l5_fault_sys_mod

l5_fault_sys_mod - Fault Aware Systems: Model-based...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Control Sequencer l Program Model-based Program Executes concurrently Preempts Queries (hidden) states Asserts (hidden) state Fault Aware Systems: Model-based Programming and Diagnosis Outline ± Fault Aware Systems Through Model-based Programming ± Diagnosis as Detective Work ± Model-based Diagnosis Brian C. Williams 16.412J/6.834J March 8 th , 2004 courtesy of JPL Brian C. Wil iams, copyright 2000 Mars Polar Lander Failure Programmers are overwhelmed by the bookkeeping of reasoning about unlikely hidden states Leading Diagnosis: • Legs deployed during descent. • Noise spike on leg sensors latched by software monitors. • Laser altimeter registers 50ft. • Begins polling leg monitors to determine touch down. • Latched noise spike read as touchdown. • Engine shutdown at ~50ft. Fault Aware Systems: Create embedded languages That reason and coordinate on the fly from models Like Storyboards, Model-based Programs Specify The Evolution of Abstract States Embedded programs evolve actions by interacting with plant sensors and actuators: • Read sensors • Set actuators Embedded Program S Plant Obs Cntrl Model-based programs evolve abstract states through direct interaction: • Read abstract state • Write abstract state Model-based Embedded Program S Plant Model-based executive maps between state and sensors/actuators. S’ Model-based Executive Obs Cntrl Programmer maps between state and sensors/actuators. Descent Example EngineA EngineB Science Camera Turn camera off and engine on EngineA EngineB Science Camera System Model Commands Observations Contro Plant Titan Model-based Executive RMPL State goals State estimates Generates target goal states conditioned on state estimates Tracks likely plant states Tracks least cost goal states z z z z OrbitInsert(): ( do-watching ( EngineA = Firing) OR (EngineB = Firing) ( paral el (EngineA = Standby) (EngineB = Standby) (Camera = Of ) ( do-watching (EngineA = Failed) ( when-donext ( (EngineA = Standby) AND (Camera = Of ) ) (EngineA = Firing) ) ( when-donext ( (EngineA = Failed) AND (EngineB = Standby) AND (Camera = Of ) ) (EngineB = Firing) ) Closed Valve Valve Open Un Un - known known Stuck Stuck closed closed Open Close 0. 01 0. 01 0. 01 0.01 0.01 inflow iff outflow 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Possible Behaviors Visualized by a Trellis Diagram Determines that valves on the backup engine will achieve thrust, and plans needed actions. Deduces that a valve failed - stuck closed Plans actions to open six valves Fuel tank Oxidizer tank Deduces that thrust is off, and the engine is healthy Identify Modes Diagnose Failure Modes Reconfigure Modes Repair Modes Model-based Programs state trajectories: Control program specifies OrbitInsert():: ( do-watching ((EngineA = Thrusting) OR • fires one of two engines • sets both engines to ‘standby’ • prior to firing engine, camera must be turned off to avoid plume contamination • in case of primary engine failure, fire backup engine instead Plant Model describes behavior of each component: – Nominal and Off nominal – qualitative constraints – likelihoods and costs (EngineB = Thrusting)) ( parallel (EngineA = Standby)
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 15

l5_fault_sys_mod - Fault Aware Systems: Model-based...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online