant Obs Cntrl Model-based Embedded Program S Plant Programmer must map between state and sensors/actuators. Model-based executive maps between sensors, actuators to states
RMPL Model-based Program Titan model-based executive Control Program Executes concurrently Generates target goal states Preempts Queries(hidden) states conditioned on state estimates Asserts(hidden)state System Model State estimate State goals Track Tracks least likely plant states cost goal states Valve Open C 001-Ng Stuck Stuck Closed inflow=gclosed/ Observations Commands Plant MERS CSAIL Orbital Insertion Example Turn camera off and engine on 自自 Engine Engine EngineA Engine Science camera Science Camera
Control Sequencer Deductive Controller System Model Observations Commands Control Program Plant RMPL Model-based Program Titan Model-based Executive State estimates State goals Generates target goal states conditioned on state estimates Mode Estimation Mode Reconfiguration Tracks likely plant states Tracks least cost goal states z Executes concurrently z Preempts z Queries (hidden) states z Asserts (hidden) state Closed Valve Open Stuck open Stuck closed Open Close 0. 01 0. 01 0.01 0.01 inflow = outflow = 0 Orbital Insertion Example EngineA EngineB Science Camera Turn camera off and engine on EngineA EngineB Science Camera
Model-based Program MERS CSAIL Control program specifies Orbitinserto: state trajectories (do-watching((EngineA= Thrusting) OR (EngineB= Thrusting)) fires one of two engines (parallel sets both engines to standby (EngineA= Standby) ngineB Standby) prior to firing engine, camera must be turned off to avoid plume contamination (do-watching(EngineA=Failed) (when-donext((EngineA= Standby) AND in case of primary engine failure, fire (Camera=Off) backup engine instead (Engine= Thrusting)) (when-donext((EngineA= Failed) AND Plant Model describes (EngineB= Standby) AND (Camera=Off)) behavior of each component (EngineB= Thrusting)) Nominal and off nominal qualitative constraints likelihoods and costs Example: The model-based program sets engine=thrusting, and the deductive controller Mode estimation Mode reconfiguration Oxidizer tank Fuel tank →点 Deduces that configuration thrust is off. and the engine is healthy plans actions Deduces that a valve six valves d- stuck closed Determines valves on backup engine that will achieve thrust. and plans needed actions Mode reconfiguration Mode estimation
Model-based Program Control program specifies state trajectories: • fires one of two engines • sets both engines to ‘standby’ • prior to firing engine, camera must be turned off to avoid plume contamination • in case of primary engine failure, fire backup engine instead OrbitInsert():: (do-watching ((EngineA = Thrusting) OR (EngineB = Thrusting)) (parallel (EngineA = Standby) (EngineB = Standby) (Camera = Off) (do-watching (EngineA = Failed) (when-donext ( (EngineA = Standby) AND (Camera = Off) ) (EngineA = Thrusting))) (when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Off) ) (EngineB = Thrusting)))) Plant Model describes behavior of each component: – Nominal and Off nominal – qualitative constraints – likelihoods and costs Example: The model-based program sets engine = thrusting, and the deductive controller . . . . Determines valves on backup engine that will achieve thrust, and plans needed actions. Deduces that a valve failed - stuck closed Selects valve configuration; plans actions to open six valves Oxidizer tank Oxidizer tank Fuel tank Fuel tank Deduces that thrust is off, and the engine is healthy Mode Estimation Mode Reconfiguration Mode Reconfiguration Mode Estimation