of data and commands between the breadboard, located in Huntsville, and the R&D ..... on associational knowledge is FRAMES. (Fault. Recovery and Management ...... with. Double. Recovery. In this scenario, a hard fault is placed on Remote.
f
/-,xt.tl_
,_.#
_.
O c/'T.
//51 70
p N94-21882
(NASA-CR-/_,;,-,_'Z//_l MOOEL-BASED REASONING FOR POWER SYSTEM MANAGEMENT USING KATE ANO THE SSMIPMAD Final Report (Florida Inst. of Tech.) 65 p
Unclas
G3/20
MODEL-BASED
REASONING
FOR
MANAGEMENT
USING
AND
KATE
A FINAL
s_
TO NASA-MSFC
IN
NAS-NAS39385
By Robert Avelino Daniel F.D.
THE
FULFIL_cMENT
PARTIAL
CONTRACT
POWER
SYSTEM
SSM/PMAD
REPORT
tg
OF
0198170
A. Morris J. Gonzalez J. Carreira Mckenzie
Brian December
Gann 1993
OF
THE
REQUIRE1VJ_NTS
Acronyms
FDIR
KATE
in this
.....................................
FRAMES IPC
Used
Fault
........................
Fault
Recovery
Document
Detection, and
..................................................
Isolation
Management Intelligent
...............................
Knowledge-based
and Expert
Power
Autonomous
.......................................................
Lowest-level
RBI
.........................................................
Remote
RPC
....................................................
SSM/PMAD TTA
.........
Space
Station
Module/Power
Management
............................................................
System Controller
Test
LLP
Remote
Recovery
Processor Bus
Power and
Engineer
Isolator
Controller Distribution
Time-To-Action
I
PAGE_
/NTENTIONALLY BLANK
pRBOIOtN6 ii
PAGE
BLANK
NOT
FW,.ldc"fl
Contents
3
Report
Summary
Project
Requirements
State
of the
1 and
Art
3.1
Knowledge-based
3.2
Model-based
Motivation
2
in Autonomous
FDIR
Approaches
to FDIR
Reasoning
3.2.1
Structure
and
3.2.2
Model-based
for FDIR Behavior
4 .................
....................
Models
Reasoning
6
For Power
for Power
8 Distribution
Distribution
FDIR
.... .....
12 15
4
Utilization
of KATE
16
5
Utilization
of the
19
IPC
Architecture
6.1
The
6.2
7
8
SSM/PMAD
21
IPC/RT
System
21
Overview
24
6.1.1
CAD
6.1.2
Runtime
6.1.3
Iconic
Representation
6.1.4
Frame
Data
Sample
Facilities
...........................
Runs
Facilities
with
Recovery
6.2.2
Fault
with
Double
6.2.3
Multiple
of PMAD
Objects
......................
Fault
29
Recovery
31
...................
Recovery
................
32 33 34
Test
Scenarios
7.2
Test
Results
7.3
Summary
and
............
30 .......................
without
26
29
IPC
7.1
Summary
...................
...............................
Fault
the
Overview
Validation
6.2.1
Testing
.....................
...............................
35
................................ and
Evaluation
40
of Tests
....................
Reflections
42
43
iii
9
Appendix:
Using
the
9.1
Starting
the
IPC
9.2
Building
IPC/RT
IPC and
Using
47 the
Menus
.............................
.................
47 51
iv
List
of Tables Test
Objectives
Example
Runs
Results
of IPC
Speed
Comparison
39
.............................. for Fault Tests
Tests
on PMAD of Local
4O
...................... Breadboard
vs. Remote
v
Testing
.............. ............
41 42
List
of Figures
1
Meta-Object
2
The
3
Intelligent
4
Program
Flow
for Load
5
IPC/RT
CAD
Facilities
6
IPC/RT
Runtime
7
Example
Iconic
8
Monitoring
9
Scenario
1: Fault
10
Scenario
1: Failure
11
Scenario
2: Fault
12
Scenario
2: Failure
13
Scenario
3: Fault
14
Scenario
3: Failure
15
Main
Menu
16
Edit
Object
17
Runtime
18
Edit
Icons
19
Edit
Connections
20
Display
Definitions
SSM/PMAD
Breadboard
Power
the
Schematic
Controller
Architecture
Model
Menu
Object Dialog
20
................
22 23
......................
Overview
25 27
..................
29
...........................
SSM/PMAD
Bar
................
.........................
Facilities RPC
18
.........................
to RPC
P306
.....................
of RPC-P306 to RPC
31
.......................
and
Power
32 Restored
to PRPC-30620
P3 .......................
of RPC-P3 to RPCs
and
P303
Power
and
of RPC-P303
and
P307
34 Restored
to Critical
...............
RPC-P307
..............................
33
............
Loads
35 36 37 47 57
............................. Menu
..........................
57
Box
..........................
58
Dialog
of SSM/PMAD
Box
......................
59
Model
......................
60
vi
1
REPORT
1
SUMMARY
Report
The
overall
which tion
Summary
goal of this research
automates
tasks
in spacecraft as the
by the
include:
IPC
1. Continuous
The
IPC
of anomalous
IPC
that
evidence
review
model-based
of this
Developing requirement,
performs
impetus
a fault
power
system distribu-
system
specific
a source
is referred
tasks
performed
to a set of loads;
to one of the components
therefore
Station
and
systems
(e.g.
which
(fault
detection,
life-support)
desire
applied
proving
applied testing
Module/
called to test
FDIR
confirmation in this
tools
this of the
for
KATE
model-based the
to spacecraft
or refuting
hypothesis
power has
system
produced
no
hypothesis.
The
hypothesis
that
domain.
in a real-time Power
re-
Test
applications.
a technique
is the
the
of software
to FDIR
on model-based
has been
Autonomous
of a set
models
research
and
operations.
consists
employs
results
isolation
(Knowledge-based
behavior
extensive
and
of these
KATE
can be successfully
Space
FDIR
literature
yielding
of system;
(recovery).
be successfully
research
the IPC required
loads
of KATE
for this
behavior;
remainder
each
and
can
efforts
the
out
for diagnosis
of the
reasoning
present is called
structure
effort,
from
NASA-KSC.
reasoning
of previous
significance
this
at
major
The
of anomalous
to critical
being
evolved
an AI system
Our
object)
operations
applying
model-based
FDIR.
(faulty
has
and
software
or IPC.
indicating
(explanation)
successfully
developing
electrical
resulting
from
of a software
system;
conditions
developed
The
behavior
of flow of power
system
reasoning.
The
flow of power
Engineer),
includes
systems.
controlling
of the
of these
The
and
monitoring
fault
collection
the development
Controller,
5. Maintenance
covery).
power
of culprit
despite
to monitoring
of diagnosis
4. Isolation
been
Power
distribution
3. Generation
has
Intelligent
2. Fast detection of the
effort
related
electrical
to hereafter
The
1
environment.
Management
and
To meet Distribution
2
PROJECT
system
REQUIREMENTS
(hereafter,
board
using
transfer
simply
commands
sites,
viz.,
Orlando
a matter
research
factor
functions
on the
and
It soon
simulated
components
the
became
Remote
the
IPC,
conditions
have
been
of an in-flight the
test
of internet
a scenario
was
out
the
delay
was
in which
the
internet
Local
functions
and
testing
to carry
spacecraft.
IPC
and
was tested
remote
the
it simulated
bread-
in Huntsville,
the
that
IPC
consisted
expensive
however,
in which
to develop
located
Initially,
since
controller
testing
FL.
clear,
PMAD
[10]. The
breadboard,
it would
The
built
Freedom
remote.
Melbourne,
since
2
was utilized.
Station
between
in evaluating
hand,
station
local and
as a ground-based
other
PMAD)
on Space
of expediency,
at NASA-MSFC.
an important IPC
two methods: and
R&D
of space
to be used
of data
MOTIVATION
or simply
system
software
on PMAD
the
SSM/PMAD
is a distribution
automation
AND
testing,
as an on-board
controller. The
remainder
of this
document
describes
ics
related
to the
development
of the
the
project
goals,
methodology,
and
discussion tecture
of model-based of the
of the
tests
analysis
IPC
performed
of the
test
of model-based
2
results
Project
There
in general,
are particularly Station
(section
context
a more
of the
important
extensive
introduction
will be presented.
There
for performing
6, following
of the proving
top-
FDIR.
to
follows The
by an extensive
archi-
summary
by way of final summary, the
feasibility
a
of the
an
concept
control.
and
advantages
of automating
and
of power
control
dramatic
Freedom,
each
7). Finally,
Requirements
are numerous
agement
utilized
in section
PMAD
in the
First,
as a technique
is discussed
on the
power
tools
reasoning
itself
IPC.
in detail
in the
where control
and
to reside
on board,
making.
Alternatively,
the
software
used
ground
and
to assist
distribution
case of future,
it is especially
monitoring
subsystems.
be capable
of both
could
to spacecraft
in particular.
to maintain
We envision
as part
in spacecraft
of the
ground-based
FDIR.
as Space manual
in its final
interactive
man-
advantages
such
continuous,
an IPC, and
power
These
spacecraft
fully autonomous
reside
controllers
related
long mission
inefficient
of vehicle
IPC
tasks
Motivation
form,
decision automation
2
PROJECT
REQUIREMENTS
To make a number power
significant
of initial
distribution One from
the
or from
circuit,
Such
can
either
can
second
cause
useless, loads
the even
only
themselves.
power the
A short of current
must
be immediately
isolated
some
loads
from
until
the
condition
is to isolate
the
short
heat
of a fault
buildup
designed the
to flow in the
that
circuit
has
the
while
when
to handle
them.
It is typically
circuit)
within
representative,
but
0.25
in general,
properly.
of power
tripping
the
open
the
larger
taken
loads
place side
the
current
even
circuit
this
which
render the
effects
them affected
if it causes components
if this means
disabling
can be eliminated.
The
loads.
in order
to avoid
the
the
damaging
or equipment
a fault
detection. flow,
and
the faulty
to interrupt from
place,
circuit,
within
flow in conductors
seconds
breaker, continuity.
took
is a short
of the
the fewest
desirable
off
loads.
destructive
rapidly
electrical
circuit
of faults
short
cut
of a circuit
it to lose
have
currents
to 0.50
is unintentionally
For this reason,
quite
large
the
to perform
disabling
to be done
occurs
system
of the circuit,
caused
that
short
rest
in
entire
have
circuit.
can occur
in a power
all or some
also
that
with
can occur
of specific
not
were faced
of faults
types
may
can
of faults
causes
number
circuit
the sorts
where
of the
circuit
amounts
Isolation
that
flow to bypass
short
developers
inadvertent
hierarchy
significant
the IPC
source
from
3
kinds
of the
the
or a large
large
goal
where
in the
more
though
ability
result
one,
electric
two basic
to a conductor
location
and
was to classify
the
incidents
damage
on the
this goal,
In general,
is an open
Depending
The
first
affect
physical
disable
The
that
load.
MOTIVATION
to realize
systems.
system
of them
strides
tasks.
distribution
AND
current
These faster
not (isolate
numbers
are
it needs
to be
afford
to be
interrupted. Some isolated
loads, from
however,
the power
to an operating control
equipment,
redundant upon
room
maintain
(nearly)
can be enabled
source
considered under
in a hospital,
critical
any
of power
power
the
subsystems
from
such
and/or
path,
the
uninterrupted through
to a large
or paths
of one source
power closing
in nature,
circumstances.
as well as life support
sources
disability
are
flow.
of normally
sources other
and
cannot
Examples computer
of these bank,
in spacecraft. are generally one is activated
are power
power
to fire
For critical designed
loads, so that
immediately
to
Access
to the
alternate
source
of power
open
circuit
breakers,
which
establish
3
STATE
a path
OF
from
THE
a power
Electric
power coinciding
out
with
voltage
and
current
the
former.
to power review
summarized
3. Limited
switch
from
to trip
relays
switching sensing
open
interface which
device.
and
on the
and
stage
function
is carried
transformers, being
in this
efforts
the network,
more
or VT's,
common
than
the tasks
process,
related
an extensive
was undertaken.
These
are
and
local
and
and
new
directions
system from
has
software;
recovery
using
in computer
circuit
breaker
and
a mechanism
mathe-
automation
the
sensor
for sending
control,
local
in scope.
a breaker
to the
to an abnormal
to as local
been
a CT,
flow of electricity
referred
response;
hardware
control
values
as a response
is often
as
and
a power
the
possess
be characterized
networks.
current
the
can
for fast
diagnosis,
neural
interrupt
control
computer
untested,
normal
itself
devices
intelligence;
whole
FDIR
techniques:
of protecting
typically
This
latter
system
conventional
between
to trip
the
similar
other
or artificial
than
voltage
in Autonomous
for software
means
device
gear
processing
of higher
it. The
tective
the
parallel
traditional
detection manded
but
monitoring
the IPC was to automate
distribution
using
modeling
4. Promising, using
Art
of the following
capabilities
matical
respectively),
describing
in power
monitoring
(called
throughout
section.
of the
1. Sophisticated
sensors
The
As a preliminary
following
4
locations
of a breaker.
in building
literature
one or more
2. Global
then,
FDIR.
art
at various
current
or CT's,
research
of the
employing
The
and
FDIR
load.
are monitored the location
sensors
in the
state
to the critical
objective,
State
The
with
distribution
of the
3
source
transformers,
primary
IN AUTONOMOUS
systems
typically
Our
ART
will be com-
load(s)
downstream
is provided a signal
situation because
Upon
by pro-
to a nearby recognized
the
sensor
by does
3
STATE
not
OF
have
ping
THE
any indication
of breakers
the
breaker
been
the
norm
The
closest
device
in the
the entire
system
if a short
global
decision-making
device
significant
ration
over
the
local
network
system
only
with
therefore,
diagnostic
and
Reliability
the
represents
can also
readings
verification
of the
in different
locations
of reliability,
for the
device.
power
system,
them.
device
means On
as the
most
to the failure
of
its zone of protection. system,
of all sensor and
can
of reconfigu-
electrical
isolate
A reliable
one
readings,
ease
an entire and
where
power
faults
in the
intelligent
power
of the
monitoring,
system. action
Global
readings
of a
controller.
can lead
in the reliability
as correct
of sensor
in the
about
has
about
is as reliable
economy,
to recognize
entire
to as security).
reason to the
within
view
controlling
absence
distribution
a global
capability
be interpreted
validity
power
to allow
due to the
to a global
place
an improvement
function
(referred
to take
delays
trip-
control
local
of one of these
The
local
and
devices
Information
and
Such
inputs
being
on local
has
of control.
provides
isolation
all the
electrical
in terms
one monitoring
controller,
based
(a controller)
means
first.
systems
is speed;
happens
of an
advantages
distribution
incorrect
control
time
power
A malfunction
circuit
pre-determined,
of communication
scheme
system.
in the network.
to trip
to combine
result
5
locations
circuit
control
as the
device
short,
in earth-bound
of local
a protection
FDIR
at other
short
enough
unreliable
Intelligent
to the
powerful
is incurred hand,
provide
values through
years
advantage
no overhead other
of current
for many
clear
IN AUTONOMOUS
is coordinated
located
controlling
the
ART
in the
control
through
presence
provides
comparisons
something
that
local
the
of potentially framework
with
other
control
for
sensors
is not capable
of doing. Additionally, connect
critical
liability
of the
result
in serious
Third, generally pronounced is no need
from lower
global loads local
control
can
facilitate
to an alternate
source
relay-type
devices,
the
recovery
of power
whose
failure
from
without
faults
and
depending
to recognize
the
can
re-
on the
re-
condition
can
consequences. an
economic
than
that
for larger to perform
standpoint, of several
systems. periodic
the
local
Moreover, maintenance
cost
devices.
from
of a single This
difference
the maintenance on
several
intelligent
local
device
is
becomes
more
cost viewpoint,
there
devices.
This
can
be
3
STATE
OF
THE
ART
a significant
advantage
maintenance
is costly
IN A UTONOMO
in applications due
to the
US FDIR
such
6
as manned
inaccessibility
of the
space
vehicles
devices
and
where
the
such
high
cost
of
labor. Finally,
changes
are typically Such
the
changes
in order
norm
must
some
operation
depends
effective.
devices
by
new
mode.
Furthermore,
may
The
system,
trollers
global
control
will discuss
3.1
can
and
systems
Broadly
The captured expressed
which
case are
of local
in different modification
sometimes
have
rating,
global
may time
in power
delay
zones
or
systems
changes
control that
require
in the in order
environment,
the
controller
has
global
con-
easily.
have
However,
this
in other
information
more
schemes
of protection,
automated
much
isolation
control,
of devices
to the
system.
protection
zones
system
of a power and
of a different
traditional
microprocessors
to this problem.
vary
fault
distribution
the
allowed
inexpensive
techniques
significant
used
for implementing
drawbacks.
This
next
section
them.
Knowledge-based
telligence
detection
be done
be done
Knowledge-based
nism.
the
would
of powerful
to be applied
in the
In an intelligent
which
emergence
of operation
since
require
all modifications the
ones
of the power
of the years
In the
of devices
coordination.
however,
course
reflected
to remain
configuration
to maintain
the
the
on the coordination
system
about
during
or to the components
be quickly
for them
replacing even
to the loads
speaking,
techniques: first
through logically
there
the
approach
have
shown
promise
significant
two main
ezperiential-based associational
knowledge
as propositions
If (symptoms}
to
are
applies
various
Approaches
then
approaches and
as global to FDIR
control
using
the first principles-based
knowledge
acquisition of the
FDIR
based
techniques.
on This
human
mecha-
artificial approaches.
in1
experience,
knowledge
can
be
form:
(fault}.
1A more common terminology for classifying these approaches is rule-based vs. model-based. This is somewhat misleading, however, since, on the one hand, models based on first principles can be expressed as rules, and, on the other, a set of rules can be said to collectively model a system.
3
STATE
where
OF
THE
collectively
to a malfunction, this
approach
to space advanced and
knowledge
and
can suggest been
Management
Expert
at NASA-MSFC.
of managing
possible
problems
local
a clustering the
by the
heuristic-based,
If the
requisite due
to the
form,
Logically,
cent
employing based with
approach a more
engineer
does
itself
and
One
the
sensor
Recovery
mechanism
a classification data
more
SSM/PMAD
of its control
(through
the
of the
(Fault
with
as part
that
known
which
is based
not exist,
configuration
of the
is processed
can
to
drawbacks.
experienced
identified.
This
experience
is because,
of domain within
then
and
experts.
the knowledge
that
be cumbersome
fault
will not
to modify
when
are introduced.
about
and
approach behavior
represents
under
normal
as propositions f(input(ok))
ok's behavior
as an input-output
systems
model-based in the
IPC,
approach.
is relying Since
it will be useful
knowledge
about
operating
condi-
of the
output(ok)=
knowledge-based
overview.
certain
previously
of the fault,
systems
improvement
from
or is not represented
can be depicted
one taken
been
on the past
nature
of structure
(non-associative)
to suffer
have
the first principles-based
diagnostic
extensive
been
a significant
can be successfully
associative
in terms
was the
represents
or unexpected
knowledge
on the
faults
abnormal(ok)then
f expresses research
only
the knowledge
If notwhere
have
the reasoning
system
system
exhibit),
they
knowledge
Furthermore,
In its original
tions.
that
uncommon
in the
a physical
can
in conjunction
base
approach
control,
experience
be detected. changes
system
is the fact
being
base
knowledge
[38].
using
as applications
is FRAMES
in containing
systems
of them
[33], [35],
knowledge
Several
readings
of symptoms).
and
them
represented
the
most
[27],
developed
is unique
experiential-based
monitoring
Among
System),
both the
[23],
of, sensor
of action.
literature,
associational
FRAMES
a means
While
on
course
in the [18],
7
one, or a combination
a remedial
[1], [14],
based
FDIR
associates
described
systems
systems
(through
IN AUTONOMOUS
this
have
power
ART
form
function.
more the
and
first
to acquaint
Re-
more
on
principlesthe
reader
3
STATE
OF
THE
3.2
Model-based
Recent
advances
plex
systems,
sentation
behavior
the
robustness
of each
how
the
models
can
are
correct
describe
ways
attractive
experiential
detailed
structural
and
correspond these
based
drive
observation. including consistency the
(normal)
the
system.
These
problem
throughout
at those
on knowledge
points.
of the
structure
would problem
observations. is, in the
is undecidable),
explain
reasoner the
are
models
some and
can
often
of the
also
pro-
provide.
a object-based exactly
used
by the
are fed into values
are
reflects
the
reasoner model
to
which
propagated,
using
to a set of outputs,
which
the system
in general
between attempts
the
computational case,
knowledge
discrepancies
is to maintain
and
fault
can predict
inputs.
The
worst
whereas
base,
into
By this method,
discrepancies
The
models.
Fault
framework
the model
and behavior
the
reasoner.
failure
of knowledge
models
actual
diagnostic
current
behavior
or fauIt
modeled.
to the
knowledge,
the
being
Inputs
readings
Logically,
system
in the
system.
specifically,
whose
objects
actual
More
the
be encapsulated
roughly
Behavioral
of incorporating
models
to
of the
is meant
of a device,
knowledge
of the
using
of components
(i.e.,
and
to predict
diagnosis.
values
structure
inputs
can
of the
in the
based
ability
behavior
connectivity
behavioral
readings
The
and
objects
to sensor
a way
correct
of the
to the
provide
than
performance
correspond
they
solution
connectivity
can misbehave.
of failure
the
the
a component
best
models
functioning
explanation
where
simulate
proper
repre-
strmcture
of) outputs.
behavior
the
framework,
IPC,
correct
the
above,
(a set
into
structure
In the
the
into
on the
of the
as noted
by experts
about
connectivity
knowledge
com-
knowledge
based
for many,
provided
Knowledge
the
either
for diagnosing
for a robust
offers,
inputs
in which
because
knowledge
a more
model
device
of)
kinds:
reasoners
need
By behavior,
(a set
models
common
considered
vide
transfers
the
is meant
system.
be of two broad
As indicated, models
of the
FDIR
A representation
of the
By structure
rest
component
stress
diagnosed.
component
8
for developing
systems,
being
problem.
for
intelligence
as power system
to the
US FDIR
Reasoning
such
component
IN A UTONOMO
in artificial
for the
and
ART
not
is the basis
observed to find between
consistency complexity
something a difficult
and the
of model predicted
smallest
prediction
of the
and
knowledge,
of maintaining any
algorithm
computational
set
the can
problem;
do
3
STATE
hence,
OF
THE
it is important
controlling
the
parts:
first,
the
or in sets,
test.
The
faulty
One to view
knowledge,
the
most
case
of this
techniques
common
is the
for ranking
improve
effciency
involves
recording
reused, The
without operation
model-based prediction,
diagnosis or
are
diagnoses
"backward"
use
conclusion
(i.e.
the
by
the
system
phase
the
to see involves
and
on
the
the
test
component system
knowledge
is thereby
is
behavior
whole
constraint
knowledge
method
often
or more
on
to col-
list.
constraints one
final
simulator
generation
when
the
of this
the
suspect
constraints
One
which
is
from
removed,
point
number
that
in future most
use
of the from
for ranking this
says
sophisticated
technique
employed
to
this method
observations,
to be
inferences.
computational model
effect
more
and
_must
A special
[6]. Briefly,
model
cop't_c)_s
of which
criteria
Other,
Another
the
one
of components.
maintenance
from
all the
of mininality:
of failure.
probabilities.
the
preference
is in terms
to a small
explain
at least
common
space,
drawn
cost,
is the
be applied
(i.e.,
is the use of truth
consuming
about
individ-
after
A variation
of components
of a single
computational
remain
either
three
failure.
search
failures
all the
that
is a set of components
the
in reasoning
suspects
as setting
in the
as a set
assumption
suspect,
by removing
the knowledge.
improving
each
reduce
component's
of the
a c_Dt
given
hence
and
as having
testing
discrimination
behavior
inconsistency
be viewed where
be malfunctioning,
for guiding
viewed
[5]) for combining
abnormal
sole cause
can
The
be simulated
if the
can
behavior
the
is often
discrepancy.
which
suspension
where
can
base;
A diagnosis
a mechanism
knowledge
to further
normal
case
the
be reproduced.
Then
case
is the
that
suspect
(constraint
This
diagnoses,
caused
the
structural
measurements
is the
knowledge
in the
have
system.
is a suspect)
component
might
component's
entire
unknown.
the
can
process
among
uses
of each
additional
each
of the
the
models
approach
to have
suspects,
phase
behavior
performing
diagnostic
discriminating
that
fault
reasoners
a set of possible
generation
employs if the
model-based
and
components
US FDIR
for a solution.
generating
ually
IN A UTONOMO
for automated
search
In general,
lect
ART
for
to cause)
resources propagation, for the
while either
purpose
performing forward
for
of ditgnosis.
ORIQ!NAL OF POOR
PAGE'. |5 QIJALri'_
3
STATE
OF
Techniques
THE
like truth
els, have
arisen
oriented
sense
they
each
stage
behavior
This
among
and
plexity
then
e.g.
stractions
have
most
promising,
The
face
of system
to guide
the
on only
what
behavioral
and
components
abstraction
a subset
ignores
of these
dynamically, differ
when
needed,
in their
levels
These
• a predictor detects
ates
candidates
focuses
related
what
Current implies
fanout
to solve
the
views
deemed
on the
idea abis the
Two
kinds ignores
important. focusing
only
as occurring
models
with
that
of com-
abstraction
abstraction
is faced
reasoner
dependency
to perform
of objects,
The
have
one un-
abstraction
of multiple
the
than
is inessential.
the presence reasoner
may
issue
is based
on only ones
research
solving
(a signal
the
ability
in the
a time,
causal
Behavioral
to connectivity
well as applying
diagnostic
of a system
choosing
a model
model.
possesses
three
high-level
modules
in its
are: which
generates
discrepancies
• a candidate
and
of abstraction. and
model-based
architecture.
which
ignoring
"local"
more
[37]. Informally,
are possible.
have
details
connections.
for prediction/diagnosis, Every
structural,
with
complex
requires
Current
systems
in our minds,
process
is essential,
complex
attempted
complexity
reasoning
at
or reconvergent
reasoning
characteristics
Structural
dependency
of ways.
More
to more
in model-based
of focusing
certain
mutual
world
point).
in the
of abstraction,
physical
are
component
mod-
is measured
its behavior.
of equations
at a later
in order
process
consists
reconverges
in a number reasoning
which
in the
[5].
and fault
behavior
for example,
model
unknown
representation
corresponds
one
system's describing
systems,
through
in one
algebraic
Researchers
on
equation
the components;
branches
that
values
of diagnoses,
The
expressions
diagnostic
10
ranking
complexity.
algebraic
model-based
one
FDIR
probabilistic
to this
of the
propagate
whose
known.
maintenance,
in terms
constraint that
IN AUTONOMOUS
as a response
mathematically
at
ART
proposer based
between which
behavioral observed generates
on the conflicts;
predictions and
predicted
conflicts and
from
discriminates
based
on
the
model,
and
behavior; these
discrepancies; and
refines
gener-
candidates;
and
• a diagnostic
strategist
which
controls
the
diagnostic
process,
in general,
by
3
STATE
OF
THE
determining Predictors puting task
ART
the
typically the
next
deductive
the
computational
problem
the
system. discrepancies
values
When results.
made to the
of components observation.
The
consistent,
and
the
the
reasoner would
result
this
explain
the
is a set
about
diagnostic
predicted
and
behavioral
led
smallest
set
prediction
make
or hypotheses,
have
the
between
actual
predictions
assumptions
will eventually
of candidates,
The
[7], views
the
to find
discrepancy
assumptions
drive
which
by attempting
of inputs.
of knowledge
between
determines
of com-
like GDE
values
of the
[24].
process
a set
consistency
dependencies
does
correctness
given
predicted
and
is the
in systems
the
and
behavior,
failure
Removing
knowledge,
an inconsistency
records
a diagnosis
[7], which
diagnosis,
observed
of normal
whose
model's
emerge,
11
of generating
as one of maintaining
system
inconsistency.
process
in model-based
discrepancies
model
US FDIR
propagation
of the
between
The
by the
in the
constraint
closure
generation
reasoner.
step
employ
of candidate
The
IN A UTONOMO
the
and
knowledge
for explaining
the
discrepancies. The
traditional
the
so-called
the
dependencies
used
iterative a space has
search
diagnosis.
been
system.
The
other
in order
[25]. This
variations
to determine
employed main
approach
the
using
normal
process the
which
of the
bookkeeping
to strategy the
assumptions
operation, selection
until
been
records
Truth
discrepancies
model,
has
system
An Assumption-based
for this
involves
from
the
[24]. In this approach,
led to conflicts.
has
strategy
are for
two major
reasoning required
detail
meeting
Solving
have
for controlling
Maine.g.
has been
to search
a matching
as the
through
fault
model
obtained.
computation sufficient
predictions
system
adopted
strategy
(ATMS)
of possible
been
models
the
GDE
There
that
of the
system
of the
strategy
dependency-recording
in modeling
tenance part
diagnostic
these
obstacles
about
complex
to reach
(granularity)
one of these dual Systems
problems have
in developing systems
a diagnosis, to be useful
two requirements constitute been
open
developed
and
applying
structure
for diagnosis: and
building
in diagnosis. tends research which
limiting a model One
to inhibit topics incorporate
and the
of the
complicating
accomplishing
behavior amount
of
system
of
factor the other.
in the field of model-based some
of the
potential
is
3
STATE
OF
solutions
to the
stage.
3.2.1
problems of IPC
wires,
is depicted
logically
O 1)
(more
specifically,
it is essential
required.
in the
and IPC
The
interfaces
correct
of first
which
Voltages
and
behavior
of the
of the
laws of the
system.
equations provide
and the
the
with
the
the
sensors
power
the
can
desired sources
in structure
be
in the
of various
and behavior
used
voltages
as applied
law
by considering
(KVL)
of a circuit
the
and
can
by KCL
of interconnection.
presented
constraints by
purposes
this
carrying
output These
of the
are called
consist
in the
system
circuit.
imposed
imposed by the of the
current
law
by the
connectivity circuit
(KCL).
or, as an abstraction,
be characterized
by a set
These
constraints
Kirchoff's
or KVL.
not
system.
interconnections
system,
More was
is characterixed
of the
the
loads.
system.
components
currents
distribution distribution)
and
the objects.
functioning
and
power
buses,
for our
to the
system
to the entire
implied
but
to control
as well as the
voltage
secondary
switches,
inputs
imposed
to o2. In a power
(as components
correct
are determined
behavior
constraints
system
granularity
and
termed
or cables,
representing
the
equations
the
upstream
is been
the harware
Constraints
The
on
distribution
Connectivity
for
to model
components,
viewed
what
wires
describe
characterize
by Kirchoff's
are best
in association
of the form
of a set of power
which
components.
expressed
deployment
Distribution
batteries,
ol is connected
include
with
currents
loads,
representations
behavior
of rules
to the
o2 ).
commands,
principles
section
Power
Based
in a model.
to model
would
model
next
progressed
of a power
as statements
It is also required
system)
switches,
that
to include
models
12
have
For
manner.
-_- input(
signifies
granular
Models
as objects
statement
model,
in the
of components
loads,
can be represented
Otttpttt(
This
Behavior
in a straightforward
busses,
models
illustrated
of a system
represented
FDIR
but few, if any, systems are
and
structure
kinds
IN AUTONOMOUS
models.
Structure
model,
ART
problems,
These
development
The
THE
are These
to a graph
as a set of impedance
In this manner,
KCL
and
KVL
3
STATE
OF THE
As noted, device able
in digital
function
electronic
for the
complexities
diagnostic
transfer
power
system
behavior impedance)
• The
behavior
of a component
characteristics,
but
downstream first
problem
model
abstracted
dering
the
was
from
of the only
and
kinds
certain
over second
This
of a
is reasonsimilarly.
must
be addressed
behavior.
Two
such
time
such
than
were
propagated. was
(e.g.,
both
upstream
and
in behavior. that have
whose
an initial global
This
is not
result
when
been
driven
by representing
without
hin-
voltage
was
to be computed.
Secondly,
to contribute result
assumed
was
a model
to carry
value.
requirements
to the
This
in
constant works
for current
for
changes
surge).
effects
concepts
resulting
be modeled
The
were
sim-
could
as a non-computed
process.
dual
modeled.
the
Specifically,
insignificant
loads
(i.e.,
therefore
needed
too
not
is a fan,
modeling
a solution
that
and
reasonable
unnecessary)
functions.
system,
deemed also
model
were deemed
Finally,
requiring
the
reasoning
(volt-
by its input/output
by applying
of the
FDIR
also modeled
is that
developed
that
something
an exception
as changes
not merely
of the devices
granularity
in the
were
modeling
to seek
the
its required
to the
models
of parameters
and
described
IPC
properties
they
therefore
problem,
changes
in model-based knowledge
was
of loads;
by the
everywhere
system;
of directionality devices
and
of a number
characteristics
affected
components
current
resistance,
behavior
that
of structure
simultanously;
is properly
solved
rather
on the
behavior
serious
to its output.
can be approximated
function
operating
to perform
value,
impedances
The
functionality
it.
to be constant
somewhat
the
complexities
in terms
also by the
which
ability
as a constant
most
from
assumptions
which
are
is a complex
current,
assumed
systems
there
to be modeled
modeled
its input
process
systems,
age,
plifying
have
relates
and
13
are:
• A component's
The
FDIR
systems
that
systems,
in electrical
in order
IN AUTONOMOUS
model-based
as a local
However,
ART
of component
One
of the
of inputs practical an RPC
and
limitations
required
more
of structure
and
outputs
imply
a strong
for certain
kinds
of changes
opens
by this limitation more
behavior
abstract
or closes.
Many
of structure forms
sense to
researchers and
behavior
of knowledge
such
3
STATE
OF THE
as functional require
knowledge models.
specific
problem
to the
resistance
This
resistance
current
values
at the
we termed
behaviors
scribe
the
fied through
model,
opening
the
meta-
transfer
Local
hand,
sources
are
that
continuous
only
a partial
requires ally, whose
Our
IPC
developed
used
when
new
non-directional the
equations they
global
that
de-
represent
the
of a circuit
global
of
introduction
represent
imparted
phenomena
by the
behavior
by the
by deriving
algorithms
can
standard
in unidirectional
(structurally)
seems
opinion
currently
amounts
may
similar
of modeling
modioccur-
unidirectional
models.
an output
Global
from
to each
nature
of meta-objects,
of a diagnoser
as first-
phenomena,
a number
other
must
be classified
input-output
connected
the
meta-component
to that is that global
explored the
of input
either the
upstream
use of meta-
be restricted
coded
has
no way
of representing
normally
change
below).
recently
so that
by the
to the
their
about variable
an interval
the system.
of time.
of
represents
implementation
loads,
IPC
developers
of meta-objects
since
information
throughout
enhancement
concept
behavior,
of hard
currently
further
to predict
to represent
impedance
predictor,
can be handled
independently,
solution
loadings
Thus,
modifica-
or closing
the
example,
not
is avoided.
significant
the
of the
be represented
apparatus
[34].
For
abilities
to the multi-directional
pursued
represention
of an RPC.
commonly
processing
looping
Although
KATE
the
model
by mathematical
equivalent
diagnostic
opening
components
did
is the
required
used
dummy
model
for the
solution
are
the
standpoint
directly
Due
within
the
phenomena
must not
or downstream. objects
the
flmctions
on the other
The
which
are employed.
from
or global.
by the
parameters.
recalculate
limits
objects
caused
represented
these
strategy
the
in order
These
or closing
system
Consequently,
order
between
a simpler
network
elsewhere.
are
14
in building
Meta-objects
and
to correctly
tbe
within
local
and
models.
relationships needed
to address
be recomputed
sensors
system
FDIR
We selected
of the
recta-objects.
in the
equations
ring
must
in unidirectional
parameters
[15]).
we needed
equivalent
RPC's.
of what
IN AUTONOMOUS
(e.g.,
multiple
The tions
ART
such
still
Additionas motors,
(This
point
is
3
STATE
OF THE
As noted, structure
research
and
representing
the
to find more
of diagnosing example
knowledge, other
more
complex
the
by recent
system
investigation
Model-based
Of systems
that
Marple
pension
system
hardware,
the
has
a normal
attention
the
system
behavior
on representing
is shifting
One
reason
in order
for this
to
shift is
reasoning
process
in the
effort
behavior
is often
noted
as an
(e.g.
incorporates
Power
[371; [31]).
some
of the
Distribution
structure
an exemplary
and
As we'll observe
advances
proposed
tolerances.
model
Marple
rate
for power
employs
the complexity It has been
accuracy
FDIR
behavior
instance.
It handles
an 85 per cent
effort
is illustrative
model-based
applied
to actual failures
system
constraint
in propagating
in identifying
more
complex
makes
for this reason, The
made refer
about
behavior
efficiency suspension Finally,
to the
As noted the
IPC
roughly, the
of the
of the
time onset
sus-
values
power
in
system
to components,
approach
were
to adequately
Applying (although not
This
or TTA,
needed
perception
of the paradigm
can
(e.g.,
[5]).
measures
the
one of our primary
goals
on-board,
use.
constraint-suspension constraint
quantitative
suspension
seems
comparisions
It was
technique
as well as global
alternative
was to achieve
with
decided, for diagadditional
assumptions
to have with
about
improved the
power
systems
from
massive
failure,
the
constraint
performed).
control
be
TTA
time,
as the
for
process.
recovery
system, this
systems.
are
from
replacing
of the
paradigm
developers
it takes
for real to the
of system
time
of the
suitable
involves
PMAD.
to action,
part
to the
developers
at the outset,
connectivity
diagnoser
as power
by the original to the
on the
enhancements
such
to find an alternative
solution,
knowledge
that
devices
of a discrepency
which
of the perception
paradigm
of the diagnosis.
a TTA
the
for
by using
to observations
onset
nosis.
complex
strategy.
We will henceforth
speed
Power
Reasoning employ
models
Marple
diagnosing
the
systems.
mainly
sensors.
The
traced
of controlling
here
focused
in a model.
ways
with
[12] provides
and
including
using
has
recently
of knowledge
described
as its diagnostic
analog
more
15
researchers.
3.2.2
FDIR,
FDIR
diagnosis but
kinds
efficient
of a physical
below,
IN AUTONOMOUS
on model-based
behavior
consider need
ART
an automated
4
UTILIZATION
system
must
implement
For example,
when
abnormal,
the
will
decay.
that
the
into
the
diagnostic
from
the
from
the
consists
system
"inverts"
of the
device
action
to undertake
the
of the
The
inherited
senting chy;
circuit
the
of the
and
the
to be voltage
be isolated
should
problem
system.
a quantity
must
sources
the
so
not be made
by pumping
more
other
is individually
function
the failure
and
behavior
behavior
of the
target
itself.
The
system
and
to establish
its knowledge connected
base,
upstream
is propagated
throughout
values
inversion
to its input
source
a set of slots and
at the
to determine
an alternate
where
it
as well as a function
to set
uses
diagnoser
by failing
device
to
system
for consistency
change
also
Space
a constraint
physically
of each component
KATE
for
models
employs
tested
of each
Kennedy
reasoner
components
The
knowledge
components
from
The
It evolved
a shell developed
at NASA
structure
all
prototype.
(KATE),
of the target
in a list
value.
IPC
normal
all of its constraints.
to represent
physical
Engineer
for building
placing
suspect
to isolate
of the
by researchers
performance
on its output
object-based
heart
Test
simulates
input-output
based
name(s)
1. The
short
can be applied.
the behavioral
uses objects
IPC
by
suspending
which
engine
Each
by using
is the
of tools
to the actual
of suspects
and
causes
conditions
Additional
applications
A predictor
discrepancy.
purposely
the
to aggravate
Autonomous
reasoning
is compared
KATE
engine
diagnostic
KATE
a set
serve
normal
rest
circuit.
control
strategy.
collects
level.
the
conductor
under
used,
from
of KATE
a diagnostic
which
than
is being
only
components
or to another
its normal
would
short
model-based
suspension
the
they
and
[19].
which
the
regain
Knowledge-based
building Center
to ground
model
Utilization
The
to isolate
will be greater
can
because
16
ability
a fault
current
voltage
current
the
If a voltage
available
4
OF KATE
input the
of power.
will contain
output.
KATE
model structure
representation, and
behavior
including
all the
as well as the
attributes
conceptual
for repre(ISA)
hierar-
4
UTILIZATION
2. Some the
of the
model
3. The
IPC
replaces
constraint
prototype
differs
of (the
using
the
of components. above,
represent
the
equations
that
they
represent
ever,
the
about
the
model.
definition
turn
because that
of the
looks
the
value
As can
be inferred
of the
from
is especially
any
uses
in predicting
the
must
Figure
costly
when
in the more
than
IPC
meta-object
information
of meta-objects part
into
C++
This
avoids
Pl instead
of the
objects.
The
located
resistance
higher which
in a larger the
cost
META-RBI-P
meta-objects
is that
impedances system
one meta-object
every have
is used
taken
in part
of using
of META-LC1-PORT.
before
with
model
to determine
RBI-P,
incurring
in a
of the
META-RBI-P
equivalent
the equivalent structure
How-
of representing
of hard-coded
Component
be calculated
1, a problem
calculating changes
RPC-
example,
system.
META-LC1-PORT
circuit.
RPC-PI.
the
represents
by the
meta-object
of the
used
of RPC-P1
actually
system,
encompasses
computation, whether
uses
For
means
representation
it is parsed
in a part
if META-RBI-P
a case,
significant
RPC-P1
hierarchy
which
1 (which
LISP-like,
about
as well as represent.
use of the
in Figure
META-LCI-PORT,
a meta-object
This
very
resistance
circuit
is run,
frames
with
mathematical
parameters.
a limited
IPC
components
by
describe
is
technique,
these
described
these
the
assumptions
earlier,
amounts
to implement of the
are
IPC
suspects
the meta-object
to adequately
significant
testing
and
As noted
represents
the
as noted,
and
implements
and
First,
Second,
information
between
only
ways.
to gathering
system
needed
include
an example the
electrical uses
in the
is difficult
C++.
behavior.
relationships
they
into
the IPC
equations
of component
equivalent
for applying
and
in crucial
of structural
of meta-objects
1 shows
PMAD)
in the
KCL
KATE
global
the
loop;
however,
approach
parameters
describe
Although
of the
the
global
system
Figure
of)
Second,
for modeling
concept
behavior
procedures
procedures.
KATE,
a combination
the
global
from
and
suspension
an approach
described
functions
PC version
constraint
behavior
reasoning
monitor-diagnose-control
low-level
the
suspension-oriented
algorithmic
of the
a translation
17
for control;
basic
4. Many The
OF KATE
In such could
they time
use
it.
demand the
place
in combination
model or not. as in
4
UTILIZATION
(deframe
OF KATE
RBI-P
(nomenclature (aio
18
"remote
bus
isolator
(port
side)")
rbi)
(unit
'!amps")
(source-path
(and
(cstatus
gc-command-rbi-p)
(a//d-cstatus (source
power-p)
(status
(*
120
(in-path-of (deframe
current-rbi-p
meta-rbi-p)))
bus-p))
META-RBI-P
(nomenclature (aio
(meta-component
power-p)))
"Meta-component
for
port
rbi")
meta-component)
(source-path
(cstatus
gc-command-rbi-p))
(status (+
(if
(cstatus
gc-command-pl)
(meta-component
meta-lcl-port)
0.0)
(+
(if
(cstatus
gc-command-p2)
(meta-component
meta-lc2-port)
0.0)
(if (cstatus (source t))
(deframe
gc-command-p3)
0.0))))
"remote
power
controller")
rpc)
(units
"amps")
(source-path (source t) (status
(and
(*
120.0
(in-path-pf
(deframe
(cstatus
gc-command-pl)
(meta-component
bus-pl
current
(a//d-cstatus
meta-lcl-port)))
rpc-pl))
META-LCI-PORT
(nomenclature (aio
meta-lc3-port)
RPC-P1
(nomenclature (aio
(meta-component
"Meta-component
for
LCl
port
side")
meta-component)
(source-path
(cstatus
gc-command-pl))
(status (+
(if
(cstatus
gc-command-pl02)
(/
i 20.0)
0.0)
(+
(if
(cstatus
gc-command-p103)
(/
i 60.0)
0.0)
(+
(if
(cstatus
gc-command-pl04)
(/
i 15.0).0.0)
(+
(if
(cstatus
gc-command-p105)
(/
(source
1 30.0)
t))
Figure
1: Meta-Object
Definitions
0.0)))))
bus-p)))
5
UTILIZATION
OF
the
above
Therefore,
example.
domains. are
Another
problem
hard-coded
loads
into
are modified,
demand
when
another
either
from
to isolate
components;
to use
which
5
IPC
ensure
the
system
and
software
isolation two
through circuit
of the busses 3 kW
the
bus
only within
from
the meta-objects
introduce
problems
a normal
when
one
smaller
increase load
when
in torque
is replaced
by
through
the
remote
power
capable
representation
of the
of loads
being
supplied
resistors,
and
supplied
by
system
the
port
are
been
applied
of the controller
specialization more
of the
general
in digital
nature,
electronics.
not
station
bus. their
(RBI's).
These
RBI's
Load The
currents. Each
loads
consist load
load
are
distribution
diagnosis
used
interruption. Centers are
through
to for
Each
of
1, 2, and
3,
solid
2 shows center
de
connected
are switches
of lights,
center
the
two independent
RPC's
Figure
network.
respective
by
to
It is interfaced
of these
centers,
chose
scheduling,
of current
(3k RPC's).
distribution
system
Each
power
system.
is supplied
capable
fault
environment they
current
power
power
load
time
Consequently,
supply.
to three
controllers
from
and
is a direct
bus isolators
and
its
the
on a near-real
of testing
of interrupting
PMAD
to isolate
IPC.
to KATE's
breadboard
and
power
ability
traditionally
reflect
systems
PMAD
The
remote
the
was the
the ability
for the
hypothesis.
purpose
supplies
has
KATE
of a space
systems.
IPC
SSM/PMAD
The
supply
change
original
research
for the
supply
are
has
KATE
control
to test
testbed.
power
breakers
can
into the
as opposed
in process
of their
starboard
a distribution
and
does not require
needed
representative
hardware
a motor
system.
systems,
needed
breadboard
This
or physically
behavior
from
power
as their
the
in),
the
changes
legitimacy
control
(i.e.,
of the
to computer
sources,
whose
it to be used
SSM/PMAD
definition.
of the
hence,
developers
the
sparingly downstream
incorporated
remainder
Utilization
The
the
of KATE
in electric
allows
be used
the impedances
kicks
systems,
In summary,
should
rating.
the
control
19
dynamically
a compressor
to process
IPC
they
meta:object
modification
components
SSM/PMAD
is that
the
of a different
A final
THE
state
dc
a schematic has
fans,
a number or simply
1 kW
RPC's.
5
UTILIZATION
OF THE
SSM/PMAD
20
PDCU
] Load Center I (_)
Load Center 3
Load Center 2
RBI 3Kw RPC 1Kw RI_
Figure
Each
load
center
other
from
the
emergency if one
has port
lights
supply
prototype
critical
in the
loads.
sensors
and
current
flowing
such the
as the signal
of full
received
voltage.
implemented
in the
The
and
Processors the
RBI's
(LLPs),
switchgear.
The
of critical
loads
such
supplies
detection
and
the
the redundant out in Load
current
they
were
a current
external
current
LLP's
not
when used,
circuit. the
and
other.
the
of the
redundant
devices
reaches model
The
path
consist
at various
3, the
the
locations
are measured,
of the
to
of current
measures
a specific
IPC of the
Center
that
and
so that
isolation
in Load
the
supply
faults,
sensor
and
paths,
the
sensors
current
air
redundant
Bus voltages
voltage the
as cabin
contained
3. Sensing
supply
but
percentage PMAD
was
prototype.
RPC's
which
value
were
contains
in the
starboard
fed from
establishment
Center
RPC
two
of systems
loads
it. Additionally,
IPC
through
the
is a discrete
the
the
around
measure
Thus,
from
be alternatively
Each
Schematic
coming
can
sensors.
RB1 also
Breadboard
they
was carried
through
both
system,
Since
voltage
one
A set
is lost,
centered
bulk of the testing
busses,
fed from
or bus
component
these
two
SSM/PMAD
supply.
are
testing
faulted
2: The
are controlled
form
the
interface
serve
to read
the
through between sensors
a set of networked the
controlling
as well as to carry
Lowest
Level
computer
and
out any
action
6
IPC
ARCHITECTURE
21
Power
I
System
Communication
m
Interface
N O
[
]
ISimulator]
I_
d
?
e
Development Process
11
Run-time
1
Tools
SD Model
;- Model
developer
E d 1
Display/Controller
]
t
Model Library
O
r
End
User
Figure
commands, IPC
such
prototype
to the
sites
6
IPC
This
section
system,
or closing directly
tests
of Orlando
Power
and
Controller
switches,
with
of the
these
IPC
Melbourne,
Architecture
directed LLP's.
could
to the RPC's
Since
be done
the
and
LLP's
remotely
RBI's.
were from
The
networked
the
primary
FL.
Architecture
architecture
summarizes of the
subsystem, in Figure
as opening interfaced
Internet
research
3: Intelligent
data 3.
The
IPC.
bases two
the The and large
technical
discussion
Intelligent
libraries.
Power The
subsystems
overall
by presenting Controller architecture
identifiable
in the
a description
(IPC)
consists
is displayed figure
are:
of the
of two main graphically the
real
time
6
IPC
ARCHITECTURE
power
controller
The
RT
and
the
(IPC/RT)
consists real
time
system),
and
through
interactions
development IPC/GMT.
Rather,
time
of the
6.1
The
The
arc
and
When
button
File
the
IPC/RT.
information displays
the
The
actions exclusive.
of the
screen.
any There
and
the
the
models
the
IPC/GMT
system,
run
library, time
of a target
sub-
system
subsystem not
contain
time
the
was
we discuss
FDIR
of a model
tests
will not
run
the
with
award
was
applied
to the
a discussion
of the
in greater
depth
the
run
sessions.
commands,
interact
the
user
must
specify
what
menu
options
can be
facilities
mode
to easily
is grey,
with
only
two
The
user
can either
bar.
how the
parser
iconic
display. screen,
may
of screen
second
user
shows
but
CAD
the
a model,
results.
The
the
allows
executed,
the
along
the with
in the
user
On the should changes
is only CAD
be able during
the process model
any
has
relevant
should
that
of operation with
the
IPC,
to modify a runtime
files are to
available
the
been
under or exit
actions
of translating parsed,
shown
in
the model the
IPC/RT
connections. modes
are implicitly to modify
in issuing
the user
model
a model,
not be able
interested
side,
load
follows
two operating
side the user
the
system
begins
Once
perform
On the runtime
the
time environment
provides
of a model.
loads
mode,
Its run
first mode
display
menu
user
user
In this
interaction.
The
that
screen
on the
the
is no impact
and
(IPC/GMT).
system.
main
the
figure
viewing
runtime
the
objects
tually
IPC
a useful
on the
into
tool,
it shares
contract
by sample
system
consists
Because the
by user
is first
Once
4. This
builds
subsections,
of operation.
the IPC/RT
the
Figure
primarily
monitor
Initially,
(which
document
followed
environment
be ]oaded.
simulation
IPC/GMT
tool
and
tool
System
to construct
to visually
The
user
this
modeling the
editor.
following
IPC/RT,
a runtime
icon
contract,
in the
is driven
needed
end
subsystem,
into two modes
provides
the
IPC/RT
IPC/RT
divided
The
with
of this
display.
a simulation
an icon editor.
of this
graphical
interface,
and
tool,
a requirement
the
hardware
controller
development
design
and
of the
a model
not
22
should
the screen session.
the
commands not
be able
as well as the
mulayout to the
to issue model.
6
[PC ARCHITECTURE
23
Parse Model 1
(Draw AIO Connections
1
(Create Drawn Objects
1
Show visible Icons and Connections
I Enable Runtime Figure 6.1.1
CAD
Once
a model
ities for the Notifier, ities,
Facilities
including
shows
the
The
role
CAD
• The
and
while
The
connections user
releases
data
allows
the
from
enables
CAD
mode
file descriptors,
communicating
user
the
with
many
with
of the other
of operation. handles other
facil-
The
Xview
all system
activ-
systems.
Figure
5
left mouse
facilities: the
arrangement
to be repositioned
down, the
following
to customize
an object
the button
associated the
and
is in the
implements
user selects
holding
Model
Notifier.
environment mode
for Load
the IPC/RT
IPC/RT
interactions,
of the
CAD
display.
the
for retrieving
user
Flow
on the screen,
Initially,
a process
4: Program
I
Overview
is displayed user.
Functions
icon
button.
drags
the
with
icon to the
will automatically
of icons
the left mouse desired
on the button,
position.
be updated
when
The the
6
IPC
ARCHITECTURE
24
Notifier IPC Communications
IPC/GMT Communications Mouse
Select
Button
Events
I
Menu
Button
I
I !Icons]
[Mov_ Object [ 1
[Update
Connections
]
I_Edit Connections
Icon and Hide Connections Figure
5: IPC/RT
CAD
Facilities
1
[
6
IPC ARCHITECTURE
• The
user
is also
pixmaps icon
CAD
edited
contending user
of any
CAD
losing
edits
editing
functions
in the
CAD
functions
6.1.2
the
and just
a runtime different The
• Four
text
comprise
fault
Figure
allow
the
6 depicts
windows the
to edit
attributes
the
attributes
of each
of each
connection
are
the
to have
support
tool
model
data
systems.
another
files. The
The
Notifier
IPC/RT
is considered
any
other
support
to modify
the
model
files, and
precautions
user
in the
IPC/RT
CAD
by the are
accessable
through
button,
which
the
of editing
set
allows
tools
a set the
are
clients. are
mode.
of menu
user
buttons
warns
to enter
butthe
corresponding
to
to easily
the
the
are
main
activities
implements provided
control menu
of the
and bar,
monitor the
the
Notifier
IPC.
Once
serves
many
IPC.
They
Notifier.
the following for monitoring
facilities: the
output
of the
following: window
attention being
after
user
through
environment
2. A recovery ered
These
box.
and
mode mode
of them.
Overview
is initiated
1. A warning the
The
other
made
through
Facilities
session
runtime
user
to each
icon
listed.
facilities
roles.
need
top-level
progressing
Runtime runtime
at times
the
Multiple
box.
on
with
to prevent
mode,
a dialog
of communications,
may
with
through
it is possible
permissions
taken
starting
specific
object.
mode,
by an object.
attributes
user
a dialog
clients
editing
The
an
These
tons,
to be used
also allows
contentions
in terms
with
by the
through
in the
icons
along
with
for write
a server
the
user
while
the
of operation
associated
by the
• Lastly,
The
to edit
are edited
mode
connection
the
able
can be specified,
attributes
• The
25
of the detected window the
FDIR
which
receives
IPC
developer.
in the which
messages Warnings
that
are
intended
indicate
events
to attract such
as a
system; receives
process
the
names
is completed;
of the objects
that
are recov-
6
IPC
ARCHITECTURE
26
Notifier IPC Communications
IPC/GMT Communications
I
I Menu
Button
[
[ _Maintain Object
Issue Command to IPC
V Unmaintain
[Unfail Figure
6: IPC/RT
Runtime
Object
Facilities
Object
] Overview
[
6
IPC ARCHITECTURE
3. A general
window
developer, 4. A main • The
user
of the
27
but
cannot
window
is able
is a control
function,
called
to the
to toggle
the
right
menu
mouse
than
in CAD
1. Maintain. object IPC
button,
An object
that
object when
that mand main before • The writes
to the
state
of the
which
is the menu
This
IPC
IPC.
IPC/RT.
If the
button,
has
allows
Once
The
icon
Notifier
left button
being
clicked
on
will send
a message
also gives the user
a different
the following
an object
power
options:
is on the IPC's
through
removes
an
list, the
redundant
with
an object
to maintain
maintain
a functioning
is highlighted
option
three
the user to tell the IPC
maintained
menu
the
the
to the
object;
menu
option
of the
IPC.
a GC-COMMAND,
is being
This from
menu
IPC/RT
updates
represents
bar.
receiving
the
the
user
a green
from
path
for restoring
current
sensor.
sensor
values IPC.
The
user
If the
IPC
is in the
IPC
been
by the
UPDATE
to tell the
The
has
the
path.
border.
the
IPC's
main-
corrected. power
to remove
able
to determine
It can
to the the
value
is written
The can
also
process,
type
then
critical
whenever
SENSOR FDIR
is then
IPC
the
loads.
"display
"d m"
use
an
measure-
over into
the
icon
the
com-
VALUES
button
there
be some
delay
IPC/RT
also
may
on
the
new measurements.
also updates that
the
objects.
or press
the
letter
allows
hardware
is processed a current
window,
IPC/RT
failed
as a possible
command
menu
option
its list of failed
previously
component
ments"
with
important
and
output
to interact
value.
This
the
are
list.
3. Unfail.
• The
raw
to restore
2. Unmaintain. tain
displays
This menu
will attempt
that
as a warning;
commands
mode.
at a specified
messages
be classified
to use the mouse control
IPC
receives
which
issues
• The
mouse
which
the
represents
current the
state state
of the onto
the
switches. left
hand
The side
of the
icon.
6
IPC
ARCHITECTURE
The
letters
and
unusable
'N','F','T',
• The
• The
in the
robust
6.1.3
images
color
image
drawing
in this any
project
drawing
converted
the
user
on, off, tripped,
to directly
to clearly
show
are given
user
issue
commands
IPC
developers.
the
objects
that
are
a yellow
border,
and
any
with the IPC/RT,
all communications
that
may
occur,
environment
such as
with
are
issued
the
client
by another
supplied
to provide
a fast
and
Objects
to the
user
tool call pixmap.
format.
desired,
is able
the IPC.
of PMAD
are
This
to communicate
runtime
with
XPM
into XPM.
even
This
drawn
The
graphics
common
an image
conversion
were
format
scanner,
can be done
using
format
allows
as long
with
a public
the
as the
the Pbm
domain
that
was used
user
to utilize
final
output
Plus
package
is that
on Internet. instance
which
the
user
parts:
the
object
three
images
object,
the
enhancements
as being
by Notifier.
and editing
is the
An object
group,
that
package
is available
state
for the use of the
is established,
Representation
PMAD
need
to the
capabilities,
The
is primarily
that
warnings
of interaction
Iconic
the
All suspects
a client
invoked
these
method
process.
Once
routine
to allow
highlighting
clients
resulting
By providing
the switch
a red border.
accepts
IPC/GMT.
parsing
denote
and
color
FDIR have
Notifier
the
format,
utilizes
objects
and
'U'
is provided
in a text
IPC/RT
failed
the
window
IPC
involved
and
respectively.
• A command to the
28
can
that
has
interactively
itself, are
RPC. would
or to simply
that
no previous change.
a measurement, positioned
Figure allow group
7 shows the several
user
three
to specify
icons
together
other, icons
is given
an RPC
a command.
to each
the
definitions
For example, and
next
icon
The to give
that
a single for easier
make icon
a default
is displayed supplied the up
for
has
of a single RPC.
multiple
repositionlng.
in three
interface
appear the
image
Future
objects,
a
6
IPC
ARCHITECTURE
29
:i:i:':i:.k::_i.-.:.-:._ -_" .-:_'_:? ._.'._?..:._,_ _ :_i
Figure
6.1.4
Frame
In the
Data
process
validating parser.
The
Iconic
RPC
the
model,
Validation
of parsing
each
7: Example
the
files
frame
definition.
validation
currently
that
define
Validation
takes
performed
the
is only
the
form
for the
system
is capable
of a recursive syntactic
of
descent
aspects
of the
model.
the
Another
step
toward
model.
This
task
traversal
methods
6.2
the
the
runtlme
Marshall
and
provided The
easy in the
rienced
user
as expected, that
IPC
due
defined
next
IPC.
as part
lies in the testing
to the
design
within
user's
point
the
of the
for cycles IPC/RT,
within and
the
classes.
of view,
during
the
of the
requirements
perfectly,
environment.
this
demonstration
and
A more
the
section
of the
summarizes IPC
of this contract. IPC/RT
detailed
was
analysis
During
able
of the
at NASA the
to provide tests
will be
section. consisted An additional
of the IPC/RT,
user
IPC
performed
runtime
even the
been
occurred
Center
demonstration of the
trivial
of the
which
Flight the
bilities
fact
a sense
session
demonstration, a fast
already
of the model
Runs
reader
Space
is relatively
have
Sample
To allow
the validation
though was able
and the
of a set of six tests scenario
was
to introduce
not been
scenario
to prove
introduced
in the playback.
case had a new
served
accidentally
is also recorded
accidental
which
The
attempted
shows
the
capa-
by an inexpeIPC
performed
previously.
how easily
the
IPC
The can
6
IPC
ARCHITECTURE
be manipulated The
30
through
the
following
sections
the
demonstration.
The
the
following
conditions.
• Green
An object
by
the
IPC.
restore
object
ponent
and
each
of the
for a fault
following
scenarios,
is monitoring
the
In
scenario,
this
with
is currently
begins
the
screen.
Once The ure
6.2.2
FDIR
the
IPC
10 shows
process
fault
the
is to be maintained to take
action
to
source. indicates
indicates in the
that
it is a suspect
for the
that
it is a failed
(unusable)
com-
system.
the
and
indicates
power
terminal, been and
critical
loads
maintained
PRPC-30620
by the
IPC.
(a
fan)
and
the
IPC
Normally
8.
fault source
on Remote for the
suspects
determined,
and
the
power the
Power
critical
the suspects the
restores
component
Double
a hard
is placed source
have
failed
with
In this scenario,
needs
in Figure
power
On a color
the
IPC
border
are being
as shown
RPC-P306,
Fault
is currently
the
suspects
fails
fails,
indicate
Recovery
a hard
which
IPC/RT
of lights),
system
snapshots
that
the
during
system.
cause
the
in the
load
power
a yellow
objects
performed
is a critical
source
a redundant
a red border
(a bank
Fault
power
of the scenarios
of the
border
with
PRPC-30418
6.2.1
a green
in the
An object
of three
highlighting
with
detected
• Red
In
with
IPC/RT.
snapshots
color
through
An
fault(s)
present
If its current
power
• Yellow
use of the
Controller
load for the
PRPC-30620. fault.
isolates
source
via
of power
P306,
The
IPC
9 shows
the
in yellow.
the
to PRPC-30620
new
Figure
are highlighted IPC
(RPC)
cause
of the
RPC-S320.
for the
critical
fault. Figload.
Recovery is placed
on Remote
for RPC-P304,
Power
RPC-P306,
Controller and
(RPC)
RPC-P307.
P3, which RPC-P306
6
IPC
ARCHITECTURE
31
Figure
is the for the The RPC-P3
power
source
critical
load
IPC begins supply
screen
suspects
have
RPC-P3,
and
sources
the FDIR
This
been restores
of power
via
load
process
SSM/PMAD
PRPC-30620,
and indicates
to RPC-P304,
results
(again,
to PRPC-30418
critical
the
and
RPC-P304
is the
source
PRPC-30418.
power
under-voltage. IPC/RT
for the
8: Monitoring
in both
in color,
determined,
RPC-P306, critical
the the
the suspects
loads
suspects IPC
and
RPC-P307,
losing
power.
are
isolates
highlighted
the
cause
power
to PRPC-30620
via RPC-S320,
RPC-S318.
Figure
the
for the
critical
loads.
12 shows
for the fault.
failed
they
each
Figure
and
fault.
trip
the
Once
the
The
IPC fails
also restores
component
on
11 shows
in yellow).
of the
Because
and
power the
new
6
IPC
ARCHITECTURE
32
Figure
6.2.3
Multiple
In this are
scenario,
not
process
hard
supplying and
faults,
are placed to any
the
suspects
the
the IPC
1: Fault
suspects
to RPC
P306
Recovery
power
Once and
without
faults
indicates
at this point. the
Fault
9: Scenario
on two RPCs,
of the for the have
been
P303
critical
loads.
fault.
Figure
determined,
fails
RPC-P303
and
presented
in this
section
and
The
P307.
IPC
13 shows the IPC
RPC-P307.
These
begins
RPC's
the
FDIR
the IPC/RT isolates
Figure
the
14 shows
screen causes the
of
failed
components. The and these
screen
how
shots
it changes
snapshots
was
during taken
a real from
runtime the
show session.
demonstration
the
SSM/PMAD
The given
playback at NASA
model data
used
MSFC.
display, to get During
7
TESTING
Figure
this
This
IPC
10: Scenario
the
of being
Testing section
performing
IPC/RT fast
the
describes FDIR,
33
1: Failure
demonstration,
requirements
7
THE
the
using
and
of RPC-P306
clearly easy
and
Power
demonstrated
Restored
its ability
to PRPC-30620
to meet
its primary
to use.
IPC testing the
undertaken
PMAD
testbed.
to prove
the effectiveness
of the
IPC
in
7
TESTING
THE
IPC
34
Figure
7.1
Test
There Some the
was
3k Remote fault,
and
a significant
cause
internal
of tests
putting
Controllers
it required
would
number
direct
as on the load
Power
reading,
alternate
included
such
sensor
an
2: Fault
to RPC
P3
Scenarios
of these
system,
11: Scenario
the
side of the
path
sensors
by that
closing cause
lk PRC,
the them
and on the
load
of fault
was
(usually
an RPC),
load
that
had
RPC.
on hard
using
at various
the
appropriate to trip
type
IPC,
to ground
to recognize
component
to a critical
on the
circuits
This
prototype
find the "failed" loss of power
short
(RPC's).
IPC
performed
faults;
referred
to as a hard in the
path, in the
on accumulated
in
side of the
and if opening
RPC's
PMAD.
locations
center
discrepancy
a redundant The
the
current the RPC
to establish PMAD
have
overcurrent
7
TESTING
Figure
over
in cases
therefore,
thus
would as the
only
have
Another (called
soft
lower
than
difficult level but time
2: Failure
level faults
and
(I2t),
unexplained
opening
of a RPC
to establish
redundant
paths
of test
faults). that
the Yet,
consisted
The
of hard
may
not
faults,
levels and
are devices
be below
not
I2t
pickup
soft
faults
to critical
level can
circuits
thus
only
where be quite
the there
these
prototype,
magnitudes,
mechanism.
through faults
insidious. and
protect
instantaneous would
destructive.
Loads
but
It would
loads.
by
to detect
IPC
in current
to ground
more
to Critical
The
by its internal
generated
protective
Restored
as a difference
of short
current
Power
or on undervoltage.
discrepancy
for conventional
elapsed.
of RPC-P3
see the
type
below
35
of lower
of overcurrent also
IPC
12: Scenario
time
rather,
TIIE
are
They
trip
the
significantly
are,
against
be no trip Since
impedances
level
therefore,
because
of an RPC,
regardless RPC's
the
of the
would
not
7
TESTING
THE
IPC
Figure
trip
themselves and
upstream
RPC),
being the
diagnosing and
failures
used sensor
13: Scenario
automatically
detecting
Sensor
36
by the
The
to be erroneous normal
operation.
as well
as for the
state
Lastly, combinations
multiple
action and
This of the
art
the
isolating
P303
IPC,
and
P307
in this
case,
the fault
action,
if such
by disconnecting
expected
label
to RPCs
faults,
recovery
also simulated
IPC.
intelligence
soft
problem,
initiating
continue
artificial
for
the
were
3: Fault
location
is tasked
(usually
represents
the
leads
but allow
a difficult
in global
monitoring
closest
is warranted. on current
of the IPC in this situation
it as unusable,
the
with
task
the rest
was to declare of the system
for local relaying
systems
sensors
which
to
schemes,
employ
other
techniques. (two)
of both)
were
independent placed
short on the
circuits
system
(hard
and
simultaneously.
soft The
faults
as well as
prototype
was
7
TESTING
THE
IPC
Figure
expected
This
for global The
likewise
monitoring hard
failed
failable while
under
represents
a difficult
systems
that
tests
however,
of RPC-P303
conditions,
use artificial
were
was present
done
in Load
installed.
This
normal
operation
for a sufficiently
it to read were
system.
Then,
test
the
in Load
of the
long period
leads
to the
test
program:
and
protection
failable
initiate
recovery
schemes
as well as
techniques. Center
3 due to its inclusion
in the other
Center
consisted
RPC-P307
them
intelligence
were all executed
redundancy
and
isolate
case for local
was
in the
There
fault
No such
sensors, sensor
conditions caused
loads.
3: Failure
all of the
and soft fault
of redundant on
14: Scenario
to identify
action.
37
Load
2 because IPC
that
monitoring
of time sensor
Centers. is where the
to establish
were
Tests
removed,
the
PMAD normal which
zero.
two
objectives
to the
a qualitative
and
a quantitative.
7
TESTING
The
THE
qualitative
observed,
38
objective
the
rective
IPC
IPC
was
reached
to determine
the
proper
whether
diagnosis
in light
and
carried
of the out
sensor
the
readings
appropriate
cor-
action.
The
quantitative
objective
test.
The
time-to-action,
the
isolation
of the
The
results
noted
earlier,
IPC
in order an
fast
local
tripping
as is the
case
PMAD)
the
IPC
would
protection
the
protection,
local
against
or soft
faults.
hard
faults,
however,
If the
0.5 to 1.0 second. in earth-bound cycles
This
power
acquisition
a time-to-action The
delays
in getting
controlling
tests, identical,
for
the
same sets
then
the
an upper
test.
earth-bound
world,
the
of the
IPC
hard
hard
when
and by
by either
of protection
for
to be in the
order
distribution
breakers
times
of one
In such
detected
affected
means have
(such
faults
normally
half
of
of less than
If additional
bound
faults
(10 to 15).
clearing
be a misleading includes
from IPC
evaluation
as
not
seconds.
placed.
because,
against
system
fault
was
important
low voltage
have
fault
against
would that
to complete
time-to-action
as a primary
fact
IPC
of the
time
10
is allotted
to one second
for
adequate.
can
data
real,
failures
of the
to 0.167
parameter
sensor
of each
10 and to the
this
sensor
networks
sensors,
from the
the
the
were
protection
time-to-action
equates
time
of a few seconds
recovery
be considered
since the
objective
and
on
however,
command
(between Due
from
itself,
designed
general
This
order
time-to-action
by the
to protect
is to be used
distribution
time-to-action, IPC
IPC
is based
would
of the
faults
the
in the
as secondary
an adequate
of 60 Hz current.
for data
serve
taken
phase
tool
is available
as well as for the
hard
test
the
A suitable
is in the
soft
time from
of the
a usable
capability
the
primary
is the
time-to-action.
with
circumstances,
to measure
starting
aspect
adequate
was
earlier,
to represent
have
tests
component,
quantitative
must
when
tests
as noted
failed
of this
of the
the
LLP's
to the
phase All but
any
one were
and
of the
response
all communications
to the
LLP's.
of the
measure
IPC,
There
successfully
network
as well as relaying
were
investigation.
time
a total Table
executed
the
of 13 sets
1 describes numerous
of the
time
35 times).
overall test
symmetry was
of components
of Load
executed in the
on
Center
different,
system.
3, and but
Table
the
general
hierarchically 2 describes
the
objectives and
of the
functionally
components
most
7
TESTING
Test
THE
IPC
Number
39
Test Soft
Description fault in 1K circuit
Hard
Soft fault
4
Hard
5
Soft fault
6
Hard
7
Soft fault
8 9
Hard fault in 3K circuit with Sensor failure at 1K RPC
10
Sensor
11
Multiple
faults
with
no recovery
12
Multiple
faults
with
two redundant
loads
13
Multiple
faults
with
one redundant
load
Table
1: Test
Number
Failed
in 3K circuit
fault
with
loads
3
1 2
in 1K circuit
critical
2
Test
fault
with with
in 3K circuit in 1K circuit
fault
with with
in 1K circuit in 3K circuit
failure
with
loads loads
redundant
maintained maintained
loads
maintained
no recovery
with
no recovery no recovery no recovery
at 3K RPC
maintained maintained
Objectives
Object
RPC-P306, RPC-S320
redundant redundant
maintained
Isolated RPC-P306 RPC-S320
CURRENT-RPC-P306
Object
Recovered $320 P306
RPC-P3
RPC-P3
$318,
$320
4
RPC-S3
RPC-S3
P306
5 6
RPC-P306 RPC-S316
RPC-P306
P3O4, NR
RPC-S316
NR
7
RPC-P3
RPC-P3 RPC-S3
NR NR
RPC-S3 NOT
TESTED
10
CURRENT-RPC-S2
NR
11
RPC-P303,
RPC-P307
RPC-P303,
RPC-P307
NR
12
RPC-S318,
RPC-S320
RPC-S318,
RPC-S320
P304,
13
RPC-P303,
RPC-P304
RPC-P303,
RPC-P306
$318
Table
2: Example
Runs
for Fault
NR
Tests
P306
Object
7
TESTING
frequently
THE
used
IPC
to carry
quired'.
This
recovery
of redundant
hard
and
7.2
indicates
IPC
Test
executed.
The
problem,
isolating This
sources.
ability
symbol
'NR'
either
13 were
indicates
component
tested
with
'not
re-
isolation,
or
a combination
had
IPC
number
was
run
of
It was
found
that
as nearly
times-to-action hard
faults
with
the
in the
that
typically
with
considered presence
Such result
fact
hard
5 and
ranged average
sufficiently local
an arrangement
from
the
one
was
of
already
for a certain
level close
of the
load. the
time-to-action
the worst, depicted
total were
opened
As
number not
6 result
from
from
slightly
the are
best,
in seconds.
of times
performed only
and
the
test
for all test
one test
run,
and
in mind.
the
of fast
critical
testing
failures.
to immediately
All times
measurements
times-to-action
34 seconds, are
RPC's.
the
this
itself
the
alternate
IPC
meanwhile
3 depicts
of tests.
for tests
the
unexpected
thus
not
control
from
improperly
and
was
appropriate
was to measure
Table
and
loads
RPC,
to the
3 represents
timing
data
other
program
tests.
of Table
user
it upon
source
for a series
time-to-action
(the
took
of the test
However,
with
IPC
of the
to diagnose
conditions
in diagnosing
Furthermore,
as critical,
a power
column
be interpreted
load
out
all redundant
a casual
designated
to it, the
for some
successfully.
In fact,
critical
to implement
carrying
executed.
session,
been
recorded
of Tests
required,
reasoning
all test
was successful
of supplying
testing
objective
times
where
under
hardware
prototype
12 cases
re-establishing
by the
The
and
for all
objectives
additional
consisted
one
load
thus
its qualitative
the IPC
a redundant
the
average
much
The
did not require
of model-based
during
quantitative
exhibited
should
fault,
true
feeding
met
that
action
the
RPC,
runs.
the
to be maintained
The
tests.
11, 12, and
required
showed
control
Since
other
the
tests
was
RPC's
current
that
Tests
9, however,
earlier,
open).
tests
successfully
This
confirmed
tile
those
of the
Results
executed.
noted
each
loads.
prototype
action.
out
soft faults.
Test
The
40
faults.
being
fast tripping
for
real
devices
prevents Soft
about
faults,
the
over
7 seconds
10 to 12 seconds. time
such
deployment as found
flow of the
on the
other
to as These
to isolate in the
PMAD
high
fault
currents
hand,
are
generally
7
TESTING
Test
THE
Number
IPC
41
Worst
o] Tests
Time
Best
Time
Average
Recovery 2.01
Isolate 10.65
Recovery 1.45
2.02 3.85
10.39 7.86
Time
Isolate 11.21
Recovery 1.73
1.52
10.97
1.78
1.94
8.93
3.22
1
30
Isolate 11.82
2
35 15
11.89 9.47
20
Time-to-action
5 6
30
9.4
NR
30
33.92
NR
9.4 33.92
NR NR
9.4 33.92
NR NR
7
15 20
Time-to-actlon Time-to-action
0 15
Test 8.9
NR
7.4
NR
8.1
NR
14.73 Time-to-action
NR
10.57
NR
12.80
NR
12
20 15
not
measured
13
10
Time-to-action
not
measured
3 4
8 9 I0 II
Table
not
considered
sensor
presence
of the
IPC
Nevertheless, local
interrupting
order
to make
Some cute
systems. a gross 4.
IPC
The
same
applies
since The
typically
it is considered
objective
of the
The traffic
by such
local
attributed
worst
run
soft
faults
schemes,
in the
absence
times
the
of fast in
given
results -1/2
effect
Internet
the
to exethis
selected
faults
start
are
in actual
power
to obtain
depicted
to 18 seconds in the
delay, for this
any optimization
was obtained
for Internet
2 was
common
The
Internet
to quantify
Test
without
times.
time
use of the
In order
approximately
REMOTE
period
those
or less will be required
to the
as remotely.
delay
showed
Since
protection
fast
second
to be one of the most
times
making
duties.
as well
internet
thus
failures.
sufficiently
to Melbourne.
was to compare
of the
is a heavy
locally
level,
for sensor
of one
can be
Orlando
done
low current
are not
to such
Breadboard
advantage.
Times-to-action
delay
on PMAD
detected
a significant
from
were
in time-to-action.
in Table difference
afternoon
of business
(EST)
hours
on
the
Coast.
This general
to their
applicable
remotely
A comparison
West
due
times-to-action
representation
which
critical
provides
excessive
tests
experiment
Tests
devices.
tests
additional
of IPC
not
these
of the
the
are
measured measured
performed
acceptable. failures
measured
not not
3: Results
to be time
times-to-action and
not
not
result
shows
comparisons
that of run
the
times.
of an Also,
it may
delay show
that
cannot Internet
be determined delays
are
by also
7
TESTING
THE
IPC
42
Test
occurring
Best
Worst
34.97
53.14
Table
4: Speed
significantly run
was
which
is somewhat compared
to a fault
running
faster.
more
may
to a version
to a recovery
of the
waits
that
were embedded
other
value
displayed
these
delays
were
removed.
Summary
and
code
4 (Local This
elapsed
was code
W/O
resulted
slower
time from
of this
that
that
test
at NASA-
on a Sun Spare
for LOCAL. a discrepancy
1+
All times detection
of a second.
comparison
exempt
from
in order
to run
Delay)
the
was done
in hundredth's
objective
in the interface
in Table
the
Testing
be noted
testing
time
Delay
vs. Remote
also
explain clock
significant,
Without 22.16
of Local
the remote
computer
then
Delay
It should
while
This
the
and
and
time
Comparison
on a Solbourne
isolation
With 35.54
at Huntsville.
using
A second,
Local
2
MSFC
were
Remote
gives
was
to compare
internal
Internet
the IPC
remotely.
the runtime
in a significant
reduction
obtained from
the delay The when
36 seconds
to 22 seconds.
7.3 The
test
results
support
Evaluation
the
following
1. Structure-and-behavior soner
for electrical
2. These
models
power
any
power
are robust
claims: can be developed
system
FDIR;
enough
to accurately
for use by a model-based
simulate
the
behavior
model,
such
as the
rea-
of simple
systems;
3. A model-based type,
models
of Tests
is capable electrical
to critical,
diagnoser of correctly faults,
and
redundantly-wired
with
the
monitoring undertake loads
appropriate a power action
system,
to cause
in a short
period
diagnosing power
IPC
proto-
and isolating
flow to be restored
of time;
8
SUMMARY
4. The
AND
IPC
prototype
application; 5. The
TTA
to mission
control
engineers
be better
suited
was
made
through
that further
results,
isolation
Overall, the
final
developers
tests
of any
knowledge
gained.
confirmed,
right
in the
also
work
FDIR
on spacecraft,
to flight
in a real-time
as a ground-based
beyond
the
times
no special
effort
translation,
second
can
we are
be achieved
improvements. focus
required the
initial
one
should
Lastly,
Since
the
efficiency
area
probably
personnel.
of less than
in this
assistant
but would
improvement.
code
recovery. help
reside
structure
since
served
on
the
to perform use of faster
From
the
diagnosis
and
this function
were
platforms,
such
as
in this matter. the
to shed
data
summarized
light
on several
in order
to commercialize
and
Reflections
project The
can
control
long
mission
power
effective
up its access
results
of the
in this
section
improvements
the technology.
significant.
that
These
storage by the
the
for power
As the
consist
the
result
of one
management reasoner
IPC,
power IPC
can
systems
need
to be
are considered
during
of the for the diagnosis;
results
a first
systems be used
the
obtained
in the previous
that
of the
of this effort,
or more
of both
summarized
of the
for spacecraft like
distribution
in terms
obtained,
developers
FDIR
a system
spacecraft.
enhancements
be measured
concrete
minds
enhancements,
1. More
to be useful
could
of further
consider
to autonomous
and
these
enough
section.
success
approach
fast
assistant
data
for the
Summary
The
and
certainly
to the prototype
in the
8
the
performing
prototype
system,
than
will most
IPC
of a time-to-action
that
of the
larger
a Sparc-10,
However,
goal
IPC
algorithmic
portion
the
are in need
the
it is clear
significantly
made
results
the
that
as an on-board
to optimize
optimistic
react
and confirm
time-to-action
43
can potentially
results
The
test
REFLECTIONS
and
section,
principles-based
is feasible.
With
the
to effectively
maintain
envisioned
for future,
size
developers
recommend
that
following: knowledge-base,
in order
to speed
8
SUMMARY
AND
2. A more
REFLECTIONS
robust
lowing
knowledge
models
detailed
model
thus
• Multiple Caching
of these
extensions
fault
of the
fol-
in a hybrid
system;
on either
structural
based
obtained
like truth are
a major
work
during
the
maintenance minor;
IPC
a more
the
first
or behavioral
reasoning
principles-based
abstraction;
process,
e.g.
through
ap-
(TMS).
others
change
of the
for example,
models;
resulting
enhancements
to the
more
to, the
substantial.
But
first-principle-based
developers
will consist
none
imply
approach.
an
Future
of implementing
some
of
enhancements.
As noted
at the
diagnoser
tend both
knowledge
of power itself.
larger
On the reasoning
replacing relied
a general
more
on the
It seems systems,
such
challenge
modeling
as the
of speed success
To achieve
power
we were
properties
than system able
that which
there
and
which
and more
PMAD.
models
to attain
since
relied
degree
less on generic about
the
of robustness
at
to power
concern
will be built
and
amount
one
systems
will be tested tested
of TTA
with
these
of success
on knowledge
This
suspension,
for the
degree
generalize
a greater
constraint
project,
an adequate
not easily the
robustness
of this
an adequate
might
strategy, specific
behavior,
we attained
complexity
reasoning
IPC,
and
approach
other
side,
to us, then,
to the
inhibiting.
side,
our
when
requirements
structure
in size and
research,
dual
we were led to an approach
system
of generality:
are
by future
major
requirements,
On the
the expense which
the
the
to be mutually
in meeting
PMAD
outset,
was
requirements
IPC.
of one
loads;
to supplement
models
or even
including,
knowledge
techniques
abandonment,
IPC
consisting
of expert
of knowledge
plying
these
perhaps
granularity,
of component
• Acquisition model,
of finer
of different
• Incorporation
Some
representation,
extensions:
• Developing
3.
44
that,
on the speed
by
again,
to PMAD. are
construct
two and
approaches apply
one
models
can
take
for diagnosis
to developing of complex
8
SUMMARY
systems. edge
AND
One
REFLECTIONS
approach
representation
is to impart
and reasoning,
other
which
ior representation components. prefer
Our
of the
expert,
whereas
not
to incorporate
the
original
devices.
idea
intent
model-based
models
terms
feel that
abstraction.
complexity that
different
aspects
of the
voltage,
current,
state
are
things
that
examples
of what
description among
of one
within
represented). lel, noting
that
models
this extension our
research.
within complete complete
the aspect
that
the
of or inputs aspect of the
system's
an aspect model model
provide
a modular
to the
first-principles
(i.e., can
are
the
model
constrain
representation representation
The
within
the
of a system
is
and
physically
in
the
components.
on the
basis
things etc.
equations provides
They
provide a complete
relationships
simpler
than
among
which
all the each
one another
of knowledge
com-
aspects
model
behaviorally.
complexity.
of like
dependency
by running
of behavioral
be-
applying
temperature, circuit
upon
and
we mean
model
invariably
be recovered
mutually
The
aspect
behavior.
model
among
power)
device.
if this
complex
structure
function,
impedance,
Each
more
by abstracting
(of electrical
models.
with
complexity
relationships
to the
be a bit more
will involve
transfer
or tripped),
experiential
although,
of developing
can be managed
we
to expand
dealing
behavioral
dependency
may
further,
systems
of its algebraic
closed
models
problem
although
purely
system,
about
also be considered.
for
as power
By aspects
(open,
aspect
the The
system.
we term
the
Recall
the
alternative
representation
complexity
outputs
components
ponents
aspect
are
this
into
this might
first
such
of causal
We hypothesize
the
by some, with
The
and behav-
of knowledge
we incorporated
models
further,
solving
in terms
associated
devices.
structure
kinds
knowl-
by researchers
on less complex
as heuristic
knowledge fault
systems
mathematically
of the
the
expressive
proposed
by different
it is commonly
knowledge
for complex
of behavioral
measured
since
a more
the original
be classified
is to develop
We currently
havior
is to augment
is to be developed
current
attention
in KATE)
may
system
was originally
their
here,
this
alternative
term,
than
focused
was taken
knowledge
We chose
second
who
to use
knowledge generic.
device
(as implemented This
not
to the diagnostic
reasoning
in model-based approach,
45
are
in paralThus,
Developing
is a current
focus
of
9
APPENDIX:
USING
THE
IPC
46
, _.'._.::::.:::::::-:::-x:::::::::::"::":::_::.'f._i_i::-:"g'-'_:?. J ::N_::'_-:-:_'4_:i: _i:i:_::-: _:'_Z':-'.':._:_ _:"-':-."_'4_:::!:?,:o "_:: ::_: :_:_:: :_i:_::!:':::-: _--%"_-: ::::'::__2__:-':_:_: "Y_'-_:: :-'_'-_ _'4_::i: _-:i:i:':-:-_.o_:?i_::_:: _:::::::':::-::i: .'-':.:-:-:8 "::?-_: :.'-'.::::.'-?-"-:: :!:!:-":::_:-:: ::::::::::::::::::::::::::: _:':::::_::: ::_:'.: ::::::::!:i::::.-':!:_ :i:!::" _:::::::::::::::::::::::::::::::
Figure
9 This
Appendix: appendix
Using
provides
as well as a brief
9.1
the
IPC,
The
IPC
has
The
just
for
of each main
• The the -
Exit
-
Save and were
menu
menu
IPC to all functions
available
to the
user,
Using of the
options
runtime
en-
Menus
executable
that
modifications.
the
provide The
file, viz. easy
ipcrt.
control
following
of the
disucssion
summarizes
the
option.
menu,
File
name
Bar
programmers.
and
the
model
as shown
button,
following
-
type
Menu
guide
IPC
IPC
several
and
functions
for future
the
To start
the
a comprehensive
guide
Starting
vironment,
15: Main
in Figure
located
on the
15, consists
of the
following
corner
of the
left-most
upper
is active,
it will terminate
options: window
provides
selections:
- if a runtime Model the
session
- a copy
current
model
of the
original
frame
will be saved
into
the
files being the
same
session,
used
files
will be saved,
from
which
they
not
been
loaded.
Load
Model
- this
1. if changes saved,
selection
to the
the
user
current
performs model
will be prompted
the have
following: been
made
to optionally
but
save the
have current
model,
and 2. the
user
Unix • The
mode
By default,
pattern
button the
will be prompted matching
provides
system
for the file(s)
are to be loaded.
Normal
is accepted.
two options
is in Edit
that
mode.
that When
changes
the operation
a runtime
session
of the is started,
IPC. it
9
APPENDIX:
USING
automatically
switches
The
user
-
Edit
-
Runtime
• There
has
option
Model
- the
-
IPC
Edit
mode
Restart
Command
-
Show
Main
-
Show
Recovery
-
Show
Warning
These
selections
command
without
direct on
system.
ability
The
Edit
the
user
Section
IPC
session.
operations.
of operation. under
process,
and
this
menu:
switches
from
the
mode. will terminate
the
current
IPC
process,
the
runtime
session.
to the
foreground.
and
Window Window bring
way
Values
user
IPC.
display
This
the
provides
the
icons
and
their
selection the
Dialog
that
an easy
that
through
sends way
are active,
display
and
this
available
while box
which
screen
Window.
it, depending in the
measurethe
the Command with
a dialog
the
of updating
associated
menu
will display
to modify
Connections
function
two menus
16 shows
windows
Often
them.
with the IPC
has
selection
windows
by other
of accessing
interaction
Figure
ability
respective
is a runtime
to the
the
their
Connection(s)
Edit
terminates
Window
to modify
the
selection
can be obscured
Icon(s)
the
mode
functions.
a runtime
CAD-like
available
the
all editing
during
provides
functions
selection
- this
an easy
Sensor
Edit
modes
runtime
spawns
out
Window
windows
ments
• The
that
to the
Runtime
IPC
provides
of the
locking
it.
Show
object
thus
between
control
- this
-
Each
- returns
to the
Terminate
• Update
mode,
mode
- this selection
-
these
default
runtime
IPC
respawn
47
of switching
Mode
Start
IPC
to runtime
the
are several
-
mode
THE
Edit
on the Mode.
provides
the
user
attributes.
will display
connections Box for details.
and
a dialog attributes
box
which
of the
provides
object.
See
9
APPENDIX:
• Hide
USING
Object
and
be displayed, When shown
the
below The
The
user
from
color The
will cause
there
with
the
object
to not
it.
is a different
menu
available,
as
a command
be prompted
selection list.
for a value
will have
will
issue
The
to
IPC
a green
border
object
the
IPC
this
object
around
to the
of the
to maintain
to maintain
a command
border
the
at.
it.
to remove
will also return
the to the
background.
Unfail
from
issue
is to be maintained
its maintain
of the
selection associated
Mode,
will
will also
Unmaintain
object
connections
Runtime
selection
that
This
17.
Maintain The
48
Connection(s)
is in the
in Figure
An object
IPC
as well as any
user
object.
THE
selection
its failed
list.
will issue
a command
border
of the object
The
to the
IPC
to remove
will also return
the
to the
object
color
of the
background. The This
Edit
Icons
provides
With
box,
list box at the
They
are
this
list,
Closed
the values
in the
selected
pulldown
list box called
currently Some that
There
selected
icon
are related • Default icon
icon
file.
default
values
18) depicts
is the
is used.
modify
currently
Open
Switch.
will change Closed
labelled
for a new
box
icons
defined
the
ADD
attributes.
and
their
attributes.
icons
for this object.
is selected to each
Beneath
this
a list of icons TO
is given.
their
to correspond
provides
user
and
If a line
Switch.
which
Available
LIST
which
upper
within icon.
The
list box
is a
as defined will put
Icons
list into
the
definitions
entry.
Beneath
the list box are other
in the box.
fields
definition:
If checked, the
and
dialog the icons
the
Icons
is also a button
when icon
fields
Available
to this object Icon.
and
attribute
in the
delete,
shows
Switch
definition
the
way of modifying
figure
are supplied
displayed
Unknown
method
top of the
labelled
database
(Figure
one is able to add,
currently
the
Box
an interactive
this dialog
The
Dialog
this
model
button is first
indicates loaded.
that
If there
this
icon
is no default
is the
default
defined,
the
9
APPENDIX:
USING
THE
Upper
Bound,Lower
bounds
for a Value
multiple
icons,
a "tank" • The the
which
This
according • Foreground
will change
IPC
a runtime
are
the
orientation
that
can
Label
Orientation.
The
below,
which
where
The
default
Preview
Icon
definition
will
driven
in order that
and
lower
the
user
to define
This
can
simulate
and
contains
objects,
to proceed
to the
is to be displayed
These
in displaying four
the
selections
the
This
caption
should
the
button
two menus
available
caption
is below
Layout. like,
upper
allow
session.
is for state
Color.
placement
look
icons
the
next
near
state.
the
icon,
specified.
be used
indicate
define
defined.
text
Color,Background
colors
itself.
during
process,
contains
fields
Driven
Value
to the
two
Value
entries
Function
field
to the
These
icon.
if enough
to be sent
• Caption.
with
Driven
Control
value
49
Bound.
as well,
field
IPC
of the are
the
selected
left,
be placed
user
icon.
right,
above,
and
relative
to the
icon
what
their
icon. will allow
in a separate
provide
window,
the
user
without
to see
making
the
changes
permanent. Also,
at the
• Accept close
of the
Changes. the
• Cancel dialog Figure
bottom
dialog
Selecting
are two other
this
button
buttons:
will save
the
changes
made,
and
will
will close
the
box.
Selecting
this button
will discard
any
changes
made,
and
box.
19 depicts
the
Edit
Connections
teractive
method
of modifying
topmost
list
contains
Each
list box
box
connection • Connection connection
has
the
the
the
objects'
connections
following
Visible.
This
to be seen
on the
dialog
box.
connections define
for the
This
menu
provides
an in-
and
their
attributes.
The
currently
selected
object.
attributes: boolean display.
field indicates
if the user wants
the selected
9
APPENDIX:
USING
• Connection
THE
Width.
connection
with
The
this
Also,
of Line. this list box.
have
numerical
at the
• Accept the
9.2
dialog
section
have
the
preferably anteed
There code
10 with
drawn
for input.
line
of a
A connection
instead
of text.
is read
two other
this
into
line of a connection
this list,
thus
some
entries
buttons:
button
will save
button
will discard
any
IPC/RT
programmers
the
changes
made,
and
will
changes
made,
and
will close
problem
this
but with
system,
you
XPM others
the
areas
GNU
need
file provided make.
The
that
although
as well.
compiler
with
the
system
access
to the
available.
work
C++
information
about
building
discovered.
libraries may
with
You
compiles
also
Currently
version
source
SpiderWeb
code.
need
the
utilities, a C++
IPC/RT
and
compiler,
is only
guar-
2.4.5. Once
cleanly
located
inside
on a Spare
the
2, and
source a Spare
g++. be noted
measurements current
surements to retrieve information the
future
type:
It should
the
colormap
this
domain
is a make
directory,
provided
the color of the drawn
current
list box are
possible
GNU, to work
of the
IPC/RT
to build
public
is also
width
box.
and
In order
the
box.
provides
IPC/RT,
change
Selecting
Selecting
Building
This the
of the
dialog
,, Cancel. the
The
Changes.
close
change
A slide bar
user may
entries
bottom
may
in width.
The
with
50
user
field.
can be 1 to 10 pixels • Color
IPC
system.
command measurements command. the
to the from
The
measurements
to the IPCRT.
it is possible IPC,
the
from During
it is presently
hardware
problem
to automatically
whenever
lies in the the this
hardware, time
not
interval,
advisable. the
of time
it take
the the
time IPC
the
The
it receives
amount and
send
display
IPC
display
it takes is not able
for the to send
reads meaIPC this
to monitor
9
APPENDIX:
One testbed, this
USING
suggestion but
to actually
problem, Optimally,
occurred
has
since
RUNTIME:Update
but
THE
IPC
been
made
send
only
communication
51
to not the delays
last
ask
for the
poll
taken
are
still
current
measurements
by the
introduced
1-PC
should
automate
this
the
last
request,
instead
of the
whole
button
can be removed
Values
This
would
solve
by the request.
the
Sensor
by sending
IPC.
of the
only
system.
the
changes
that
Once
this
is done,
from
the
menu
have the bar.
REFERENCES
52
References [1] Anderson,
P. "Space
Environment", [2] Chu,
B.
Marietta
"Representing
binary
for
Intelligent
P., Deves,
reprinted [4] Davis,
and
in [17], pp.
Vol.
W.,
B.C.,
1987,
deKleer,
J., Readings
in Model-based
J,,
Mackworth,
Artificial
[9] Director, Sons,
S.W.,
Circuit
of abstraction"
North-Holland,
P., "Analog
Structure
and
in
1989.
System
Diagnosis",
Behavior"
Artificial
347-410. Reasoning:
Multiple
Diagnosis",
Troubleshooting",
Faults"
Artificial
in Hamscher,
W.,
Morgan
Kaufmann
Diagnosis,
K.,
Reiter,
56, 1992, pp.
Theory:
N. R.,
Knowledge", Conference,
Dugal-Whitehead, CDDF
1990.
Intelli-
Console,
L. and
Publishers,
A
R.,
"Characterizing
Diagnoses
and
197-221.
Computational
Approach.
John
Wiley
and
System
Au-
1975.
tomation
[11]
A.
Intelligence,
[10] Dugal-Whitehead, neering
Hardware
131-137.
Kleer,
Faults",
on
Report,
levels
(ed),
and
pp. 97-130.
on Probable
[8] de
Tallibert,
"Diagnosing
J., "Focusing
pp.
Final
multiple
"Model-based
[7] deKleer, 1992,
Topology
3-24.
Williams,
32, No.l,
Group, at
Based
1984, pp.
Hamscher,
Network
4(. Z. Ras
P., and
Reasoning
J. and
gence,
P., Luciani,
"Diagnostic
R.,
[6] deKleer,
Systems,
Vol. 24, No.3,
reprinted
relations
1991).
Intelligence,
Module
Astronomics
in (Hamscher, R.
[5] Davis,
Common
Martin
Methodologies [3] Dague,
Station
Final
Continuing
Proceedings
Development
of the Intersociety
of Poweer Energy
Conversion
Engi-
1993. N. R.,
Report
"The
"Results
No. N06,
of an Electical
NASA
Tech
Paper
Power 3413.
System
Fault
Study",
REFERENCES
[12] Fesq, sis:
53
L., Stephan, How
Good
Conversion
is Good
M.,
[14] Gholdston,
Janik,
Electrical
Conversion
Engineering F. and
1992,
[16] Gonzalez, nosis
D. F., and Power
Walsh,
T.,
Conversion, W.,
Morgan
T.,
"FIES-II:
Energy
1992,
[22] Kuipers, 1986.
NASA
"Diagnosis AAAI-90 K.,
Time
Conversion
Document,
[21] Konolige,
1992, Vol.
1, pp.
in Automated
G., "A Diagnostic
Energy 203-208.
Diagnosis",
Expert
Ar-
System
of the Intersociety
of Abstraction",
C., and
artificial
EC-1,
A Real
Overview,
from
Intersociety
for
Energy
Artificial
Intelligence,
Lowenfeld,
intelligence",
Number
2, June
IEEE
1986,
J., eds. Readings
S., "On-line
diag-
Transactions
on
pp. 68-74.
in Model-Based
Diagnosis.
1991.
Autonomous
Notes
for Diagno-
1988.
L., de Kleer,
[19] Knowledge-based
J.,
CA,
Proceedings
"A Theory
using
Console,
of the Intersociety
[20] Kelly,
Diego,
Lane,
R. L., Kemper,
Volume
Kaufmann,
[18] Hester,
Systems
pp. 323-390.
A. J., Osborne,
[17] Hamscher,
Power
of the 27th
Descriptions
Networks",
Conference,
of turbine-generators
Energy
San
Use of Design
Space-based
57,2-3,
"Modeling
24, 1, 1984.
E. W.,
[15] Giunchiglia,
L.,
Proceedings
Conference,
"The
Intellignce,
McNamee,
Enough?",
Engineering
[13] Genesereth, tificial
A., and
Fault
Isolation
Engineering
Test Engineer:
System",
Conference,
Software
Proceedings
1986.
Description
and Project
1991.
by constraint
propagation
on Constraint-directed
"Abduction
Expert
vs. Closure
in math Reasoning,
in Causal
Theories",
Artificial
Intelligence,
models"
in
Workshop
1990. Artificial
Intelligence,
Vol. 53, No. 3. B. "Qualitative
simulation"
Vol. 29, No.3,
Sept.
REFERENCES
54
[23] Lackinger,
F., aand
on Qualitative
[24] Leitch,
Specification
pp.
of the Second
[27] Lloyd,
System,,
for
Electric
the
[28] Morris,
R.,
system 1992,
Q.,
"Finding
D.J.,
of the
itoring
W.,
I.,
"The
and
based
1993.
Coghill,
G. M.,
Diagnosis",
"A Preliminary
in Working
on Principles
IECEC,
Power
With
Notes
of Diagnosis,
J., and
power"
managed Colorado,
Divakaruni,
of the
et.
of DX-
Aberystwyth,
Diagnosis",
June
"A model-based
in Proceedings
power
systems
1991. laboratory",
1988.
"A Generator
on Expert
FL,
Proceedings
of Diagnosis,
Vol.3, M.,
Conference
Orlando, al.,
Based
on the Principles
Denver,
Industry, A.,
Model
autonomously
White,
for spacecraft
[29] Mozetic,
Faults
Proceedings
pp.
February
Q.,
Workshop
23th
Gonzalez,
VOl.1,
Shen,
Workshop
International
B., Park,
Expert,
Troubleshooter
11-31.
L., Weeks,
Proceedings
A Model-based
for Model-based
International
R., Shen,
[26] Lollar,
M. J.,
Methodology
1993,
"Diamon:
IEEE
Chantler,
93, The Fourth
[25] Leitch,
W.,
Reasoning",
R. R.,
Wales,
Nejdl,
Expert
System
Mon-
Applications
1989. fault
diagnostic
of the 27th IECEC,
and
San
control
Diego,
CA,
165-170.
"Hierarchical
Model-based
Diagnosis".
Reprinted
in
(Hamscher,
1991).
[3o] Ng, H.T."Model-based, ical
Devices".
[31] Priest,
C. and
Circuits", shop
[32] Reiter,
IEEE
Expert,
Wellman,
in Hamscher,
on the Principles R., "A Theory
Vol. 32, No.l,
Multiple-fault
1991,
Diagnosis
December
1991,
B. "Modeling W.,
(ed.)
of Diagnosis, of Diagnosis pp. 57-96.
of Dynamic,
Phys-
pp. 38-43.
Bridge
Working
Continuous
Faults
Notes
for Diagnosis
of the First
in Electronic
International
Work-
1990, pp. 69-74. From
First
Principles",
Artificial
Intelligence,
REFERENCES
55
[33] Russell,
B.
D.,
and
Knowledge-Based
[34]
Systems",
1987,
pp.
Scarl,
E. "Multi-Level Technical
Spier,
R.
Power
Control",
J.,
Conference,
[3G]Struss, the
K., IEEE
"Power
Substation
Automation
Transactions
on
Delivery,
Power
Using October
1090-1098.
Services,
[35]
Watson,
Diagnosis Report
and
in Model-based
BCS-G2010-119,
Liffring, Proceedings
M.
E.,
Reasoning",
Boeing
Computing
1993.
"Real-Time
Expert
of the [nterscociety
Energy
Systems
for
Conversion
Advanced
Engineering
1988.
P., and
General
Dressier,
Diagnostic
O.,
"Physical
Engine",
Negation:
Proceedings
Introducing IJCAI-89,
Fault
Detroit,
Models MI
1989,
into pp.
1318-1323.
[37]
Struss,
P. "What's
in SD? Towards
a theory
of modeling
for diagnosis",
in [17],
pp. 419-450.
[38]
Watson, Detection Conversion
K.,
Russell,
B. D., and
in Spaceborne Engineering
Power
Hackler,
I., "Expert
Systems",
Conference,
1988.
Proceedings
System
Structures
of the [ntersociety
for Fault Energy
56
REFERENCES
i::::>:::::::::_s_4f.:.::::_.:_-_. :.:*_:;_._:;_:_:._.:_:_:._:_.`:._i_#_.;:._.;.:_.f_,:_:_N_i_._i_}i_;_i_ii!_#i.i._.:I :::-:_.::i-:.:':::s';i".":i-:.::i:.::i:::i'./-:::::::-:!:_:; ''':" "tt:-":':i:'::""'::: ":':?_t[:":'_:::::_:'¢-'::':'::-:" "::" :...:::::.::_ . (... -...:::+:...,::_E_!:
! Figure
16: Edit
Object
Menu
i:_:-:.:,.-:.::::i:i_ _:i-:i:i-:i-:_.i,.'_::.;:i_ -.:-_._._$:?.,:..-:_ _-i_:!_-:-i:-:,:i.:i---_:-i_.': -::'i.-i"i_!_ ":::i::ii_s::Y_i N.'.::;.'.:.".:_" _ 'i:"!;._i ' -_i_i_%i :::::-: _:::-,_-_xo:_._:-',-'/.4.*:'-*_ _i--'--::::::::-::-:--:::::::: _:,.:_::-_,:..i:j_-_:.:_:y_]:_ fro, ,,x. _ __ _,_:..*...,:-._._,-_..-.:.-_...-.::.:._| i]_::_:'.-_.i::;.!:':-:-:--:.:_:_::-:"-_g .-;_:_: ':: ._.;:.}..:_:i].:::..-ii]..:i::]-i]i]i_:i.:-:._::, ?:::: ,.":"
............. _:.:
__ ................... :s;'_.-_
: _":'-- ;-::".'::.:-:_i'; -x-:-:-:-:-:-x.:-x-:-:-:-:-:f:::2" _:: .................... _,::.,.i_.i-::---::.-:::.'::::::::-::.-._...'_ _ "'_:"_.. ......... _:..... i...:.._.:...:.`.:.:.,..::.:._s_.:_.!_:!._._.!_:..:....::::::..::_._.:..::_:!:.:::.._...ii:_`:.:_i}#_ :_;:':':':':': :': ":'"_
_:-:_::_::::::_:_._.:.'::_]..?_ ?-_-7_:i..'.__.':!::':-_::'::'_ _;_:_ _i ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Figure
17: Runtime
Object
Menu
REFERENCES
57
Figure
18: Edit
Icons
Dialog
Box
REFERENCES
58
Figure
19: Edit
Connections
Dialog
Box
_.-_dO"
19
'93
13:05
FROM
MSFC
BLDG
4201
RM222
PAGE.082
..."
•
REPORT
DOCUMENTATION
,,
_,
T.-AGENCt" USE ONLY (Leave 'l_mkj'
PAGE
--
:
|i
o_,# _. o_o,.o,u
i
i
2, REPORT DATE November, 1993
,il, I_r_PO_'_1'_1_ AND. O_TE$ COVERED _Ina±_eporc
......
........
L.-- •
S. FUNDING NUMBER,S MODEL-BASED
REASONING
USING
KATE
FOR
POWER
THE
SSM-PMAD
AND
SYSTEM
MANAGEMENT,
il
Contract
L attrNoK(s) R. Morris, F.
D.
A.
Gonzalez,
McKenzie,
B.
7.PEKII_ORMIN_OR_t, NIZ_I";_ Florida 150
W.
Gann
of
University
NAS_39385
Carriera,
it. PER,cORM|NG ORGA'N_TATION REPORT NUMBER
NJtM[{S) AND ADORES._(ES)
Instit.ute
Melbourne,
D.
Technology
Blvd.
FL
32901-6988
. L*
. .
10. _ON_mNG I MONITORING AG_C'Y REPORT NUMD[II National
Aeronautics
Washington,
DC
and
Space
Administration
with-the
Universit Orlando,
20546
.....
i|
11. SUPPLEMENTARY NOTES Prepared in cooperation
•
_ of FL
Central 32816
Florida
_).I[X_RU_I_ON/AVAI_ilGTYSTATEMENT
. lZb. OmSTm_,u'noN CODE
Unclassified Unlimited
1_Aesmrr_M_2mw_
The
development and
of
systems.
ion
resulting
('IPC).
monitoring of
of
flow
of
s.ystems, power
of
models
a
14. SUBJECTTERMS electrical detection,
set
present
REPORT
unclassified NSN _S40_I-280-$SO0
by
source
a
fault
related
from and
spacecraft the
the tO
to
diagnosis
tools
tasks
called
a
Test
software
a one
systems The
IPC
Engineer), for
diagnostic
IP•C
include
set
of
model-based
recovery
1L
fa's't detect
comp'onents of
system
THIS
PAGE
despite
developed
= at
NASA-KSC.
applying
•. ...
of _ATE
structure
and
applications. OF PAf_I;
fault-
19. SiCU_TY CLASSIFICATION
z0. umma'nON0_ASSTnACr;
AI_TRAC'r
unlimited
unclassified
' '
out
16. PF,K_ COD(
OF
unclassified
_
the
maintenance
evolved
(FDIR)
SECURITYCLASSIFtCAnON 0F
reasoning,
of
anomalous and
life-support)
and
Con-
continuous
1_ I¢,IMIiK
systems,
power
has
control
the
monitoring
system
developing and
been
Power
loads,
of. the
of
(e.g.
to
Intelligent
(explanation)
remainder
has
electrical
i,
isolation,
I?. SECUl_rY O.ASS|FtCAI_
is
(recovery).
monitoring,
_
power
loads
Autonomous of
to
of object
critical
(Knowledge-based
behavior
from
indXcatin_
effort
in
_task.$ p,erformed power
research
automates
system
faulty
being
this
distribution
generation of
to
conditions
consists
OF
flow behavior
of
which
power software
isolation of
goal
system
s pecif,ic
the
distribution
KATE
The
anomalous
.behavior, fault
software electrical
The
troller
of
a
controlling
overall
s_,,_;_ ,:g-;,,':,_ (Re,,._._) _'_-_¢_I
_,
_
_
_')q.ql
