Linköping Studies in Science and Technology.

Dissertations, No 1448

Linköping Studies in Science and Technology. Dissertations, No 1448

Methods for Automated Design of

Methods for Automated Design of
Fault Detection
Fault Detectionand
andIsolation
Isolation Systems
Systems
with
withAutomotive
AutomotiveApplications
Applications

Carl Svärd
Carl Svärd
 Linköping Studies in Science and Technology
Dissertations, No 1448

Methods for Automated Design of Fault

Detection and Isolation Systems
with Automotive Applications

Carl Svärd

Department of Electrical Engineering

Linköping 2012
Linköping Studies in Science and Technology
Dissertations, No 1448

Carl Svärd
[email protected]
www.vehicular.isy.liu.se
Division of Vehicular Systems
Department of Electrical Engineering
Linköping University
SE–581 83 Linköping, Sweden

Copyright © 2012 Carl Svärd, unless otherwise noted.

All rights reserved.
Paper A reprinted with permission from IEEE Transactions on Systems, Man, and
Cybernetics, Part A: Systems and Humans ©2010 IEEE.

Svärd, Carl
Methods for Automated Design of Fault Detection and Isolation Systems
with Automotive Applications
ISBN 978-91-7519-894-1
ISSN 0345-7524

Typeset with LATEX 2ε

Printed by LiU-Tryck, Linköping, Sweden 2012
To Emma
Abstract
Fault detection and isolation (FDI) is essential for dependability of complex technical
systems. One important application area is automotive systems, where precise and robust
FDI is necessary in order to maintain low exhaust emissions, high vehicle up-time, high
vehicle safety, and efficient repair. To achieve good performance, and at the same time
minimize the need for expensive redundant hardware, model-based FDI is necessary.
A model-based FDI-system typically comprises fault detection by means of residual
generation and residual evaluation, and finally fault isolation.
The overall objective of this thesis is to develop generic and theoretically sound
methods for design of model-based FDI-systems. The developed methods are aimed
at supporting an automated design methodology. To this end, the methods require a
minimum of human interaction. By means of an automated design methodology the
overall design process becomes more efficient and systematic, which also contributes to
higher quality. These aspects are of particular importance in an industrial context.
Design of a model-based FDI-system for a complex real-world system is an intricate
task that poses several difficulties and challenges that must be handled by the involved
design methods. For instance, modeling of these systems often result in large-scale,
non-linear, differential-algebraic models. Furthermore, despite substantial modeling
work, models are typically not able to capture the behaviors of systems in all operating
modes. This results in model-errors of time-varying nature and magnitude. This thesis
develops a set of methods able to handle these issues in a systematic manner.
Two methods for model-based residual generation are developed. The two methods
handle different stages of the design of residual generators. The first method considers
the actual residual generator realization by means of sequential residual generation with
mixed causality. The second method considers the problem of how to select an optimal
set of residual generators from all possible residual generators that can be created with
the first method. Together the two methods enable systematic design of a set of residual
generators that fulfills a stated fault isolation requirement. Moreover, the methods are
applicable to complex, large-scale, and non-linear differential-algebraic models.
Furthermore, a data-driven method for statistical residual evaluation is developed.
The method relies on a comparison of the probability distributions of residuals and
exploits no-fault data from the system in order to learn the behavior of no-fault residuals.
The method can be used to design residual evaluators capable of handling residuals
subject to stochastic uncertainties and disturbances caused by for instance time-varying
model errors.
The developed methods, as well as the potential of an automated design methodol-
ogy, are evaluated through extensive application studies. To verify their generality, the
methods are applied to different automotive systems, as well as a wind turbine system.
The performances of the obtained FDI-systems are good in relation to the required
engineering effort. Particularly, no specific adaption or no tuning of the methods, or the
design methodology, were made.

v
Populärvetenskaplig Sammanfattning
Syftet med denna avhandling är att utveckla metoder för automatiserad design av diag-
nossystem för att upptäcka och isolera fel i stora komplexa tekniska system. Att upptäcka
och isolera fel är viktigt för att garantera ett systems pålitlighet och driftsäkerhet. Ett exem-
pel är tunga lastbilar där förmågan att upptäcka och isolera fel är avgörande för att uppnå
och bibehålla exempelvis låga avgasemissioner, hög nyttjandegrad, hög fordonssäkerhet
och effektiva reparationer.
Ett sätt att upptäcka fel i ett system är att använda så kallade modellbaserade residualer.
En modellbaserad residual kan skapas genom att bilda skillnaden mellan en observation
från systemet och dess virtuella motsvarighet som skapas genom att simulera systemets
felfria beteende med hjälp av en matematisk modell. En residual skild från noll indik-
erar att det kan finnas något fel i systemet. Genom att använda residualer baserade på
observationer från olika delar av systemet så kan ett upptäckt fel dessutom isoleras till
en specifik komponent i systemet. Detta är framförallt viktigt för effektiva reparationer.
Design av ett komplett diagnossystem för ett stort komplext system är en utmanande
uppgift som kräver en ansenlig mängd utvecklingsarbete. För att erhålla en optimal
lösning fodras väldefinierade krav med avseende på exempelvis robusthet och de fel som
skall upptäckas och isoleras. Dessutom behövs detaljerad kunskap om systemets beteende,
dels för det felfria fallet, men framförallt för alla tänkbara felfall. Denna typ av information
är dock sällan tillgänglig åtminstone inte i början av en utvecklingsprocess. Med en
automatiserad designmetodik så kan kontinuerliga förbättringar hos diagnossystemet
göras snabbt och effektivt då nya krav och mer kunskap tillkommer. Detta innebär en
systematisering och effektivisering av utvecklingsprocessen vilket i förlängningen också
borgar för högre kvalité.
I avhandlingen utvecklas ett antal generella och teoretiskt välgrundade metoder för
att upptäcka och isolera fel i komplexa tekniska system med hjälp av modellbaserade
residualer. För att stödja en automatiserad designmetodik är metoderna utvecklade
för att kräva minimal användarinteraktion. Stora komplexa system ställer höga krav
på metodernas beskaffenheter. Exempelvis så beskrivs dessa system ofta utav stora dy-
namiska och olinjära modeller vilka måste kunna hanteras. Vidare så leder dessa systems
mångfacetterade egenskaper och komplexitet till att modellerna inte alltid är kapabla att
beskriva systemens beteende i alla situationer. Metoderna är utvecklade för att hantera
dessa svårigheter på ett systematiskt sätt.
De utvecklade metoderna, såväl som potentialen hos en automatiserad designmetodik,
utvärderas genom omfattande applikationsstudier. Metoderna appliceras med god fram-
gång för att utveckla kompletta diagnossystem för såväl en dieselmotor i en tung lastbil
som en vindkraftturbin. Slutsatsen är att metoderna kan användas för att designa ett
diagnossystem med bra prestanda till en mycket liten arbetsinsats.

vii
Acknowledgments
With this thesis I have accomplished one of my goals in life, namely to write a book. It has
been five years filled with hard but foremost inspiring and rewarding work. Neither the
writing nor the work would have been possible without a number of individual persons.
First of all, I would like to express my sincere gratitude to my supervisor Mattias
Nyberg for his guidance, devotion, and ability to inspire. His effort and capability to
continuously push things a little bit further have been invaluable. Mattias may be more
of a perfectionist than me, and I did not think that was possible.
This work has been performed as a part of a collaborative industrial research project
between Scania CV AB in Södertälje and the division of Vehicular Systems, Department
of Electrical Engineering, Linköping University.
I would like to thank my assistant supervisors Erik Frisk and Mattias Krysander for
giving discussions, and valuable comments and input. Special thanks goes to Erik for his
support and for helping me structuring this thesis, and to Mattias for his alert and astute
comments. I would also like to thank Lars Nielsen for letting me join his research group
Vehicular Systems.
Many thanks also goes to all my colleagues at Scania and Vehicular Systems for
contributing to a nice working atmosphere. Special thanks goes to Erik Höckerdal for
help with LATEX issues. Henrik Flemmer is thanked for being a supportive manager.
I also thank my managers Niklas Karpe and Peter Vansölin for letting me be a part
of this project and do research work. My former managers Mats Jennische and Peter
Madsen also deserve acknowledgments. The steering group, with chairman Nils-Gunnar
Vågstedt, are also thanked.
The work has been jointly financed by Scania CV AB and Vinnova, Swedish Govern-
mental Agency for Innovation Systems, who are also acknowledged.
Finally, I thank my family and friends for their support. Special and sincere thanks
goes to my parents, Åsa and Kjell, and sister Anna, for their understanding and encour-
agement. Last but not least, I would like to express my utmost gratitude and love to
Emma for her great support, patience, and love.

Carl Svärd
Stockholm, April 2012

ix
 Contents

1 Introduction 1
1.1 Background and Motivation . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2 Fault Detection and Isolation in Automotive Systems 5

2.1 Automotive Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.1 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2 Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.3 Characterizing Properties . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Importance of Fault Detection and Isolation . . . . . . . . . . . . . . . . 8
2.2.1 Legislative On-Board Diagnosis . . . . . . . . . . . . . . . . . . 10
2.2.2 Off-Board Diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.2.3 On-Board Fault Accommodation . . . . . . . . . . . . . . . . . 11
2.3 Requirements on FDI in Automotive Systems . . . . . . . . . . . . . . . 12

3 Design of Fault Detection and Isolation Systems 15

3.1 Fault Detection and Isolation Systems . . . . . . . . . . . . . . . . . . . 15
3.1.1 Fault Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
3.2 Detection Tests Based on Residuals . . . . . . . . . . . . . . . . . . . . . 17
3.2.1 Structure of FDI-Systems based on Residuals . . . . . . . . . . 17
3.2.2 Residual Generation . . . . . . . . . . . . . . . . . . . . . . . . . 18
3.2.3 Residual Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . 19
3.3 Design Challenges for Automotive Systems . . . . . . . . . . . . . . . . 20
3.4 Automated Design of FDI-Systems . . . . . . . . . . . . . . . . . . . . . 23
3.4.1 Design Methodology . . . . . . . . . . . . . . . . . . . . . . . . . 23

4 Summary of Main Contributions 25

4.1 Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.2 Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

xi
xii Contents

Publications 37
A Residual Generators for Fault Diagnosis using Computation Sequences with
Mixed Causality Applied to Automotive Systems 39
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2 Preliminaries and Background Theory . . . . . . . . . . . . . . . . . . . 44
2.1 Integral and Derivative Causality . . . . . . . . . . . . . . . . . . 45
2.2 Structure of Equation Sets . . . . . . . . . . . . . . . . . . . . . . 45
2.3 Structural Decomposition . . . . . . . . . . . . . . . . . . . . . . 46
2.4 Differential-Algebraic Equation Systems . . . . . . . . . . . . . 47
3 Sequential Computation of Variables . . . . . . . . . . . . . . . . . . . . 48
3.1 BLT Semi-Explicit DAE Form . . . . . . . . . . . . . . . . . . . 48
3.2 Computational Tools . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.3 Computation Sequence . . . . . . . . . . . . . . . . . . . . . . . 53
4 Sequential Residual Generation . . . . . . . . . . . . . . . . . . . . . . . 54
4.1 Proper Sequential Residual Generator . . . . . . . . . . . . . . . 55
4.2 Finding Proper Sequential Residual Generators . . . . . . . . . 57
5 Method for Finding a Computation Sequence . . . . . . . . . . . . . . . 58
5.1 Illustrative Example . . . . . . . . . . . . . . . . . . . . . . . . . 58
5.2 Summary of the Method . . . . . . . . . . . . . . . . . . . . . . 60
5.3 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
6 Application Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
6.1 Implementation and Configuration of the Method . . . . . . . 62
6.2 Performance Measures . . . . . . . . . . . . . . . . . . . . . . . . 64
6.3 Automotive Diesel Engine . . . . . . . . . . . . . . . . . . . . . . 65
6.4 Hydraulic Braking System . . . . . . . . . . . . . . . . . . . . . . 66
6.5 Realization of a Residual Generator for the Diesel Engine . . . 68
7 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
A Proofs of Theorems and Lemmas . . . . . . . . . . . . . . . . . . . . . . 72
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

B Realizability Constrained Selection of Residual Generators for Fault Diagno-

sis with an Automotive Engine Application 83
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
2 Motivating Application Example . . . . . . . . . . . . . . . . . . . . . . . 87
3 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
3.1 Realizability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
3.2 Fault Isolability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
4 The Residual Generator Selection Problem . . . . . . . . . . . . . . . . . 91
4.1 The Isolability Requirement . . . . . . . . . . . . . . . . . . . . . 91
4.2 Candidate Equation Set . . . . . . . . . . . . . . . . . . . . . . . 92
4.3 Formalization of the Selection Problem . . . . . . . . . . . . . . 92
5 Minimal Hitting Set Based Selection . . . . . . . . . . . . . . . . . . . . 93
5.1 MHS-Based Selection Algorithm . . . . . . . . . . . . . . . . . . 94
5.2 Properties of the MHS-Based Selection Algorithm . . . . . . . 95
Contents xiii

6 Greedy Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
6.1 Greedy Heuristic . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
6.2 Greedy Selection Algorithm . . . . . . . . . . . . . . . . . . . . 98
6.3 Properties of the Greedy Selection Algorithm . . . . . . . . . . 99
7 Sequential Residual Generation . . . . . . . . . . . . . . . . . . . . . . . 101
7.1 Computation Sequence . . . . . . . . . . . . . . . . . . . . . . . 102
7.2 Sequential Residual Generator . . . . . . . . . . . . . . . . . . . 102
7.3 Residual Generation Method . . . . . . . . . . . . . . . . . . . . 102
7.4 Fault Sensitivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
7.5 Necessary Realizability Criterion . . . . . . . . . . . . . . . . . . 104
8 Application Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
8.1 The Automotive Engine System . . . . . . . . . . . . . . . . . . 105
8.2 Appliance of the MHS-Based Algorithm . . . . . . . . . . . . . 106
8.3 Appliance of the Greedy Algorithm . . . . . . . . . . . . . . . . 108
8.4 Analysis of the Cardinalities of Greedy Solutions . . . . . . . . 108
8.5 Case Study of Fault Sensitivity . . . . . . . . . . . . . . . . . . . 111
9 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

C Data-Driven and Adaptive Statistical Residual Evaluation for Fault Detec-

tion with an Automotive Application 117
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
2 Problem Formulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
2.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
2.2 Probabilistic Framework . . . . . . . . . . . . . . . . . . . . . . 123
2.3 Residual Evaluation in a Hypothesis Testing Framework . . . . 125
3 GLR Test Statistic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
3.1 The Likelihood Function . . . . . . . . . . . . . . . . . . . . . . 126
3.2 Likelihood Maximizations . . . . . . . . . . . . . . . . . . . . . 128
4 Online Residual Evaluation Algorithm . . . . . . . . . . . . . . . . . . . 131
4.1 Relaxed Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
4.2 Residual Evaluation Algorithm . . . . . . . . . . . . . . . . . . . 134
4.3 Implementation Issues and Computational Complexity . . . . 136
5 Learning No-Fault Distribution Parameters . . . . . . . . . . . . . . . . 137
5.1 Problem Characterization . . . . . . . . . . . . . . . . . . . . . . 137
5.2 Problem Formulation . . . . . . . . . . . . . . . . . . . . . . . . 138
5.3 Learning Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . 141
5.4 Justification of Learning Algorithm . . . . . . . . . . . . . . . . 144
5.5 Implementation Issues . . . . . . . . . . . . . . . . . . . . . . . . 147
6 Application Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
6.1 Automotive Gas-Flow Diagnosis . . . . . . . . . . . . . . . . . . 149
6.2 Learning of No-Fault Distribution Parameters . . . . . . . . . . 149
6.3 Evaluation Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
6.4 Evaluation Results . . . . . . . . . . . . . . . . . . . . . . . . . . 153
7 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
xiv Contents

A Proofs of Theorems and Lemmas . . . . . . . . . . . . . . . . . . . . . . 159

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

D Automotive Engine FDI by Application of an Automated Model-Based and

Data-Driven Design Methodology 169
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
2 Automotive Diesel Engine System . . . . . . . . . . . . . . . . . . . . . . 173
2.1 System Description . . . . . . . . . . . . . . . . . . . . . . . . . . 173
2.2 Sensors and Actuators . . . . . . . . . . . . . . . . . . . . . . . . 174
2.3 Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
2.4 Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
3 Overview of Design Methodology . . . . . . . . . . . . . . . . . . . . . . 176
3.1 Structure of FDI-System . . . . . . . . . . . . . . . . . . . . . . . 177
3.2 Automated Design Methodology . . . . . . . . . . . . . . . . . . 177
3.3 Residual Generation . . . . . . . . . . . . . . . . . . . . . . . . . 178
3.4 Residual Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . 180
4 Design of Residual Generators . . . . . . . . . . . . . . . . . . . . . . . . 181
4.1 Candidate Residual Generators . . . . . . . . . . . . . . . . . . . 181
4.2 Residual Generator Selection and Realization . . . . . . . . . . 182
4.3 Properties of Selected Residual Generators . . . . . . . . . . . . 184
4.4 Comments on Realizability . . . . . . . . . . . . . . . . . . . . . 185
5 Design of Residual Evaluators . . . . . . . . . . . . . . . . . . . . . . . . 187
5.1 Estimation of No-Fault Residual Distributions . . . . . . . . . . 187
5.2 Residual Evaluators . . . . . . . . . . . . . . . . . . . . . . . . . 189
5.3 Fault Isolation Strategy . . . . . . . . . . . . . . . . . . . . . . . 190
6 Experimental Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
6.1 Fault Detection Performance . . . . . . . . . . . . . . . . . . . . 190
6.2 Performance of FDI-System . . . . . . . . . . . . . . . . . . . . . 195
6.3 Final Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
7 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
A Model Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

E Automated Design of an FDI-System for the Wind Turbine Benchmark 207

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
2 The Wind Turbine Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
2.1 State-Space Realization of Transfer Functions . . . . . . . . . . 211
2.2 Fault Modeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
2.3 Model Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . 213
2.4 The Model with Faults . . . . . . . . . . . . . . . . . . . . . . . . 213
3 Overview of Design Method . . . . . . . . . . . . . . . . . . . . . . . . . 214
4 Residual Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
4.1 Sequential Residual Generation . . . . . . . . . . . . . . . . . . 215
4.2 Candidate Residual Generators . . . . . . . . . . . . . . . . . . . 217
5 Selecting Residual Generators . . . . . . . . . . . . . . . . . . . . . . . . 218
Contents xv

5.1 Desired Properties of Residual Generators . . . . . . . . . . . . 218

5.2 Fault Detectability and Isolability . . . . . . . . . . . . . . . . . 218
5.3 Selection Problem Formulation . . . . . . . . . . . . . . . . . . 219
5.4 Solving the Selection Problem . . . . . . . . . . . . . . . . . . . 219
5.5 The Selection Algorithm . . . . . . . . . . . . . . . . . . . . . . . 220
5.6 Selected Residual Generators . . . . . . . . . . . . . . . . . . . . 222
6 Fault Detection and Isolation . . . . . . . . . . . . . . . . . . . . . . . . . 223
6.1 Diagnostic Test Design . . . . . . . . . . . . . . . . . . . . . . . 224
6.2 Fault Isolation Strategy . . . . . . . . . . . . . . . . . . . . . . . 225
7 Implementation Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
7.1 Parameter Discussion . . . . . . . . . . . . . . . . . . . . . . . . 226
8 Evaluation and Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
8.1 Results and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 227
8.2 Case Study of Fault ∆ω r,m1 . . . . . . . . . . . . . . . . . . . . . 228
9 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
A Algorithm for Finding a Computation Sequence . . . . . . . . . . . . . 230
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
 Chapter 1

Introduction

1.1 Background and Motivation

The ability to detect and isolate faults in complex technical systems is important in order
to fulfill dependability requirements. One important example is automotive systems,
where fault detection and isolation (FDI) is necessary in order to obtain and maintain
for instance high vehicle uptime, low exhaust emissions, high vehicle safety, efficient
repair, and good fuel economy. Uptime, repair, and fuel economy, are important factors
in order to minimize the overall life-cycle cost of an automotive vehicle, which is of great
importance for vehicle operators. Exhaust emissions are important in order to fulfill
strict legislative requirements but are also, together with vehicle safety, important for
conscious vehicle operators.
Complex technical systems aimed at commercial use are often designed for low cost
and high functionality, and not primarily to facilitate FDI. In particular, this means that
there are few sensors and foremost a limited amount of hardware redundancy in the
form of multiple sensors measuring the same quantity. To achieve good performance,
and at the same time minimize the need for expensive redundant hardware, model-based
FDI is often adopted. A model-based FDI-system typically comprises fault detection by
means of the two essential steps; residual generation and residual evaluation. In the first
step, a model of the system is used together with measurements to generate residuals, i.e.,
signals that indicate whether there is a fault in the system or not. In the second step, the
residuals are evaluated with the aim to reliably detect changes in the residual behavior
and make a decision whether the change is caused by faults in the system.
The inherent properties of complex real-world systems in general, and automotive
systems in particular, pose several difficulties and challenges when it comes to design
of model-based FDI-system. First of all, these systems are typically described by mod-
els in the form of large-scale, non-linear, and coupled differential-algebraic equations.
Consequently, this kind of models must be handled in the design of a model-based FDI-
system, in particular by the method used for design of residual generators. Furthermore,

1
2 Chapter 1. Introduction

complex systems often contain many physical interconnections which implies that the
effect of a fault may propagate in the system and that the effect will be visible in many
of the sensor measurements. This, in combination with the small number of sensors,
makes fault isolation in these systems a non-trivial problem. For instance, the problem
of fault decoupling in residual generators must be handled which in addition is further
complicated by the properties of the involved models.
Furthermore, the complexity of the systems in combination with their often many
operating modes, imply that models typically not are able to fully describe the behaviors
of systems in all operating modes. Regardless of a substantial modeling work, this
results in model-errors of time-varying nature and magnitude. In order to be able to
detect small faults in a robust way, model errors and additional uncertainties must be
handled. Specifically, this issue must be handled by the method used for design of residual
evaluators.

1.2 Objective
In an industrial context, and with the challenges and difficulties discussed above in mind,
it is clear that design of a complete model-based FDI-system for a complex real-world
system is an intricate task that demands a substantial engineering effort. To obtain an
optimal design, it is required to have well-defined requirements regarding for example
robustness and the faults to detect and isolate. In addition, it is required to have detailed
knowledge of the behavior of the supervised system. Both in the no-fault case, but in
particular also in all fault cases. This kind of information is however seldom available for
real-world systems, at least not during early stages in the design process. To conform to
this situation, an iterative design process is adopted in this thesis. In this way, continuous
improvements of the FDI-system can be made as more knowledge is obtained and
additional requirements arise along the design process.
The overall objective of the thesis is to develop generic, systematic, and theoretically
sound methods for design of model-based FDI-systems for complex real-world systems.
In addition, in order to facilitate the adopted iterative design process, the methods are
aimed at supporting an automated design methodology and require a minimum amount
of human interaction. By means of an automated design methodology, the FDI-system
can be rapidly redesigned and reconfigured which makes the iterative design process
more efficient and systematic, and also contributes to higher quality. All these issues are
essential in an industrial context.

1.3 Outline
The thesis is divided into two parts. The first part aims at providing the information
necessary for placing the contributions of the second part in a scientific and industrial
context. The first part consists of Chapters 2, 3, and 4. Chapter 2 discusses FDI in
automotive systems with the aim to provide an application oriented background and
motivation to the work carried out in the thesis. Chapter 3 considers design of FDI-
1.3. Outline 3

systems, both in a general and theoretical context, and in an industrial context. Finally,
Chapter 4 summarizes the main contributions of the thesis.
The second part consists of five papers enclosed as Papers A - E. Papers A and B
consider residual generation, and Paper C residual evaluation. Papers D and E contain
application studies in the form of an automotive diesel engine system and wind turbine
system, respectively. These papers demonstrate and evaluate the applicability of the
methods developed in Papers A, B, and C, in particular, and the potential of an automated
design methodology in general.
 Chapter 2

Fault Detection and Isolation

in Automotive Systems

This chapter discusses fault detection and isolation (FDI) in the context of automotive
systems. The overall aim is to provide an application oriented background and motivation
to the work carried out in this thesis. The chapter is structured as follows. Section 2.1
presents some automotive systems where FDI is important, and discusses some of their
characterizing properties of significance in this context. Section 2.2 elaborates on the
importance of FDI as a mean to fulfill a set of requirements on automotive systems.
Different activities involving FDI aimed at guarantee fulfillment of these requirements
are also discussed. Finally, Section 2.3 presents a set of requirements for FDI in automotive
systems. This is done from an industrial perspective, taking the properties of automotive
systems in Section 2.1, as well as the properties of the different activities in Section 2.2,
into account.

2.1 Automotive Systems

The intention with this section is to give examples of some automotive systems where
FDI is important, and also of typical faults that may occur in these systems. Finally, some
characteristic properties of automotive systems of particular significance in the context
of FDI are highlighted.

2.1.1 Examples
A modern automotive vehicle is a complex cyber-physical system that contains electrical,
mechanical, chemical, and thermo-dynamical, sub-systems. Of particular interest for
heavy-duty vehicles is the diesel engine, which is frequently used as an application
example in this thesis. In order to meet requirements in terms of fuel economy, emissions,

5
6 Chapter 2. Fault Detection and Isolation in Automotive Systems

Figure 2.1: A Scania 13-liter, 6-cylinder diesel engine equipped with EGR and VGT.
(Courtesy of Scania CV AB. Illustration by Semcon Informatic Graphic Solutions.)

and driveability, a modern diesel engine is equipped with for example Exhaust Gas
Recirculation (EGR), Variable Geometry Turbocharger (VGT), and intake manifold
throttle, see Figures 2.1, 2.2, and 2.3a. To purify exhausts, diesel engines interact with,
and are dependent on, one or several advanced after-treatment systems such as a Diesel
Particulate Filter (DPF), and a Selective Catalytic Reduction (SCR) system, see Figure 2.3b.
In addition, to further increase driveability and meet safety requirements, they interact
with other complex systems in the power train like an automatic gearbox and an auxiliary
hydraulic braking system, see Figure 2.4.

2.1.2 Faults
All of the above mentioned systems are, due to their function and complexity, vulnerable
to faults. To investigate which faults to detect and isolate, Failure Mode Effect Analysis
(FMEA) (Stamatis, 1995) and Fault Tree Analysis (FTA) (Haasl et al., 1981) may be
carried out. For the specific case of automotive engines, emission critical faults are
of special interest. Much effort is therefore spent on testing the engines in test-beds
where faults can be injected and emissions measured. Typical emission critical faults are
faults affecting the fuel-injection system, the cooling system, and the gas-flow system,
faults in all sensors and actuators, and faults affecting after-treatment systems like the
SCR-system and the DPF. Specific examples are gas-leakages in the VGT- or EGR-system,
bad UREA quality in the SCR-system, broken or missing filter substrate in the DPF,
or a bias- or gain fault in a sensor. Sensors and actuators are in themselves complex
cyber-physical systems, and are particularly sensitive to faults, in comparison with for
example purely mechanical systems. It is therefore important that especially faults in
sensors and actuators in automotive systems can be detected and isolated.
2.1. Automotive Systems 7

(a) Exhaust Gas Recirculation (EGR). (b) Variable Geometry Turbocharger (VGT).

Figure 2.2: To meet requirements in terms of fuel economy, emissions, and driveability,
a modern diesel engine is equipped with EGR and VGT. (Courtesy of Scania CV AB.
Illustration by Semcon Informatic Graphic Solutions.)
Cooled recirculated gas

Urea

Air

Recirculated gas
Catalytic Exhaust
converter gas

Engine

Exhaust gas Intake air NH3+NOx N2+H2O

(a) Schematic of EGR-system. (b) Schematic of SCR-system.

Figure 2.3: Usage of EGR and/or SCR in diesel engines reduces the generation of NOx.
(Courtesy of Scania CV AB. Illustrations by Semcon Informatic Graphic Solutions.)

2.1.3 Characterizing Properties

Some characterizing properties of automotive systems, and many large real-world systems
in general, of particular significance in the context of FDI, are highlighted below.

Few Sensors Automotive systems are typically designed for low cost and high func-
tionality, and not primarily to facilitate FDI. Foremost, this means that there are
few sensors in general, and in particular that there is limited, or no, hardware
redundancy in the form of multiple sensors measuring the same physical quantity.

Many Operating Modes Automotive system are typically designed to operate in a num-
ber of different operating modes and normal operation usually involves several of
these. For the example of a diesel engine, operating modes are typically determined
by engine torque and engine speed. One operating mode is characterized by low
8 Chapter 2. Fault Detection and Isolation in Automotive Systems

Figure 2.4: Scania GR875R 8-speed gearbox with a retarder. The retarder is a hydraulic
braking system used on heavy duty trucks for long continuous braking, for example
to maintain constant speed down a slope. (Courtesy of Scania CV AB. Illustration by
Semcon Informatic Graphic Solutions.)

engine speed and high engine torque, and another mode by high engine speed,
but low engine torque.
Highly Interconnected Automotive systems often contain many physical interconnec-
tions. For an example, the exhaust and intake parts of the diesel engine depicted
in Figure 2.1 are coupled by means of the shaft connecting the turbine and the
compressor. This implies that the effect of a fault may propagate in the system and
effects will be visible in many of the measurements.
Complex Models Typically, physical modeling based on first principles of physics is
utilized for modeling of automotive systems. As a consequence of the inherent
complexity of automotive systems, as well as their multi-domain features, modeling
typically results in large-scale, highly non-linear, differential-algebraic equations.
In addition, due to the many interconnections in the systems, models are often
highly coupled.

2.2 Importance of Fault Detection and Isolation

Automotive vehicles are designed in order to fulfill requirements in terms of:
• high vehicle uptime,
• low exhaust emissions,
2.2. Importance of Fault Detection and Isolation 9

Availability
Uptime
Reliability
Emissions
Dependability Safety
Safety
Integrity
Repair
Maintainability

Figure 2.5: High vehicle uptime, low exhaust emissions, high vehicle safety, as well as
efficient repair, are important for the dependability of an automotive vehicle.

• high vehicle safety,

• efficient repair,

• good fuel economy,

• high driveability.

High vehicle uptime together with efficient repair, in the sense that the time at the work-
shop is minimized, maximizes the possible revenue for a vehicle operator. Good fuel
economy and efficient repair, in the sense that no unnecessary parts are changed, mini-
mizes the vehicle cost. Vehicle uptime, repair, and fuel economy, are thus all important
factors in order to minimize the overall life-cycle cost of an automotive vehicle. This, in
combination with high safety and high driveability, is of great importance for vehicle
operators. Requirements on low exhaust emissions are mainly driven by legislations.
The properties high vehicle uptime, low exhaust emissions, high safety, as well as
efficient repair, are all examples of the more general dependability (Laprie, 1992; Storey,
1996) attributes availability, reliability, safety, integrity, and maintainability, see Figure 2.5.
A fault in the vehicle or any of its sub-systems may lead to a failure in the form of an
impairment of any of the required properties listed above, for instance in the form of a
standstill vehicle, increased exhaust emissions, or a non-functional braking system. Such
consequences may be prevented, or at least reduced, if the fault can be detected, isolated,
and accommodated. Thus, FDI is a mean in order to achieve the properties above.
To ensure achievement of the required properties, FDI is performed by means of the
three activities:

• legislative on-board diagnosis,

• off-board diagnosis,

• on-board fault accommodation.

For an illustration, see Figure 2.6. These activities may be performed independently,
but typically there are dependencies. For instance, results from legislative on-board
diagnosis may be exploited for off-board diagnosis at the workshop. Nevertheless, the
ability to be able to detect and isolate faults, to some extent, is important for all three
activities. Next, the different activities will be discussed.
10 Chapter 2. Fault Detection and Isolation in Automotive Systems

Uptime

Emissions Legislative On-Board Diagnosis

Safety
Off-Board Diagnosis Fault Detection and Isolation
Repair

Fuel Economy On-Board Fault Accomodation

Driveability

Figure 2.6: Legislative on-board diagnosis, off-board diagnosis, and on-board fault
accommodation, are important activities in order to achieve properties such as high
vehicle uptime, low exhaust emissions, high safety, efficient repair, good fuel economy,
and high driveability. All these activities involve fault detection and isolation.

2.2.1 Legislative On-Board Diagnosis

The on-board diagnosis (OBD) legislations (United Nations, 2008; European Parlia-
ment, 2009; California EPA, 2010; United States EPA, 2009) state that all manufactured
automotive vehicles must be equipped with a high precision OBD-system capable of
detecting faults in all components that, if broken, lead to emissions over pre-defined
OBD-thresholds during a specific driving cycle. In addition, it is required that emission
critical faults can be isolated. In the OBD-legislations, faults are classified according
to their emission criticality and different classes requires different actions. A sufficient
action for most faults is activation of a malfunction indicator light (MIL), but severe
faults require engine torque limitation, or even engine shutdown. OBD is performed
in electronic control units (ECUs), as the vehicle operates on the road. For heavy-duty
trucks, emissions of especially nitrogen oxides (NOx) and particulate matter (PM) are
crucial. Upcoming legislations in the European Union, Euro VI, require substantially
lowered emissions, see Table 2.1.
The upcoming functional safety standard ISO 26262 may result in legislative require-
ments for faults that may lead to an impairment of the vehicle safety. This will require
additional FDI and substantially increase the amount of legislative on-board diagnosis.

2.2.2 Off-Board Diagnosis

Off-board diagnosis refers to activities performed off-board the vehicle, typically in the
workshop by a mechanic and with additional external computer support. In this setting,
FDI can be combined with decision-theoretic troubleshooting, see, e.g., Heckerman et al.
(1995); Langseth and Jensen (2002); Warnquist (2011), in order to not only locate but also
replace faulty components. The overall aim of off-board fault diagnosis is to guarantee
efficient repair of the vehicle, which in turn contributes to high vehicle uptime.
Due to hardware limitations on-board the vehicle and the ability to actively excite
systems when the vehicle is at the workshop, off-board detection and isolation of faults
potentially give better and more precise results for repair purposes. In addition, it is
possible to exploit more knowledge and information from, and regarding, the vehicle in
an off-board setting, and to use more powerful fault isolation methods, e.g., Bayesian fault
2.2. Importance of Fault Detection and Isolation 11

Table 2.1: EU Emission Standards for HD Diesel Engines, g/kWh (smoke in m−1 )

Tier Date Test CO HC NOx PM Smoke

Euro I 1992, < 85 kW ECE R-49 4.5 1.1 8.0 0.612
1992, > 85 kW 4.5 1.1 8.0 0.36
Euro II 1996-10 4.0 1.1 7.0 0.25
1998-10 4.0 1.1 7.0 0.15
Euro III 1999-10, EEVs only ESC & ELR 1.5 0.25 2.0 0.02 0.15
2000-10 ESC & ELR 2.1 0.66 5.0 0.1 0.8
0.131
Euro IV 2005-10 1.5 0.46 3.5 0.02 0.5
Euro V 2008-10 1.5 0.46 2.0 0.02 0.5
Euro VI 2013-01 1.5 0.13 0.4 0.01
1
for engines of less than 0.75 dm3 swept volume per cylinder and a rated power speed
of more than 3000 min−1

isolation (Jensen and Nielsen, 2007; Schwall and Gerdes, 2002; Pernestål and Warnquist,
2012). Examples of additional knowledge and information may be measurements and
on-board diagnosis results from all ECUs in the vehicle, and history from previous
workshop visits, etc. These issues greatly contribute to better and more precise FDI
results. Nevertheless, despite the quite different prerequisites, FDI is of great importance
also in the context of off-board diagnosis.

2.2.3 On-Board Fault Accommodation

On-board fault accommodation, or fault management, is performed in ECUs on-board

the vehicle during operation on the road. The aim of on-board fault accommodation is to
prevent detected and isolated faults from developing into critical failures by taking appro-
priate actions, and thereby guarantee high vehicle uptime, high safety, high driveability,
and also good fuel economy. With upcoming requirements such as the functional safety
standard ISO 26262, it is likely that the amount of safety related fault accommodation
will increase.
Typically, different faults require different actions. A common action is reconfigura-
tion of the control system by means of fault tolerant control (FTC), see, e.g., Blanke et al.
(2006); Yang et al. (2010). For instance, a fault in a sensor used in closed-loop control is
accommodated by switching to open-loop control or by instead using a virtual alternative,
e.g., a modeled value, to the faulty sensor and maintain closed-loop control. Some critical
faults may however require more intricate actions such as system shutdown. In order
to conduct the best possible action at any time, it is important to know which fault that
has occurred and thus fault isolation is important also in the context of on-board fault
accommodation.
12 Chapter 2. Fault Detection and Isolation in Automotive Systems

Fault Detection Fault

and Isolation Accommodation

System A System B System C

Figure 2.7: Centralized fault accommodation.

System A System B System C

Fault Detection Fault Detection Fault Detection

and Isolation and Isolation and Isolation

Fault Fault Fault

Accommodation Accommodation Accommodation

Figure 2.8: Decentralized fault accommodation.

Centralized and Decentralized Fault Accommodation

Traditionally in the literature, centralized fault accommodation is adopted, where a cen-
tralized FDI unit is used together with a centralized fault accommodation manager, see,
e.g., Blanke et al. (2006), and Figure 2.7. However, this creates extra dependencies which
increase the complexity and thus this approach is non-modular and scales badly with
the size of the system.
Therefore, for large scale automotive systems with functionality distributed over
several ECUs, decentralized fault accommodation may be more appropriate in order to
handle the inherent complexity and making the fault accommodation problem more
tractable, see Nyberg and Svärd (2010a,b). Using this approach, the FDI, as well as
the fault accommodation, is performed locally in a distributed manner, see Figure 2.8.
Independent of which fault accommodation approach that is adopted, FDI is nevertheless
needed.

2.3 Requirements on FDI in Automotive Systems

The properties of automotive systems discussed in Section 2.1.3, in combination with the
attributes of the different activities discussed in Section 2.2, impose certain requirements
on how FDI is performed from and industrial perspective. The most important of these,
in the context of this thesis, are listed below.

Existing Hardware Due to cost reasons and space limitations, it is not a desired option
to mount additional hardware in the form of for instance multiple sensors, in order
2.3. Requirements on FDI in Automotive Systems 13

to detect and isolate faults. Thus, FDI in automotive systems should be performed
by using existing hardware only.
Small Faults As said, the OBD-legislations require detection of all faults that may lead
to increased exhaust emissions. Typically, this require detection of small faults in
particularly sensor and actuators. For instance, many emission related automotive
systems, e.g., the SCR-system, are dependent on correct sensor values for control
and, as said in Section 2.1.2, sensors are particularly prone to faults. Even such a
small fault as a deviation of a sensor value by 10 % may lead to incorrect control of
these systems, which in turn may lead to increased emissions.
On-Board Implementation Apart from the particular case of off-board diagnosis, FDI
is to be performed in an on-board environment subject to constraints on com-
putational power and memory, and in some cases also on strict computational
deadlines, i.e., real-time. Thus, it is desirable that the FDI can be performed in this
environment.
Robustness The many operating modes of automotive systems, as discussed in Sec-
tion 2.1.3, in combination with the urge to be able to handle different vehicle
configurations and vehicle individuals, pose strict requirements on the robustness
of the FDI.
Systematic Design In order to obtain an FDI-system of high quality, and at the same
time enable reconfiguration, redesign, and an efficient overall design process, it is
desirable that the methodology used to design the system is systematic.

These requirements will be further considered in the next chapter, in which design of
FDI-systems is considered.
 Chapter 3

Design of Fault Detection and Isolation Systems

While Chapter 2 aimed at providing an application oriented motivation and background

to the work in this thesis, the overall purpose of this chapter is to place the contributions
in a scientific and industrial context. To this end, this chapter considers design of fault
detection and isolation (FDI) systems, first from a general point of view, and then in the
context of automotive systems and Chapter 2. The chapter is structured as follows. In
Sections 3.1 and 3.2 some theoretical concepts from the field of model-based diagnosis
in general, and FDI in particular, are briefly introduced. For further details, refer to for
instance Blanke et al. (2006); Chen and Patton (1999); Hamscher et al. (1992). Section 3.3
discusses some difficulties and challenges that are encountered and must be handled
when designing FDI-systems for automotive systems under the prerequisites discussed
in Chapter 2. In Section 3.4, design of FDI-systems in an industrial context is discussed
and the automated design methodology adopted in this thesis is presented.

3.1 Fault Detection and Isolation Systems

A typical FDI-system consists of a set of fault detection tests and a fault isolation scheme,
see Figure 3.1. The input to the FDI-system is a set of observations, i.e., measurements,
from the supervised system, and the output is a diagnosis statement. The diagnosis
statement contains a collection of faults that can be used to explain the observations.
Given a set of observations, y, the outcome of a detection test τ i is a binary fault
detection result, d i , equal to for instance 1 if the test has alarmed, or equal to 0, otherwise.
To enable fault isolation, different detection tests typically monitors different faults, and
thus different parts of the system. Each fault detection test typically utilizes a subset of
the observations in order to determine if any fault is present in its monitored part of the
system.
Common traditional approaches for construction of fault detection tests are for
example limit checking, i.e., to check if a sensor is within its normal operating range, or

15
16 Chapter 3. Design of Fault Detection and Isolation Systems

Detection Test 1

Fault Isolation
Detection Test 2
Observations Diagnosis Statement
⋮

Detection Test n

Figure 3.1: A typical FDI-system consists of a set of fault detection tests and a fault
isolation scheme.

to employ hardware redundancy. For instance, if two sensors are used to measure the
same physical quantity, it is possible to test if one of the sensors is faulty by comparing
the values of the sensors. Another approach, providing potentially increased diagnosis
performance and in which the need of additional, redundant, hardware is avoided, is to
use detection tests based on residuals. Detection tests based on residuals will be further
discussed in Section 3.2.

3.1.1 Fault Isolation

There are several approaches for fault isolation, most originating from the field of Artificial
Intelligence (AI), see, e.g., de Kleer and Williams (1987); Reiter (1987); Greiner et al. (1989).
Another approach is Bayesian fault isolation, see, e.g.,Jensen and Nielsen (2007). Here, in
order to briefly illustrate the concept of fault isolation a method referred to as structured
residuals (Gertler, 1991), or structured hypothesis tests (Nyberg, 2002) will be considered.
For an example, consider a set of detection tests {τ 1 , τ 2 , τ 3 } constructed to detect
and isolate three faults, { f 1 , f 2 , f 3 }. The following fault signature matrix,

f1 f2 f3
τ1 1 1
(3.1)
τ2 1 1
τ3 1 1

shows which tests that are sensitive to which faults, i.e., test τ 1 is sensitive to faults f 2 and
f 3 , and so on. Now assume a situation where tests τ 1 and τ 2 , but not τ 3 , have alarmed.
The outcome from the detection tests are thus d 1 = 1, d 2 = 1, and d 3 = 0, which combined
with the fault signature matrix (3.1) results in the sub-diagnosis statements D 1 = { f 2 , f 3 },
D 2 = { f 1 , f 3 }, and D 3 = { f 1 , f 2 , f 3 }. The latter is due to a common convention, saying
that nothing can be deduced regarding the status of the system if a test has not alarmed.
The diagnosis statement D then becomes

D = D1 ∩ D2 ∩ D3 = { f2 , f3 } ∩ { f1 , f3 } ∩ { f1 , f2 , f3 } = { f3 } ,

and it can be concluded that fault f 3 is present. In general, considering an FDI-system

containing the detection tests {τ 1 , τ 2 , . . . , τ n }, where the outcome of the test τ i is a
3.2. Detection Tests Based on Residuals 17

detection result d i with a corresponding sub-diagnosis statement D i . Under a single

fault assumption, the diagnosis statement D can be obtained as
n
D = ⋂ Di ,
i=1

for multiple faults, see, e.g., de Kleer and Williams (1987).

3.2 Detection Tests Based on Residuals

A residual is a signal ideally zero in the no-fault case and non-zero otherwise. A residual
generator, R i , takes measurements, y, from the supervised system as input, and produces
a residual, r i , as output, i.e., r i = R i (y). A common way to construct a fault detection
test based on a residual is to evaluate its behavior in order to conclude whether or not a
fault is present in its monitored part of the system. This is done by means of a residual
evaluator, Ti , taking a residual r i as input and producing a detection test result d i as
output, i.e., d i = Ti (r i ). Typically, residual evaluation is performed by forming a test
quantity from the residual and then threshold the test quantity. In this case, a detection
test τ i based on the residual r i = R i (y), by means of a residual evaluator d i = Ti (r i ),
has the form
⎧
⎪
⎪1 if λ i (r i ) > J i
d i = τ i (y) = Ti (R i (y)) = ⎨ (3.2)
⎪
⎪0 if λ i (r i ) ≤ J i ,
⎩
where λ i is a test quantity, and J i is a detection threshold. Methods for residual generation
and residual evaluation will be discussed in Sections 3.2.2 and 3.2.3, respectively.
In Figure 3.2, a residual r and test quantity λ created for fault detection in an automo-
tive diesel engine are shown. A fault occurs at t = 700 s. First of all, it is noted that the
behavior of the residual r is non-ideal, in the sense that the residual is non-zero both in
the no-fault and fault cases. Moreover, it can be seen that the response of the residual to
the fault is subtle. Nevertheless, as indicated by the behavior of the test statistic λ, the
fault can be detected by an appropriate residual evaluation.

3.2.1 Structure of FDI-Systems based on Residuals

An FDI-system with fault detection tests based on residuals typically have the structure
shown in Figure 3.3. Observations y in the form of measurements from the supervised
system are used as input to a residual generation block, which contains a set of residual
generators, R 1 , R 2 , . . . , R n . The output from the residual generation block is a set of resid-
uals r 1 , r 2 , . . . , r n , with r i = R i (y). The residuals r 1 , r 2 , . . . , r n are used as input to the
residual evaluation block, which contains a set of residual evaluators, T1 , T2 , . . . , Tn . The
output from the residual evaluation block is a set of fault detection results, d 1 , d 2 , . . . , d n ,
with d i = Ti (r i ). These are used as input to the fault isolation block, where the detected
fault(s) are isolated.
18 Chapter 3. Design of Fault Detection and Isolation Systems

4
x 10
6

0
r

−2

−4

−6
600 650 700 750 800 850

1500
λ

1000

500

600 650 700 750 800 850

Time [s]

Figure 3.2: A residual r (top) and test quantity λ (bottom) created for fault detection in
an automotive diesel engine. The red dashed line is the detection threshold J. A fault
occurs at t = 700 s. Note the non-ideal behavior of the residual and its subtle response to
the fault. By an appropriate residual evaluation by means of the test quantity λ, the fault
can nevertheless be detected.

3.2.2 Residual Generation

Typically, residual generators are constructed by using a mathematical model of the
system. For instance, a residual can be obtained as the comparison between a value
estimated by a model and the corresponding measured quantity. The residual generator
consists in this case of the model used for the estimation and the equation describing
the comparison, referred to as the residual equation.
One approach to residual generation that is of particular interest in this thesis is
sequential residual generation, see, e.g., Staroswiecki and Declerck (1989); Cassar and
Staroswiecki (1997); Staroswiecki (2002); Pulido and Alonso-González (2004); Ploix et al.
(2005); Travé-Massuyès et al. (2006); Blanke et al. (2006). This approach has shown to
be successful for real applications (Dustegor et al., 2006, 2004; Izadi-Zamanabadi, 2002;
Cocquempot et al., 1998), and in addition has the potential to be automated to a high
extent.
Additional approaches include for instance observer-based residual generation, see,
e.g., Massoumnia et al. (1989); Hammouri et al. (2001); De Persis and Isidori (2001); Li
and Kadirkamanathan (2001); Martínez-Guerra et al. (2005); Kaboré et al. (2000); Hou
(2000); Patton and Hou (1998); Gao and Ding (2007); Vemuri et al. (2001); Shields (1997),
3.2. Detection Tests Based on Residuals 19

Residual Residual Fault

Generation Evaluation Isolation

Measurements Residuals Detection Results Isolation Results

Figure 3.3: An FDI-system with fault detection tests based on residuals by means of
residual generation and residual evaluation.

parity-space methods, e.g., Chow and Willsky (1984); Nyberg and Frisk (2006); Varga
(2003), and frequency domain methods, e.g., Frank and Ding (1994).

Fault Decoupling
To achieve a specific fault signature matrix, for example one similar to (3.1), decoupling
of faults in residuals is needed. The faults that are decoupled are referred to as non-
monitored faults, whereas the faults not decoupled are called monitored faults. In the
example of Section 3.1.1, fault f 1 is decoupled in τ 1 , which means that for τ 1 , fault f 1 is a
non-monitored fault and f 2 and f 3 are monitored faults. Decoupling of faults in a set of
tests based on residuals, means that the residuals must be sensitive to different subsets of
faults.
In the context of fault isolation, fault decoupling is a fundamental problem in residual
generation. In most of the observer-based residual generation methods mentioned
above, decoupling of faults is obtained by transforming the original model into a sub-
model where only the faults of interest are present. In sequential residual generation
methods, the original model is often divided into sub-models with specific properties
and residual generators are then designed for each sub-model. Since a residual generator
only is sensitive to those faults affecting its corresponding sub-model, all other faults are
decoupled.

3.2.3 Residual Evaluation

As said, the aim of residual evaluation is to detect changes in the residual behavior
caused by faults in the system. Typical components of a residual evaluator are a test
quantity λ i and detection threshold J i , see (3.2). There are, in essence, two main ap-
proaches (Ding et al., 2007) for design of the test quantity and threshold; statistical
residual evaluation (Willsky and Jones, 1976; Gertler, 1998; Basseville and Nikiforov,
1993; Peng et al., 1997; Al-Salami et al., 2006; Blas and Blanke, 2011; Wei et al., 2011), and
norm-based residual evaluation (Emami-Naeini et al., 1988; Frank, 1995; Frank and Ding,
1997; Sneider and Frank, 1996; Chen and Patton, 1999; Zhang et al., 2002; Zhong et al.,
2007; Ingimundarson et al., 2008; Al-Salami et al., 2010; Li et al., 2011; Abid et al., 2011).
In the statistical approach, the framework of statistical hypothesis testing is exploited
for design of the test quantity, or test statistic, which typically is based on a likelihood
ratio (Gustafsson, 2000). In norm-based approaches, the test quantity is instead based
on some norm of the residual, e.g., the mean-power.
20 Chapter 3. Design of Fault Detection and Isolation Systems

Uncertainties
Typically, and as was illustrated in Figure 3.2, residuals are not perfectly zero in the no-
fault case due to uncertainties in the form of for example model errors and measurement
noise. This may decrease the ability to detect faults and also lead to false detections.
The approach used to design the test quantity and threshold in (3.2) are thus important
means in order to handle uncertainties and thus guarantee good fault detection. For
both statistical and norm-based residual evaluation, adaptive thresholds (Clark, 1989;
Frank, 1994; Sneider and Frank, 1996) is a traditional approach to handle uncertainties.
The non-ideal behavior of the residual r in Figure 3.2 is a direct consequence of uncer-
tainties in the form of model errors. As illustrated by the fact that the fault nevertheless
can be detected by means of the test statistic λ, these uncertainties are handled by proper
residual evaluation.

3.3 Design Challenges for Automotive Systems

In Section 2.1.3, it was concluded that automotive systems typically are equipped with
few sensors, have many operating modes, contain many physical interconnections, and
are described by complex models. Further, it was in Section 2.3 required that FDI in
automotive systems should be done in order to, as far as possible, only use existing
hardware, be able to detect small faults, be implementable in an on-board environment,
and also be robust against uncertainties. In addition, it was concluded that all these
desired properties should be achieved by means of a systematic and efficient design
methodology.
The prerequisites in terms of the properties of automotive systems, in combina-
tion with the requirements on the FDI for these systems, pose several challenges and
difficulties that must be handled by the methods used for design of the FDI-system.

Fault Decoupling
As said earlier, fault decoupling is essential in order to obtain fault isolation. The fact
that automotive systems typically not are equipped with multiple sensors from start, in
combination with the requirement to only use existing hardware for FDI, implies that it
is necessary to employ analytical redundancy and model-based FDI in order to obtain
good performance. This typically leads to an FDI-system with detection tests based on
model-based residuals, as was considered in Section 3.2.
In addition, the many physical interconnections in an automotive system implies
that the effect of a fault may propagate in the system and that the effects will be visible in
many of the measurements. This fact, in combination with the small number of sensors,
makes decoupling of faults a non-trivial problem. Thus, it is of great importance that the
methods used to design an automotive FDI-system, in particular the residual generation
method, are able to handle this issue. Regarding the requirement concerning systematic
design, it is important that the residual generation method facilitates fault decoupling in
a systematic manner.
3.3. Design Challenges for Automotive Systems 21

20

40

60

80
Equations

100

120

140

160

180

200
1 20 40 60 80 100 120 140 160 180 200
Variables

Figure 3.4: The structure of a part of a model of an automotive diesel engine where the
rows correspond to model equations and columns to variables in the model. A black
square in position (i, j) indicates that equation i contains variable j. The red square
illustrates a coupled part of the model corresponding to a differential-algebraic loop. It
may be noted the loop involves almost 50% of the equations. A fault affecting any of the
equations in the coupled part of the model will influence all other equations in that part.

Model Complexity
As said, automotive systems in general, and automotive diesel engines in particular, yield
models in the form of large-scale, non-linear, and coupled differential-algebraic equations.
The methods used in the design of the FDI-system, in particular the residual generation
method, must thus be able to handle such models in a systematic manner. Moreover,
regarding the requirement concerning on-board implementability of automotive FDI-
systems, it is important that the output of the residual generation method, i.e., the set of
residual generators, is suitable for implementation in an on-board environment despite
the complexity of the model used as input.
As said, models of automotive systems are often coupled due to the many intercon-
nections in these systems. In particular, this results in algebraic and differential loops or
cycles (Blanke et al., 2006; Katsillis and Chantler, 1997) comprised of sets of equations
that contains the same set of unknown variables. This is illustrated in Figure 3.4 which
shows the structure, i.e., which equations that contain which unknown variables, of a
part of a model of an automotive diesel engine. It may be noted that the loop shown in
22 Chapter 3. Design of Fault Detection and Isolation Systems

25

δpic [%]
20
15
10
5

850 900 950 1000 1050

40
δpim [%]

30
20
10

850 900 950 1000 1050

20
δpem [%]

15
10
5

850 900 950 1000 1050

Time [s]

Figure 3.5: Relative model errors for the intercooler manifold pressure pim , intake man-
ifold pressure pim , and exhaust manifold pressure pem , for a model of an automotive
diesel engine during a part of the World Harmonized Transient Cycle (WHTC). Note
that the magnitude of the model errors vary with time.

Figure 3.4 involves almost 50 % of the equations in the model.

Uncertainties
Due to the inherent complexity of automotive systems, in combination with their many
operating modes, models are typically not capable of capturing the behaviors of systems
in all different operating modes. This results in uncertainties in the form of model
errors, in particular stationary errors (Höckerdal et al., 2011a,b), regardless of substantial
modeling work. In addition, due to the typically unfriendly environment in terms of for
example high temperatures in or around automotive systems, there are also uncertainties
in the form of measurement errors and noise in sensors.
Typically, the magnitudes and nature of these uncertainties are different for different
operating modes. For example, the model may be more accurate in one operating mode
than another, and a sensor may be more or less sensitive to noise in different operating
modes. Since the operating mode of the system varies with time, so does the magnitudes
and nature of the uncertainties. This is illustrated in Figure 3.5, which shows relative
model errors for three state-variables in a model of an automotive diesel engine during a
part of the World Harmonized Transient Cycle (WHTC). Clearly, the magnitude of the
model errors vary with time. To meet the posed requirements regarding small faults and
robustness, this issue must be handled by the FDI-system. In particular, uncertainties
may lead to residuals with the non-ideal behavior illustrated in Figure 3.2 and in order to
3.4. Automated Design of FDI-Systems 23

be able to detect small faults, it is important that uncertainties are handled in the residual
evaluation.

3.4 Automated Design of FDI-Systems

Taking the challenges discussed in Section 3.3 into account, it is clear that design of a
complete FDI-system for an automotive system, and large-scale real world systems in
general, is an intricate and complex task that demands a substantial engineering effort.
To obtain an optimal design, it is required to have well-defined requirements regarding
for example robustness and the faults to detect and isolate, as well as detailed knowledge
of the behavior of the supervised system both in the no-fault case, but in particular also
in all fault cases. However, this kind of information is seldom available for real systems,
at least not during early stages in the design process.
Conforming to this situation, an iterative design methodology is adopted in this
thesis. In this way, continuous improvements of the FDI-system can be made as more
knowledge is obtained and additional requirements arise along the design process. To
support rapid redesign and reconfiguration, and in this sense make the overall design
process more efficient, it is desirable to automate as many steps as possible of the design
methodology. In addition, an automated methodology makes the design process more
systematic which also contributes to higher quality.

3.4.1 Design Methodology

The considered design methodology is conceptually illustrated in Figure 3.6. The method-
ology supports design of the residual generation and residual evaluation blocks in an
FDI-system with a structure in accordance with Figure 3.3.
The methodology is comprised of three main design stages. Firstly, residual genera-
tors are designed given a model of the supervised system and requirements regarding
which faults to detect and isolate, robustness, computational power and memory. Design
of residual generators is in this work, as in Nyberg (1999); Krysander (2006); Nyberg
and Krysander (2008), considered to be a two-step approach, see Figure 3.7. In the first
step, given the model, a large number of candidate residual generators is found, and in
the second step a set of residual generators fulfilling the given requirements is selected
and realized, i.e., put in a form suitable for implementation.
In the second stage, given the set of residual generators from the first stage and data in
the form of measurements from the supervised system, residual evaluators are designed.
The third and final stage is to evaluate the complete FDI-system with respect to the given
requirements. In particular, it is necessary to investigate the sensitivity of the detection
tests, comprised of the residual generators and residual evaluators, to the required set
of faults in the presence of uncertainties and disturbances. For this, data in the form
of measurements from the supervised system in a set of representative fault-cases, is
needed. The results of the evaluation are then analyzed and the process is, if necessary,
repeated with revised requirements.
24 Chapter 3. Design of Fault Detection and Isolation Systems

Requirements
and Data

Design of Residual Design of Residual

Model Residual Generators Generators Residual Evaluators Evaluators

Evaluation

Data

Figure 3.6: The considered methodology for design of FDI-systems.

Create Candidate Candidate Select and Realize Residual

Model Residual Generators Residual Residual Generators Generators
Generators

Requirements

Figure 3.7: The considered two-step approach for design of residual generators.

It is noted that the available amount of fault data typically is substantially lower than
the available amount of no-fault data for a number of reasons. First of all, this is due
to the fact that faults are rare. To create fault data, one alternative is to inject faults in
the real system. This is however considered to be expensive, both in terms of time and
money, since it typically require hardware modifications and active usage of the system.
Another alternative is to create fault data by simulation. To give realistic results, this
on the other hand requires models capable of describing the faulty system, which in
turn require detailed knowledge regarding the behavior of the faulty system and possibly
also its environment. This kind of information is seldom available for real applications.
Consequently, it may not be possible to exploit fault data in all stages of the design
methodology, even though this is highly desirable.
 Chapter 4

Summary of Main Contributions

The overall contribution of this thesis is a set of generic and theoretically sound methods
for design of FDI-systems, aimed at supporting an automated design methodology.
Specifically, this thesis contributes to the part of the design methodology enclosed in
the dashed area of Figure 3.6. The developed methods, as well as the overall design
methodology, are evaluated through extensive application studies.
In particular, theoretical and methodological contributions are made in the areas
of model-based residual generation and statistical residual evaluation in form of three
papers enclosed as Paper A, Paper B, and Paper C. Technological contributions, by means
of state-of-practice illustrations and proof-of-concept demonstrations, to the field of
model-based FDI are made in the form of application studies in two papers enclosed as
Paper D and Paper E. In addition, the application studies performed in these two papers
together serve as evaluations of the methods developed in Papers A, B, and C.
In the context of the design challenges discussed in Section 3.3, model complexity
and fault decoupling are considered in Papers A and B, and uncertainties in Paper C.

4.1 Summaries
Brief summaries of the main contributions of Papers A - E are given below.

Paper A - Residual Generation

The main contribution of Paper A is a sequential residual generation method that enables
simultaneous use of integral and derivative causality, i.e., mixed causality. In addition,
the method is able to handle equation sets corresponding to algebraic and differential
loops in a systematic manner, and is in this sense applicable to complex, large-scale, and
coupled models of automotive systems. The method relies on a formal framework for
computing unknown variables according to a computation sequence. In this framework,

25
26 Chapter 4. Summary of Main Contributions

mixed causality is utilized and the analytical properties of the equations in the model, as
well as the available tools for algebraic equation solving, are taken into account.
In the context of the two-step approach for design of residual generators, see Figure 3.7,
additional contributions are made. Firstly, it is proven that the set of residual generators
that can be realized, i.e., created, with the method by necessity is a subset of the set of
candidate residual generators based on all Minimal Structurally Over-determined (MSO)
sets of equations (Krysander et al., 2008; Gelso et al., 2008; Pulido and Alonso-González,
2004; Travé-Massuyès et al., 2006) in the given model. Secondly, it is empirically shown
that the combination of the ability to handle mixed causality and loops substantially
increase the amount of realizable candidate residual generators. This is done by means of
application of the method to models of two different automotive systems, a diesel engine
and a hydraulic braking system.
Paper A relies partly on work presented in Svärd and Nyberg (2008a); Svärd and
Nyberg (2008).

Paper B - Selection of Residual Generators

Paper B elaborates further on the two-step approach of Figure 3.7 and in particular the
second step. Two different requirements on the sought set of residual generators are
considered. Firstly, it is required that the set of residual generators fulfills an isolability
requirement, stating which fault that should be isolated from each other. Secondly,
motivated by implementation aspects, it is required that the set of residual generators is
of minimal cardinality.
Two algorithms for solving the residual generator selection problem are presented in
Paper B. Both algorithms exploit a formulation of the selection problem which enables an
efficient reduction of the search-space by taking the realizability properties of candidate
residual generators, with respect to the considered method for residual generation, into
account. The first algorithm provides an exact solution fulfilling both requirements
and is suitable for small problems. The second algorithm, which constitutes the main
contribution, is suitable for large problems and provides an approximate solution by
means of a greedy heuristic by relaxing the minimal cardinality requirement.
Soundness and completeness for both algorithms are shown. In this context, this
means that the algorithms provide a set of realizable residual generators fulfilling the
stated isolability requirement if, and only if, the requirement can be met with the consid-
ered residual generation method. Both algorithms are general in the sense that they are
aimed at supporting any computerized residual generation method, not only the method
developed in Paper A. The algorithms are applied and evaluated on an automotive diesel
engine system.
A preliminary version of Paper B was presented in Svärd et al. (2011a).

Paper C - Residual Evaluation

The main contribution of Paper C is an adaptive and data-driven statistical residual
evaluation method. The key property of the method is its ability to handle residuals
that are subject to time-varying uncertainties and disturbances, caused for instance by
4.2. Publications 27

model errors and noise. The test quantity used in the method is based on an explicit
comparison of the probability distribution of the residual, estimated online using current
data, with a no-fault residual distribution. The no-fault distribution is based on a set
of a-priori known no-fault residual distributions, and is continuously adapted to the
current situation.
The comparison is done in the framework of statistical hypothesis testing, by means
of the Generalized Likelihood Ratio (GLR). To be suitable for on-line implementation in
an on-board environment, a computational efficient version of the test quantity is derived
by considering a properly chosen approximation to one of the likelihood maximization
problems in the GLR. As a second contribution, an algorithm is proposed for learning
the required set of no-fault residual distributions off-line from no-fault training data.
This algorithm is based on a formulation of the learning problem as a K-means clustering
problem. The residual evaluation method is demonstrated and extensively evaluated by
application to a residual designed for fault detection in an automotive diesel engine.
A preliminary version of Paper C was presented in Svärd et al. (2011c).

Papers D and E - Application Studies

In Paper D, the methods for residual generation, residual generator selection, and residual
evaluation, from Papers A, B, and C, respectively, are combined into an automated design
methodology and applied for design of an FDI-system for an automotive diesel engine.
In Paper E, the methods for residual generation and residual generator selection are
combined with a preliminary version of the residual evaluation method, and applied for
design of an FDI-system for the Wind Turbine Benchmark (Fogh Odgaard et al., 2009).
Papers D and E contain minor theoretical contributions. Technological contributions
are however made in the sense that both works illustrate how a set of generic methods
may be combined into a complete methodology in order to solve a realistic industrial
FDI problem. In this sense, these works serve as an illustration of the state-of-practice in
model-based fault detection and isolation. Moreover, the papers evaluate and verify the
applicability of an automated design methodology in general, and the methods developed
in Papers A, B, and C, in particular.
A preliminary version of Paper E was presented in Svärd and Nyberg (2011).

4.2 Publications
The research work leading to this thesis is presented in the following publications.

Journal Papers
• C. Svärd and M. Nyberg. Residual generators for fault diagnosis using computation
sequences with mixed causality applied to automotive systems. IEEE Transactions
on Systems, Man and Cybernetics, Part A: Systems and Humans, 40(6):1310–1328,
2010 (Paper A)
28 Chapter 4. Summary of Main Contributions

• C. Svärd and M. Nyberg. Automated design of an FDI-system for the wind turbine
benchmark. Journal of Control Science and Engineering, vol. 2012, 2012. Article ID
989873, 13 pages (Paper E)

Submitted
• C. Svärd, M. Nyberg, and E. Frisk. Realizability constrained selection of residual
generators for fault diagnosis with an automotive engine application. Submitted to
IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans,
2011b (Paper B)
• C. Svärd, M. Nyberg, E. Frisk, and M. Krysander. Data-driven and adaptive
statistical residual evaluation for fault detection with an automotive application.
Submitted to Mechanical Systems and Signal Processing, 2012b (Paper C)
• C. Svärd, M. Nyberg, E. Frisk, and M. Krysander. Automotive engine FDI by
application of an automated model-based and data-driven design methodology.
Submitted to Control Engineering Practice, 2012a (Paper D)

Conference Papers
• C. Svärd, M. Nyberg, and E. Frisk. A greedy approach for selection of residual
generators. In Proceedings of the 22nd International Workshop on Principles of
Diagnosis (DX-11), Murnau, Germany, 2011a
• C. Svärd, M. Nyberg, E. Frisk, and M. Krysander. Residual evaluation for fault
diagnosis by data-driven analysis of non-stationary probability distributions. In
Proceedings of the 50th IEEE Conference on Decision and Control and European
Control Conference (CDC-ECC 2011), 2011c
• C. Svärd and M. Nyberg. Automated design of an FDI-system for the wind turbine
benchmark. In Proceedings of 18th IFAC World Congress, Milano, Italy, 2011
• M. Nyberg and C. Svärd. A service based approach to decentralized diagnosis and
fault tolerant control. In Proceedings of 1st Conference on Control and Fault-Tolerant
Systems (SysTol’10), Nice, France, 2010b
• M. Nyberg and C. Svärd. A decentralized service based architecture for design
and modeling of fault tolerant control systems. In Proceedings of 21st International
Workshop on Principles of Diagnosis (DX-10), Portland, Oregon, USA, 2010a
• C. Svärd and M. Nyberg. A mixed causality approach to residual generation
utilizing equation system solvers and differential-algebraic equation theory. In
Proceedings of 19th International Workshop on Principles of Diagnosis (DX-08), Blue
Mountains, Australia, 2008a
• C. Svärd and M. Nyberg. Observer-based residual generation for linear differential-
algebraic equation systems. In Proceedings of 17th IFAC World Congress, Seoul,
Korea, 2008b
References 29

References
M. Abid, W. Chen, S. X. Ding, and A. Q. Khan. Optimal residual evaluation for nonlinear
systems using post-filter and threshold. International Journal of Control, 84(3):526 – 39,
2011.

I. M. Al-Salami, S. X. Ding, and P. Zhang. Statistical based residual evaluation for fault
detection in networked control systems. In Proceedings of Workshop on Advances Control
and Diagnosis, Nancy, France, November 2006. Nancy Université Henri Poincaré de
Nancy.

I. M. Al-Salami, K. Chabir, D. Sauter, and C. Aubrun. Adaptive thresholding for

fault detection in networked control systems. In Proceedings of the IEEE International
Conference on Control Applications, pages 446 – 451, Yokohama, Japan, 2010.

M. Basseville and I. V. Nikiforov. Detection of Abrupt Changes - Theory and Application.

Prentice-Hall, 1993.

M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki. Diagnosis and Fault-Tolerant

Control. Springer, second edition, 2006.

M. R. Blas and M. Blanke. Stereo vision with texture learning for fault-tolerant automatic
baling. Computers and Electronics in Agriculture, 75(1):159 – 68, 2011.

California EPA. Sections 1971.1, 1968.2, and 1971.5 of title 13, cal-
ifornia code of regulations: HD OBD and OBD II regulations.
http://www.arb.ca.gov/msprog/obdprog/hdobdreg.htm, 2010. California Envi-
ronmental Protection Agency, Air Resources Board.

J. P. Cassar and M. Staroswiecki. A structural approach for the design of failure detection
and identification systems. In Proceedings of IFAC Control Ind. Syst., pages 841–846,
Belfort, France, 1997.

J. Chen and R. J. Patton. Robust Model-Based Fault Diagnosis for Dynamic Systems.
Kluwer Academic Publishers, 1999.

E. Y. Chow and A. S. Willsky. Analytical redundancy and the design of robust failure
detection systems. IEEE Transactions on Automatic Control, 29(7):603–613, July 1984.

R. N. Clark. State estimation schemes for instrument fault detection. In R. J. Patton,

P. M. Frank, and R. N. Clark, editors, Fault Diagnosis in Dynamic Systems: Theory and
Application, chapter 2, pages 21–45. Prentice Hall, 1989.

V. Cocquempot, R. Izadi-Zamanabadi, M. Staroswiecki, and M. Blanke. Residual

generation for the ship benchmark using structural approach. In Proceedings of the
UKACC International Conference on Control ’98, pages 1480–1485, September 1998.

J. de Kleer and B. C Williams. Diagnosing multiple faults. Artificial Intelligence, 32(1):

97–130, 1987.
30 Chapter 4. Summary of Main Contributions

C. De Persis and A. Isidori. A geometric approach to nonlinear fault detection and

isolation. IEEE Transactions on Automatic Control, 46:853–865, 2001.

S. X. Ding, P. Zhang, and E. L. Ding. Fault detection system design for a class of stochas-
tically uncertain systems. In Hong-Yue Zhang, editor, Fault Detection, Supervision and
Safety of Technical Processes 2006, pages 705 – 710. Elsevier Science Ltd, 2007.

D. Dustegor, V. Cocquempot, and M. Staroswiecki. Structural analysis for residual

generation: Towards implementation. In Proceedings of the 2004 IEEE Inter. Conf. on
Control App., pages 1217–1222, 2004.

D. Dustegor, E. Frisk, V. Cocquempot, M. Krysander, and M. Staroswiecki. Structural

analysis of fault isolability in the damadics benchmark. Control Engineering Practice, 14
(6):597 – 608, 2006.

A. Emami-Naeini, M. M. Akhter, and S. M. Rock. Effect of model uncertainty on failure

detection: the threshold selector. IEEE Transactions on Automatic Control, 33(12):1106
–1115, 1988.

European Parliament. Regulation No 595/2009 of the european parliament and of the

council of 18 june 2009 on type-approval of motor vehicles and engines with respect
to emissions from heavy duty vehicles (Euro VI) and on access to vehicle repair and
maintenance information and amending Regulation (EC) No 715/2007 and Directive
2007/46/EC and repealing Directives 80/1269/EEC, 2005/55/EC and 2005/78/EC, 2009.
European Parliament and the Council of the European Union.

P. Fogh Odgaard, J. Stoustrup, and M. Kinnaert. Fault tolerant control of wind turbines
- a benchmark model. In Proceedings of the 7th IFAC Symposium on Fault Detection,
Supervision and Safety of Technical Processes, pages 155–160, Barcelona, Spain, 2009.

P. M. Frank. Enhancement of robustness in observer-based fault-detection. International

Journal of Control, 59(4):955–981, 1994.

P. M. Frank. Residual evaluation for fault diagnosis based on adaptive fuzzy thresholds.
In Qualitative and Quantitative Modelling Methods for Fault Diagnosis, IEE Colloquium
on, pages 4/1 –411, April 1995. doi:10.1049/ic:19950512.

P. M. Frank and X. Ding. Frequency domain approach to optimally robust residual

generation and evalutaion for model-based fault diagnosis. Automatica, 30(4):789–804,
1994.

P. M. Frank and X. Ding. Survey of robust residual generation and evaluation methods
in observer-based fault detection systems. Journal of Process Control, 7(6):403 – 424,
1997.

Z. Gao and S. X. Ding. Actuator fault robust estimation and fault-tolerant control for a
class of nonlinear descriptor systems. Automatica, 43(5):912 – 920, 2007.
References 31

E. R. Gelso, S. M. Castillo, and J. Armengol. An algorithm based on structural analysis

for model-based fault diagnosis. Artificial Intelligence Research and Development, 184:
138–147, 2008.
J. Gertler. Analytical redundancy methods in fault detection and isolation; survey and
analysis. In IFAC Fault Detection, Supervision and Safety for Technical Processes, pages
9–21, Baden-Baden, Germany, 1991.
J. J. Gertler. Fault Detection and Diagnosis in Engineering Systems. Marcel Dekker, 1998.
R. Greiner, B. A. Smith, and R. W. Wilkerson. A correction to the algorithm in reiter’s
theory of diagnosis. Artificial Intelligence, 41:79–88, 1989.
F. Gustafsson. Adaptive Filtering and Change Detection. Wiley, 2000.
D. E. Haasl, N. H. Roberts, W. E. Vesely, and F. F. Goldberg. Fault Tree Handbook. U.S.
Nuclear Regulatory Commission, 1981.
H. Hammouri, P. Kabore, and M. Kinnaert. A geometric approach to fault detection
and isolation for bilinear systems. IEEE Transactions on Automatic Control, 46(9):
1451–1455, September 2001.
W. Hamscher, L. Console, and J. de Kleer, editors. Readings in Model-Based Diagnosis.
Morgan Kaufmann Publishers, 1992.
D. Heckerman, J. S. Breese, and K. Rommelse. Decision-theoretic troubleshooting.
Communications of the ACM, 38(3):49–57, 1995.
E. Höckerdal, E. Frisk, and L. Eriksson. EKF-based adaptation of look-up tables with
an air mass-flow sensor application. Control Engineering Practice, 19(5):442–453, 2011a.
E. Höckerdal, E. Frisk, and L. Eriksson. Bias reduction in DAE estimators by model
augmentation: Observability analysis and experimental evaluation. In 50th IEEE
Conference on Decision and Control, Orlando, Florida, USA, 2011b.
M. Hou. Fault detection and isolation for descriptor systems, chapter 5. Issues of Fault
Diagnosis for Dynamic Systems. Springer-Verlag, 2000.
A. Ingimundarson, A. G. Stefanopoulou, and D. A. McKay. Model-based detection of
hydrogen leaks in a fuel cell stack. IEEE Transactions on Control Systems Technology, 16
(5):1004 –1012, 2008.
R. Izadi-Zamanabadi. Structural analysis approach to fault fiagnosis with application
to fixed-wing aircraft motion. In Proceedings of the 2002 American Control Conference,
volume 5, pages 3949–3954, 2002.
F. V. Jensen and T. D. Nielsen. Bayesian Networks and Decision Graphs. Springer, 2007.
P. Kaboré, S. Othman, T. F. McKenna, and H. Hammouri. Observer-based fault diagnosis
for a class of non-linear systems - application to a free radical copolymerization reaction.
International Journal of Control, 73(9):787–803, 2000.
32 Chapter 4. Summary of Main Contributions

G. Katsillis and M. Chantler. Can dependency-based diagnosis cope with simultaneous

equations? In Proceedings of the 8th Inter. Workshop on Princ. of Diagnosis, DX’97, pages
51–59, Le Mont-Saint-Michel, France, 1997.

M. Krysander. Design and Analysis of Diagnosis Systems Using Structural Methods. PhD
thesis, Linköpings universitet, June 2006.

M. Krysander, J. Åslund, and M. Nyberg. An efficient algorithm for finding minimal

over-constrained sub-systems for model-based diagnosis. IEEE Transactions on Systems,
Man, and Cybernetics – Part A: Systems and Humans, 38(1):197–206, 2008.

H. Langseth and F. V. Jensen. Decision theoretic troubleshooting of coherent systems.

Reliability Engineering and System Safety, 80(1):19–62, 2002.

J. C. Laprie. Dependability: Basic Concepts and Terminology. Springer-Verlag, 1992.

P. Li and V. Kadirkamanathan. Particle filtering based likelihood ratio approach to fault

diagnosis in nonlinear stochastic systems. IEEE Transactions on Systems, Man, and
Cybernetics, Part C, 31(3):337–343, 2001.

W. Li, Z. Zhu, and S. X. Ding. Fault detection design of networked control systems. IET
Control Theory and Applications, 5(12):1439 – 49, 2011.

R. Martínez-Guerra, R. Garrido, and A. Osorio-Miron. The fault detection problem in

nonlinear systems using residual generators. IMA Journal of Mathematical Control and
Information, 22(2):119–136, 2005.

M. A. Massoumnia, G. C. Verghese, and A.S. Willsky. Failure detection and isolation.

IEEE Transactions on Automatic Control, 34(3):316–321, March 1989.

M. Nyberg. Automatic design of diagnosis systems with application to an automotive

engine. Control Engineering Practice, 87(8):993–1005, August 1999.

M. Nyberg. Model-based diagnosis of an automotive engine using several types of fault

models. IEEE Transaction on Control Systems Technology, 10(5):679–689, 2002.

M. Nyberg and E. Frisk. Residual generation for fault diagnosis of systems described
by linear differential-algebraic equations. IEEE Transactions on Automatic Control, 51
(12):1995–2000, 2006.

M. Nyberg and M. Krysander. Statistical properties and design criterions for AI-based
fault isolation. In Proceedings of the 17th IFAC World Congress, pages 7356–7362, Seoul,
Korea, 2008.

M. Nyberg and C. Svärd. A decentralized service based architecture for design and
modeling of fault tolerant control systems. In Proceedings of 21st International Workshop
on Principles of Diagnosis (DX-10), Portland, Oregon, USA, 2010a.
References 33

M. Nyberg and C. Svärd. A service based approach to decentralized diagnosis and fault
tolerant control. In Proceedings of 1st Conference on Control and Fault-Tolerant Systems
(SysTol’10), Nice, France, 2010b.

R. J. Patton and M. Hou. Design of fault detection and isolation observers: A matrix
pencil approach. Automatica, 34(9):1135–1140, 1998.

Y. Peng, A. Youssouf, P. Arte, and M. Kinnaert. A complete procedure for residual

generation and evaluation with application to a heat exchanger. IEEE Transactions on
Control Systems Technology, 5(6):542 – 555, 1997.

M. Pernestål, A. Nyberg and H. Warnquist. Modeling and troubleshooting with inter-

ventions applied to an auxiliary truck braking system. IFAC Engineering Applications of
Artificial Intelligence, 25:705–719, 2012.

S. Ploix, M. Desinde, and S. Touaf. Automatic design of detection tests in complex

dynamic systems. In Proceedings of 16th IFAC World Congress, Prague, Czech Republic,
2005.

B. Pulido and C. Alonso-González. Possible conflicts: a compilation technique for

consistency-based diagnosis. IEEE Transactions on Systems, Man, and Cybernetics. Part
B: Cybernetics, Special Issue on Diagnosis of Complex Systems, 34(5):2192–2206, 2004.

R. Reiter. A theory of diagnosis from first principles. Artificial Intelligence, 32:57–95,

1987.

M. Schwall and C. Gerdes. A probabilistic approach to residual processing for vehicle

fault detection. In In Proceedings of the 2002 ACC, pages 2552–2557, 2002.

D. N. Shields. Observer design and detection for nonlinear descriptor systems. Interna-
tional Journal of Control, 67(2):153–168, 1997.

H. Sneider and P. M. Frank. Observer-based supervision and fault detection in robots

using nonlinear and fuzzy logic residual evaluation. IEEE Transactions on Control
Systems Technology, 4(3):274 –282, 1996.

D. H. Stamatis. Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQ
Quality Press, 1995.

M. Staroswiecki. Fault Diagnosis and Fault Tolerant Control, chapter Structural Analysis
for Fault Detection and Isolation and for Fault Tolerant Control. Encyclopedia of Life
Support Systems, Eolss Publishers, Oxford, UK, 2002.

M. Staroswiecki and P. Declerck. Analytical redundancy in non-linear interconnected

systems by means of structural analysis. In Proceedings of IFAC AIPAC’89, pages 51–55,
Nancy, France, 1989.

N. Storey. Safety-Critical Computer Systems. Addison Wesley Longman, 1996.

34 Chapter 4. Summary of Main Contributions

C. Svärd and M. Nyberg. A mixed causality approach to residual generation utilizing

equation system solvers and differential-algebraic equation theory. In Proceedings of 19th
International Workshop on Principles of Diagnosis (DX-08), Blue Mountains, Australia,
2008a.
C. Svärd and M. Nyberg. Observer-based residual generation for linear differential-
algebraic equation systems. In Proceedings of 17th IFAC World Congress, Seoul, Korea,
2008b.
C. Svärd and M. Nyberg. A mixed causality approach to residual generation utilizing
equation system solvers and differential-algebraic equation theory. Technical Report
LiTH-ISY-R-2854, Department of Electrical Engineering, Linköpings Universitet, Swe-
den, 2008.
C. Svärd and M. Nyberg. Residual generators for fault diagnosis using computation
sequences with mixed causality applied to automotive systems. IEEE Transactions on
Systems, Man and Cybernetics, Part A: Systems and Humans, 40(6):1310–1328, 2010.
C. Svärd and M. Nyberg. Automated design of an FDI-system for the wind turbine
benchmark. In Proceedings of 18th IFAC World Congress, Milano, Italy, 2011.
C. Svärd and M. Nyberg. Automated design of an FDI-system for the wind turbine
benchmark. Journal of Control Science and Engineering, vol. 2012, 2012. Article ID
989873, 13 pages.
C. Svärd, M. Nyberg, and E. Frisk. A greedy approach for selection of residual generators.
In Proceedings of the 22nd International Workshop on Principles of Diagnosis (DX-11),
Murnau, Germany, 2011a.
C. Svärd, M. Nyberg, and E. Frisk. Realizability constrained selection of residual
generators for fault diagnosis with an automotive engine application. Submitted to
IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans, 2011b.
C. Svärd, M. Nyberg, E. Frisk, and M. Krysander. Residual evaluation for fault diagnosis
by data-driven analysis of non-stationary probability distributions. In Proceedings of
the 50th IEEE Conference on Decision and Control and European Control Conference
(CDC-ECC 2011), 2011c.
C. Svärd, M. Nyberg, E. Frisk, and M. Krysander. Automotive engine FDI by application
of an automated model-based and data-driven design methodology. Submitted to
Control Engineering Practice, 2012a.
C. Svärd, M. Nyberg, E. Frisk, and M. Krysander. Data-driven and adaptive statistical
residual evaluation for fault detection with an automotive application. Submitted to
Mechanical Systems and Signal Processing, 2012b.
L. Travé-Massuyès, T. Escobet, and X. Olive. Diagnosability analysis based on
component-supported analytical redundancy. IEEE Transactions on Systems, Man,
and Cybernetics – Part A: Systems and Humans, 36(6):1146–1160, November 2006.
References 35

United Nations. Regulation no. 49: Uniform provisions concerning the measures to
be taken against the emission of gaseous and particulate pollutants from compres-
sionignition engines for use in vehicles, and the emission of gaseous pollutants from
positive-ignition engines fuelled with natural gas or liquefied petroleum gas for use in
vehicles, 2008. ECE-R49.
United States EPA. 40 CFR Part 86, 89, et al: Control of air pollu-
tion from new motor vehicles and new motor vehicle engines; final rule.
http://www.epa.gov/obd/regtech/heavy.htm, 2009. United States Environmental Pro-
tection Agency.
A. Varga. On computing least order fault detectors using rational nullspace bases. In
Proc. Safeprocess 2003, pages 229–234, Washington DC, 2003.

A. T. Vemuri, M. M. Polycarpou, and A. R. Ciric. Fault diagnosis of differential-algebraic

systems. IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and
Humans, 31(2):143–152, March 2001.
H. Warnquist. Computer-assisted troubleshooting for efficient off-board diagnosis.
Technical report, Linköping University, Department of Computer and Information
Science, 2011. LiU-TEK-LIC-2011:29, Linköping Studies in Science and Technology.
Thesis No. 1490.
X. Wei, H. Liu, and Y. Qin. Fault diagnosis of rail vehicle suspension systems by using
glrt. In Control and Decision Conference (CCDC), 2011 Chinese, pages 1932 –1936, may
2011.

A. Willsky and H. Jones. A generalized likelihood ratio approach to the detection and
estimation of jumps in linear systems. IEEE Transactions on Automatic Control, 21(1):
108 – 112, feb 1976.
H. Yang, B. Jiang, and V. Cocquempot. Fault tolerant control design for hybrid systems.
Springer Verlag, 2010.

X. Zhang, M. M. Polycarpou, and T. Parisini. A robust detection and isolation scheme

for abrupt and incipient faults in nonlinear systems. IEEE Transactions on Automatic
Control, 47(4):576 –593, 2002.
M. Zhong, H. Ye, S. X. Ding, and G. Wang. Observer-based fast rate fault detection for
a class of multirate sampled-data systems. IEEE Transactions on Automatic Control, 52
(3):520 – 525, 2007.
Publications
 Paper A

Residual Generators for Fault Diagnosis using

Computation Sequences with Mixed Causality
Applied to Automotive Systems☆
A

☆ Published in IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems

and Humans, 40(6):1310-1328, 2010.

39
Residual Generators for Fault Diagnosis using
Computation Sequences with Mixed Causality
Applied to Automotive Systems
Carl Svärd and Mattias Nyberg

Vehicular Systems, Department of Electrical Engineering,

Linköping University, SE-581 83 Linköping, Sweden.

Abstract

An essential step in the design of a model-based diagnosis system is to find a set

of residual generators fulfilling stated fault detection and isolation requirements.
To be able to find a good set, it is desirable that the method used for residual
generation gives as many candidate residual generators as possible, given a
model. This paper presents a novel residual generation method that enables
simultaneous use of integral and derivative causality, i.e., mixed causality, and
also handles equation sets corresponding to algebraic and differential loops in a
systematic manner. The method relies on a formal framework for computing
unknown variables according to a computation sequence. In this framework,
mixed causality is utilized and the analytical properties of the equations in the
model, as well as the available tools for algebraic equation solving, are taken
into account. The proposed method is applied to two models of automotive
systems, a Scania diesel engine and a hydraulic braking system. Significantly
more residual generators are found with the proposed method in comparison
with methods using solely integral or derivative causality.

41
42 Paper A. Residual Generators for Fault Diagnosis using . . .

1 Introduction

Fault diagnosis of technical systems has become increasingly important with the rising
demand for reliability and safety, driven by environmental and economical incentives.
One example is automotive engines that are by regulations required to have high precision
on-board diagnosis of failures that are harmful to the environment (United Nations,
2008).

To obtain good detection and isolation of faults, model-based fault diagnosis is neces-
sary. In the Fault Detection and Isolation (FDI) approach to model-based fault diagnosis,
residuals are used to detect and isolate faults present in the system, see, e.g., Blanke et al.
(2006). Residuals are signals that are ideally zero in the non-faulty case and non-zero
else, and are typically generated by utilizing a mathematical model of the system and
measurements.

In this paper, we have the view that design of diagnosis systems is a two-step approach,
as elaborated in Nyberg and Krysander (2008); Nyberg (1999). In the first step, a large
number of candidate residual generators are found, and in the second step the residual
generators most suitable to be included in the final diagnosis system are picked out.
Since different residual generators have different properties regarding fault and noise
sensitivities, it is for the second step important that there is a large selection of different
residual generator candidates to choose between. Thus, the initial set of candidate residual
generators should be as large as possible.

A residual generator design approach (Staroswiecki and Declerck, 1989) which has
shown to be successful in real applications (Dustegor et al., 2004; Izadi-Zamanabadi, 2002;
Cocquempot et al., 1998; Svärd and Wassén, 2006; Hansen and Molin, 2006) is to compute
unknown variables in the model by solving equation sets one at a time in a sequence, i.e.,
according to a computation sequence, and then evaluate a redundant equation to obtain a
residual. To determine from which equations and in which order the unknown variables
should be computed, structural analysis is utilized. In addition to (Staroswiecki and
Declerck, 1989), similar approaches have been described and exploited in, e.g., Cassar
and Staroswiecki (1997); Staroswiecki (2002); Blanke et al. (2006); Pulido and Alonso-
González (2004); Ploix et al. (2005); Travé-Massuyès et al. (2006).

In the works mentioned above, the approach is to apply either integral or derivative
causality (Blanke et al., 2006) for differential equations. However, as will be illustrated
in this paper through application studies, it is advantageous to allow simultaneous
use of integral and derivative causality, i.e., mixed causality. Furthermore, real-world
applications involve complex models that give rise to algebraic and differential loops
or cycles (Blanke et al., 2006; Katsillis and Chantler, 1997), corresponding to sets of
equations that have to be treated simultaneously. Thus, it is desirable that a method for
residual generation is able to handle mixed causality and equation sets corresponding to
algebraic and differential loops. The intention with the following simple example is to
1. Introduction 43

illustrate these issues. Consider the set of differential-algebraic equations

e1 ∶ ẋ 1 − x 2 = 0
e2 ∶ ẋ 3 − x 4 = 0
e3 ∶ ẋ 4 x 1 + 2x 2 x 4 − y 1 = 0 (1)
e4 ∶ x3 − y3 = 0
e5 ∶ x 2 − y 2 = 0,

which is a subsystem of a model describing the planar motion of a point-mass satel-

lite (Brockett, 1970; De Persis and Isidori, 2001), and where x 1 , x 2 , x 3 ,x 4 are unknown
variables and y 1 , y 2 , y 3 known variables. Assume that we want to use equation e 5 as
residual. This implies that the unknown variables x 1 , x 2 , x 3 , x 4 must be computed from
the equations e 1 , e 2 , e 3 , e 4 . A structure, i.e., which unknown variables are contained in
which equations, of the equation set {e 1 , e 2 , e 3 , e 4 } with respect to {x 1 , x 2 , x 3 , x 4 }, in
permuted form, is depicted below.

x3 x4 x2 x1
e4 1
e2 1 1 (2)
e3 1 1 1
e1 1 1

This structure reveals the order and from which equations, marked with bold, the un-
known variables should be computed. It is clear that computation of the variables will
involve handling of the differential loop arising in the equation set {e 1 , e 3 }, since to
compute x 2 the value of x 1 is needed and vice versa. Furthermore, computation of the
variables according to (2) will require use of mixed causality: derivative causality when
solving for x 4 in e 2 , and integral causality when solving for x 1 in e 1 .
The main contribution of this paper is a novel method for residual generation that
enables simultaneous use of integral and derivative causality, and is able to handle equa-
tion sets corresponding to algebraic and differential loops in a systematic manner. In this
sense, the proposed method also generalizes previous methods for residual generation,
e.g., Staroswiecki and Declerck (1989); Dustegor et al. (2004); Izadi-Zamanabadi (2002);
Cocquempot et al. (1998); Cassar and Staroswiecki (1997); Staroswiecki (2002); Blanke
et al. (2006); Pulido and Alonso-González (2004); Ploix et al. (2005); Travé-Massuyès
et al. (2006). To achieve this, a formal framework for sequential computation of variables
is presented. In this framework, tools for equation solving and approximate differenti-
ation, as well as analytical and structural properties of the equations in the model, are
essential.
In Section 2 some preliminaries, basic theories and references regarding structural
analysis and differential-algebraic equation systems are given. Section 3 presents the
framework for sequential computation of variables, in which the concepts Block-Lower
Triangular semi-explicit Differential-Algebraic Equation form (BLT semi-explicit DAE
form), tools, and computation sequence are important. Tools, or more precisely algebraic
equation solving tools, are crucial for the ability to handle loops. In Section 4, it is shown
44 Paper A. Residual Generators for Fault Diagnosis using . . .

how a computation sequence is utilized for residual generation. The resulting residual
generator is referred to as a sequential residual generator. Motivated by implementation
aspects, the concept of a proper sequential residual generator is introduced as a sequential
residual generator in which no unnecessary variables are computed and in which com-
putations are performed from as small equation sets as possible. A necessary condition
for the existence of a proper sequential residual generator is derived, connecting proper
sequential residual generators with Minimal Structurally Over-determined (MSO) equa-
tion sets (Krysander et al., 2008). An algorithm able to find proper sequential residual
generators, given a model and a set of tools, is outlined. A key step in the algorithm is to
find minimal and irreducible computation sequences, which is considered in Section 5.
In Section 6, the proposed method for residual generation is applied to models of an
automotive diesel engine and an auxiliary hydraulic braking system. The application
studies clearly show the benefits of using a mixed causality approach and handling al-
gebraic and differential loops. Finally, Section 7 concludes the paper. For readability,
proofs to all lemmas and theorems are collected in Appendix A.

2 Preliminaries and Background Theory

Consider a model, M(E, X, Y), or M for short, consisting of a set of equations E =
{e 1 , e 2 , . . . , e m } relating a set of unknown variables X = {x 1 , x 2 , . . . , x n }, and a set of
known, i.e., measured, variables Y = {y 1 , y 2 , . . . , y r }. Introduce a third variable set
D = {ẋ 1 , ẋ 2 , . . . , ẋ n }, containing the (time) derivatives of the variables in X. Without loss
of generality, it is assumed that the equations in E are in the form
ei ∶ f i (ẋ, x, y) = 0, i = 1, 2, . . . , m (3)
where ẋ = (ẋ 1 , ẋ 2 , . . . , ẋ n ) is a vector of the variables in D, x = (x 1 , x 2 , . . . , x n ) a vector of
the variables in X, and y = (y 1 , y 2 , . . . , y r ) a vector of the variables in Y. Also without loss
of generality, it is assumed that each equation e i ∈ E contains, at most, one differentiated
variable ẋ j ∈ D and that ẋ j is contained only in one equation. This assumption can be
made without loss of generality, since an equation containing more than one differentiated
variable always can be written as an equation with only one differentiated variable
by introducing new algebraic variables and add trivial differential equations. For an
example, consider the equation ẋ 1 + ẋ 2 + x 1 = 0 containing two differentiated variables.
By introducing the algebraic variable x 3 and substitute ẋ 2 with x 3 , and then add the
equation x 3 = ẋ 2 , the equation can be written as ẋ 1 + x 3 + x 1 = 0. This equation now
contains only one differentiated variable.
Define the set of trajectories of the variables in Y that are consistent with the model
M(E, X, Y) as
O (M) = {y ∶ ∃x; f i (ẋ, x, y) = 0, i = 1, 2, . . . , m} . (4)
The set O (M) is the observation set of the model M. We formally define a residual
generator as follows.
Definition 1 (Residual Generator). A system with input y and output r is a residual
generator for the model M(E, X, Y) and r is a residual if y ∈ O (M) ⇒ lim t→∞ r → 0
2. Preliminaries and Background Theory 45

2.1 Integral and Derivative Causality

In the context of the methods for residual generation mentioned in Section 1, there are
two approaches for handling differential equations, referred to as integral and derivative
causality, see, e.g., Blanke et al. (2006). When adopting integral causality, the differenti-
ated variables, or states, of a differential equation can be computed. The use of integral
causality hence relies on the assumption that ordinary differential equations can be
solved, i.e., integrated, which in general requires that initial conditions of the states are
known. Integral causality is used in for example Pulido et al. (2008) and Pulido and
Alonso-González (2004).
If instead derivative causality is applied, a differential equation is interpreted as an
algebraic equation and only undifferentiated, i.e., algebraic, variables can be computed.
Usage of derivative causality thus relies on the assumption that values of the differentiated
variables in a differential equation are available. This requires in general that derivatives
of known, or previously computed, variables can be computed or estimated. Derivative
causality is used in Staroswiecki (2002), and also adopted in, e.g., Dustegor et al. (2004).
The difference between integral and derivative causality is discussed in Pulido et al. (2007)
and from a simulation point of view in Cellier and Elmqvist (1993). Causality also plays
a central role when using a bond-graph modeling framework, see, e.g., Narasimhan and
Biswas (2007).
The chosen causality approach naturally influences which variables that can be
computed from an equation set. For instance, consider the differential equation e 1 ∶
ẋ 1 − x 2 = 0 from (1), where both x 1 and x 2 are unknown variables. If integral causality is
used, x 1 can be computed from e 1 but if instead derivative causality is used, x 2 can be
computed from e 1 .

2.2 Structure of Equation Sets

To study which unknown variables are contained in a set of equations, a structural
representation of the equation set will be used. Let E′ ⊆ E and introduce the notations

∂ fi ∂ fi
varX (E′ ) = {x j ∈ X ∶ ∃e i ∈ E′ , ≡/ 0 ∨ ≡/ 0} ,
∂x j ∂ ẋ j
∂ fi
varD (E′ ) = {ẋ j ∈ D ∶ ∃e i ∈ E′ , ≡/ 0} .
∂ ẋ j

Consider the model (1) and let X = {x 1 , x 2 , x 3 , x 4 } and D = {ẋ 1 , ẋ 2 , ẋ 3 , ẋ 4 }. For instance,
it holds that

varX ({e 3 }) = {x 1 , x 2 , x 4 } . (5)

Let G = (E, X, A) be a bipartite graph where E and X are the (disjoint) sets of vertices,
and

A = {(e i , x j ) ∈ E × X ∶ x j ∈ varX ({e i })} ,

46 Paper A. Residual Generators for Fault Diagnosis using . . .

the set of arcs. We will call the bipartite graph G the structure of the equation set E with
respect to X. Note that with this representation, there is no structural difference between
the variable x j and the differentiated variable ẋ j . An equivalent representation of G is
the m × n biadjacency matrix B defined as

1 if (e i , x j ) ∈ A
Bi j = {
0 otherwise

Return to the model (1). The structure of the equation set {e 1 , e 2 , e 3 , e 3 } with respect to
{x 1 , x 2 , x 3 , x 4 } is given by the biadjacency matrix (2). The result in (5) corresponds to
the third row of (2).
We will also consider the structure of E with respect to D which refers to the bipartite
graph Ḡ = (E, D, Ā), where

Ā = {(e i , ẋ j ) ∈ E × D ∶ ẋ j ∈ varD ({e i })} .

2.3 Structural Decomposition

A matching on the bipartite graph G = (E, X, A) is a subset of A such that no two arcs
have common vertices. A matching with maximum cardinality is a maximum matching.
A matching is a complete matching with respect to E (or X), if the matching covers every
vertex in E (or X). By directing the arcs contained in a matching on the bipartite graph G
in one direction, and the remaining arcs in the opposite direction, a directed graph can
be obtained from G, see for example Asratian et al. (1998). A directed graph is said to
be strongly connected if for every pair of vertices x i and x j there is a directed path from
x i to x j . The maximal strongly-connected subgraphs of a directed graph are called its
strongly-connected components (SCC).
There exists a unique structural decomposition of the bipartite graph G = (E, X, A),
referred to as the Dulmage-Mendelsohn (DM) decomposition, see Dulmage and Mendel-
sohn (1958); Murota (1987). It decomposes G into irreducible bipartite subgraphs
G + = (E+ , X+ , A+ ), G i0 = (E0i , X0i , A0i ) , i = 1, 2, . . . , s, and G − = (E− , X− , A− ), called
DM-components, see Figure 1. The component G + is the over-determined part of G,
G 0 = ⋃si=1 G i0 the just-determined part, and G − the under-determined part. The DM-
components G i0 = (E0i , X0i , A0i ) correspond to the SCCs of the directed graph induced
by any complete matching on the bipartite graph G 0 , (Murota, 1987). The equation set
E0 = ⋃si=1 E0i is said to be a just-determined equation set with respect to the variables
X0 = ⋃si=1 X0i . For an application of the DM-decomposition see for example Krysander
and Frisk (2008).

Algebraic and Differential Loops

If the structure of an equation set, with respect to a set of unknown variables, contains
SCCs of larger size than one, the equation set contains loops or cycles, see, e.g., Blanke et al.
(2006); Katsillis and Chantler (1997); Pulido et al. (2007). If the equation set contains
cyclic dependencies including unknown differentiated variables, the loop is said to be
differential, else algebraic.
2. Preliminaries and Background Theory 47

X+ X0 X-

E+ 0 0

E 10
0
E0 0

E s0

E-

Figure 1: DM-decomposition of the bipartite graph G = (E, X, A). The DM-components

G i0 = (E0i , X0i , A0i ) correspond to the SCCs of the structure of E0 with respect to X0 .

In the example outlined in Section 1, the structure (2), which in fact is the result
of a DM-decomposition, revealed three SCCs which are bold-marked. The SCCs are
({e 4 } , {x 3 }),({e 2 } , {x 4 }), and ({e 1 , e 3 } , {x 1 , x 2 }) of size 1, 1, and 2 respectively. The
latter corresponds to a differential loop.

2.4 Differential-Algebraic Equation Systems

Due to its general form, it is assumed that the model (3) contains both differential
and algebraic equations, i.e., it is a Differential-Algebraic Equation (DAE) system, or
descriptor system (Kunkel and Mehrmann, 2006; Brenan et al., 1989; Ascher and Petzold,
1998). The most general form of a DAE is f (ẋ, x, y) = 0, where f is some vector-valued
function, cf. (3). DAEs appear in large classes of technical systems like mechanical-,
electrical-, and chemical systems. Further, DAEs are also the result when using physically
based object-oriented modeling tools, e.g., Modelica (Mattson et al., 1998).

Differential Index
A common approach when analyzing and solving general DAE-systems, is to seek a
reformulation of the original DAE into a simpler and well-structured description with
the same set of solutions (Kunkel and Mehrmann, 2006; Brenan et al., 1989). To classify
how difficult such a reformulation is, the concept of index has been introduced. There
are different index concepts depending on the kind of reformulation that is sought. In
this paper we will use the differential index, which is defined as the minimum number of
48 Paper A. Residual Generators for Fault Diagnosis using . . .

times that all or parts of the DAE must be differentiated with respect to time in order to
write the DAE as an explicit Ordinary Differential Equation (ODE), ẋ = g (x, y), see for
example Brenan et al. (1989).

Semi-Explicit DAEs
An important class of DAEs are semi-explicit DAEs

ż = g (z, w, y) (6a)
0 = h (z, w, y) , (6b)

where z and w are vectors of unknown variables, and y a vector of known variables. A
semi-explicit DAE is of index one if and only if (6b) can be (locally) solved for w so that
w = h̃ (z, y), see, e.g., Brenan et al. (1989). An explicit ODE can easily be obtained from
a semi-explicit DAE of index one by substituting w = h̃ (z, y) into (6a).

3 Sequential Computation of Variables

In this section a framework for sequential computation of variables is presented. The
framework is built upon the concepts BLT semi-explicit DAE form, tools, and computa-
tion sequence. The small model (1) introduced in Section 1, will be used as a running
example to illustrate and exemplify the theory.
Large sets of equations often have a sparse structure, i.e., only a few unknown variables
in each equation. This makes it possible to partition the set of equations into subsets that
can be solved, in a sequence, for only a subset of the unknowns. The main argument
for computing variables in this way is efficiency and in some cases this may be the only
feasible way to compute the unknowns. This approach has been used in the context of
equation solving, see Steward (1962); Kron (1963); Steward (1965), and is also utilized in
methods for non-causal simulation (Fritzon, 2004).

3.1 BLT Semi-Explicit DAE Form

One property that the partitioning must fulfill, is that computation of variables from a
certain subset of equations must only use variables that are known, that is, measured or
have been computed from another subset in a previous step of the sequence.
Furthermore, with the efficiency argument in mind, it is most desirable to partition
the set of equations into as small blocks, i.e., subsets, as possible. However, even if the
equation set has a sparse structure, there could be algebraic or differential loops, that
makes it impossible to consider subsets of solely one equation.
In addition, it is desirable that the equations are partitioned into blocks or subsets
from which variables can be computed in a straightforward manner. Since the consid-
ered set of equations (3) contains both differential and algebraic equations, subsets will
correspond to DAEs. Computation of variables from semi-explicit DAEs of index one,
referred to as simulation of the DAE, is a well studied problem and several methods
exist, see, e.g., Hairer and Wanner (2002); Ascher and Petzold (1998). Furthermore, as
3. Sequential Computation of Variables 49

said in Section 2.4, a semi-explicit DAE of index one can trivially be transformed to an
explicit ODE. Explicit ODEs are suitable for real-time simulation in embedded systems,
for example Engine Control Units (ECUs), because real-time simulation often require
use of an explicit integration method, e.g., forward Euler (Ascher and Petzold, 1998),
which assumes an explicit ODE. For a detailed discussion regarding real-time simulation,
see Cellier and Kofman (2006).
Motivated by these arguments, we consider a partitioning of the equation set so that a
block-lower triangular form is achieved, where each block corresponds to a semi-explicit
DAE of index one.

Definition 2 (BLT Semi-Explicit DAE Form). The system

ż1 = g1 (z1 , w1 , y)
ż2 = g2 (z1 , z2 , w1 , w2 , y) (7)
⋮
żs = gs (z1 , z2 , . . . , zs , w1 , w2 , . . . , ws , y)

where w i = (w1i , w 2i , . . . , w i i ) and

p

w1i = h1i (Ψi , y) (8)

w 2i = h2i (Ψi , w 1i , y) (9)
⋮ (10)
p −1
wi i hi i (Ψi , w 2i , . . . , w i i , y) ,
p p
= (11)

where

Ψi = (ẇ1 , ẇ2 , . . . , ẇ i−1 , z1 , z2 , . . . , z i , w1 , w2 , . . . , w i−1 ) ,

for i = 1, 2, . . . , s, and where z i and w i are vectors of unknown variables, all pairwise
disjoint, and y a vector of known variables, is in Block-Lower Triangular semi-explicit
Differential-Algebraic Equation form (BLT semi-explicit DAE form).

Note that it is not necessary that both z i and w i are present in (7) for every i =
1, 2, . . . , s. In particular, the system

w1 = h1 (y)
w2 = h2 (w1 , y)
⋮
ws = hs (w1 , w2 , . . . , ws−1 , y) ,

containing no differentiated variables at all, also is in BLT semi-explicit DAE form.

50 Paper A. Residual Generators for Fault Diagnosis using . . .

Some Properties of the BLT Semi-Explicit DAE Form

Consider the system

ż1 = g1 (z1 , w1 , y) (12a)

w11 = Bh 11 (z1 , y) (12b)
w12 = h21 (z1 , w11 , y) (12c)
ż2 = g2 (z1 , z2 , w1 , w2 , y) (12d)
w21 = h12 (ẇ1 , z1 , z2 , w1 , y) (12e)
w22 = h22 (ẇ1 , z1 , z2 , w1 , w21 , y) , (12f)

where w1 = (w11 , w12 ) and w2 = (w21 , w22 ), which is in BLT semi-explicit DAE form with
s = 2 and p 1 = p 2 = 2. By studying the system (12), we can deduce some properties of the
BLT semi-explicit DAE form;

Mixed Causality The form generalizes the use of integral and derivative causality, since
for example integral causality is used in (12a) and derivative causality in (12e).

Blocks are DAEs of Index One or Zero Each block, e.g. (12a)-(12c), corresponds to a
semi-explicit DAE of, at most, index one with respect to the unknown variables in each
block, i.e., z1 and w1 in the first block and z2 and w2 in the second block. Note that in
accordance with the note above, vectors z1 , z2 , w1 , and w2 must not all be present in (12).
If, for instance, w1 is missing and hence also (12b) and (12c), the first block is an explicit
ODE, i.e., a DAE of index zero. If both z1 and w1 are present, the first block corresponds
to a semi-explicit DAE of index one.

Transformation to ODE Due to the previous property, a system in BLT semi-explicit

DAE form can trivially be transformed to a variant of an explicit ODE. In (12), we may
substitute (12b) into (12c) and then substitute the result along with (12b) into (12a) so
that we obtain

ż1 = g1 (z1 , w1 , y)
= g1 (z1 , [h11 (z1 , y) , h21 (z1 , h11 (z1 , y))] , y)
= g̃1 (z1 , y) ,

and then repeat the procedure for the second block to obtain

ż1 = g̃1 (z1 , y)

ż2 = g̃2 (z1 , z2 , ẏ, y) .

As said above, ODEs may be preferable in real-time applications.

3. Sequential Computation of Variables 51

Blocks are SCCs Each block in the BLT semi-explicit DAE form is a SCC of the
structure of the corresponding equations with respect to the unknown variables in that
block. This can be seen by studying the structure1 of the equations in (12) with respect
to the variables {z1 , w11 , w12 , z2 , w21 , w22 }, which is shown in (13). In this structure, the
equation in (12a) has been named e 1 , the equation in (12b) has been named e 2 , and so
forth.
z1 w11 w12 z2 w21 w22
e1 1 1 1
e2 1 1
e3 1 1 1 (13)
e4 1 1 1 1 1 1
e5 1 1 1 1 1
e6 1 1 1 1 1 1

Efficiency Recall the discussion regarding efficiency in the beginning of Section 3.1.
As a consequence of the previous property, the original set of equations is partitioned in
as small blocks as possible, in the sense that there are no dependencies between blocks,
i.e., no loops occur.

Sequential Computation of Variables The block-lower triangular structure makes it

possible to compute variables sequentially by considering the blocks one at the time,
starting from the first block. Since the structure guarantees that a certain block only
contains unknown variables from the present and previous blocks.

3.2 Computational Tools

Whether a system in BLT semi-explicit DAE form can be obtained from a given set of
equations and whether trajectories of the unknown variables can be computed from
the resulting system, depends naturally on the properties of the equations in the model.
Equally important is also the set of tools that are available for use.
Consider the BLT semi-explicit DAE form (12). To obtain for example the function
h11 in (12b) from a subset of equations given in the model, some kind of tool for algebraic
equation solving is needed. To compute a trajectory of the variable z1 from (12a), a
differential equation must be solved and hence a tool for this is needed. Furthermore, to
obtain the derivative ẇ1 , present in (12e), from the trajectory of w1 computed in (12b)
and (12c), a tool for differentiation is needed.
Motivated by this discussion, we consider three types of tools; algebraic equation
solving tools, differential equation solving tools, and differentiation tools.

Algebraic Equation Solving Tools

A tool for algebraic equation solving is typically some software package for symbolic or
numeric solving of linear or non-linear algebraic equations. Algebraic equation solving
is here assumed that f (x) implies ≡
/ 0.
1 It ∂f
∂x
52 Paper A. Residual Generators for Fault Diagnosis using . . .

tools are essential for handling models containing algebraic loops. If, for example, the
available algebraic equation solving tool only can solve scalar equations, loops can not
be handled.
More precisely, an algebraic equation solving tool (AE tool) is a function taking a
set of variables V i ⊆ X ∪ D and a set of equations E i ⊆ E as arguments, and returning a
function g i , which can be a symbolic expression or numeric algorithm, taking variables
from {X ∪ D} ∖ V i and Y as arguments and returning a vector corresponding to the
elements in V i . Now assume that g i is the function returned by an AE tool when V i
and E i are used as arguments, and that the equation set Ē i corresponds to v i = g i (u i , y),
where v i is a vector of the elements in V i , u i a vector of the elements in U i ⊆ {X ∪ D}∖Vi ,
and y a vector of known variables. A natural assumption regarding an AE tool, whatever
algorithm or method it corresponds to, is that the AE tool should not introduce new
solutions. That is, a solution to Ē i should also be a solution to the original equation set
E i . Moreover, an AE tool should neither remove solutions, i.e., solutions to E i must also
be solutions to Ē i . Furthermore, motivated by the idea of using sequential computation
of variables for residual equation, we are interested in unique solutions. This discussion
justifies the following assumption.
Assumption 1. Given U i and y, the solution sets of Ē i , obtained from the AE tool, and E i ,
with respect to V i , are equal and unique.
AE tools giving unique solutions generally assume that the given set of equations
contains as many equations as unknown variables. One example is Newton iteration,
which is a common numerical method for solving non-linear equations, see, e.g., Ortega
and Rheinboldt (2000). In addition, under- and over-determined sets of equations
for which an unique analytical solution exists are rare. This motivates the following
assumption.
Assumption 2. An AE tool requires that its arguments V i and E i correspond to a just-
determined equation set.
In this work, we assume that tools for algebraic equation solving are available through
existing standard software packages like, e.g., Maple or Mathematica, and design and
implementation of such tools will not be considered. For solving algebraic loops, also
tearing (Steward, 1965; Kron, 1963) can be a successful approach. In the following, we
also assume that AE tools fulfill the properties stated in Assumptions 1 and 2.

Differential Equation Solving Tools

A differential equation solving tool is typically a method or software for numerical inte-
gration of an (explicit or implicit) ODE, i.e., a DAE of index zero. Numerical integration
is a well studied area and there are several efficient approaches and methods, see, e.g., Bre-
nan et al. (1989); Ascher and Petzold (1998). Implementations are available in for example
Matlab and Simulink.
Independent of which differential equation solving tool that is used, initial conditions
for the state variables are in general required. The availability of initial conditions depends
on the knowledge about the underlying system represented by the model. For complex
3. Sequential Computation of Variables 53

physical systems, object-oriented modeling tools, e.g., Modelica (Mattson et al., 1998),
are frequently used to build models. Often, this leads to models in which state variables
correspond to physical quantities such as pressures and temperatures and then initial
conditions may have clear physical interpretations. For example, in an engine model a
variable corresponding to the intake manifold pressure should be equal to the ambient
pressure when the engine starts.
If all equilibrium points of the considered ODE are (globally) asymptotically stable,
or by using, e.g., state-feedback (Khalil, 2002) can be made so, the effect of the initial
conditions is neglectable. However, the computed trajectory will in this case differ from
the true trajectory for some time due to transients.
Recall from Section 3.1 that each block in a BLT semi-explicit DAE system can be
transformed to an explicit ODE. In the following, we assume that differential equation
solving tools are always available and that an explicit ODE can be solved, i.e., that
trajectories of the state variables in the ODE can be computed, if the initial conditions of
the state variables are known and consistent. Of course, this assumption is not always
valid and numerical solving of ODEs involves difficulties and problems such as stability
and stiffness, but this is not in the scope of this paper.

Differentiation Tools
A differentiation tool is for example an implementation of a method for approximate
differentiating of known variables. There are several approaches, e.g., low-pass filtering
or smoothing spline approximation (Wei and Li, 2006). An extensive survey of methods
can be found in Barford et al. (1999). Methods for approximate differentiation is not in
the scope of this paper, and will not be further considered.
In the following, we assume that differentiation of a set of known variables either is
possible or not possible. That is, if a tool for approximate differentiation is available, we
assume that the quality of the measurements of the involved variables are good enough
to support the tool.
One alternative to differentiate variables directly, is to propagate unknown differenti-
ated variables through a set of equations so that these can be expressed as derivatives of
measured variables only. Assume for example that we want to compute the derivative ẋ 1
and we also have that x 1 = y 1 . To compute ẋ 1 , we use a differentiation tool to compute ẏ 1
and then use ẋ 1 = ẏ 1 .

3.3 Computation Sequence

To describe the way and order in which a set of variables is computed from a set of
equations, we will introduce the concept computation sequence. Before going into details,
we need some additional notation. Let V ⊆ X ∪ D and define

Diff (V) = {ẋ j ∈ D ∶ ẋ j ∈ V ∨ x j ∈ V} , (14)

unDiff (V) = {x j ∈ X ∶ x j ∈ V ∨ ẋ j ∈ V} . (15)

For instance, we have that Diff ({ẋ 1 , x 2 }) = {ẋ 1 , ẋ 2 } and unDiff ({ẋ 1 , x 2 }) = {x 1 , x 2 }.
54 Paper A. Residual Generators for Fault Diagnosis using . . .

Now consider the model M(E, X, Y), where E is the set of equations specified in (3),
X the set of unknown variables, and Y the set of known variables.
Definition 3 (Computation Sequence). Given a set of variables X′ ⊆ X, an AE tool T ,
and an ordered set

C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k )) ,

where V i ⊆ varX (E i ) ∪ varD (E i ), and {E i } is pairwise disjoint. The ordered set C is a

computation sequence for X′ with T , if
1. X′ ⊆ unDiff (V1 ∪ V2 ∪ . . . ∪ V k ), and
2. a system in BLT semi-explicit DAE form is obtained by sequentially calling the tool
T , with arguments V i and E i , for each element (V i , E i ) ∈ C.
For an example, recall the model (1), where E = {e 1 , e 2 , e 3 , e 4 , e 5 }, X = {x 1 , x 2 , x 3 , x 4 }
and Y = {y 1 , y 2 , y 3 }. Assume that the given AE tool T is ideal, in the sense that it can
solve all solvable linear and non-linear equations. Then the ordered set

C = (({x 3 } , {e 4 }) , ({x 4 } , {e 2 }) , ({ẋ 1 } , {e 1 }) , ({x 2 } , {e 3 })) (16)

is a computation sequence for {x 1 , x 2 , x 3 , x 4 } with T according to Definition 3, since

unDiff ({x 3 } ∪ {x 4 } ∪ {ẋ 1 } ∪ {x 2 }) = {x 1 , x 2 , x 3 , x 4 } ,

and the BLT semi-explicit DAE system

x3 = y3 (17a)
x 4 = ẋ 3 (17b)
ẋ 1 = x 2 (17c)
−ẋ 4 x 1 + y 1
x2 = , (17d)
2x 4
is obtained by sequentially calling T with elements from C as arguments.
Note that the obtained BLT semi-explicit DAE system (17) has three blocks; the first
block corresponds to (17a), the second to (17b), and the third to (17c) and (17d). Also
note that the equation set {e 1 , e 3 }, containing a differential loop, corresponds to a semi-
explicit DAE of index one given by (17c) and (17d). Furthermore, derivative causality is
used in (17b) and (17d), and integral causality in (17c).

4 Sequential Residual Generation

In this section it is shown how a computation sequence can be utilized for residual
generation. A residual generator based on a computation sequence will be defined as
a sequential residual generator. In a sequential residual generator, the generation of a
residual will consist of finite sequence of variable computations ending with evaluation
4. Sequential Residual Generation 55

of an unused equation. The concepts of minimal and irreducible computation sequence,

as well as proper sequential residual generator will then be introduced. A necessary
condition for the existence of a proper sequential residual generator is given. The section
ends with an algorithm able to find proper sequential residual generators, given a model
and an AE tool.
An important property of a computation sequence is given by the following lemma.
Lemma 1. Let the ordered set

C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k ))
′
be a computation sequence for the variables X′ ⊆ X with the AE tool T , and let Ē be the
set of equations in BLT semi-explicit DAE form obtained from C with the AE tool T . Then
′
the solution sets of Ē and E1 ∪ E2 ∪ . . . ∪ E k , with respect to V1 ∪ V2 ∪ . . . ∪ V k , are equal
and unique.
With this lemma, the following important result can be proved.
Theorem 1. Let M(E, X, Y) be a model, T an AE tool, and

C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k )) ,

a computation sequence for X′ ⊆ X with T , where E i ⊆ E. Also, let e i ∈ E∖E1 ∪E2 ∪ . . . ∪E k

where varX (e i ) ⊆ X′ and it is assumed that e i is written as f i (ẋ, x, y) = 0. Then the
BLT semi-explicit DAE system obtained from C with T and r = f i (ẋ, x, y), is a residual
generator for M(E, X, Y) if
1. consistent initial conditions of all states are available, and
2. all needed derivatives can be computed with the available differentiation tools.
Motivated by this theorem, we define a sequential residual generator as follows.
Definition 4 (Sequential Residual Generator). A residual generator for M(E, X, Y) ob-
tained from a computation sequence C and an equation e i ∈ E, in accordance with the
description in Theorem 1, is a sequential residual generator for M(E, X, Y), denoted
S = (T (C) , e i ), and e i is a residual equation.

4.1 Proper Sequential Residual Generator

Regarding implementation aspects, e.g., complexity or numerical issues, smaller compu-
tation sequences are generally better. In particular, it is unnecessary to compute variables
that are not contained in the residual equation, or not used to compute any of the vari-
ables contained in the residual equation. Motivated by this discussion, we make the
following definition.
Definition 5 (Minimal Computation Sequence). Given a set of variables X′ ⊆ X and
an AE tool T , a computation sequence C for X′ with T is minimal, if there is no other
computation sequence C ′ for X′ with T such that C ′ ⊂ C.
56 Paper A. Residual Generators for Fault Diagnosis using . . .

Return to the model (1) in Section 1. Consider the last two equations in the model,

e4 ∶ x3 − y3 = 0
e5 ∶ x 2 − y 2 = 0,

and let T be an ideal AE tool. The computation sequence

C1 = (({x 3 }, {e 4 }) , ({x 2 }, {e 5 })) (18)

for {x 2 , x 3 } with T is minimal. The resulting BLT semi-explicit DAE form is given by

x3 = y3 (19a)
x2 = y2 . (19b)

However, C1 is not minimal for {x 3 } since C2 = ({x 3 }, {e 4 }) is a (minimal) computation

sequence for {x 3 } with T , and C2 ⊂ C1 .
Computation of variables according to a minimal computation sequence thus implies
that no unnecessary variables are computed. However, with the complexity and numerical
aspects in mind, it is also most desirable that computation of variables in each step is
performed from as small equation sets as possible. This leads to the following definition.
Definition 6 (Irreducible Computation Sequence). Given a set of variables X′ ⊆ X and
an AE tool T , a computation sequence

C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k )) ,
′
for X with T is irreducible, if no element (V i , E i ) ∈ C can be partitioned as V i = V i1 ∪ V i2
and E i = E i1 ∪ E i2 , such that

C ′ = ((V1 , E1 ) , . . . , (V i1 , E i1 ) , (V i2 , E i2 ) , . . . , (V k , E k ))

is a computation sequence for X′ with T .

Return to the equation set {e 4 , e 5 } considered above. Clearly, the ordered set C3 =
({x 2 , x 3 }, {e 4 , e 5 }) is a minimal computation sequence for {x 2 , x 3 } with the ideal AE
tool T . The corresponding BLT semi-explicit DAE system is given by (19). However, C3
is not irreducible since C1 given by (18) is also a computation sequence for {x 2 , x 3 }.
From now on, we will only consider AE tools fulfilling the following, quite non-
limiting, property.
Assumption 3. Let E i = E i1 ∪ E i2 and V i = V i1 ∪ V i2 , in accordance with Definition 6. If
an AE tool can solve E i for V i , it can also solve E i1 for V i1 and E i2 for V i2 .
Sequential residual generators based on minimal and irreducible computation se-
quences are of particular interest.
Definition 7 (Proper Sequential Residual Generator). Given an equation e i ∈ E, an AE
tool T , and a computation sequence C for varX (e i ) with T . A sequential residual generator
S = (T (C) , e i ) is proper, if C is a minimal and irreducible computation sequence for
varX (e i ) with T .
4. Sequential Residual Generation 57

For construction of a sequential residual generator, a computation sequence and

a residual equation is needed. Due to Assumption 2, the equation set contained in a
computation sequence is a just-determined set of equations. Since the residual equation
is redundant, see Theorem 1, it follows that the equations in a computation sequence
and the residual equation constitute an over-determined equation set. Hence, an over-
determined set of equations is needed to construct a sequential residual generator. For
construction of a proper sequential residual generator, a Minimal Structurally Over-
determined (MSO) set (Krysander et al., 2008), is needed.
Theorem 2. Let S = (T (C) , e i ) be a proper sequential residual generator, where

C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k )) ,

then the equation set E1 ∪ E2 ∪ . . . ∪ E k ∪ e i is an MSO set with respect to varX (E1 ∪ E2 ∪
. . . ∪ Ek ∪ e i )
Note that Theorem 2 establishes a link between structural and analytical methods.
This is done without the use of any assumptions of generic equations as in, e.g., Krysander
et al. (2008), instead assumptions have been placed on the tools.
Recall again the model (1) and consider the computation sequence C, given by (16),
with the corresponding BLT semi-explicit DAE form (17). The computation sequence
C together with the equation e 5 is a sequential residual generator for the model (1), if
we assume that the initial condition of x 1 is known and consistent and the derivatives
ẋ 3 and ẋ 4 can be computed with the available differentiation tools. As a matter of fact,
the residual generator is a proper sequential residual generator since the computation
sequence C for varX (e 5 ) = {x 2 } with the ideal AE tool T is minimal and irreducible.
Hence, we can by Theorem 2 conclude that the equation set E = {e 1 , e 2 , e 3 , e 4 , e 5 } is an
MSO set.

4.2 Finding Proper Sequential Residual Generators

Theorem 2 states a necessary condition for the existence of a proper sequential residual
generator. Hence, a first step when searching for all proper sequential residual generators
may be to find all MSO sets. There are efficient algorithms for finding all MSO sets in
large equation sets, see, e.g., Krysander et al. (2008).
Motivated by this, we propose the following algorithm for finding proper sequen-
tial residual generators, given a model M(E, X, Y) and an AE tool T . The function
findAllMSOs is assumed to find all MSO sets in the equation set E. The function
findComputationSequence, taking an equation set E′ , a variable set X′ and an AE
tool T , is assumed to return a minimal and proper computation sequence for X′ with T .
The algorithm is justified by the following theorem.
Theorem 3. Let M(E, X, Y) be a model and T an AE tool. Also, let R be the set returned
by findResidualGenerators when E, X, and T are used as input. Then all elements
(T (C) , e i ) ∈ R are proper sequential residual generators for M(E, X, Y) if, in accordance
with Theorem 1, consistent initial conditions of all states are available, and all needed
derivatives can be computed with the available differentiation tools.
58 Paper A. Residual Generators for Fault Diagnosis using . . .

1: function findResidualGenerators(E, X, T )
2: R ∶= ∅
3: MSOs ∶= findAllMSOs(E, X)
4: for all Ē ∈ MSOs do
5: X′ ∶= varX (Ē)
6: for all e i ∈ Ē do
7: E′ ∶= Ē ∖ e i
8: C ∶= findComputationSequence(E′ , X′ , T )
9: if C ≠ ∅ then
10: R = R ∪ {(T (C) , e i )}
11: end if
12: end for
13: end for
14: return R
15: end function

The most important step in findResidualGenerators is thus to find a minimal

and irreducible computation sequence, i.e., the function findComputationSequence.
This is the topic of next section.

5 Method for Finding a Computation Sequence

A proper sequential residual generator consists of a BLT semi-explicit DAE system,
obtained from a minimal and irreducible computation sequence, and a residual equation.
Essential for construction of a proper sequential residual generator is thus to find a
minimal and irreducible computation sequence. The method that we propose for finding
a computation sequence is presented in this section. First, the different steps of the
method are illustrated by studying an example.

5.1 Illustrative Example

Consider the following set of equations,
e1 ∶ ẋ 1 + x 1 x 6 − x 3 − x 52 x 7 = 0
e2 ∶ ẋ 2 + x 2 x 3 + y 1 = 0
e3 ∶ ẋ 3 + x 3 − x 2 x 4 + y 2 = 0
e4 ∶ ẋ 4 + x 2 − x 5 − y 3 = 0
e5 ∶ x 1 − x 2 x 3 − x 4 + x 6 − 2x 7 − y 4 = 0
e6 ∶ x 32 − x 6 − x 7 + y 5 = 0
e7 ∶ x 4 − y 6 = 0,
where X = {x 1 , x 2 , . . . , x 7 } are unknown variables and Y = {y 1 , y 2 . . . , y 6 } known vari-
ables. Assume that we want to find a computation sequence for X with a given AE
5. Method for Finding a Computation Sequence 59

tool.
First identify the SCCs, recall Section 2.3, of the structure of E = {e 1 , e 2 , . . . , e 7 } with
respect to X, and order the corresponding partitions of the equation and variable sets
accordingly

x4 x3 x2 x5 x6 x7 x1
e7 1
e3 1 1 1
e2 1 1
(20)
e4 1 1 1
e6 1 1 1
e1 1 1 1 1 1
e5 1 1 1 1 1 1

The ordered partitions are

E = ({e 7 } , {e 2 , e 3 } , {e 4 } , {e 1 , e 5 , e 6 })

and

X = ({x 4 } , {x 2 , x 3 } , {x 5 } , {x 1 , x 6 , x 7 }) ,

where each element in E is a SCC with respect to the corresponding element in X , e.g.,
({e 2 , e 3 } , {x 2 , x 3 }). The SCCs are marked with bold in (20).
The first SCC, ({e 4 }, {x 7 }), contains one linear algebraic equation. Under assump-
tion that our AE tool can handle such equations, e 7 is solved for x 4 and we obtain

x4 = y6 . (21)

Then consider the next SCC, ({e 2 , e 3 }, {x 2 , x 3 }) which contains two differential
equations. The permuted structure of {e 2 , e 3 } with respect to the differentiated variables
{ẋ 2 , ẋ 3 } is

ẋ 3 ẋ 2
e3 1 (22)
e2 1

As seen, the structure (22) contains two SCCs of size one, ({e 3 }, {ẋ 3 }) and ({e 2 }, {ẋ 2 }).
Assuming our AE tool admits it, we then solve e 3 for ẋ 3 and e 2 for ẋ 2 and obtain

ẋ 3 = −x 3 + x 2 x 4 − y 2 (23)
ẋ 2 = −x 2 x 3 − y 1 .

The next SCC, ({e 4 }, {x 5 }), contains a differential equation. However, since x 5 is
the variable intended to compute from the equation, we can handle e 6 as an algebraic
equation and solve it for x 5 ,

x 5 = x 2 + ẋ 4 − y 3 . (24)
60 Paper A. Residual Generators for Fault Diagnosis using . . .

The SCC ({e 1 , e 5 , e 6 }, {x 1 , x 6 , x 7 }) contains the differential equation e 1 and the two
algebraic equations e 5 and e 6 . By analyzing the equations we see that x 6 and x 7 are
algebraic variables contained in both e 5 and e 6 and that x 1 is a differentiated variable
present in e 1 . We then solve e 1 for ẋ 1 and obtain

ẋ 1 = −x 1 x 6 + x 52 x 7 + x 3 . (25)

The structure of {e 5 , e 6 } with respect to {x 6 , x 7 } reveals a SCC of size two, see (26).

x6 x7
e5 1 1 (26)
e6 1 1

Under the assumption that our AE tool can handle it, we solve the equation system
{e 5 , e 6 } for {x 6 , x 7 } and obtain

x 6 = 2x 32 + x 1 − x 2 x 3 − x 4 + 2y 5 − y 4 (27)
x7 = x1 − x2 x3 − x4 + x 32 + y5 − y4 .

Collecting the equations (21), (23), (24), (25), and (27) gives

x4 = y6 (28a)
ẋ 3 = −x 3 + x 2 x 4 − y 2 (28b)
ẋ 2 = −x 2 x 3 − y 1 (28c)
x 5 = x 2 + ẋ 4 − y 3 (28d)
ẋ 1 = −x 1 x 6 + x 52 x 7 + x3 (28e)
x6 = 2x 32 + x 1 − x 2 x 3 − x 4 + 2y 5 − y 4 (28f)
x7 = x1 − x2 x3 − x4 + x 32 + y5 − y4 , (28g)

which is a system in BLT semi-explicit DAE form with four blocks. The equation (28a)
correspond to the first block, which only contains an algebraic equation. The second
block is given by (28b) and (28c), and correspond to an explicit ODE with respect to
the variables {x 2 , x 3 }. Hence, integral causality is used in this block. The third block
contains (28d), which is a differential equation in which derivative causality is used. The
equations (28e)–(28g) constitute the fourth and last block. This block corresponds to a
semi-explicit DAE of index one, with respect to the variables {x 1 , x 6 , x 7 }.
The resulting computation sequence for {x 1 , x 2 , . . . , x 7 } with the given AE tool is,

C = (({x 4 }, {e 7 }) , ({ẋ 3 }, {e 3 }) , ({ẋ 2 }, {e 2 }) , ({x 5 }, {e 4 }) ,

({ẋ 1 }, {e 1 }) , ({x 6 , x 7 }, {e 6 , e 5 })) .

5.2 Summary of the Method

Given an AE tool and a just-determined set of equations, the proposed method for
finding a computation sequence can be outlined as follows:
5. Method for Finding a Computation Sequence 61

1. Find the SCCs of the structure of the equation set with respect to the unknown
variables. No distinction is made between a variable and its derivative.

2. For each SCC, split the equations into one set of differential equations and one
set of algebraic equations, and the variables into one set of differentiated variables
and one set of algebraic variables.

3. For the differential equations, find the SCCs of the structure of the differential
equations with respect to the differentiated variables. For each SCC, try to solve
the differential equations for the intended differentiated variables with the AE tool.
Note that due to the assumption that each differential equation only contains one
differentiated variable, all SCCs are of size one.

4. For the algebraic equations, find the SCCs of the structure of the algebraic equations
with respect to the algebraic variables. For each SCC, try to solve the algebraic
equations for the intended algebraic variables with the AE tool.

5.3 Algorithm
The method is formally described in the function findComputationSequence below.
The function takes a just-determined equation set E′ ⊆ E, a set of unknown variables
X′ ⊆ X, and an AE tool T as input, and returns an ordered set C as output. The function
findAllSCCs is assumed to return an ordered set of equation and variable pairs, where
each pair corresponds to a SCC of the structure of the equation set with respect to the
variable set. The order of the SCCs returned by findAllSCCs is assumed to be the
one depicted in Figure 1, for more information regarding ordering of SCCs please refer
to Murota (1987). There are efficient algorithms for finding SCCs in directed graphs, see
for example Tarjan (1972). The DM-decomposition (Dulmage and Mendelsohn, 1958)
can also be utilized. In Matlab, the DM-decomposition is implemented in the function
dmperm, from which also the order of the SCCs, according to Figure 1, easily can be
obtained. Other functions used in findComputationSequence are:

• Diff and unDiff, takes a variable set as input and returns its differentiated and
undifferentiated correspondence, see (14) and (15).

• isInitCondKnown determines if the initial conditions of the given variables are

known and consistent, and the function isDifferentiable determines if the given
variables can be differentiated with the available differentiation tool.

• isJustDetermined is used to determine if the structure of the given equation set,

with respect to the given variable set, is just-determined. This is essential, since
otherwise the computation of SCCs makes no sense.

• getDifferentialEquations takes a set of equations and a set of differentiated

variables as input, and returns the differential equations in which the given differ-
entiated variables are contained.
62 Paper A. Residual Generators for Fault Diagnosis using . . .

• isToolSolvable determines if the given AE tool can solve the given equations
for the given set of variables.
• Append, takes an ordered set and an element as input and simply appends the
element to the end of the set.
• The operator ∣ ⋅ ∣, taking a set as input, is assumed to return the number of elements
in the set and the notion A (i) is used to refer to the i:th element of the ordered
set A.
That the ordered set C returned by findComputationSequence, indeed, is a mini-
mal and irreducible computation sequence is verified in the following theorem.
Theorem 4. Let E′ ⊆ E be a just-determined set of equations with respect to the variables
X′ ⊆ X, and T an AE tool. If E′ , X′ , and T are used as arguments to findComputation-
Sequence and a non-empty C is returned, then C is a minimal and irreducible computation
sequence for X′ with T .

6 Application Studies
The objective of this section is to empirically show the benefits of the method for finding
sequential residual generators proposed in Sections 4.2 and 5.3. This is done by applying
the method to models of an automotive diesel engine and an auxiliary hydraulic braking
system. In addition, we illustrate how a sequential residual generator for the diesel engine,
found with the proposed method, can be realized. The realized residual generator is then
evaluated using real measurements from a truck.

6.1 Implementation and Configuration of the Method

The analytical models of the two systems were obtained from Simulink models by using
the toolbox described in Frisk et al. (2006). The resulting models are complex DAEs
containing non-linearities like min- and max-functions, look-up tables, saturations, and
polynomials.
The functions findResidualGenerators and findComputationSequence, de-
scribed in Sections 4.2 and 5.3, were implemented in Matlab. In the implementation of
findComputationSequence, the symbolic equation solver in Maple was used as AE
tool. To find all MSO sets, the algorithm described in Krysander et al. (2008) was used.
The MSO sets were arranged in classes, so that MSOs containing the same set of known
variables belongs to the same MSO class.
For comparison, different configurations of findComputationSequence were ap-
plied to the models. The following parameters, which naturally influences the possibility
to find computation sequences, were used for configuration:
SCC: The ability to handle SCCs of larger size than one, i.e., equation sets containing
algebraic or differential loops.
IC: The ability to use integral causality.
6. Application Studies 63

1: function findComputationSequence(E′ , X′ , T )
2: C ∶= ∅
3: S ∶= findAllSCCs(E′ , X′ )
4: for i = 1, 2, . . . , ∣S∣ do
5: (E i , X i ) ∶= S (i)
6: D i ∶= Diff(X i )
7: Z i ∶= varD (E i ) ∩ D i
8: W i ∶= X i ∖ unDiff(Z i )
9: if not isInitCondKnown(Z i ) then
10: return ∅
11: end if
12: EZ i ∶= getDifferentialEquations(E i , Z i )
13: EW i ∶= E i ∖ EZ i
14: SZ i ∶= findAllSCCs(EZ i , Z i )
15: for j = 1, 2, . . . , ∣SZ i ∣ do
j j
16: (EZ i , Z i ) ∶= SZ i ( j)
if isToolSolvable(Z i , EZ i , T ) then
j j
17:
j j
18: Append(C, (Z i , EZ i ))
19: else
20: return ∅
21: end if
22: end for
23: if isJustDetermined(EW i , W i ) then
24: SW i ∶= findAllSCCs(EW i , W i )
25: for j = 1, 2, . . . , ∣SW i ∣ do
j j
26: (EW i , W i ) ∶= SW i ( j)
if isToolSolvable(W i ,EW i ,T ) then
j j
27:
j j
28: Append(C, (W i , EW i ))
29: else
30: return ∅
31: end if
32: end for
33: else
34: return ∅
35: end if
36: end for
37: return C
38: end function
64 Paper A. Residual Generators for Fault Diagnosis using . . .

Table 1: The Six Configurations of the Method used in the Studies

D I DI SD SI SDI
SCC x x x
IC x x x x
DC x x x x

DC: The ability to use derivative causality.

Note that if a configuration uses integral causality, it is assumed that all initial conditions
are available. Moreover, it is assumed that all needed derivatives can be computed when
a configuration uses derivative causality.
The six possible different configurations are shown in Table 1. For example, configu-
ration SI is able to handle equation sets containing loops and use integral causality, but
can not use derivative causality. The configuration corresponding to the novel approach
for finding sequential residual generators proposed in this paper is SDI.

6.2 Performance Measures

A sequential residual generator is sensitive to those faults that influence its residual
equation and the equations contained in its computation sequence. Different MSO
sets correspond to different subsets of the equations in the model. Sequential residual
generators obtained from computation sequences and residual equations originating
from different MSO sets will thus naturally be sensitive to different subsets of faults.
To achieve good fault isolation, it is hence important that residual generators can be
constructed from as many MSO sets as possible.
In the automotive applications studied here, it is especially important to detect and
isolate faults present in sensors and actuators, that is, faults affecting measurements of
known variables. Hence, it also important that residual generators can be constructed
from as many MSO classes as possible.
Additionally, different residual generators constructed from the same MSO set or
MSO class may have different properties regarding for example numerical aspects, sensi-
tivity to faults, and sensitivity for disturbances such as measurement noise or modeling
errors. Hence it is most desirable to be able to evaluate as many residual generators as
possible, with real measurement data, to decide which set of residual generators to use
in the final diagnosis system.
Motivated by this discussion, we will use the following performance measures to
compare the different configurations of the method:
MSO Sets: In how many of the total number of MSO sets at least one residual generator
could be found.
MSO Classes: In how many of the total number of MSO classes at least one residual
generator could be found.
Residual Generators: The total number of residual generators found.
6. Application Studies 65

Figure 2: Cutaway of a Scania 13-liter, 6-cylinder diesel engine equipped with EGR and
VGT. Illustration by Semcon Informatic Graphics Solutions.

6.3 Automotive Diesel Engine

The studied engine is a 13-liter, 6-cylinder Scania diesel engine equipped with Exhaust
Gas Recirculation (EGR) and a Variable Geometry Turbocharger (VGT). A cutaway of
the engine can be found in Figure 2.
The model describes the gas-flow in the engine, see Wahlström (2006) for more
details. The analytical model extracted from the Simulink model is a non-linear DAE
system and contains 282 equations, 272 unknown variables, and 11 known variables. Of
the equations, 8 are differential and the rest are algebraic. The differentiated variables
represent physical quantities such as pressures, temperatures, and rotational speeds.
In total, 598 MSO sets could be found in the engine model. The MSO sets could
be arranged into 210 MSO classes. Theoretically, the total number of potential residual
generators that can be constructed from an MSO set is equal to the total number of
equations in the MSO set. In this case, 135772 different residual generators could be
theoretically constructed from the 598 MSO sets.
The total number of residual generators found and how many of the MSO sets and
MSO classes that could be used, for each configuration of the method, is shown in Table 2
and Figure 3. The columns to the left and in the middle of Table 2 shows in how many
of the MSO sets and MSO classes at least one residual generator could be found. The
column to the right shows the total number of residual generators that could be found
for each configuration of the method.
It is obvious that a very small fraction of the potential residual generators were found,
about 1.2 %, and that only a small fraction of the MSO sets and MSO classes could be used,
independent of configuration. The main reason for this is the complexity of the engine
model. The model contains large algebraic and differential loops, including complex non-
linear equations, which are impossible to solve analytically. Nevertheless, many more
residual generators were found and more MSO sets could be used with configuration
66 Paper A. Residual Generators for Fault Diagnosis using . . .

Table 2: Results for Diesel Engine

MSO Sets MSO Classes Residual Generators

D 4 4 46
I 1 1 5
DI 4 4 46
SD 4 4 46
SI 23 20 58
SDI 120 72 1636
Potential 598 210 135772

Table 3: Results for Hydraulic Braking System

MSO Sets MSO Classes Residual Generators

D 21 14 145
I 6 6 18
DI 21 14 147
SD 33 22 288
SI 29 29 71
SDI 65 44 1293
Potential 125 83 4607

SDI, i.e., with mixed causality and the ability to handle loops, in comparison with any
other configuration of findComputationSequence.

6.4 Hydraulic Braking System

The Scania auxiliary hydraulic braking system, called retarder, is used on heavy duty
trucks for long continuous braking, for example to maintain constant speed down a
slope. By using the retarder, braking discs can be saved for short time braking.
The model of the hydraulic braking system contains 49 equations, 44 unknown
variables, and 9 known variables. It is a non-linear DAE system and contains 4 differential
equations and 45 algebraic equations.
The model contains 125 MSO sets, which can be arranged into 83 MSO classes. The
total number of possible residual generators for the model of the hydraulic braking
system is, theoretically, 4607.
Table 3 and Figure 4 shows, for each configuration of the method, how many of the
MSO sets and MSO classes that could be used and the total number of residual generators
found for the model of the hydraulic braking system. As seen, a significantly larger
fraction of the MSO sets and MSO classes could be used and more residual generators
could be found with configuration SDI, in comparison with any other configuration.
6. Application Studies 67

Results for Diesel Engine

35 SDI D
I
DI
30 SD
SI
SDI
25

SDI
20
%

15

10 SI

5 SI
D DI SD SDI
D I DI SD I D I DI SD SI
0
MSO Sets MSO Classes Residual Generators

Figure 3: The bars to the left and in the middle shows the fractions of the total number
of MSO sets and MSO classes in which a residual generator could be found with each
configuration of the method. The bars to the right shows the fractions of the number of
potential residual generators that could be found with each configuration of the method.

Results for Hydraulic Braking System

60
D
SDI SDI I
DI
50
SD
SI
SDI
40
SI
%

30 SDI
SD SD
SI

20 D DI D DI

10 I SD
I
D DI
I SI
0
MSO Sets MSO Classes Residual Generators

Figure 4: The bars to the left and in the middle shows the fractions of the total number
of MSO sets and MSO classes in which a residual generator could be found with each
configuration of the method. The bars to the right shows the fractions of the number of
potential residual generators that could be found with each configuration of the method.
68 Paper A. Residual Generators for Fault Diagnosis using . . .

20

40

60

Equations 80

100

120

140

160

180

200
0 50 100 150 200
Variables

Figure 5: Structure of the 203 equations in the considered computation sequence, with
respect to the 203 unknown variables. The SCCs of the structure, corresponding to the
elements in the computation sequence, are marked with squares. The large SCC contains
102 equations.

6.5 Realization of a Residual Generator for the Diesel Engine

The purpose of this section is to briefly show how a residual generator for the diesel
engine is constructed from a computation sequence obtained with the proposed method.

Properties of the Computation Sequence

The considered computation sequence originates from an MSO set containing in total
204 equations, 203 unknown variables, and 8 known variables. Thus, the computation se-
quence contains 203 equations and 203 unknown variables. In total 33 residual generators
were found in the MSO class to which the MSO set belongs. All 33 residual generators
were found with configuration SDI of findComputationSequence.
The computation sequence contains 102 elements. All elements but the last one
contains one equation and one variable. The last element contains 102 equations and
102 variables and corresponds to a SCC of size 102. The structure of the 203 equations
contained in the computation sequence, with respect to the 203 unknown variables, is
shown in Figure 5. The SCCs of the structure, corresponding to the elements in the
computation sequence, marked with squares in Figure 5.
The residual equation used in the residual generator, i.e., the equation removed from
the MSO set when the corresponding computation sequence was found, compares the
measured and computed pressure in the intake manifold of the diesel engine.
6. Application Studies 69

Properties of the BLT Semi-Explicit DAE System

The BLT semi-explicit DAE system obtained from the computation sequence contains
102 blocks and has the following form

w1 = h1 (y)
w2 = h2 (w1 , y)
⋮
w64 = h64 (w1 , w2 , . . . , w63 , y)
w65 = h65 (ẇ64 , w1 , . . . , w64 , y)
w66 = h66 (w1 , w2 , . . . , w65 , y)
⋮
w76 = h76 (w1 , w2 , . . . , w75 , y)
w77 = h77 (ẇ76 , w1 , . . . , w76 , y) (29)
w78 = h78 (w1 , w2 , . . . , w77 , y)
⋮
w100 = h100 (w1 , w2 , . . . , w99 , y)
ż101 = g101 (w1 , . . . , w101 , y)
w101
1
= h1101 (z101 , w1 , . . . , w100 , y)
w101
2
= h2101 (z101 , w1 , . . . , w100 , w101
1
, y)
⋮
w101
99
= h99
101 (z101 , w1 , . . . , w100 , w101 , . . . , w101 , y) ,
1 98

where w101 = (w101 , w101 , . . . , w101 ), and z101 is of dimension three and all w i , w i of
1 2 99 j

dimension one. The largest block, denoted 101 in (29), is a semi-explicit DAE of index
one with three differential equations with variables z101 and 99 algebraic equations with
variables w101
1
, . . . , w101
99
, corresponding to a differential loop and a SCC of size 102. Since
the block is a semi-explicit DAE of index one, integral causality is used in this block. In
two of the blocks, denoted 66 and 77 in (29), derivative causality is used. The remaining
blocks, denoted 1 - 65, 67 - 76, and 78 - 100 correspond to algebraic equations. In total,
the BLT semi-explicit DAE system contains five differential equations and 198 algebraic
equations.

Implementation Issues
The residual generator, i.e., the obtained BLT semi-explicit DAE system and the residual
equation, was implemented in Matlab. To compute the values of the unknown variables,
the approach described in Section 3.1 was used. To solve the resulting explicit ODE, Euler
forward with fixed step-size was utilized. All state variables in the residual generators
represent physical quantities, hence initial conditions were easy to obtain from the
available measurements.
70 Paper A. Residual Generators for Fault Diagnosis using . . .

Approximate Differentiation In the two blocks where derivative causality is used, 66

and 77 in (29), derivatives of variables computed in previous blocks had to be computed.
By propagating the two differentiated variables through equations in earlier blocks of the
obtained BLT semi-explicit DAE system, the differentiated variables could be expressed
as derivatives of known variables only, see Section 3.2. The known variables that had to
be differentiated were measurements of the pressure in the exhaust manifold, and the
rotational speed of the turbo turbine.
The differentiation tool, i.e., the method for differentiation of known variables, used
in this case study was a sliding-window least square polynomial fit approach. By finding
a linear approximation, in a least square sense, to a set of consecutive measurements,
referred to as a window, an approximation of the first-order derivative of the measured
signal in the window can be obtained as the slope of the linear approximation, see,
e.g., Barford et al. (1999). This approach was used since it is simple and straight-forward
to implement, and gave good results. An implementation was done in Matlab, a
window-size of 40 measurements, 20 past and 20 future, was used.

Results
Real measurements of the known variables in the engine model were collected by driving
a truck on the road. Two sets of measurements were collected, one with a fault-free
engine and one with an implemented fault. The implemented fault was a constant bias in
the sensor measuring the pressure in the intake manifold of the diesel engine.
The residual generator was run off-board by using the collected measurements. The
residual was then low-pass filtered to remove some measurement noise and finally scaled.
In Figure 6, the resulting residual is shown. During the first 100 seconds, the measure-
ments are fault-free. The remaining time, the measurements contain the implemented
bias fault. It is obvious that the residual can be used to detect the injected fault.

7 Conclusions
We have in Section 1 concluded that it is important that there is a large selection of
different candidate residual generators to choose between when designing diagnosis
systems. In this spirit we have in this paper presented a method for deriving residual
generators with the key property that it is able to find a large number of different residual
generators. This property is firstly due to the fact that the method belongs to a class
of methods that we refer to as sequential residual generation. This class of methods
has in earlier works been shown to be powerful for real non-linear systems (Dustegor
et al., 2004; Izadi-Zamanabadi, 2002; Cocquempot et al., 1998; Svärd and Wassén, 2006;
Hansen and Molin, 2006). Secondly, which is the key contribution of the paper, we have
extended these earlier methods by handling mixed causality and also, in a systematic
manner, equation sets containing differential and algebraic loops.
The method has been presented as an algorithm utilizing an assumed given toolbox
of, e.g., algebraic equation solvers. We have proven, in Theorem 1, that the algorithm
really finds residual generators and, in Theorems 3 and 4, that the residual generators, or
7. Conclusions 71

2.5

1.5

0.5

−0.5

−1
0 50 100 150 200
time [s]

Figure 6: The residual obtained from the constructed residual generator. No fault is
present the first 100 seconds. During the remaining 100 seconds, there is a bias fault in
the sensor measuring the pressure in the intake manifold. The dashed lines suggests how
thresholds could be chosen in order to detect the fault.

rather sequential residual generators, found are proper. Properness guarantees that the
residual generator is not containing unnecessary computations and that computations
are performed from as small equation sets as possible. We have also proven, in Theorem 2,
that proper sequential residual generators are always found within MSO sets. This fact
has been utilized in the algorithm since there is no need to look for sequential residual
generators in other equation sets than MSO sets. Furthermore, this theorem provides a
link between structural and analytical methods without the use of any assumptions of
generic equations, such as in, e.g., Krysander et al. (2008).
In the empirical study in Section VI, we have evaluated our method on models of two
real automotive Systems. The results obtained are compared to results from the special
cases of using solely differential or integral causality, or only handling scalar equations.
It is evident that our more general method outperforms the other alternatives. Since the
two systems have quite different characteristics, e.g., in the number of redundant sensors,
we believe that these results are representative also for a larger class of systems.

Acknowledgment
This work was sponsored by Scania CV AB and VINNOVA (Swedish Governmental
Agency for Innovation Systems).
72 Paper A. Residual Generators for Fault Diagnosis using . . .

A Proofs of Theorems and Lemmas

′
Proof of Lemma 1. Consider an element (V i , E i ) ∈ C, and let Ē i denote the set of equa-
′
tions obtained when T is called with arguments V i and E i . It then holds that Ē =
′ ′ ′ ′
Ē1 ∪ Ē2 ∪ . . . ∪ Ē k . Given y, let x̃ be an arbitrary solution to Ē , i.e., a trajectory fulfilling
′ ′
every equation e i ∈ Ē . Trivially, x̃ also is a solution to the equations in every Ē i , since
′ ′
Ē i ⊆ Ē . Assumption 1 then implies that x̃ is a unique solution and also a solution to every
E i , and hence to E1 ∪ E2 ∪ . . . ∪ E k . By taking an arbitrary solution to E1 ∪ E2 ∪ . . . ∪ E k
and applying the same arguments as above, it can be shown that this solution is unique
′
and also satisfies Ē , which completes the proof.

Proof of Theorem 1. Consider the model M(E, X, Y) and assume that ỹ ∈ O (M). Due to
the definition of O (M) in (4), we know that given ỹ there exists at least one trajectory of
the variables in X that satisfies the equations in E. Since describing E1 ∪ E2 ∪ . . . ∪ E k ⊆ E,
it holds that the trajectory ỹ also belongs to the observation set of the sub-model of
M(E, X, Y) given by E1 ∪ E2 ∪ . . . ∪ E k , i.e., the equation set contained in the computation
sequence C. Hence, given ỹ, there exists a trajectory x̃ of the variables in varX (E1 ∪
E2 ∪ . . . ∪ E k ) that satisfies E1 ∪ E2 ∪ . . . ∪ E k . By Lemma 1 we know that x̃ is a unique
solution that also satisfies the equations of the BLT semi-explicit DAE system obtained
by sequentially applying the tool T to the computation sequence C.
As said in Section 3.1, a BLT semi-explicit DAE system can be transformed to an
explicit ODE, with the exception that the ODE will contains derivatives of known
variables. Furthermore, after the discussion in Section 3.2, that an explicit ODE al-
ways can be solved if initial conditions are available. From this it follows that given
ỹ, consistent initial conditions of the states in the BLT semi-explicit DAE system, i.e.,
z i in (7), and the ability the compute all needed derivatives, the trajectory x̃ can be
computed from the BLT semi-explicit DAE system. Since e i ∈ E ∖ E1 ∪ E2 ∪ . . . ∪ E k and
varX (e i ) ⊆ X′ ⊆ varX (E1 ∪ E2 ∪ . . . ∪ E k ), the trajectory x̃ will also satisfy e i . We then
have that f i (x̃,
˙ x̃, ỹ) = 0. Hence, with r = f i (ẋ, x, y), ỹ ∈ O (M) implies r = 0 and we can
use r as residual. Thus the BLT semi-explicit DAE system obtained from the computation
sequence C with T , together with e i is a residual generator for M(E, X, Y).

Some important properties of a computation sequence, used in sub-sequential proofs,

is given by the following lemma.

Lemma 2. Let C = ((V1 , E1 ) , (V2 , E2 ) , . . . (V k , E k )) be a computation sequence for the

variables X′ with the AE tool T , then {unDiff (V i )} is pairwise disjoint and

unDiff (V1 ∪ V2 ∪ . . . ∪ V k ) = varX (E1 ∪ E2 ∪ . . . ∪ E k ).

Proof. From Definition 3, we have that a system in BLT semi-explicit DAE form can
be obtained by sequentially calling T with arguments V i and E i for every (V i , E i ) ∈ C.
From this fact, it follows that each variable x j ∈ unDiff (V i ) is present in some vector
z k or w l in the obtained BLT semi-explicit DAE system. Since the set of all vectors of
known variables in a BLT semi-explicit DAE system by Definition 2 is pairwise disjoint,
it follows that {unDiff (V i )} is pairwise disjoint and we have shown the first claim. For
A. Proofs of Theorems and Lemmas 73

the second claim, we start by noting that V i ⊆ varX (E i ) ∪ varD (E i ) due to Definition 3.
Since a system in BLT semi-explicit DAE form can be obtained from C and, according to
Lemma 1, the solution sets of E1 ∪ E2 ∪ . . . ∪ E k and the BLT semi-explicit DAE system,
with respect to V1 ∪ V2 ∪ . . . ∪ V k , are equal and unique, it holds that each unknown
variable in E1 ∪ E2 ∪ . . . ∪ E k , differentiated or undifferentiated, must be present in some
V i . From this fact and by the definitions of the operators unDiff () and varX (), it must
also hold that unDiff (V1 ∪ V2 ∪ . . . ∪ V k ) = varX (E1 ∪ E2 ∪ . . . ∪ E k ).

For the next proof, we need some additional graph theoretical concepts, see, e.g., As-
ratian et al. (1998); Murota (1987), therefore consider the bipartite graph G = (E, X, A)
describing the structure of E with respect to X, see Section 2.2. A path on the graph G is
a sequence of distinct vertices v 1 , v 2 , . . . , v n such that (v i , v i+1 ) ∈ A and v i ∈ E ∪ X. An
alternating path is a path in which the edges belong alternatively to a matching and not to
the matching. A vertex is said to be free, if it is not an endpoint of an edge in a matching.

Proof of Theorem 2. In this proof we will use a characterization of an MSO set given
in Krysander et al. (2008), saying that an equation set E is an MSO set if and only if E is
a Proper Structurally Over-determined (PSO) set and E contains one redundant equation.
Furthermore, an equation set E is a PSO set if E = E+ , where E+ is the structurally over-
determined part obtained from the DM-decomposition, recall Section 2.3, or equivalently
the equations e ∈ E such that, for any maximal matching, there exists an alternating path
between at least one free equation and e.
Returning to our case, we must show that E1 ∪ E2 ∪ . . . ∪ E k ∪ e i is a PSO set and
contains one redundant equation, with respect to the variables varX (E1 ∪ E2 ∪ . . . ∪ E k ).
We begin with the second property, i.e., that E1 ∪ E2 ∪ . . . ∪ E k ∪ e i contains a redundant
equation. Since S = (T (C) , e i ) is a proper sequential residual generator, it follows from
Definition 7 that C is a minimal and irreducible computation sequence for varX (e i ) with
T . If we let

C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k )) , (30)

we have from Definition 3 that a system in BLT semi-explicit DAE form is obtained by
sequentially calling the AE tool T with arguments V i and E i for every (V i , E i ) ∈ C. This
and Assumption 2, implies that ∣V i ∣ = ∣E i ∣ for every (V i , E i ) ∈ C and hence ∑ ki=1 ∣V i ∣ =
k
∑ i=1 ∣E i ∣. By the definition of the operator unDiff () in (15), we can conclude that ∣V i ∣ =
∣unDiff (V i )∣ and therefore it also holds that ∑ ki=1 ∣unDiff (V i )∣ = ∑ ki=1 ∣E i ∣. By Lemma 2
we have that {unDiff (V i )} is pairwise disjoint which implies that ∑ ki=1 ∣unDiff (V i )∣ =
∣unDiff (V1 ) ∪ unDiff (V2 ) ∪ . . . ∪ unDiff (V k )∣ = ∣unDiff (V1 ∪ V2 ∪ . . . ∪ V k )∣. Defi-
nition 3 states that also {E i } is pairwise disjoint and therefore ∣E1 ∪ E2 ∪ . . . ∪ E k ∣ =
k
∑ i=1 ∣E i ∣. Thus, it holds that ∣unDiff (V1 ∪ V2 ∪ . . . ∪ V k )∣ = ∣E1 ∪ E2 ∪ . . . ∪ E k ∣. By
Lemma 2, we have that unDiff (V1 ∪ V2 ∪ . . . ∪ V k ) = varX (E1 ∪ E2 ∪ . . . ∪ E k ) and there-
fore it also holds that ∣E1 ∪ E2 ∪ . . . ∪ E k ∣ = ∣varX (E1 ∪ E2 ∪ . . . ∪ E k )∣, i.e., E1 ∪E2 ∪. . .∪E k
contains as many equations as unknowns. Since C is a computation sequence for varX (e i )
with T , we have from Definition 3 that varX (e i ) ⊆ unDiff (V1 ∪ V2 ∪ . . . ∪ V k ) = varX (E1 ∪
E2 ∪ . . . ∪ E k ), where the last equality follows from Lemma 2, implying that adding e i to
74 Paper A. Residual Generators for Fault Diagnosis using . . .

E1 ∪E2 ∪. . .∪E k will not introduce any new unknown variables, i.e., e i is redundant. Hence,
the equation set E1 ∪E2 ∪. . .∪E k ∪e i contains one more equation than unknown variables,
since ∣E1 ∪ E2 ∪ . . . ∪ E k ∪ e i ∣ = ∣E1 ∪ E2 ∪ . . . ∪ E k ∣ + ∣e i ∣ = ∣varX (E1 ∪ E2 ∪ . . . ∪ E k )∣ + 1.
We will now show that E1 ∪ E2 ∪ . . . ∪ E k ∪ e i is a PSO set with respect to varX (E1 ∪
E2 ∪ . . . ∪ E k ∪ e i ). To show this, we must show that for any maximum matching on
the bipartite graph describing the structure of E1 ∪ E2 ∪ . . . ∪ E k ∪ e i , with respect to
varX (E1 ∪ E2 ∪ . . . ∪ E k ∪ e i ), there exists an alternating path between a free equation and
every equation in E1 ∪ E2 ∪ . . . ∪ E k ∪ e i . We start by constructing a maximum matching
and finding a free equation. Consider the computation sequence C described by (30)
and recall that C, given by (30), is a minimal and irreducible computation sequence for
varX (e i ) with T . The irreducibility of C implies that for each element (V i , E i ) ∈ C, it
holds that the structure of E i with respect to unDiff (V i ) corresponds to a SCC. To see
this, assume that (V i , E i ) not corresponds to a SCC. This implies that it is possible to
partition V i and E i into V i = V i1 ∪ V i2 ∪ . . . ∪ V i s and E i = E i1 ∪ E i2 ∪ . . . ∪ E i s so that

C ′ = ((V1 , E1 ) , . . . , (V i1 , E i1 ) , . . . , (V i s , E i s ) , . . . , (V k , E k )) ,

is also a computation sequence for varX (e i ) with T , due to Assumption 3. This con-
tradicts the irreducibility of C and hence (V i , E i ) must be a SCC. From this property
it follows, by the definition of a SCC, that there exists a maximum matching Γi on the
bipartite graph the structure of E i with respect to unDiff (V i ). This implies that a maxi-
mum matching, let it be denoted Γ, in the structure of E1 ∪ E2 ∪ . . . ∪ E k with respect
to unDiff (V1 ∪ V2 ∪ . . . ∪ V k ) can be constructed as Γ = ⋃ ki Γi , see, e.g., Murota (1987).
By Lemma 2, we have that unDiff (V1 ∪ V2 ∪ . . . ∪ V k ) = varX (E1 ∪ E2 ∪ . . . ∪ E k ) and
therefore Γ is also a maximum matching in the structure of E1 ∪ E2 ∪ . . . ∪ E k with
respect to varX (E1 ∪ E2 ∪ . . . ∪ E k ). In the first part of this proof, we concluded that the
equation e i is redundant and therefore Γ is also a maximum matching on the structure
of E1 ∪ E2 ∪ . . . ∪ E k ∪ e i with respect to varX (E1 ∪ E2 ∪ . . . ∪ E k ∪ e i ) and e i is a free
equation, since it is not contained in Γ.
Since it trivially exists a path between e i and e i , it is sufficient to show that there
exists an alternating path between the free equation e i and every equation in E1 ∪ E2 ∪
. . . ∪ E k . Due to the fact that each (V i , E i ) ∈ C corresponds to a SCC, there exists an
alternating path between any two vertices, i.e., equations or variables, in the bipartite
graph describing the structure of E i with respect to unDiff (V i ), see, e.g., Asratian et al.
(1998). Moreover, the minimality of C implies that for (V k , E k ) ∈ C there exists at least
one variable x m ∈ unDiff (V k ) such that x m ∈ varX (e i ), since otherwise C ′ = C∖(V k , E k )
is a computation sequence for varX (e i ) and C is not minimal. With the same argument,
we have that for (V i , E i ) ∈ C, i = 1, 2, . . . , k − 1, there exists at least one variable x m ∈
unDiff (V i ) such that either x m ∈ varX (e i ), or else x m ∈ varX (E j ) where (V j , E j ) ∈ C
and j ∈ {i + 1, i + 2, . . . , k}. This means that there exists an alternating path between at
least one variable in each (V i , E i ) ∈ C to e i , either directly or via one or several other
(V j , E j ) ∈ C. Thus, there exists an alternating path between e i and every equation in
E1 ∪ E2 ∪ . . . ∪ E k . We have by this shown that E1 ∪ E2 ∪ . . . ∪ E k ∪ e i is a PSO set.

The proof of Theorem 3 is based on the following lemma.

A. Proofs of Theorems and Lemmas 75

Lemma 3. Let Ē ⊆ E be an MSO set, T an AE tool, X′ = varX (Ē), and E′ = Ē ∖ e i , where

e i ∈ Ē. A minimal and irreducible computation sequence
C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k )) ,
for X′ with T , where E i ⊆ Ē, is also a minimal and irreducible computation sequence for
varX (e i ) with T .
Proof. Assume that C is a minimal and irreducible computation sequence for X′ with
T . First of all, since e i ∈ Ē and X′ = varX (Ē) it trivially holds that varX (e i ) ⊆ X′ and
hence C is a computation sequence for varX (e i ) with T . As well, it directly follows
from Definition 6 that C is an irreducible computation sequence for any subset of X′ ,
in particular varX (e i ). To show that C also is a minimal computation sequence for
varX (e i ), assume that there exists a computation sequence C ′ ⊂ C for varX (e i ) with
′ ′ ′
T . Let Ē and X̄ = varX (Ē ) denote the equations and variables, contained in the
′
elements of C and note that since C ′ ⊂ C, it holds that Ē ⊂ Ē. By the argumentation
′
′ ′
in the proof to Theorem 2, we can conclude that ∣Ē ∣ = ∣X̄ ∣, i.e., Ē contains as many
′
equations as unknowns. Since C is a computation sequence for varX (e i ), it must hold
′ ′
that varX (e i ) ⊆ X̄ . This means that Ē ∪ e i is a structurally over-determined set of
′
equations with respect to X̄ , which shows that there exists a proper structurally over-
determined subset of Ē. This contradicts the fact that Ē is an MSO set, and hence there
can not exist a computation sequence C ′ ⊂ C for varX (e i ) with T . Thus, C is a minimal
computation sequence for varX (e i ) with T .
Proof of Theorem 3. Consider the model M(E, X, Y) and let (T (C), e i ) ∈ R. Due to line
9 in findResidualGenerators, we can conclude that C is non-empty. Let
C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k )) ,
where E i ⊆ E′ , be the minimal and irreducible computation sequence for X′ with T ,
returned by the function findCompuatationSequence on line 8. Due to lines 3-7, we
have that E′ = Ē ∖ e i and X′ = varX (Ē), where Ē ⊆ E is an MSO set and e i ∈ Ē ∖ E′ .
Lemma 3 then implies that C also is a minimal and irreducible computation sequence for
varX (e i ) with T . Now note that since e i ∈ Ē ∖ E′ and it holds that Ē ⊆ E, we have that
e i ∈ E ∖ E′ . Trivially, since X′ = varX (Ē) and X′ ⊆ X it also holds that varX (e i ) ⊆ X′ ⊆ X.
Thus the computation sequence C for varX (e i ) with T and the equation e i fulfills the
prerequisites of Theorem 1. Hence, since all initial conditions are known and all needed
derivatives can be computed, we can by Theorem 1 conclude that the BLT semi-explicit
DAE system obtained from C with T and e i is a residual generator for M(E, X, Y). Thus,
(T (C), e i ) is a sequential residual generator. Since, in fact, C is a minimal and irreducible
computation sequence for varX (e i ) with T , (T (C), e i ) is a proper sequential residual
generator.
Proof of Theorem 4. On line 3 in findComputationSequence the SCCs of the structure
of E′ with respect to X′ are computed. If we assume that the structure contains s SCCs,
the ordered set returned by the function findAllSCC can be written as
S = ((E1 , X1 ) , (E2 , X2 ) , . . . , (Es , Xs )) , (31)
76 Paper A. Residual Generators for Fault Diagnosis using . . .

where each element (E i , X i ) ∈ S corresponds to a SCC of the structure of E′ with respect

to X′ . Note that since E′ is just-determined with respect X′ , the SCCs of the structure
of E′ with respect X′ are unique, see Section 2.3. As said in Section 5.3, we assume that
the SCCs in S are ordered according to Figure 1. Note that this ordering implies the
important property

varX (E i ) ∩ {X i+1 ∪ X i+2 ∪ . . . ∪ Xs } = ∅, (32)

for i = 1, 2, . . . , s − 1. On lines 6-8, the variables in X i are partitioned into differentiated

variables Z i and undifferentiated variable W i , i.e., X i = unDiff (Z i ) ∪ W i , where Z i
contains variables that appear as differentiated in some equation in E i . On lines 12-14, a
corresponding partitioning of the equations in E i into E i = EZ i ∪ EW i is done, where EZ i
are equations that contain any of the differentiated variables Z i , and EW i are equations
that do not contain any of the differentiated variables Z i , but may contain variables from
unDiff (Z i ). Now note that, due to the assumptions regarding the model in Section 2,
each equation in EZ i contains only one differentiated, which furthermore only is present
in that equation. This means first of all that EZ i is just-determined with respect to the
variables in Z i , and second that the structure of EZ i with respect to Z i only contains
SCCs of size one. On line 14, these SCCs are computed. Assuming that the structure
contains s i SCCs, the ordered set returned by findAllSCC on line 14 can be written as

SZ i = ((Z1i , EZ1 i ) , (Z2i , EZ2 i ) , . . . , (Zsi i , EZs ii )) . (33)

Due to line 23, we know that the equation set EW i is just-determined with respect to
W i , and hence the structure of EW i with respect to W i can be uniquely partitioned into
SCCs. On line 24 these SCCs are computed and as above, the ordered set of SCCs can be
written as
p p
SW i = ((W1i , EW
1
i
) , (W2i , EW
2
i
) , . . . , (W i i , EWi i )) . (34)

Furthermore, as in the case with the set S in (31), the ordering of the SCCs in SW i implies
that
j j+1 j+2 p
varX (EW i ) ∩ {W i ∪ Wi ∪ . . . ∪ W i i } = ∅, (35)

for j = 1, 2, . . . , p i − 1. From the discussion above, we have that a non-empty C returned

by findComputationSequence have the form

C = ((Z11 , EZ1 1 ) , (Z21 , EZ2 1 ) , . . . , (Z1s 1 , EZs 11 ) ,

p p
(W11 , EW
1
1
) , (W21 , EW
2
1
) , . . . , (W1 1 , EW1 1 ) , . . . ,
(Z12 , EZ1 2 ) , (Z22 , EZ2 2 ) , . . . , (Z2s 2 , EZs 22 ) ,
p p
(W12 , EW
1
2
) , (W22 , EW
2
2
) , . . . , (W2 2 , EW22 ) , . . . ,
(Z1s , EZ1 s ) , (Z2s , EZ2 s ) , . . . , (Zss s , EZs ss ) ,
p p
(W1s , EW
1
s
) , (W2s , EW
2
s
) , . . . , (Ws s , EWs p )) , (36)
A. Proofs of Theorems and Lemmas 77

j j j j
where every (Z i , EZ i ) ∈ C and (W i , EW i ) ∈ C corresponds to a SCC.
We will now utilize Definition 3 to show that the the ordered set C in (36) is a
computation sequence for X′ with T . First note that Z i ⊆ varD (EZ i ) and W i ⊆ varX (EW i ).
j j j j

When the structure of a just-determined equation set with respect to a set of variables
is decomposed into its SCCs, unique partitions of the equation and variable sets are
also obtained, see for example Dulmage and Mendelsohn (1958) and Figure 1 for an
illustration. From this fact it follows that every equation in E′ is present in some E i in (31)
only once. When the equations in E i are split into differential equations EZ i and algebraic
equations EW i on line 13, it is guaranteed that EZ i ∩ EW i = ∅. Moreover, again due to
the fact that a decomposition into SCCs gives an unique partition of the equation and
j
variable set, we have that every equation in EZ i is present in some equation set EZ i in (33)
j
only once and that every equation in EW i is present in some EW i in (34) only once. Thus,
we can conclude that each equation in E′ is contained in only one equation set in C, that
is, all equation sets in C are disjoint. Hence, the ordered set C fulfills the prerequisites
in Definition 3. According to conditions 1) and 2) in Definition 3, C is a computation
sequence for X′ with T if

s ⎛ si pi
j⎞
X′ ⊆ ⋃ ⋃ unDiff (Z i ) ∪ ⋃ W i
j
(37)
i=1 ⎝ j=1 j=1 ⎠

and a system in BLT semi-explicit DAE form is obtained by sequentially calling the tool
j j j j j
T , with arguments Z i and EZ i for every element (Z i , EZ i ) ∈ C, and with arguments W i
j j j
and EW i for every element (W i , EW i ) ∈ C.
We start by showing condition 1), i.e., (37). From the fact mentioned above that a de-
composition of a structure into its SCCs also induces a partitioning of the corresponding
equation and variable sets, it follows that every variable in X′ is present in some X i in (31).
That is, we have that X′ = ⋃si X i . When the variables in X i are split into differentiated
variables Z i and undifferentiated variables W i , it holds that X i = unDiff (Z i ) ∪ W i . In
j
addition, it holds that every variable in Z i is present in some variable set Z i in (33)
j j
and that every variable in W i is present in some W i in (34), so that Z i = ⋃sj=1 i
Z i and
ip j
W i = ⋃ j=1 W i . Hence,

s s
X′ = ⋃ X i = ⋃ (unDiff (Z i ) ∪ W i )
i i

⎛ s ⎛ si j⎞ pi j⎞
= ⋃ unDiff ⋃ Z i ∪ ⋃ W i
i ⎝ ⎝ j=1 ⎠ j=1 ⎠
s ⎛ si pi
j j⎞
= ⋃ ⋃ unDiff (Z i ) ∪ ⋃ W i , (38)
i ⎝ j=1 j=1 ⎠

where the last equality trivially follows from the definition of unDiff () in (15). The
property (37) and thus condition 1) has then been verified.
78 Paper A. Residual Generators for Fault Diagnosis using . . .

Condition 2) of Definition 3 will now be verified, that is, that C can be used to obtain
j j
a system in BLT semi-explicit DAE form. Consider an element (Z i , EZ i ) ∈ C. Since
j
EZ i ⊆ EZ i ⊆ E i , and we have that (X i , E i ) ∈ S, the property (32) implies that

j
varX (EZ i ) ∩ {X i+1 ∪ X i+2 ∪ . . . ∪ Xs } = ∅, (39)

for i = 1, 2, . . . , s − 1. From lines 17-21 in the algorithm, it follows that the AE tool T can
j j
be used to solve the equations in EZ i for the variables in Z i . Since we have assumed that
each differential equation contains at most one differentiated variable and (39) holds, we
j j
can use (Z i , EZ i ) ∈ C and the AE tool T to obtain

ż i = g i (x1 , x2 , . . . , x i , y) ,
j j
(40)

where ż i is a vector of the variables in Z i , x k a vector of the variables in X k , y a vector of

j j

the known variables in E′ , and g i a function returned by T when the arguments are Z i
j j

j j j
and EZ i . From the elements (Z i , EZ i ) ∈ C, j = 1, 2, . . . , s i , we can thus, by using (40) and
also that X i = unDiff (Z i ) ∪ W i , obtain

ż i = g i (z1 , z1 , . . . , z i , w1 , w2 , . . . , w i , y) , (41)

where z i = (z1i , z2i , . . . , zsi i ) and a vector of the variables in Z i , w i a vector of the variables
in W i , y a vector of the known variables in E′ , and g i = (g1i , g2i , . . . , gsi i ).
j j j j
Now instead consider an element (W i , EW i ) ∈ C. Since also (W i , EW i ) ∈ SW i , where
j
SW i is given by (34) the property (35) holds. Since EW i ⊆ EW i ⊆ E i , and (X i , E i ) ∈ S we
also have that
j
varX (EW i ) ∩ {X i+1 ∪ X i+2 ∪ . . . ∪ Xs } = ∅, (42)

j j
for i = 1, 2, . . . , s − 1. By using that the AE tool T can solve EW i for W i due to lines 27-31,
that X i = unDiff (Z i ) ∪ W i and varD (EW i ) ∩ Z i = ∅ due to lines 6-8 and 12-14, and then
utilize (35) and (42), we can obtain

w i = h i (ẇ1 , . . . , ẇ i−1 , z1 , . . . , z i , w1 , . . . , w i−1 , w1i , . . . , w i , y) ,

j j j−1
(43)

from (W i , EW i ) ∈ C, where w i is a vector of the variables in W i , z i a vector of the

j j j j

variables in Z i , and h i a function returned by T when the arguments are W i and EW i .

j j j

Note that the absence of vectors z˙i in (43) is a direct implication of the assumption that
each differentiated variable is present in only one equation in the original model and
therefore also in the BLT semi-explicit DAE system. Since z˙i , obviously, is present in (41),
it can not be present in (43).
A. Proofs of Theorems and Lemmas 79

By using (43), we can then obtain

w1i = h1i (ẇ1 , . . . , ẇ i−1 , z1 , . . . , z i , w1 , . . . , w i−1 , y)

w 2i = h2i (ẇ1 , . . . , ẇ i−1 , z1 , . . . , z i , w1 , . . . , w i−1 , w 1i , y)
⋮
wi i = h i i (ẇ1 , . . . , ẇ i−1 , z1 , . . . , z i , w1 , . . . , w i−1 , w 1i , . . . , w i i , y)
p p p
(44)

j j
from the elements (W i , EW i ) ∈ C, j = 1, 2, . . . , p i . Comparing (41) and (44) with the
j j
system in Definition 2, shows that the elements (Z i , EZ i ) ∈ C, j = 1, 2, . . . , s i and
j j
(W i , EW i ) ∈ C, j = 1, 2, . . . , p i , corresponds to the i:th block of a BLT semi-explicit
DAE form. Applying the above arguments for i = 1, 2, . . . , s then implies that the ordered
set C in (36) can be used to obtain a system in BLT semi-explicit DAE form with s blocks.
Thus, C is computation sequence for X′ with T .
It now remains to show that C is a minimal and irreducible computation sequence
for X′ with T . We begin with the irreducibility of C. In the beginning of this proof, we
showed that all elements of C, given by (36), correspond to SCCs. We have also concluded
j j
that due to the assumptions regarding the model in Section 1, all elements (Z i , EZ i ) ∈ C
j j
are of size one, i.e., trivially irreducible. Now consider an element (W i , EW i ) ∈ C and
j j j j j j j j
assume that we partition W i as W i = W i1 ∪ W i2 and EW i as EW i = EW i 1 ∪ EW i 2 and form
j j j j j j
the two new elements (W i1 , EW i 1 ) and (W i2 , EW i 2 ). Due to the fact that (W i , EW i )
j
corresponds to a SCC, EW i is a dependent equation set with respect to the variables in
j j j j j
W i . This implies that when applying T to the elements (W i1 , EW i 1 ) and (W i2 , EW i 2 ),
we obtain the two equations

w i1 = h1i1 (. . . , w i2 , . . .)
j j

w i2 = h1i2 (. . . , w i1 , . . .) ,
j j

which clearly not has the structure of equations contained in a BLT semi-explicit DAE
system, due to the cyclic dependence between the equations. Hence, a system in BLT semi-
j j
explicit DAE form can not be obtained when the element (W i , EW i ) ∈ C is partitioned,
which violates condition 2) in Definition 3. We can then conclude that no elements of C
can be further partitioned and hence C is an irreducible computation sequence for X′
with T .
The minimality of C for X′ with T trivially follows from the fact that (38) holds. Since
as (38) is fulfilled, all elements in C is needed to compute the variables in X′ . This implies
that any attempt to form a computation sequence for X′ with T by using a subset of C
will violate condition 1) in Definition 3. This completes the proof.
80 Paper A. Residual Generators for Fault Diagnosis using . . .

References
U. M. Ascher and L. M. Petzold. Computer Methods for Ordinary Differential Equations
and Differential-Algebraic Equations. Siam, 1998.
A. S. Asratian, T. M. J. Denley, and R. Häggkvist. Bipartite Graphs and their Applications.
Cambridge University Press, 1998.
L. Barford, E. Manders, G. Biswas, P. Mosterman, V. Ram, and J. Barnett. Derivative
estimation for diagnosis. Technical report, HP Labs Technical Reports, 1999.
M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki. Diagnosis and Fault-Tolerant
Control. Springer, second edition, 2006.
K. E. Brenan, S. L. Campbell, and L. R. Petzold. Numerical Solution of Initial-Value
Problems in Differential-Algebraic Equations. Siam, 1989.
R. W. Brockett. Finite-Dimensional Linear Systems. Wiley, New York, 1970.
J. P. Cassar and M. Staroswiecki. A structural approach for the design of failure detection
and identification systems. In Proceedings of IFAC Control Ind. Syst., pages 841–846,
Belfort, France, 1997.
F. E. Cellier and H. Elmqvist. Automated formula manipulation supports object-
oriented continuous-system modeling. IEEE Control Systems Magazine, 13(2):28–38,
April 1993.
F. E. Cellier and E. Kofman. Continuous System Simulation. Springer, 2006.
V. Cocquempot, R. Izadi-Zamanabadi, M. Staroswiecki, and M. Blanke. Residual
generation for the ship benchmark using structural approach. In Proceedings of the
UKACC International Conference on Control ’98, pages 1480–1485, September 1998.
C. De Persis and A. Isidori. A geometric approach to nonlinear fault detection and
isolation. IEEE Transactions on Automatic Control, 46:853–865, 2001.
A. L. Dulmage and N. S. Mendelsohn. Coverings of bi-partite graphs. Canadian Journal
of Mathematics, 10:517–534, 1958.
D. Dustegor, V. Cocquempot, and M. Staroswiecki. Structural analysis for residual
generation: Towards implementation. In Proceedings of the 2004 IEEE Inter. Conf. on
Control App., pages 1217–1222, 2004.
E. Frisk, M. Krysander, M. Nyberg, and J. Åslund. A toolbox for design of diagnosis
systems. In Proceedings of IFAC Safeprocess’06, Beijing, China, 2006.
P. Fritzon. Principles of Object-Oriented Modeling and Simulation with Modelica 2.1.
IEEE Press, 2004.
E. Hairer and G. Wanner. Solving Ordinary Equations II - Stiff and Differential-Algebraic
Problems. Springer, 2002.
References 81

J. Hansen and J. Molin. Design and evaluation of an automatically generated diagnosis

system. Master’s thesis, Linköpings Universitet, SE-581 83 Linköping, 2006.
R. Izadi-Zamanabadi. Structural analysis approach to fault diagnosis with application
to fixed-wing aircraft motion. In Proceedings of the 2002 American Control Conference,
volume 5, pages 3949–3954, 2002.
G. Katsillis and M. Chantler. Can dependency-based diagnosis cope with simultaneous
equations? In Proceedings of the 8th Inter. Workshop on Princ. of Diagnosis, DX’97, pages
51–59, Le Mont-Saint-Michel, France, 1997.
H. K. Khalil. Nonlinear Systems. Prentice Hall, 2002.
G. Kron. Diakoptics - The Piecewise Solution of Large-scale Systems. Macdonald, London,
1963.
M. Krysander and E. Frisk. Sensor placement for fault diagnosis. IEEE Transactions
on Systems, Man and Cybernetics, Part A: Systems and Humans, 38(6):1398–1410, Nov.
2008.
M. Krysander, J. Åslund, and M. Nyberg. An efficient algorithm for finding minimal
over-constrained sub-systems for model-based diagnosis. IEEE Trans. on Systems, Man,
and Cybernetics – Part A: Systems and Humans, 38(1):197–206, 2008.
P. Kunkel and V. Mehrmann. Differential-Algebraic Equations - Analysis and Numerical
Solution. European Mathematical Society, 2006.
S. Mattson, H. Elmqvist, and M. Otter. Physical system modeling with modelica. Control
Engineering Practice, 6(4):501–510, 1998.
K. Murota. System Analysis by Graphs and Matroids. Springer-Verlag Berlin Heidelberg,
1987.
S. Narasimhan and G. Biswas. Model-based diagnosis of hybrid systems. IEEE Trans-
actions on Systems, Man and Cybernetics, Part A: Systems and Humans, 37(3):348–361,
2007.
M. Nyberg. Automatic design of diagnosis systems with application to an automotive
engine. Control Engineering Practice, 87(8):993–1005, 1999.
M. Nyberg and M. Krysander. Statistical properties and design criterions for AI-based
fault isolation. In Proceedings of the 17th IFAC World Congress, pages 7356–7362, Seoul,
Korea, 2008.
J. M. Ortega and W. C Rheinboldt. Iterative Solution of Nonlinear Equations in Several
Variables. SIAM Classics, 2000.
S. Ploix, M. Desinde, and S. Touaf. Automatic design of detection tests in complex
dynamic systems. In Proceedings of 16th IFAC World Congress, Prague, Czech Republic,
2005.
82 Paper A. Residual Generators for Fault Diagnosis using . . .

B. Pulido and C. Alonso-González. Possible conflicts: a compilation technique for

consistency-based diagnosis. IEEE Trans. on Systems, Man, and Cybernetics. Part B:
Cybernetics, Special Issue on Diagnosis of Complex Systems, 34(5):2192–2206, 2004.
B. Pulido, C. Alonso, A. Bregón, V. Puig, and T. Escobet. Analyzing the influence of
temporal constraints in possible conflicts calculation for model-based diagnosis. In
Proceedings of the 18th International Workshop on Principles of Diagnosis (DX-07), pages
186–193, Nashville, TN, USA, 2007.
B. Pulido, A. Bregón, and C. Alonso. Combining state estimation and simulation in
consistency-based diagnosis using possible conflicts. In Proceedings of the 19th Interna-
tional Workshop on Principles of Diagnosis (DX-08), pages 339–346, Blue Mountains,
NSW, Australia, 2008.
M. Staroswiecki. Fault Diagnosis and Fault Tolerant Control, chapter Structural Analysis
for Fault Detection and Isolation and for Fault Tolerant Control. Encyclopedia of Life
Support Systems, Eolss Publishers, Oxford, UK, 2002.
M. Staroswiecki and P. Declerck. Analytical redundancy in non-linear interconnected
systems by means of structural analysis. In Proceedings of IFAC AIPAC’89, pages 51–55,
Nancy, France, 1989.
D. V. Steward. On an approach to techniques for the analysis of the structure of large
systems of equations. SIAM Review, 4(2):321–342, October 1962.
D. V. Steward. Partitioning and tearing systems of equations. SIAM Journal on Numerical
Analysis, 2(2):345–365, 1965.
C. Svärd and H. Wassén. Development of methods for automatic design of residual
generators. Master’s thesis, Linköpings Universitet, SE-581 83 Linköping, 2006.
R. Tarjan. Depth first search and linear graph algorithms. SIAM Journal on Computing,
1(2):146–160, 1972.
L. Travé-Massuyès, T. Escobet, and X. Olive. Diagnosability analysis based on
component-supported analytical redundancy. IEEE Trans. on Systems, Man, and Cyber-
netics – Part A: Systems and Humans, 36(6):1146–1160, November 2006.
United Nations. Regulation no. 49: Uniform provisions concerning the measures to
be taken against the emission of gaseous and particulate pollutants from compres-
sionignition engines for use in vehicles, and the emission of gaseous pollutants from
positive-ignition engines fuelled with natural gas or liquefied petroleum gas for use in
vehicles, 2008. ECE-R49.
J. Wahlström. Control of EGR and VGT for emission control and pumping work
minimization in diesel engines. Technical report, Linköpings Universitet, 2006. LiU-
TEK-LIC-2006:52, Thesis No. 1271.
T. Wei and M. Li. High order numerical derivatives for one-dimensional scattered noisy
data. Applied Mathematics and Computation, 175:1744–1759, 2006.
 Paper B

Realizability Constrained Selection of Residual

Generators for Fault Diagnosis with an
Automotive Engine Application☆

☆ Submitted to IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems

and Humans, 2011.

83
Realizability Constrained Selection of Residual
Generators for Fault Diagnosis with an
Automotive Engine Application
Carl Svärd, Mattias Nyberg, and Erik Frisk

Vehicular Systems, Department of Electrical Engineering,

Linköping University, SE-581 83 Linköping, Sweden.

Abstract

This paper considers the problem of selecting a set of residual generators, ful-
filling requirements regarding fault isolability and minimal cardinality, for in-
clusion in a model-based FDI-system. Two novel algorithms for solving the
selection problem are proposed. The first one provides an exact solution ful-
filling both requirements and is suitable for small problems. The second one,
which constitutes the main contribution, is suitable for large problems and
provides an approximate solution by means of a greedy heuristic by relaxing the
minimal cardinality requirement. The foundation for the algorithms is a novel
formulation of the selection problem which enables an efficient reduction of the
search-space by taking the realizability properties of the model, with respect
to the considered residual generation method, into account. Both algorithms
are general in the sense that they are aimed at supporting any computerized
residual generation method. In a case study the greedy selection algorithm is
successfully applied to the complex problem of finding a suitable set of residual
generators for detection and isolation of faults in an automotive engine system.
In this study a prior known sequential residual generation method is considered.

85
86 Paper B. Realizability Constrained Selection of Residual Generators . . .

1 Introduction
Model-based Fault Detection and Isolation (FDI) systems typically contains the three
sub-systems: residual generation, residual evaluation, and fault isolation, see, e.g., Blanke
et al. (2006). In this work, as in for example Nyberg (1999); Krysander (2006); Nyberg
and Krysander (2008); Svärd and Nyberg (2010), design of the residual generation
sub-system is considered to be a two-step approach. In the first step, a large set of
candidate residual generators are found. In general, it may be possible to find thousands
of candidate residual generators for large models and regarding implementation aspects
such as complexity and computational load it is infeasible, or even impossible, to use
all these in the FDI-system. In addition, it is often possible to meet stated requirements
with a, possibly small, subset of all residual generators. Therefore, in the second step, the
set of candidate residual generators most suitable to be included in the FDI-system are
selected. The topic of this paper is the selection problem emerging in the second step.
The selection problem is formulated by considering two different requirements on
the final set of residual generators. Firstly, it is required that the set of residual generators
fulfills an isolability requirement stating which faults that should be isolated from each
other. Motivated by the implementation aspects mentioned above, a set of residual
generators of low cardinality is preferred before a set of high cardinality, given that the
two sets have equal isolability properties. Therefore, secondly, it is required that the set
of residual generators is of minimal cardinality.
Two novel algorithms for solving the selection problem are proposed in this paper.
The first one provides an exact solution fulfilling both the isolability and the minimal
cardinality requirements and is suitable for small problems. The second one, which
is the main contribution, relaxes the minimal cardinality requirement and provides
an approximate solution by means of a greedy heuristic. This algorithm is suitable
for large, real-world, problems for which the approach used in the first algorithm is
intractable. Both algorithms are general in the sense that they are aimed at supporting
any computerized residual generation method.
In general, all the candidate residual generators found in the first step of the design
process are not realizable, i.e., it is not possible to create residual generators from all
found candidate residual generators. Typically, evaluation of realizability is a computa-
tional demanding task. Therefore, in those cases where the number of found candidate
residual generators is large, it may not be feasible to first evaluate the realizability of all
found candidate residual generators and then make the selection. To handle this, the
proposed algorithms exploits a novel formulation of the selection problem which takes
the realizability aspect into account. This, in addition, enables an efficient reduction of
the search-space which typically is quite large for practical problems. In this formulation,
which in fact is an optimization problem, isolability and realizability properties are stated
in terms of attributes of subsets of the model equations.
In Section 2, a motivating industrial application example is presented. Section 3
presents preliminaries regarding realizability and fault isolability, given a residual gen-
eration method. The residual generator selection problem is formalized in Section 4.
The first selection algorithm is presented and discussed in Section 5. The second, greedy,
algorithm is presented and justified in Section 6. Section 7 briefly describes the residual
2. Motivating Application Example 87

xegr
EGR-cooler

EGR-valve
Wegr
uδ
ne
xvgt
∆Wim pim Wei Weo pem Wt
Tim Tem
Intake Turbine
manifold
∆Wem
Exhaust ωt
Cylinders manifold
Wth
xth pbc
pic Tbc
Wc

Intake throttle ∆Wic Compressor

Intercooler

Figure 1: Overview of the automotive engine System. Considered faults marked with red
arrows.

generation method (Svärd and Nyberg, 2010) which is used in the application example.
In Section 8 the greedy selection algorithm is used to solve the industrial application
problem described in Section 2. The paper is concluded in Section 9.

2 Motivating Application Example

As a motivating industrial application example, consider the problem of selecting a set
of suitable residual generators for detecting and isolating faults in an automotive engine
system. The studied engine is a 13-L six-cylinder Scania truck diesel engine equipped
with Exhaust Gas Recirculation (EGR), Variable Geometry Turbine (VGT), and intake
throttle.
There are in total 12 faults that should be detected and isolated from each other in
this system. An overview of the system with the considered faults, is shown in Figure 1.
More details regarding the system, and the faults, are given in Section 8.
For the model of this system, and for the specific residual generation method devel-
oped in Svärd and Nyberg (2010), which is briefly described in Section 7, it is possible to
find in total 14,242 candidate residual generators. Indeed, as argued in Section 1, it is not
possible to include all these residual generators in the FDI-system.
In order to isolate a certain fault from an other, it is necessary to find a residual
generator sensitive to the fault but not to the other. Intuitively, a set of approximately 12
88 Paper B. Realizability Constrained Selection of Residual Generators . . .

1
Fault

12
1 10 20 30 40 50 60 70
Candidate Residual Generator

Figure 2: Fault sensitivity for a small subset of the 14,242 candidate residual generators
found for the automotive engine system. A square in position (i,j) denotes that the
residual generator corresponding to column j is sensitive to the fault corresponding to
row i.

residual generators would be sufficient in order to isolate the 12 considered faults from
each other. Thus, a set of 12 residual generators, capable of isolating the 12 faults, should
be selected from the set of 14,242 candidate residual generators which means that the
search-space is quite large.
The fault sensitivity for a small subset of the found candidate residual generators, with
respect to the 12 considered faults, are shown in Figure 2. According to the figure, most
residual generators are sensitive to most faults and it is therefore not straightforward
to perform the selection. In addition, as said in Section 1, the sought set of residual
generators should be realizable and preferably of minimal cardinality. Due to the vast
number of candidate residual generators it is not possible to perform a complete search in
order to find the set of residual generators, which makes the selection problem non-trivial.
In Section 8 this selection problem will be reconsidered and solved.

3 Preliminaries
The purpose of this section is to formally introduce the notions of realizability and
isolability, given a residual generation method, and ultimately derive necessary and
sufficient conditions for fault isolability in terms of properties of model equation subsets.
Consider a model, M = (E, X, Y, F), containing an equation set E relating the un-
known variables X, known variables Y, and fault variables F. Without loss of generality,
the following is assumed regarding the model.
Assumption 1. Each fault f ∈ F is contained in one, and only one, of the equations in the
model M.
Note that if a fault f ∈ F is contained in more than one equation, the fault f can be
replaced with a new variable x f in these equations, and the equation x f = f added to the
equation set E. This added equation will then be the only equation where f occurs.
Given a model, a residual generator is formally defined as follows.
Definition 1 (Residual Generator). Let M = (E, X, Y, F) be a model. A system R with
input Y and output r is a residual generator for M, and r is a residual, if f = 0 implies
r = 0 for all f ∈ F.
3. Preliminaries 89

An important property of a residual generator is whether or not it responds to a

certain fault.

Definition 2 (Fault Sensitivity). Let R be a residual generator for the model M. Then R is
sensitive to fault f ∈ F if f ≠ 0 implies r ≠ 0.

Note that in practice, residuals typically deviate from zero even in the case when
all faults are zero due to for example unknown initial conditions, changes in operating
conditions, and uncertainties such as modeling errors and noise. Therefore, residuals are
often thresholded as a part of the residual evaluation mentioned in Section 1, where the
aim is to detect changes in the residual behavior caused by faults.
The notions of residual generator and fault sensitivity are possible to make more
precise and formal, see for example Blanke et al. (2006); Patton et al. (2000); Chen and
Patton (1999), and references therein. This is however not necessary in the context of
this work for which the above definitions are sufficient.

3.1 Realizability
The method used for design of residual generators plays a central role in this work. A
residual generation method is formally defined as follows.

Definition 3 (Residual Generation Method M). Let M = (E, X, Y, F) be a model. A

residual generation method, M, is a procedure, denoted M (⋅), taking as input a set of
equations S ⊆ E and giving as output a residual generator R for M, or an empty set ∅.

Given a residual generation method and an equation set, an important issue is

whether the output from the method is non-empty, or not. That is, if a residual generator
can be created with the method given the equation set as input. This property of an
equation set, with respect to a method, is formalized below.

Definition 4 (Realizability with method M). Let S be an equation set and M a residual
generation method. Then S is realizable with M if M (S) ≠ ∅.

For an example, consider a model containing the following set of differential and
algebraic equations

e1 ∶ ẋ 1 = −x 1 + u + f 1
e2 ∶ y1 = x1 + f2 (1)
e3 ∶ y2 = x1 + f3 ,

where x 1 is an unknown variable, {u, y 1 , y 2 } known variables, and { f 1 , f 2 , f 3 } fault

variables. Let M′ be a residual generation method capable of handling linear, static,
equation sets. It can then be concluded that the equation set {e 2 , e 3 } is realizable with
M′ , but not for instance the equation set {e 1 , e 2 } since e 1 is a differential equation.
Let e f denote the equation in an equation set containing fault f . From now on, the
following is assumed regarding a residual generation method.
90 Paper B. Realizability Constrained Selection of Residual Generators . . .

Assumption 2. Let S be an equation set and M a residual generation method. Further,

let S be realizable with M and R = M (S) the corresponding residual generator. Then, R
is sensitive to fault f if and only of e f ∈ S.
The important implication of Assumption 2, in the context of this work, is that a
residual generation method preserves structural fault information, in the sense that it
does not discard, nor add, equations containing faults, during the realization process.
For an example, consider again the model (1) and assume that the equation set
{e 1 , e 2 , e 3 } is realizable with a method M. If M fulfills Assumption 2, it is guaranteed
that the residual generator obtained from M ({e 1 , e 2 , e 3 }) is sensitive to the faults f 1 , f 2 ,
and f 3 . Thus, the output from M can neither be the residual generator r = y 1 − y 2 since
this residual generator not is sensitive to f 1 , nor the trivial residual generator r = 0.

3.2 Fault Isolability

In this section fault isolability is formally defined from two different perspectives. First,
fault isolability is defined as a property of a given set of residual generators. Second, fault
isolability is defined as a property of a model given a method for residual generation. The
main motivation for introducing both definitions is to prove soundness and completeness
of the selection algorithms in Sections 5 and 6. More specific, that the algorithms find a
set of residual generators fulfilling the stated isolability requirement if, and only if, the
corresponding faults are isolable in the model with the considered method for residual
generation.
Given a set of residual generators, fault isolability is defined as follows.
Definition 5 (Fault Isolability with residual generators R). Let M = (E, X, Y, F) be a
model and R a given set of residual generators for M. A fault f i ∈ F is isolable from fault
f j ∈ F with R if there exists a residual generator R ∈ R that is sensitive to f i but not to f j .
Note that Definition 5 is not dependent on the residual generation method. Next,
fault isolability is defined as a property of a model, given a residual generation method.
Definition 6 (Fault Isolability with method M). Let M = (E, X, Y, F) be a model and
M a residual generation method. A fault f i ∈ F is isolable from fault f j ∈ F in M with M
if a residual generator R for M can be created with M such that R is sensitive to f i but not
to f j .
Note that if S ⊆ E and fault f i ∈ F is isolable from fault f j ∈ F with the residual
generator R = M (S) then, by Definition 6, f i is isolable from f j in the model M with
the method M. The converse is also true. For future reference, this trivial result is stated
below.
Proposition 1. Let M = (E, X, Y, F) be a model and M a residual generation method.
Then, fault f i ∈ F is isolable from fault f j ∈ F in M with M if and only if there exists S ⊆ E
such that f i is isolable from f j with R = M (S).
By exploiting the notion of realizability and Assumption 2, necessary and sufficient
conditions for fault isolability, given a model and a residual generation method, in terms
of properties of subsets of the model equations can be established.
4. The Residual Generator Selection Problem 91

Proposition 2. Let M = (E, X, Y, F) be a model and M a residual generation method.

Then, for each S ⊆ E it holds that fault f i ∈ F is isolable from fault f j ∈ F with R = M (S)
if and only if S is realizable with M, e f i ∈ S, and e f j ∈/ S.

Proof. Assume first that f i is isolable from f j with R = M (S). By assumption, R is a

residual generator and therefore M (S) ≠ ∅ and it follows that S is realizable with M
from Definition 4. Further, by Definition 5, R is sensitive to f i but not to f j . Assumption 2
then implies that e f i ∈ S and e f j ∈ S, and the first part of the proof is complete. For
the converse, assume that S that is realizable with M, i.e., M (S) ≠ ∅, e f i ∈ S, and
e f j ∈/ S. Since S ∈ E and M (S) ≠ ∅, it follows from Definition 3, that R = M (S) is a
residual generator for M. Assumption 2 then states that R is sensitive to f i but not to f j .
Definition 5 completes the proof.

Consider again the model in (1) and the linear, static, residual generation method
M′ with which the equation set {e 2 , e 3 } is realizable. Due to this fact and since e f 2 =
e 2 ∈ {e 2 , e 3 }, e f 3 = e 3 ∈ {e 2 , e 3 }, and e f 1 = e 1 ∈/ {e 2 , e 3 }, it can be deduced from
Proposition 2 that faults f 2 and f 3 are both isolable from fault f 1 with the residual
generator R ′ = M′ ({e 2 , e 3 }).
Note that even though additive faults were considered in this example above, the
framework in this paper is general and independent on the fault model, i.e., also multi-
plicative faults are allowed.

4 The Residual Generator Selection Problem

In this section, the residual generator selection problem is formalized and stated as an
optimization problem: fulfill an isolability requirement while minimizing the number of
residual generators. This formulation exploits the notion of realizability introduced in
the previous section and enables an efficient reduction of the search-space.
As input to the residual generator selection procedure the following are assumed
to be given: a model M = (E, X, Y, F), a method for residual generation M, and an
isolability requirement F. The output from the selection procedure is a set of residual
generators, R. As said in Section 1, two different requirements on R are considered:

1. R should fulfill the isolability requirement F, and

2. R should be of minimal cardinality.

4.1 The Isolability Requirement

The isolability requirement, F, is defined as a set of ordered fault pairs ( f i , f j ) ∈ F × F,
where the interpretation of ( f i , f j ) is that f i should be isolable from f j with the set of
residual generators R. Consequently, F is fulfilled with R if for each ( f i , f j ) ∈ F it holds
that f i is isolable from f j with R.
From Proposition 2 it can be deduced that to fulfill the isolability requirement it is
necessary, and sufficient, to find for each fault pair ( f i , f j ) ∈ F an equation set S f i f j ⊆ E
92 Paper B. Realizability Constrained Selection of Residual Generators . . .

such that S f i f j is realizable with M, and for which e f i ∈ S f i f j and e f j ∈/ S f i f j . Given the
equation subsets S f i f j , a set of residual generators fulfilling F can be constructed as

R = {M (S f i f j ) ∶ ∀ ( f i , f j ) ∈ F} . (2)

4.2 Candidate Equation Set

If E is a small set, it may be tractable to evaluate all subsets of E in the search for the sets
S f i f j in (2). In the general case, however, it is not. In order to reduce the search-space, all
subsets of E that not by necessity are realizable are discarded. To this end, the notions of
necessary realizability criterion and candidate equation set are introduced.
Definition 7 (Necessary Realizability Criterion for method M). Let S be an equation
set and M a residual generation method. A constraint on S is a necessary realizability
criterion for M if the constraint is satisfied when S is realizable with M.
Definition 8 (Candidate Equation Set for method M). Let S be an equation set and M
a residual generation method for which a necessary realizability criterion is defined. Then
S is a candidate equation set for M if S fulfills the necessary realizability criterion for M.
Regarding the choice of necessary realizability criterion for a given residual generation
method, it is desirable that it fulfills at least two requirements. First of all, in order to
meaningful, the necessary realizability criterion should reduce the search-space, in terms
of number of discarded non-realizable subsets of the model equations, to a high extent.
Secondly, in order to be of practical use, it should be possible to extract all candidate
equation sets for a method, given a model, in an efficient way.
As an example, a candidate equation set for several observer-based residual genera-
tion methods is an equation set in, or that trivially can be cast in, state-space form, see,
e.g., Blanke et al. (2006); Chen and Patton (1999) and references therein. An additional
example is given by the class of methods referred to as sequential residual generation,
see, e.g., Staroswiecki and Declerck (1989); Cassar and Staroswiecki (1997); Ploix et al.
(2005); Blanke et al. (2006); Svärd and Nyberg (2010), for which Minimal Structurally
Over-determined (MSO) sets of equations Krysander et al. (2008); Gelso et al. (2008);
Travé-Massuyès et al. (2006), constitute candidate equation sets.

4.3 Formalization of the Selection Problem

Consider now the isolability requirement F and let SM ⊆ 2E be the set of all candidate
equation sets for the residual generation method M.
Define the isolability class, I f i f j , of SM for the fault pair ( f i , f j ) ∈ F as the collection
of all candidate equation sets in SM containing fault f i but not fault f j , that is,

I f i f j = {S ∈ SM ∶ e f i ∈ S ∧ e f j ∈/ S} . (3)

Let the set

I = {I f i f j ∶ ∀ ( f i , f j ) ∈ F} , (4)
5. Minimal Hitting Set Based Selection 93

contain the isolability classes of SM for all fault pairs in F.

The next result formulates the problem of fulfilling the isolability requirement in
terms of properties of the candidate equation sets.
Lemma 1. Let M = (E, X, Z, F) be a model, M a residual generation method, and F an
isolability requirement. Also, let SM be the set of all candidate equation sets for M and I
the set of all isolability classes of SM for F, defined according to (3) and (4). Then, for each
S ⊆ SM where all S ∈ S is realizable with M it holds that F is fulfilled with

R = {M (S) ∶ ∀S ∈ S} , (5)

if and only if

∀I ∈ I, S ∩ I ≠ ∅. (6)

Proof. Assume first that F is fulfilled with R defined according to (5). First note that
this implies that for each ( f i , f j ) ∈ F there exists a residual generator R ∈ R such that f i
is isolable from f j with R. This, Proposition 2, and (5), imply that for each ( f i , f j ) ∈ F
there exists a S ∈ S such that R = M (S) ∈ R, e f i ∈ S, and e f j ∈/ S. This implies, since
S ∈ S and S ⊆ SM , that S ∩ I f i f j ≠ ∅ where I f i f j is defined according to (3). Hence,
for each ( f i , f j ) ∈ F there exists S ∈ S such that S ∩ I f i f j ≠ ∅. Since (4) holds, this
implies that (6) is satisfied and the first part of the proof is complete. For the converse,
assume that (6) is satisfied. This, (3) and (4) implies that for each ( f i , f j ) ∈ F there exists
S ∈ S such that e f i ∈ S and e f j ∈/ S. This and the fact that all S ∈ S are realizable with
M, implies via Proposition 2 that for each ( f i , f j ) ∈ F there exists S ∈ S such that f i
is isolable from f j with R = M (S). Thus, if R = {M (S) ∶ ∀S ∈ S} there exists R ∈ R
such that f i is isolable from f j with R for each ( f i , f j ) ∈ F and the proof is complete.
For the set of residual generators R to fulfill also the stated minimal cardinality
requirement, the cardinality of the set S in Lemma 1 should be minimized. Thus, the
residual generator selection problem can be stated as the problem of finding the smallest
set within SM which satisfies (6). To conclude, the selection problem is stated as the
minimization problem

min ∣S∣ (7a)

S⊆SM

s.t. ∀S ∈ S, M (S) ≠ ∅ (7b)

∀I ∈ I, S ∩ I ≠ ∅, (7c)

where ∣ ⋅ ∣ returns the cardinality of a set.

5 Minimal Hitting Set Based Selection

A hitting set is a set that has a non-empty intersection with every set in a collection of
sets. In fact, the isolability requirement, given by (7c), on the set of candidate equation
sets S implies that S should be a hitting set for the collection of sets I. Further, to
94 Paper B. Realizability Constrained Selection of Residual Generators . . .

also fulfill the minimal cardinality requirement (7a), S should be a hitting set for I
of minimal cardinality, i.e., a so called minimal cardinality hitting set. By necessity, a
minimal cardinality hitting set is a minimal hitting set, i.e., a hitting set of which no
proper subset is a hitting set.
This fact suggests the following naive, but nevertheless simple, approach for solving
the selection problem (7). First find the collection of all minimal hitting sets for I,
denoted H, and then find the smallest set H ∈ H, where all candidate equation sets S ∈ H
are realizable.

5.1 MHS-Based Selection Algorithm

The naive selection approach outlined above is the basis for the procedure selectRes-
GenMHS presented in Algorithm 1, taking as input a model M, a residual generation
method M, and an isolability requirement F. The output is a set of residual generators
R.

Algorithm 1 MHS-Based Selection of Residual Generators

Input: Model M, residual generation method M, isolability requirement F
Output: Set of residual generators R
1: procedure selectResGenMHS(M, M, F)
2: S ←∅
3: R←∅
4: SM ← findCES(M, M)
5: I ← isolClasses(SM , F)
6: H ← findMHS(I)
7: while H ≠ ∅ do
8: H ∗ ← arg minH∈H ∣H∣
9: for all S ∈ H ∗ do
10: R ← M (S)
11: if R ≠ ∅ then
12: S ← S ⋃ {S} , R ← R ⋃ {R}
13: else
14: H ← H ∖ {H ∗ }
15: S ← ∅, R ← ∅
16: break
17: end if
18: end for
19: if R ≠ ∅ then
20: break
21: end if
22: end while
23: return R
24: end procedure
5. Minimal Hitting Set Based Selection 95

The others procedures used in Algorithm 1 are listed below:

• findCES finds all candidate equation sets for the method M given a model M
and a necessary realizability criterion for M.

• isolClasses returns the set of all isolability classes of a set of candidate equation
sets SM for the isolability requirement F according to (3) and (4).

• findMHS finds all minimal hitting sets for the collection of sets I given as input.

Note that in an efficient implementation of Algorithm 1, it is preferable to keep book

of those candidate equation sets that have been realized, successfully or not, in previous
iterations in order to avoid unnecessary calls to the procedure M (⋅), which may be
expensive.

5.2 Properties of the MHS-Based Selection Algorithm

Algorithm 1 is formally justified by Theorem 1 below. The theorem states that if, and only
if, the given isolability requirement can be fulfilled with any set of residual generators
created with the given method, then Algorithm 1 finds a set of residual generators fulfilling
the requirement. In addition, it is guaranteed that this set of residual generators is of
minimal cardinality, i.e., there is no residual generator set of lower cardinality that fulfills
the isolability requirement.

Theorem 1. Let M = (E, X, Y, F) be a model, M a residual generation method, and F

an isolability requirement. Further, let M, M, and F be input to Algorithm 1 and R the
output. Then, F is fulfilled in M with M if and only if F is fulfilled with R. Further, if F
is fulfilled with R then R is of minimal cardinality.

Proof. Consider first the claim concerning the isolability requirement F and assume
that R ≠ ∅. Due to rows 10-17 in Algorithm 1, and the fact that R ≠ ∅, it holds that
R equals (5) and consequently there is a S ∈ H where all S ∈ S is realizable with M.
From rows 4-6 and 7 and the definition of I, see (3) and (4), it can also be deduced that
S ⊆ SM . Hence, S fulfills the prerequisites of Lemma 1. Further, due to rows 4-6, it
can be concluded that S is a (minimal) hitting set for I and thus S fulfills (6). From
Lemma 1 it then follows that this property of S is equivalent to that F is fulfilled with R
which, according to Proposition 1, is equivalent to that F is fulfilled in M with M.
If instead R = ∅, rows 4-7 and 10-17 implies that there is no minimal hitting set in
H where all candidate equation sets are realizable with M. Hence, there is no S ⊆ SM ,
where all S ∈ S are realizable with M, that fulfills (6). This is, due to Lemma 1, equivalent
to that F not is fulfilled with R which is equivalent to that F not is fulfilled in M with
M, due to Proposition 1. This completes the part of the proof considering the isolability
requirement.
Regarding the cardinality of R, or equivalently S, it is first noted that a minimal
cardinality hitting set also is a minimal hitting set, that is, a hitting set of which no
proper subset is a hitting set. Thus, a minimal cardinality hitting set is by necessity
found within the collection H of all minimal hitting sets computed in row 6. Since the
96 Paper B. Realizability Constrained Selection of Residual Generators . . .

search for a realizable minimal hitting set in H, rows 7-22, is exhaustive and performed
by considering the sets in H in increasing order with respect to cardinality, row 8, it is
guaranteed that the first found, and then returned, realizable minimal hitting set is of
minimal cardinality.

The minimal hitting set problem, or the equivalent minimal set covering prob-
lem (Ausiello et al., 1980), is unfortunately known to be NP-complete, see, e.g., Karp
(1972); Aho et al. (1974); Garey and Johnson (1979). Thus, for large problems, that is, cases
when the number of candidate equation sets ∣SM ∣, as well as the number of isolability
classes ∣I∣, is large, it may be impossible, or at least intractable, to obtain the collection
of all minimal hitting sets for I. Two possible improvements of Algorithm 1, which may
overcome this complexity issue, are discussed below.

Using an Approximate MHS Algorithm

There are several algorithms that give approximate solutions, typically in the form of a
subset of all minimal hitting sets, to the NP-complete minimal hitting set problem, see
for example Abreu and van Gemund (2009) and references therein. A complicating issue
is however that for large and complex models, typically, only a fraction of the candidate
equation sets are realizable. Indeed, this situation applies to the automotive engine system
considered in Section 8. Typical causes of non-realizability are non-invertible functions
in the model, see for example Svärd and Nyberg (2010), but also numerical issues or
instability. For Algorithm 1, this implies that a vast amount of the found minimal hitting
sets, possibly all, would be discarded since only a fraction of the found minimal hitting
sets contain realizable candidate equation sets. To maximize the possibilities of finding a
minimal hitting set in which all candidate equation sets are realizable, it is important
to start with as many minimal hitting sets as possible. The reduced number of minimal
hitting sets found by an approximate algorithm may therefore not be large enough.

Reducing the Problem Size

Another alternative approach is to find the realizable subset of all candidate equation sets,
′
SM = {S ∈ SM ∶ M (S) ≠ ∅}, calculate I ′ according to (3) and (4) using SM ′
instead
′
of SM , and then apply a minimal hitting set algorithm to I to obtain S. In general, it
′
holds that ∣SM ∣ < ∣SM ∣ and ∣I ′ ∣ < I, and therefore it is more likely that the set of all
minimal hitting sets can be computed for I ′ than for I. The set SM ′
can be computed
by applying M (⋅) to each S ∈ SM . However, realization of an equation set may be a
computational demanding task, see Section 8.2 for an example. It is therefore desirable
to keep the number of realizations, or realization attempts, at a minimum. Consequently,
this approach may not be preferable if SM is a large set.
It should however be noted that for small problems, where all minimal hitting set
can be found, Algorithm 1 works satisfactory and in those cases it provides an exact, and
yet straightforward and simple, solution to the selection problem.
6. Greedy Selection 97

6 Greedy Selection
Taking into account the complexity issues associated with finding all minimal hitting
sets, and the urge of keeping the number of realizations at a minimum, a more appealing
approach is instead to build the set of candidate equation sets S iteratively, and only
realize those candidate equation sets that are likely to be part of S. To employ this iterative
approach, a heuristic is needed for identifying and selecting a candidate equation set in
each iteration.

6.1 Greedy Heuristic

For the general minimal hitting set problem, or the equivalent set covering problem, a
greedy heuristic (Black, 2005) has shown Johnsson (1974); Lovász (1975); Chvatal (1979)
to provide an approximate solution at a reasonable cost. Using a greedy approach, the
candidate equation set with the largest utility, is selected in each iteration of the algorithm
and added to the solution if it is realizable. The iterations continue until the solution is
complete. In order to use this approach, a utility function that evaluates the usefulness of
a given candidate equation set must be defined, and the properties of a complete solution
to the selection problem must be stated to know when to stop the iterations.
Given the set of isolability classes I of the candidate equation sets SM for the isola-
bility requirement F, define the isolability class coverage of a set S ⊆ SM as

σI (S) = {I ∈ I ∶ ∃S ∈ S, S ∈ I} . (8)

Basically, σI (S) states which of the isolability classes in I that are covered by the
candidate equation sets in S.

Complete Solution
A complete solution to the selection problem is characterized as a set of candidate
equation sets S that fulfills (7b) and (7c). The hitting set requirement (7c) can with the
isolability class coverage notion be formulated as σI (S) = I.

Utility Function
The aim is fulfill the isolability requirement, formalized by (7b) and (7c), with as few
candidate equation sets as possible (7a). In line with this, the following utility function
will be used to evaluate a specific candidate equation set,

µI (S) = ∣σI ({S})∣ , (9)

reflecting how many of the isolability classes in I that are covered by the candidate
equation set S ∈ SM . According to the greedy approach the candidate equation set
that maximizes µI (S), i.e., covers most isolability classes, should be selected in each
iteration.
98 Paper B. Realizability Constrained Selection of Residual Generators . . .

6.2 Greedy Selection Algorithm

The procedure selectResGenGreedy for greedy selection of residual generators is
presented in Algorithm 2. Input to the algorithm is a model M, a residual generation
method M, and an isolability requirement F. The output is a set of residual generators
R.

Algorithm 2 Greedy Selection of Residual Generators

Input: Model M, residual generation method M, isolability requirement F
Output: Set of residual generators R
1: procedure selectResGenGreedy(M, E, F)
2: S ←∅
3: R←∅
4: SM ← findCES(M, E)
5: I ← isolClasses(SM , F)
6: while I ≠ ∅ do
7: if SM ≠ ∅ then
8: H ← {S ′ ∈ SM ∶ S ′ = arg max S∈SM µI (S)}
9: S ∗ ← pickCES(H)
10: R ← M (S ∗ )
11: if R ≠ ∅ then
12: R ← R ⋃ {R}
13: S ← S ⋃ {S ∗ }
14: I ← I ∖ σI ({S ∗ })
15: end if
16: SM ← SM ∖ {S ∗ }
17: else
18: return R
19: end if
20: end while
21: return R
22: end procedure

The procedures findCES and isolClasses are the same as in Algorithm 1 and
described in Section 5.2. The procedure pickCES, taking a set H containing candidate
equation sets as input, returns one of the equation sets in H. This function enables usage
of an additional, user-provided, heuristic for selecting one single candidate equation set
among candidate equation sets of equal utility by analyzing both structural and analytical
properties of equation sets. For instance, pickCES can be used to pick the candidate
equation set of lowest cardinality, i.e., containing fewest equations or to pick a candidate
equation set not containing a troublesome non-linearity.
Note that the complexity of Algorithm 2 is linear in the number of elements of
SM , in comparison with the NP-completeness of Algorithm 1 originating from the
search for all minimal hitting sets. For a further complexity analysis of Algorithm 2, the
complexity of the procedure findCES is of most interest. The complexity of findCES is
6. Greedy Selection 99

however dependent of the actual method used for residual generation. For the method
employed in Section 8, the procedure corresponding to findCES has nice complexity
properties (Krysander et al., 2008).

6.3 Properties of the Greedy Selection Algorithm

This section explores the properties of Algorithm 2 in terms of providing a solution
to the residual generator selection problem, i.e., return a set of residual generators
fulfilling the isolability and minimal cardinality requirements. The following result
justifies Algorithm 2 with regard to the isolability requirement. That is, if, and only if, the
isolability requirement can be fulfilled with the given method, then Algorithm 2 finds a
set of residual generators with which the isolability requirement is fulfilled.

Theorem 2. Let M = (E, X, Y, F) be a model, M a residual generation method, and F

an isolability requirement. Further, let M, M, and F be input to Algorithm 2 and R the
output. Then, F is fulfilled for M with M if and only if F is fulfilled with R. If F is not
fulfilled for M with M, then R gives the maximum attainable isolability for M with M,
with respect to F.

Proof. According to rows 5, 6, 14, and 21, and rows 4, 7, 16, and 18, there are two different
termination conditions in Algorithm 2; either I = ∅ or SM = ∅.
Consider first the case when Algorithm 2 terminates because of the condition on
row 6, i.e., I = ∅, and let n denote the total number of iterations performed by Algo-
rithm 2 in which the condition on row 11 is met. Further let S i , R i , I i , S ∗i , and R i , denote
the values of the variables S, R, I, S ∗ , and R, respectively, after iteration i. By assumption,
and due to row 6, it holds that In = ∅. Further, it holds that S0 = R0 = ∅, and I0 = I. By
assumption also R ≠ ∅ and therefore Rn ≠ ∅ and Sn ≠ ∅, due to rows 12 and 13. In fact,
∗
due to rows 10-12, it can be concluded that Rn = ⋃n−1 n−1
i=1 {R i }, and S n = ⋃ i=1 {S i }, where
∗ ∗
R i = M (S i ), and thus each S i ∈ Sn is realizable with M and the relation between Rn
and Sn is the same as between R and S in (5). Moreover, due to rows 7-9, it holds that
each S ∗i ∈ Sn is contained in SM and therefore Sn fulfills the prerequisites of Lemma 1.
∗
From row 14 it can be deduced that I0 = ⋃n−1 i=1 σI ({S i }). From (8), it follows that for
i = 1, 2, . . . , n − 1 and for all I ∈ σI ({S i }) it holds by definition that S ∗i ∈ I. Therefore,
∗
∗ ∗
since Sn = ⋃n−1 n−1
i=1 {S i }, it holds that S n ⋂ I ≠ ∅ for all I ∈ I0 = ⋃ i=1 σI ({S i }). According
to Lemma 1, this property of S = Sn is equivalent to that F is fulfilled with R = Rn
which, due to Proposition 1, is equivalent to that F is fulfilled in M with M.
Consider now instead the case when Algorithm 2 terminates because of the condition
on row 7 and let n denote the total number of iterations in which the condition on row 11
is met. With similar arguments and notations as above, it holds that Rn = ⋃n−1 i=1 {R i } and
∗
Sn = ⋃n−1 i=1 {S i }, where R i = M (S i ). Since termination of Algorithm 2 by assumption
∗
was due to the condition on row 7, it holds that In = I0 ∖ {⋃n−1 i=1 σI ({S i })} ≠ ∅.
Thus, there exists I ∈ I0 such that Sn ⋂ I = ∅ and consequently, by Lemma 1, it can
be deduced that F not is fulfilled with R = Rn . However, if I ′ = ⋃n−1 ∗
i=1 σI ({S i })
′ ′ ′ ′
and F = {( f i , f j , ) ∈ F ∶ I f i f j ∈ I }, Lemma 1 implies that F is fulfilled with R. By
n n
assumption and row 7, it holds that SM = ∅. Therefore, there are no S ∈ SM that can be
100 Paper B. Realizability Constrained Selection of Residual Generators . . .

used to isolate the fault pairs in F ∖ F ′ and thus F ′ is the maximum attainable isolability
for M with M.
Note that if the isolability requirement not can be fulfilled, the MHS-based Al-
gorithm 1 will return an empty set due to the non-existence of minimal hitting sets.
Algorithm 2 will instead provide the best possible solution, in terms of fault isolability,
with regard to the given method. However, if the output from Algorithm 2 is an empty
set, there are no realizable candidate equation sets that contribute to fulfill the stated
isolability requirement.

The Minimal Cardinality Requirement

Theorem 2 does not regard the minimal cardinality requirement, i.e., nothing is said
whether the set of residual generators obtained as the output from Algorithm 2 is of
minimal cardinality or not. The purpose of this section is to analyze this.
To this end, consider the optimization problem formulation (7) of the residual gener-
ator selection problem. To be able to exploit a previous result regarding the qualification
of the greedy heuristic used in Algorithm 2, a different but equivalent formulation of the
underlying minimal hitting set problem, given by (7a) and (7c), is considered. Define
the set
UM = {σI ({S}) ∶ ∀S ∈ SM } , (10)
that is, UM is the collection of all isolability classes covered by each candidate equation
set in SM . Consider now the problem of finding a set U ⊆ UM of minimal cardinality
that covers UM , i.e.,
min ∣U∣, s.t. ⋃ U = ⋃ U. (11)
U ⊆UM U∈U U∈UM

The problem (11) is referred to as a set covering problem, and can be shown to be equivalent
to the previously considered minimal hitting set problem
min ∣S∣, s.t. ∀I ∈ I, S ⋂ I ≠ ∅, (12)
S⊆SM

that is, the selection problem (7) with the realizability condition (7b) relaxed. In fact, if
U ∗ is a solution to the set covering problem (11), a solution S ∗ to the minimal hitting
set problem (12) can be constructed by finding for each U ∈ U ∗ a S ∈ SM such that
σI ({S}) = U. The converse is given by (10) with UM and SM replaced by U ∗ and S ∗ ,
respectively.
Consider now solving (11) approximately with a greedy heuristic equivalent to the
one described in Section 6. Namely, in each iteration, until all isolability classes in
UM are covered, select the one U ∈ UM that covers most uncovered isolability classes,
i.e., the U ∈ UM of highest cardinality. Denote the resulting solution U. It can be
shown (Johnsson, 1974; Lovász, 1975), that
k
∣U∣ 1
∗
≤ ∑ ≤ ln k + 1, (13)
∣U ∣ j=1 j
7. Sequential Residual Generation 101

where U ∗ is an exact solution to (11) and k is the cardinality of the largest set in UM .
As said, the greedy heuristic described above for solving problem (11) coincide with
the heuristic described in Section 6 for solving problem (12). Since the two problems are
equivalent, it can be concluded that the worst case bound (13) also holds for approximate
solutions to (12) obtained by usage of the greedy heuristic described in Section 6. This
fact is summarized in the following result.

Theorem 3. Let M = (E, X, Y, F) be a model, M a residual generation method, and F

an isolability requirement. Further, let M, M, and F be input to Algorithm 2 and R a
non-empty output. Then,

k
∣R∣ 1
≤ ∑ ≤ ln k + 1, (14)
∣R∗ ∣ j=1 j

where R∗ is the exact solution to the residual generator selection problem, and k is the
cardinality of the largest set in UM , defined according to (10).

Theorem 3 provides a measure, by means of a worst-case error bound, of how well

the minimal cardinality requirement is met when solving the selection problem with
Algorithm 2. Theorem 3 and Theorem 2 together provide a theoretical justification of
Algorithm 2.
Note that if each candidate equation set in SM only covers a few of the isolability
classes in I, i.e., k is small, then Algorithm 2 performs well in the sense that the car-
dinality of its output is close to the cardinality of the exact solution to the selection
problem. However, the larger the coverage, the worse the performance. Nevertheless,
the approximation ratio (14) increases slowly with k, due to the function ln().

7 Sequential Residual Generation

The purpose of this section is to briefly describe the residual generation method (Svärd
and Nyberg, 2010), which is considered in the application study in Section 8, and discuss
its use in the framework of Section 3. Note however that the algorithms developed in
Sections 5 and 6 are general in the sense that they are aimed at supporting any computer-
ized residual generation method fulfilling Assumption 2, and not only this particular
method.
The considered residual generation method belongs to a class of methods referred to
as sequential residual generation, which has shown to be successful for real applications
and also has the potential to be automated to a high extent. Sequential residual generation
is based upon the ideas originally described in Staroswiecki and Declerck (1989), where
unknown variables in a model are computed by solving equation sets one at a time
in a sequence and a residual is obtained by evaluating a redundant equation. Similar
approaches are described and exploited in for example Cassar and Staroswiecki (1997);
Pulido and Alonso-González (2004); Ploix et al. (2005); Travé-Massuyès et al. (2006);
Blanke et al. (2006).
102 Paper B. Realizability Constrained Selection of Residual Generators . . .

7.1 Computation Sequence

Recall the model M = (E, X, Z, F) considered in Section 3, where E is a set of equations,
X a set of unknown variables, Y a set of known variables, and F a set of fault variables.
An essential component in the design of a sequential residual generator is a computation
sequence, describing the order and from which equations variables are computed. In Svärd
and Nyberg (2010) a computation sequence is defined as an ordered set of variable and
equation pairs
C = ((V1 , E 1 ) , (V2 , E 2 ) , . . . , (Vk , E k )) , (15)
where Vi ⊆ X ⋃ D, E i ⊆ E, and D contains the first-order derivatives of the variables in
X. The computation sequence C implies that first the variables in V1 are computed from
equations E 1 , then the variables in V2 from equations E 2 and so forth.

7.2 Sequential Residual Generator

Having computed the unknown variables in V1 ⋃ V2 ⋃ . . . ⋃ Vk according to the compu-
tation sequence C in (15), a residual can be obtained by evaluating a redundant equation e,
i.e., e ∈ E ∖ E 1 ⋃ E 2 . . . ⋃ E k with var X (e) ⊆ var X (E 1 ⋃ E 2 . . . ⋃ E k ), where the operator
var X (⋅) returns the unknown variables that are contained in an equation set. A residual
generator based on a computation sequence C and redundant residual equation e is
referred to as a sequential residual generator.
For an example, consider again the model (1) considered in Section 3, where E =
{e 1 , e 2 , e 3 }, X = {x 1 }, Y = {u, y 1 , y 2 }, and F = { f 1 , f 2 , f 3 }. A computation sequence for
the unknown variable x 1 is given by C1 = (({ẋ 1 }, {e 1 })). Given C1 , e 2 is a redundant
residual equation and the corresponding sequential residual generator is

ẋ 1 = −x 1 + u (16a)
r = y1 − x1 . (16b)

In fact, also C2 = (({x 1 }, {e 2 })) and C3 = (({x 1 }, {e 3 })) are computation sequences for
x 1 . For instance, the sequential residual generator corresponding to C2 and the residual
equation e 3 is

x1 = y1 (17a)
r = y2 − x1 . (17b)

7.3 Residual Generation Method

Algorithm 3, see Svärd and Nyberg (2010), constructs a sequential residual generator
given an equation set S. The output from the algorithm is a sequential residual generator
R, if S is realizable with the method, else an empty set.
The realization of an equation set with the considered sequential residual generation
method relies heavily on the procedure findComputationSequence, which finds a
minimal and irreducible computation sequence C for the variables X. Whether it is
possible or not to find a computation sequence for a set of variables depends naturally
7. Sequential Residual Generation 103

Algorithm 3 Realization of a Sequential Residual Generator

Input: Equation set S
Output: Sequential residual generator R
1: procedure sequentialResidualGeneration(S)
2: X ← var X (S)
3: for all e ∈ S do
4: S ′ ← S ∖ {e}
5: C ← findComputationSequence(S ′ , X)
6: if C ≠ ∅ then
7: R ← {C ∪ e}
8: return R
9: end if
10: end for
11: return ∅
12: end procedure

on the properties of the equations. Equally important are however prerequisites in

terms of causality assumption, i.e., regarding integral and/or derivative causality, and the
properties of the computational tools, that are available for use.

7.4 Fault Sensitivity

In Section 3, it was assumed that a residual generation method satisfies Assumption 2. If
a residual generation method M satisfies Assumption 2 it is guaranteed that the residual
generator R = M (S) is sensitive to a fault f if e f ∈ S. Thus, to verify that the residual
generation method given as Algorithm 3 satisfies Assumption 2 it must be shown that a
non-empty output R from Algorithm 3 is sensitive to fault f if and only if e f ∈ S, when
S ⊆ E is input.
Assume first that e f ∈/ S and note that this implies that no equation in S is affected if
fault f is present. Since only equations in S are used in the sequential residual generator
R = M (S) it follows that R can not be sensitive to f .
For the converse, assume that e f ∈ S and note that a sequential residual generator
consists of a computation sequence and a residual equation. It therefore holds that
R = {C ∪ e}, where C is a computation sequence for varX (S) and e a residual equation.
For R = {C ∪ e} to be sensitive to fault f , it is necessary that e = e f or that e f is contained
in any of the equations in C, i.e., e f ∈ E 1 ∪ E 2 ∪ . . . ∪ E k where E i ⊆ E when C is given
by (15). Since the former case is trivial due to the fact that e ∈ S, consider the latter and
assume that e f is not used in C. This implies that there exists a computation sequence C ′
for varX (S) such that C ′ ⊂ C. However, according to Theorem 4 in Svärd and Nyberg
(2010), a non-empty C returned by findComputationSequence in Algorithm 3 is a
minimal and irreducible computation sequence for varX (S). Therefore C ′ ⊂ C contradicts
the minimality of C and it follows that e f must be used in C.
It then remains to show that R = {C ∪ e} is sensitive to f if e f ∈ E 1 ∪ E 2 ∪ . . . ∪ E k ,
104 Paper B. Realizability Constrained Selection of Residual Generators . . .

where E i ⊆ E, or e f = e. Since no restrictions are placed on the model equations E,

nothing can in general be guaranteed regarding the analytical properties of the equations
in E 1 ∪ E 2 ∪ . . . ∪ E k ∪ e. In particular, nothing can be said regarding how the fault f
influences the equation e f in E 1 ∪ E 2 ∪ . . . ∪ E k ∪ e and consequently nor how f influences
the residual generator R = {C ∪ e}. In addition, the effect of f in R is highly dependent
on the size and temporal properties of f , and also on for example the current operating
conditions. In order verify that R is sensitive to f , it is thus necessary to implement and
run R using representative data from relevant fault cases.
In conclusion, it is hard to theoretically verify that R is sensitive to fault f , given the
prerequisites and the general model class considered in this work. It should though be
noted that under the idealized assumption that R = {C ∪ e} is sensitive to f if e f ∈ C
or e f = e, the residual generation method given as Algorithm 3 satisfies Assumption 2.
Empirical studies have however shown that Assumption 2 mostly holds in practice. In
particular, this is true for the automotive engine system considered in Sections 2 and 8.
This is discussed in Section 8.5 and exemplified in Figure 7.

7.5 Necessary Realizability Criterion

In Svärd and Nyberg (2010, Theorem 2), it is shown that the equations in a minimal and
irreducible computation sequence together with a redundant residual equation, in fact
correspond to a Minimal Structurally Overdetermined (MSO) set, see Krysander et al.
(2008). As said above, a non-empty computation sequence returned by findComputa-
tionSequence in Algorithm 3 is indeed minimal and irreducible. Thus, if an equation
set S is realizable with the sequential residual generation method then S is an MSO set.
Consequently, a necessary realizability criterion for the method is that the equation set
used as input is an MSO set and hence an MSO set is a candidate equation set for the
method. There are efficient algorithms for finding all MSO sets in a large set of equations,
see, e.g., Krysander et al. (2008).
For the model (1), it is possible to find in total three MSO sets. These are given by S 1 =
{e 1 , e 2 }, S 2 = {e 1 , e 3 }, and S 3 = {e 2 , e 3 }. In fact, the sequential residual generators (16)
and (17) are created from the MSO sets S 1 and S 3 , respectively.
As a side remark, note that the maximum number of sequential residual generators
that can be constructed from an MSO set equals the number of equations in the set. All
residual generators created from the same MSO set however have equal fault sensitivity
properties according Assumption 2. Nevertheless, their actual fault sensitivity may differ
due for example different sensitivity for noise, etc. To make the final selection of which
of the residual generators created from an MSO set that should be included in the final
diagnosis system, evaluation by means on execution using real measurements from
different fault cases might be needed. For this purpose, Algorithm 3 can be trivially
modified to return all residual generators that can be created from the MSO set used
input, and not only one.
8. Application Example 105

Table 1: Considered Faults

Fault Description
f Wic Leakage, intercooler
f Wim Leakage, intake manifold
f Wem Leakage, exhaust manifold
f u xth Fault, throttle position actuator
f u xegr Fault, EGR-valve position actuator
f u xvgt Fault, VGT-valve position actuator
f y pamb Fault, ambient pressure sensor
f y Tamb Fault, ambient temperature sensor
f y pic Fault, intercooler pressure sensor
f y pim Fault, intake manifold pressure sensor
f y Tim Fault, intake manifold temperature sensor
f y pem Fault, exhaust manifold pressure sensor

8 Application Example
In this section, the selection algorithms presented in Section 5 and 6 are applied to the
automotive engine system introduced in Section 2. The residual generation method
considered in this study is briefly outlined in Section 7.

8.1 The Automotive Engine System

Consider again the Scania truck diesel engine system introduced in Section 2, which
is shown in Figure 1. The main incentive for diagnosis of this system is the stricter
emission legislation requirements for heavy-duty trucks, which in turn implies stricter
on-board diagnosis (OBD) legislation requirements. The OBD-legislation states that all
manufactured vehicles must be equipped with a diagnosis system capable of detecting and
isolating faults in all components that, if broken, result in emissions above pre-defined
OBD-thresholds during a specified test cycle.
For the considered system, emission critical components include all actuators and
sensors, and to meet the OBD-requirements it is desirable that, at least, single faults in
these can be detected and isolated. Other emission critical components are pipes and
hoses. In particular, a broken pipe or hose may lead to gas-leakage which may increase
emissions. Leakages in or near the intercooler, intake manifold, and exhaust manifold are
particularly critical. It is desirable that these leakages can be detected and isolated, from
each other, but also from all sensor and actuator faults. In total, there are 12 emission
critical components and consequently 12 faults that should be isolated from each other
in the system. All the 12 considered faults for the system, along with their description,
can be found in Table 1.
106 Paper B. Realizability Constrained Selection of Residual Generators . . .

The Model
The model of the system used in this work is described in Wahlström and Eriksson
(2011) and relies on both fundamental first principle physics and gray-box modeling. The
model describes the behavior of the system in the no-fault case, i.e., it is a nominal model.
To incorporate fault information in the nominal model, faults are modeled as additive
signals in corresponding equations. For example, fault f y pim , representing a fault in the
intake manifold pressure sensor y pim , is modeled by simply adding f y pim to the equation
describing the relation between the sensor value y pim and the actual intake manifold
pressure pim according to y pim = pim + f y pim .
The model contains in total 46 equations, 43 unknown variables, 11 known variables,
and the 12 faults in Table 1. Of the 11 known variables, 3 are actuators, 6 are sensors, and
2 are control inputs. Of the 46 equations, 5 are differential equations and the rest are
algebraic equations. The model contains several non-linear functions.

The Isolability Requirement

Since it is required that the 12 considered faults can be isolated from each other, the
isolability requirement F for the truck diesel engine system consists of all unique pairwise
combinations of the faults in Table 1. That is,

F = {( f Wic , f Wim ) , ( f Wic , f Wem ) , . . . , ( f y Tim , f y pem )} , (18)

with ∣F∣ = 12 × 11 = 132.

8.2 Appliance of the MHS-Based Algorithm

There exists in total 270 candidate equation sets, here MSO sets, for the considered
sequential residual generation method in the truck diesel engine system model, i.e.,
∣SM ∣ = 270. The MSO sets were found using the algorithm (Krysander et al., 2008),
which was implemented as the procedure findCES.
As said in Section 7.5, the largest possible number of sequential residual generators
that can be constructed from an MSO set equals the number of equations in the set.
Thus, the maximum number of residual generators that can be constructed from a set of
MSO sets is the sum of the number of equations for all MSO sets. From the set of 270
MSO sets found in the automotive engine system model this number equals 14,242. This
is the rationale behind the total number of candidate residual generators mentioned in
Section 2.
Given the 270 candidate equation sets and the isolability requirement F defined
in (18), 132 isolability classes were created according to (3) and (4), that is, ∣I∣ = 132.
Due to the complexity of the selection problem, in terms of the cardinalities of the sets
SM and I, it was impossible to find the collection of all minimal hitting sets for I and
consequently impossible to use the MHS-based Algorithm 1 to solve the automotive
engine selection problem.
Some insight regarding the complexity of the selection problem can be gained by
studying the total number of minimal hitting sets for smaller instances of the problem.
8. Application Example 107

5
10

4
10

3
10
|H|

2
10

1
10

0
10
2 3 4 5 6 7
|F |

Figure 3: The total number of minimal hitting sets, ∣H∣, as function of the cardinality of
the set of considered faults, ∣F∣. The number of minimal hitting sets grows rapidly with
the number of faults.

One simple way to reduce the size of the selection problem is to consider only a subset
of the faults in Table 1, and then calculate F and I for this smaller set of faults. For
each cardinality number, several randomized subsets of faults were chosen from the
set of 12 faults. Figure 3 presents, in logarithmic scale, the mean cardinality of the set
of all minimal hitting sets, ∣H∣, as a function of the cardinality of the set of considered
faults, ∣F∣. The minimal hitting sets were computed using a C++ implementation of the
algorithm presented in de Kleer and Williams (1987). From Figure 3 it can be seen that
the number of minimal hitting sets grows rapidly with the number of faults, and that the
total number of minimal hitting sets is over 30,000 already for 7 faults. Given this, it is
not that surprising that the problem with 12 faults was not possible to solve.

Using Improvements of the Algorithm

Two possible improvements of Algorithm 1 were suggested in Section 5.2. One of the
proposed improvements was to consider the realizable subset of all candidate equation
sets and thereby reduce the size of the involved minimal hitting set problem.
This approach however requires that the realizability of all candidate equation sets
are evaluated which, as argued in Section 5.2, may be a computational demanding task.
With a Matlab implementation of the sequential residual generation method outlined
in Section 7, the realizability evaluation required 15,778 s ≈ 4.38 h on a 2.4 GHz Intel
Core 2 Duo PC running Windows XP. In total, only 59 of the 270 candidate equation
sets (21.9%) were realizable with the considered sequential residual generation method.
The main cause of this relatively large fraction of non-realizable candidate equation sets
108 Paper B. Realizability Constrained Selection of Residual Generators . . .

is non-invertible non-linear functions in the automotive engine model, see Svärd et al.
(2011) for a discussion of a similar result regarding a similar model.
By using the set of 59 realizable candidate equation sets, the size of the selection
problem is substantially reduced. Even for this smaller problem, it was unfortunately
not possible to compute the set of all minimal hitting sets within feasible time, no
termination after 24 h, using the same C++ implementation as above of the minimal
hitting set algorithm (de Kleer and Williams, 1987).
The other improvement of Algorithm 1 suggested in Section 5.2 is to use an approx-
imative MHS-algorithm to compute a subset of all minimal hitting sets. Neither this
approach did succeed, since it was impossible to find a realizable minimal hitting set
within feasible time due to the large number of non-realizable candidate equation sets.

8.3 Appliance of the Greedy Algorithm

Since it was impossible to use the MHS-based Algorithm 1, or any of the two suggested
improvements, to solve the automotive engine selection problem, the greedy Algorithm 2
was employed.
Algorithm 2 was implemented in Matlab. The realization procedure M (⋅) was
implemented according to Algorithm 3, and the procedure findComputationSequence,
for finding computation sequences, according to the corresponding algorithm in Svärd
and Nyberg (2010).
Given the isolability requirement (18) and the automotive engine system model,
Algorithm 2 returned a set of 11 residual generators. All of the 11 residual generators
were dynamic, 3 used only integral causality and the remaining 8 both integral and
derivative causality, i.e., mixed causality. Before terminating, the algorithm discarded in
total 119 non-realizable candidate equation sets, mainly due to non-invertible non-linear
functions in the model.
Table 2 shows the fault signature matrix for the 11 selected residual generators with
respect to the faults in Table 1. The fault signature for a residual generator R contains
an “x” in the column corresponding to fault f , if R is sensitive to f in the context of
Assumption 2.
As seen in Table 2, all of the 11 selected residual generators are sensitive to the faults
f y pamb and f u xvgt . This is also indicated in Table 3, which shows the resulting isolability
matrix for the set of selected residual generators. Clearly, faults f y pamb and f u xvgt are not
isolable from the other faults and the isolability requirement F, defined in (18), is not met.
However, according to Theorem 2, Table 3 shows the maximum attainable isolability in
the automotive engine model with the considered sequential residual generation method.

8.4 Analysis of the Cardinalities of Greedy Solutions

As said in Section 6.3, the greedy Algorithm 2 provides an approximate solution when it
comes to fulfillment of the minimal cardinality requirement. Thus, the above mentioned
solution to the automotive engine selection problem, i.e., the set of 11 residual generators,
may therefore not be of minimal cardinality.
8. Application Example 109

Table 2: Fault Signature Matrix

f y pamb
f y pamb

f u xegr
f y pem

f u xvgt
f Wem

f y pim
f y Tim
f Wim

f u xth
f y pic
f Wic
R1 x x x x x x x x x
R2 x x x x x x x x x x
R3 x x x x x x x x x x
R4 x x x x x x x x x x
R5 x x x x x x x x x x
R6 x x x x x x x x x x
R7 x x x x x x x x x x
R8 x x x x x x x x x x
R9 x x x x x x x x x x
R 10 x x x x x x x x x x
R 11 x x x x x x x x x x

To investigate the performance of Algorithm 2 with respect to the minimal cardinality

requirement, it is necessary to know the cardinality of an exact, i.e., minimal cardinality,
solution to the selection problem. As said in Section 8.2 it is unfortunately not possible
to find all minimal hitting sets for the selection problem when all 12 faults are considered
and consequently not possible to find an exact solution using Algorithm 1. There are
however algorithms (de Kleer, 2011) that are able to compute one minimal cardinality
hitting set for this problem. In practice, this is not sufficient since the obtained minimal
cardinality hitting set may contain non-realizable candidate equation sets, see Section 5.2.
However, from a theoretical point of view and for this investigation, this is sufficient.
For several different instances of the selection problem, and under the assumption
that all candidate equation sets were realizable, one greedy solution and one exact, i.e.,
minimal cardinality, solution were computed. The different instances were obtained by
using randomized subsets, of varying cardinality, of the 12 faults in Table 1. Figure 4
shows the median cardinalities of the exact, ∣R∗ ∣, and greedy, ∣R∣, solutions as functions
of the cardinality of the set of considered faults, ∣F∣.
According to Figure 4, the median cardinalities of the greedy and exact solutions
coincide in a majority of the cases. Consequently, it can be concluded that this selection
problem suits the greedy selection approach well. Thus, it is likely that the set of 11
residual generators obtained as solution to the selection problem with 12 considered
faults in Section 8.3, is of minimal cardinality, or at least in close proximity.
Figure 5 shows the mean execution times, in logarithmic scale, for the exact and
greedy algorithms for the runs described above. Both algorithms were implemented
in Matlab and executed on a 2.4 GHz Intel Core 2 Duo PC running Windows XP.
Clearly, the greedy algorithm is magnitudes faster than the exact algorithm. Note that
the execution time for computing a minimal cardinality hitting set for the problem with
12 faults is in the magnitude of hundreds of hours.
It is also interesting to evaluate the greedy solution to the truck diesel engine selection
problem by comparing it with the worst-case bound (14), given in Theorem 3. This bound,
110 Paper B. Realizability Constrained Selection of Residual Generators . . .

11
Exact Solution
Greedy Solution
10

7
|R|

2
2 3 4 5 6 7 8 9 10 11 12
|F |

Figure 4: Median cardinalities of exact and greedy solutions, as functions of the cardinality
of the set of considered faults, to the automotive engine selection problem.

6
10 Exact Algorithm
Greedy Algorithm

4
10

2
10
Time [s]

0
10

−2
10

2 3 4 5 6 7 8 9 10 11 12
|F |

Figure 5: Mean execution times for the exact and greedy minimal cardinality hitting
sets algorithms, as functions of the cardinality of the set of considered faults, for the
automotive engine selection problem.
8. Application Example 111

Table 3: Isolability Matrix

f y pamb
f y Tamb

f u xegr
f y pem

f u xvgt
f Wem

f y pim
f y Tim
f Wim

f u xth
f y pic
f Wic
f Wic x x x
f Wim x x x
f Wem x x x
f y pamb x x
f y Tamb x x x
f y pic x x x
f y pim x x x
f y Tim x x x
f y pem x x x
f u xth x x x
f u xegr x x x
f u xvgt x x

along with the median cardinalities of the greedy solutions are shown in Figure 6, for the
same instances of the selection problem used above. It can be seen that the cardinalities
of the greedy solution differ substantially from the worst-case bound. From this and the
fact that the cardinalities of the greedy solutions are more or less equal to the cardinalities
of the exact solutions, according to Figure 4, it can be concluded that for the automotive
engine selection problem, the bound (14) is very conservative.

8.5 Case Study of Fault Sensitivity

In this section it is shown that the considered approach for design of residual generators,
i.e., the proposed selection algorithm together with the residual generation method (Svärd
and Nyberg, 2010), is applicable to real-world systems characterized by, e.g., uncertain
models and noisy measurements. This is done by illustrating how two of 11 residual
generators obtained in Section 8.3 can be used to isolate a pair of faults from each other.
The first residual generator, denoted R 2 in Table 2, adopts mixed causality with three
state variables and two numerically differentiated measurement signals. The estimated
derivatives are of first-order. The residual generator uses in total 11 of the 12 known
variables as input. The second residual generator, denoted R 4 , contains 5 state variables
and uses 9 known variables as input. This residual generator uses integral causality only.
The considered faults are f y pim and f y pic , i.e., faults in the intake manifold pressure
sensor and intercooler pressure sensor, respectively. According to Table 2, residual
generator R 2 is sensitive to fault f y pim but not to fault f y pic . The residual generator R 4 ,
on the other hand, is sensitive to f y pic but not to f y pim . Note that the fault sensitivity
in Table 2 is in the context of Assumption 2, see Section 7.4 for a further discussion
regarding this.
The residual generators were implemented in a Matlab/Simulink environment
112 Paper B. Realizability Constrained Selection of Residual Generators . . .

45 Greedy Solution
Worst-Case Bound
40

35

30

25
|R|

20

15

10

2 3 4 5 6 7 8 9 10 11 12
|F |

Figure 6: The median cardinalities of the greedy solution to the truck diesel engine
selection problem compared with the worst-case bound provided in Theorem 3.

and run off-line. As input data, a set of measurements from an engine test bed during a
World Harmonized Test Cycle (WHTC) was used. In two separate runs, faults in the
intake manifold pressure sensor pim and intercooler pressure sensor pic were injected.
Both faults were in the form of a 20% positive gain of the corresponding pressure sensor
signal, i.e., y pim = 1.2 ⋅ pim and y pic = 1.2 ⋅ pic where pim and pic are the actual intake
manifold pressure and intercooler pressure signals, respectively.
The residuals obtained as output from the residual generators R 2 and R 4 , for each
of the faults f y pim and f y pic , are shown in Figure 7. From the figure it can be seen that
residual generator R 2 (top figure) responds to the fault f y pim but not to fault f y pic , and that
residual generator R 4 (bottom figure) responds to fault f y pic but not to fault f y pim . Clearly,
for these fault cases, R 2 is indeed sensitive to f y pim but not to f y pic , and R 4 sensitive to
f y pic but not to f y pim . Thus, fault f y pim is isolable from fault f y pic and vice versa, with the
residual generators R 2 and R 4 .

9 Conclusions
Two novel algorithms for solving the residual generator selection problem have been pro-
posed. The foundation for both algorithms was a formulation of the selection problem, in
the form of an optimization problem, where the isolability requirement was equivalently
stated in terms of properties of subsets of the model equations. The formulation enabled
an efficient reduction of the search-space by taking the realizability properties of equation
subsets, with respect to the considered residual generation method, into account. Both
algorithms are general in the sense that they are aimed at supporting any computerized
9. Conclusions 113

6
fypim
4 fypic

R2
2

−2
1610 1620 1630 1640 1650 1660 1670 1680 1690
Time [s]
6
fypim
4 fypic
R4

−2
1610 1620 1630 1640 1650 1660 1670 1680 1690
Time [s]

Figure 7: Residuals from residual generator R 2 (top figure) and residual generator R 4
(bottom figure) for the fault cases f y pim (solid lines) and f y pic (dashed lines). Both faults
are injected at t = 1630s. The dash dotted lines suggest how thresholds may be set in
order to detect the faults.

residual generation method.

Algorithm 1, based on the naive approach of finding all minimal hitting sets, gives an
exact solution fulfilling both the isolability and the minimal cardinality requirements but
is intractable for large problems. Algorithm 2 is suitable for large, real-world, problems
and is based on a greedy heuristic. It provides an approximate solution in terms of
fulfilling the minimal cardinality requirement. A theoretical characterization of the
approximation error, in the form of a worst-case bound, was given in Theorem 3, and
that the output of Algorithm 2 indeed fulfills the isolability requirement was guaranteed
by Theorem 2.
The problem of selecting a set of residual generators for detection and isolation of
faults in a complex automotive engine system was considered as an industrial application
example. Due to the significant complexity of this problem, it was not possible to use
the exact MHS-based Algorithm 1 and instead the approximative greedy Algorithm 2
was employed. For this selection problem, the greedy algorithm provides a near-exact
solution at a very low cost.

Acknowledgment
This work was sponsored by Scania and VINNOVA (Swedish Governmental Agency for
Innovation Systems).
114 Paper B. Realizability Constrained Selection of Residual Generators . . .

References
R. Abreu and A. J. C van Gemund. A low-cost approximate minimal hitting set algorithm
and its application to model-based diagnosis. In V. Bulitko and J. C. Beck, editors,
Proceedings of the Eighth Symposium on Abstraction, Reformulation, and Approximation,
pages 2–9, Lake Arrowhead, California, USA, September 2009.
A. V. Aho, J. E. Hopcroft, and J. D. Ullman. The Design and Analysis of Computer
Algorithms. Addison-Wesley, 1974.
G. Ausiello, A. D’Atri, and M. Protasi. Structure preserving reductions among convex
optimization problems. Journal of Computer and System Sciences, 21(1):136 – 153, 1980.
doi:10.1016/0022-0000(80)90046-X.
P. E. Black. Greedy algorithm. Dictionary of Algorithms and Data Struc-
tures (online), U.S. National Institute of Standards and Technology, February 2005.
http://tinyurl.com/3x5zzpp, Accessed: 2010-09-13.
M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki. Diagnosis and Fault-Tolerant
Control. Springer, second edition, 2006.
J. P. Cassar and M. Staroswiecki. A structural approach for the design of failure detection
and identification systems. In Proceedings of IFAC Control Ind. Syst., pages 841–846,
Belfort, France, 1997.
J. Chen and R. J. Patton. Robust Model-Based Fault Diagnosis for Dynamic Systems.
Kluwer Academic Publishers, 1999.
V. Chvatal. A greedy heuristic for the set-covering problem. Mathematics of Operations
Research, 4(3):233–235, 1979.
J. de Kleer. Hitting set algorithms for model-based diagnosis. In Proceedings of 22nd
International Workshop on Principles of Diagnosis (DX-11), Murnau, Germany, 2011.
J. de Kleer and B. C Williams. Diagnosing multiple faults. Artificial Intelligence, 32(1):
97–130, 1987.
M. R. Garey and D. S. Johnson. Computers and Intractability – A Guide to the Theory of
NP-Completeness. W.H. Freeman and Company, 1979.
E. R. Gelso, S. M. Castillo, and J. Armengol. An algorithm based on structural analysis
for model-based fault diagnosis. Artificial Intelligence Research and Development, 184:
138–147, 2008.
D. S Johnsson. Approximation algorithms for combinatorial problems. Journal of
Computer and System Sciences, 9:256–278, 1974.
R. M. Karp. Reducibility among combinatorial problems. In R. E. Miller and J. W.
Thatcher, editors, Complexity of Computer Computation, pages 85–103, New York, 1972.
Plenum Pres.
References 115

M. Krysander. Design and Analysis of Diagnosis Systems Using Structural Methods. PhD
thesis, Linköpings universitet, June 2006.
M. Krysander, J. Åslund, and M. Nyberg. An efficient algorithm for finding minimal
over-constrained sub-systems for model-based diagnosis. IEEE Trans. on Systems, Man,
and Cybernetics – Part A: Systems and Humans, 38(1):197–206, 2008.
L. Lovász. On the ratio of optimal integral and fractional covers. Discrete Math, 1975.
M. Nyberg. Automatic design of diagnosis systems with application to an automotive
engine. Control Engineering Practice, 87(8):993–1005, 1999.
M. Nyberg and M. Krysander. Statistical properties and design criterions for AI-based
fault isolation. In Proceedings of the 17th IFAC World Congress, pages 7356–7362, Seoul,
Korea, 2008.
R. J. Patton, P. M. Frank, and R. N. Clark, editors. Issues of Fault Diagnosis for Dynamic
Systems. Springer, 2000.
S. Ploix, M. Desinde, and S. Touaf. Automatic design of detection tests in complex
dynamic systems. In Proceedings of 16th IFAC World Congress, Prague, Czech Republic,
2005.
B. Pulido and C. Alonso-González. Possible conflicts: a compilation technique for
consistency-based diagnosis. IEEE Trans. on Systems, Man, and Cybernetics. Part B:
Cybernetics, Special Issue on Diagnosis of Complex Systems, 34(5):2192–2206, 2004.
M. Staroswiecki and P. Declerck. Analytical redundancy in non-linear interconnected
systems by means of structural analysis. In Proceedings of IFAC AIPAC’89, pages 51–55,
Nancy, France, 1989.
C. Svärd and M. Nyberg. Residual generators for fault diagnosis using computation
sequences with mixed causality applied to automotive systems. IEEE Transactions on
Systems, Man and Cybernetics, Part A: Systems and Humans, 40(6):1310–1328, 2010.
C. Svärd, M. Nyberg, E. Frisk, and M. Krysander. Residual evaluation for fault diagnosis
by data-driven analysis of non-stationary probability distributions. In Proceedings of
the 50:th IEEE Conference on Decision and Control and European Control Conference
(CDC-ECC 2011), pages 95–102, 2011.
L. Travé-Massuyès, T. Escobet, and X. Olive. Diagnosability analysis based on
component-supported analytical redundancy. IEEE Trans. on Systems, Man, and Cyber-
netics – Part A: Systems and Humans, 36(6):1146–1160, 2006.
J. Wahlström and L. Eriksson. Modeling diesel engines with a variable-geometry
turbocharger and exhaust gas recirculation by optimization of model parameters for
capturing non-linear system dynamics. Proceedings of the Institution of Mechanical
Engineers, Part D: Journal of Automobile Engineering, 225(7), July 2011.
 Paper C

Data-Driven and Adaptive Statistical Residual

Evaluation for Fault Detection with an
Automotive Application☆

☆ A revised version has been submitted to Mechanical Systems and Signal Processing,
2012.

117
Data-Driven and Adaptive Statistical Residual
Evaluation for Fault Detection with an
Automotive Application
Carl Svärd, Mattias Nyberg, Erik Frisk, and Mattias Krysander

Vehicular Systems, Department of Electrical Engineering,

Linköping University, SE-581 83 Linköping, Sweden.

Abstract

An important step in model-based fault detection is residual evaluation, where

residuals are evaluated with the aim to detect changes in their behavior caused
by faults. To handle residuals subject to time-varying uncertainties and dis-
turbances, which indeed are present in practice, a novel statistical residual
evaluation approach is presented. The main contribution is to base the residual
evaluation on an explicit comparison of the probability distribution of the resid-
ual, estimated online using current data, with a no-fault residual distribution.
The no-fault distribution is based on a set of a-priori known no-fault residual
distributions, and is continuously adapted to the current situation. As a second
contribution, a method is proposed for estimating the required set of no-fault
residual distributions off-line from no-fault training data. The proposed resid-
ual evaluation approach is evaluated with measurement data on a residual for
diagnosis of the gas-flow system of a Scania truck diesel engine. Results show
that small faults can be reliable detected with the proposed approach in cases
where regular methods fail.

119
120 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

1 Introduction
Fault diagnosis is becoming more and more important with the increasing demand for
dependable technical systems, driven mostly by economical, environmental, and safety,
incentives. One example is automotive systems, where good fault diagnosis is essential
in order to meet customer demands regarding up-time, efficient repair and maintenance,
and also to fulfill on-board diagnosis (OBD) legislative regulations.
Model-based fault diagnosis typically comprises fault detection and isolation (Blanke
et al., 2006), and the fault detection part contains the essential steps residual generation
and residual evaluation. In the first step, a model of the system is used together with
measurements to generate residuals. In the second step, the residuals are evaluated with
the aim to detect changes in the residual behavior caused by faults in the system. This
works concerns the second step, residual evaluation.
Ideally, residuals are signals that are zero when no faults are present in the system, and
non-zero otherwise. Due to the presence of uncertainties and disturbances, caused by
for instance modeling errors, measurement noise, and unmodeled phenomena, residuals
typically however deviate from zero even in the no-fault case. Moreover, due to changes in
the operating mode of the system, the magnitude of these uncertainties and disturbances
is time-varying, causing the behavior of residuals to be non-stationary. An illustration
is given by Figure 1, where a residual for fault detection in the gas-flow system of a
truck diesel engine is shown. Clearly, the residual is not zero in the no-fault case, and
it is obvious that the residual exhibit non-stationary features. It can also be noted
that the difference between the residual in the no-fault and fault cases is time-varying.
Nevertheless, the fact that there is a difference implies that the present fault is potentially
detectable.
There are two main approaches (Ding et al., 2007) for residual evaluation; statisti-
cal (Willsky and Jones, 1976; Gertler, 1998; Basseville and Nikiforov, 1993; Peng et al., 1997;
Al-Salami et al., 2006; Blas and Blanke, 2011; Wei et al., 2011) and norm-based (Emami-
Naeini et al., 1988; Frank, 1995; Frank and Ding, 1997; Sneider and Frank, 1996; Chen
and Patton, 1999; Zhang et al., 2002; Zhong et al., 2007/03/; Ingimundarson et al., 2008;
Al-Salami et al., 2010; Li et al., 2011; Abid et al., 2011). Statistical approaches exploits the
framework of statistical hypothesis testing in order to detect changes in some parameter
of the probability distribution of the residual, typically by means of likelihood ratio
testing (Gustafsson, 2000). In norm-based approaches, residual evaluation is typically
done by adaptive or constant thresholding of some norm of the residual.
Apparently, when encountering a residual as the one depicted in Figure 1, neither
statistical-based approaches assuming stationary probability distributions, nor norm-
based approaches using constant thresholds, would be successful. A potential solution is
to consider adaptive thresholds (Clark, 1989; Frank, 1994), and use a-priori knowledge,
either qualitative (Ingimundarson et al., 2008; Zhang et al., 2002; Höfling and Isermann,
1996; Emami-Naeini et al., 1988) or quantitative (Sneider and Frank, 1996; Frank, 1995;
Nyberg and Stutte, 2004), to derive non-constant thresholds to take the time-varying
uncertainties and disturbances into account. This paper instead proposes an adaptive
statistical residual evaluation method, which exploits quantitative a-priori knowledge in
the form of data.
2. Problem Formulation 121

200 No Fault
Residual [K] Fault
100

790 800 810 820 830 840 850 860 870

Time [s]

Figure 1: A residual for fault detection in the gas-flow system of a heavy-duty truck diesel
engine in the no-fault (solid) and fault (dashed) cases.

The main contribution is to base the residual evaluation on an explicit comparison

of the probability distribution of the residual, estimated on-line using current data,
with a no-fault residual distribution. The no-fault distribution is based on a set of a-
priori known no-fault distributions and to handle changes in the operating mode of the
system, and thus time-varying residual features, it is continuously adapted to the current
operating mode of the system. The comparison is done in the framework of statistical
hypothesis testing by application of the Generalized Likelihood Ratio (GLR). As a second
contribution, a method is proposed for estimating the required set of no-fault residual
distributions off-line from no-fault training data. Thus, using the method for distribution
estimation, the overall residual evaluation method becomes fully data-driven and no
assumptions regarding the properties of the probability distribution of the residual, nor
the properties of the faults to be detected, are made.
The paper is organized as follows. Section 2 discusses and formalizes the problem
setup and the residual evaluation problem is formulated in the framework of statistical
hypothesis testing. In Section 3, the GLR is utilized to design a preliminary test statistic for
the residual evaluation hypotheses, and the emerging likelihood maximization problems
are considered. In Section 4, the preliminary test statistic is improved in terms of required
computational effort, and a residual evaluation algorithm suitable for implementation
in an online environment is given. Section 5 presents an off-line algorithm for learning
no-fault residual distributions from no-fault training data. In Section 6 the proposed
residual evaluation approach is applied to a residual for fault detection in the gas-flow
system of a real Scania truck diesel engine. Finally, Section 7 concludes the paper. In
order to improve readability, lengthy proofs of theorems and lemmas are collected in
Appendix A.

2 Problem Formulation

The residual evaluation problem, as considered in this work, is formally stated in this
section.
122 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

u y
System

Residual
Generator

Figure 2: A system and a residual generator.

2.1 Prerequisites
A residual, r, is considered to be the output from a residual generator, taking measure-
ments from a system as input. Typically, the measurements consists of the input u and
output y, see Figure 2. The system is considered to be subject to faults, and the intention
is to detect if any fault is present in the system by monitoring the behavior of the residual.
Note that if a set of residuals sensitive to different faults is used, faults can also be isolated,
see for example Blanke et al. (2006).
The system typically operates in a number of different operating modes, and normal
operation usually involves several of these modes. For an example, consider a heavy-duty
truck diesel engine, for which a residual is shown in Figure 1. Naturally, this system is
designed to operate in a number of different operating modes typically characterized by
engine torque, engine speed, ambient temperature, ambient pressure, etc.
The setup depicted in Figure 2 most often contains uncertainties in the form of
measurement noise or, in the case of a model-based residual generator, modeling errors.
Typically, the magnitudes and nature of the uncertainties are different for different
operating modes of the system. For example, a sensor may be more or less sensitive to
noise in different operating modes, and a model may be more accurate in one operating
mode than another. Since the operating mode of the system varies in time, so does the
magnitudes and nature of the uncertainties. This is the cause of the non-ideal residual
behavior illustrated in Figure 1.
It is assumed that during on-line operation, the current operating mode of the system
is unknown. In addition, it is also assumed that the probability that the system is in a
specific mode is unknown. In this sense, the system can be considered to be subject to
an unknown, i.e., unmeasurable, input signal, determining the current operating mode.
Regarding in particular the first assumption, it is considered to be hard to quantify and
measure all factors, internal and external, that determine the current operating mode
of a system. Furthermore, these factors may be different for different individuals of the
system, or may change over time. However, even if its is possible to determine a set of
measured signals that determines the operating mode, all signals may not be available
for the residual evaluation scheme due to for example fault decoupling principles, or
architectural constraints in the control system software. In addition, even if all signals
2. Problem Formulation 123

are available, they may as well be subject to faults. The second assumption is mainly
motivated by the fact that the operation of a system differs between different individuals
of the same system, and may change over time or due to external unmeasurable factors.

2.2 Probabilistic Framework

To handle the uncertain environment described above, a probabilistic framework is
adopted. Let the discrete random variable R with range X = {x 1 , x 2 , . . . , x M }, represent
the discretized and sampled value of the residual, and let r denote a particular outcome
of R.
For a given specific operating mode i of the system, the probability that R = r is
assumed to be characterized by the probability mass function (pmf)

p (r∣θ i ) = Pr (R = r∣θ i ) = θ i j , if r = x j , (1)

for j = 1, . . . , M. The pmf (1) is fully parametrized by θ i = (θ i1 , θ i2 , . . . , θ i M ), where the

θ i j are required to fulfill

θ i j ≥ 0, j = 1, 2, . . . , M
M (2)
∑ θ i j = 1.
j=1

Under the assumption that there is in total K operating modes, the probability that
R = r can be characterized by the K-component mixture distribution given by the pmf
K
p (r∣α, θ) = ∑ α i p (r∣θ i ) (3)
i=1

with α = (α 1 , α 2 , . . . , α K ) and

⎛ θ 1 ⎞ ⎛ θ 11 θ 12 ⋯ θ 1M ⎞
⎜θ ⎟ ⎜θ θ 22 ⋯ θ 2M ⎟
θ = ⎜ 2 ⎟ = ⎜ 21 ⎟, (4)
⎜ ⋮ ⎟ ⎜ ⋮ ⋮ ⋮ ⋮ ⎟
⎝θ K ⎠ ⎝θ K1 θ K2 ⋯ θKM⎠

where α i , i = 1, 2, . . . , K, are referred to as mixture weights required to fulfill

α i ≥ 0, i = 1, 2, . . . , K,
K (5)
∑ α i = 1.
i=1

In the context of this work, the mixture weight α i specifies the probability that the
system is in mode i. As said in Section 2.1, the probability that the system is in a specified
operating mode is considered to be unknown. Consequently, α i , i = 1, 2, . . . , K, are
assumed to be unknown and will in the following be considered as nuisance parameters.
124 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

θ1
0.6 θ2
θ3
0.55

0.5

0.45
Residual [-]

0.4

0.35

0.3

0.25

0.2

10 20 30 40 50 60 70 80 90
Time [s]
(a) Residual

θ1
θ2
0.1 θ3

0.08
p(r = xi |α, θ)

0.06

0.04

0.02

0
0.18 0.27 0.37 0.47 0.57 0.67
xi
(b) Distribution of the Residual

Figure 3: Example of a sample from a mixture distribution in the form (3) with 3 compo-
nents θ 1 , θ 2 , and θ 3 , and mixture weights α 1 = α 2 = α 3 = 31 .
3. GLR Test Statistic 125

Figure 3a shows a set of residual samples with underlying distributions described by

the pmf (3), with 3 components θ 1 , θ 2 , and θ 3 , shown in Figure 3b, and mixture weights
α 1 = α 2 = α 3 = 31 .
Note that the probabilistic model (3) can be used to describe the distribution of the
residual for both the no-fault and faulty system.
In the context of residual evaluation, it is assumed that the distribution of the residual
is known in the no-fault case. Let θ NF denote the no-fault distribution parameter, where
the i-th row θ NFi describes the distribution of the residual in operating mode i of the
no-fault system. Section 5 describes how the required parameters θ NF i can be learned
from no-fault training data, without the need of any detailed a-priori knowledge of
the system. For a different approach, utilizing expert knowledge regarding the system,
see Svärd et al. (2011).
Typically, the distribution of the residual is different for all K operating modes of the
no-fault system, which implies that the matrix θ NF has full row rank. For the model (3)
to make sense it is required that M > K, since otherwise θ NF can be used to describe any
residual distribution, including ones originating from faulty cases.

2.3 Residual Evaluation in a Hypothesis Testing Framework

Consider now a set R = {r 1 , r 2 , . . . , r N } of sampled residual values. Given θ NF and
R, the residual evaluation problem is, in the context of this work, to determine if the
probability distribution of the residual samples in R can be characterized by the pmf (3)
with θ = θ NF for some α ∈ Υ, where
K
Υ = {α ∈ RK ∶ α i ≥ 0, ∑ α i = 1} , (6)
i=1

denotes the space of α as specified by (5).

The residual evaluation problem as described above can be formulated by means of
the hypotheses

H0 ∶ θ = θ NF , α ∈ Υ
(7)
H1 ∶ θ ≠ θ NF , α ∈ Υ

where the null hypothesis H 0 corresponds to the no-fault case, i.e., when no fault is
present in the system, and the alternative hypothesis H 1 to the faulty case, i.e., when
one or several faults are present in the system. Next section deals with the problem of
designing a test statistic for the hypotheses (7).

3 GLR Test Statistic

A standard approach when encountering composite hypotheses, is to utilize the Gen-
eralized Likelihood Ratio (GLR), see, e.g., Casella and Berger (2001); Basseville and
126 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

Nikiforov (1993). For testing hypothesis H 0 versus H 1 in (7), the GLR is

max L (α, θ NF ∣R)

α∈Υ
Λ (R) = , (8)
max L (α, θ∣R)
α∈Υ, θ∈Θ

where L (θ, α∣R) is the likelihood function of α and θ, given the set R of residual samples,
and
⎧
⎪ M ⎫
⎪
⎪ ⎪
Θ = ⎨θ ∈ RK×M ∶ θ i j ≥ 0, ∑ θ i j = 1⎬ , (9)
⎪
⎪ j=1
⎪
⎪
⎩ ⎭
denotes the space of the distribution parameter θ as specified by (2). The GLR test
statistic becomes

λ (R) = −2 log Λ (R) , (10)

and the hypothesis H 0 is rejected in favor of hypothesis H 1 if λ (R) > J, where J is a

constant threshold.
In order to employ the GLR test statistic λ (R), the maximization problems in the
denominator and numerator of the GLR (8) must be solved. Before considering these
maximization problems, the objective function, i.e., the likelihood function L (θ, α∣R),
will be studied in some more detail.

3.1 The Likelihood Function

The likelihood function of the parameters θ and α given the set R of residual samples is
given by

L (α, θ∣R) = p (R∣α, θ) , (11)

where p (R∣θ, α) is the joint pmf for the residual samples in R. In the general case, the
expression for the joint pmf is cumbersome to deal with. To make subsequent derivations
tractable, or even possible, it is necessary to pose the following assumption.
Assumption 1. Samples from (3) are independent and identically distributed (iid).
Note that Assumption 1 not may be valid in the general case, since residuals often
are obtained as output from dynamic systems and thereby exhibit Markovian properties.
It can however often be fulfilled in practice by sampling the residual at a sufficiently
low rate. In addition, residuals based on innovation filters (Gustafsson, 2000), e.g., the
Kalman Filter, fulfills the assumption. The residual evaluation approach developed in
this paper has also been shown to be applicable in practical settings, for example in the
application example presented in Section 6.
By using Assumption 1, the joint pmf can be written as

p (R∣α, θ) = ∏ p (r k ∣α, θ) , (12)

r k ∈R
3. GLR Test Statistic 127

where p (⋅∣α, θ) is given by (3). By using (12), the likelihood (11) takes the form L (α, θ∣R) =
∏r k ∈R p (r k ∣α, θ).
Next, let c j denote how many of the samples in R that have value x j , i.e.,

c j = ∣{r k ∈ R ∶ r k = x j , x j ∈ X }∣ , j = 1, 2, . . . , M. (13)

By definition, it holds that ∑ Mj=1 c j = N.

It is worth noting that the quantities c 1 , c 2 , . . . , c M can be obtained from a regular
histogram, with M bins, calculated from R.
By using (12), (3), (13), and (1), the likelihood function (11) reduces to

L (α, θ∣R) = ∏ p (r k ∣α, θ)

r k ∈R
K
= ∏ ∑ α i p (r k ∣θ i )
r k ∈R i=1
M K cj (14)
= ∏ (∑ α i p (x j ∣θ i ))
j=1 i=1
M K cj
= ∏ (∑ α i θ i j ) .
j=1 i=1

To simplify the calculations, the log-likelihood function

l (α, θ∣R) = log [L (α, θ∣R)]

⎡M K cj⎤
⎢ ⎥
⎢
= log ⎢∏ (∑ α i θ i j ) ⎥⎥
⎢ j=1 i=1
⎣
⎥
⎦ (15)
M K
= ∑ c j log [∑ α i θ i j ] ,
j=1 i=1

will be used instead of (14).

Before proceeding, the following is assumed without loss of generality regarding
c 1 , c 2 , . . . , c M , as specified by (13).
Assumption 2. c j > 0, j = 1, 2, . . . , M.
To see that Assumption 2 can be done without loss of generality, assume that c k = 0,
i.e., that there are no samples in R with value x k . Then the corresponding factor in (14) is
0
(∑Ki=1 α i θ i j ) ≡ 1, or equivalently the corresponding term in (15) is 0 ⋅ log [∑Ki=1 α i θ i j ] ≡
0, independent of α j and θ i j . Thus, this term, or factor in the case of the likelihood, can
be neglected and the log-likelihood function (15) instead written as
K
l (α, θ∣R) = ∑ c j log [∑ α i θ i j ] .
j∈{1,2,...,M}∖{k} i=1
128 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

3.2 Likelihood Maximizations

This section is devoted to explore in detail how to solve the two maximization problems
in the GLR (8). Both problems correspond to finding parameter values that maximize
the likelihood function (14), given the residual samples in R, i.e., finding Maximum
Likelihood Estimators (MLE’s).

Denominator MLE Problem

Consider first the MLE problem
max L (α, θ∣R) , (16)
α∈Υ, θ∈Θ

in the denominator of (8). Under Assumption 1, and by using the log-likelihood func-
tion (15) as well as the structure of the parameter spaces (9) and (6), the MLE problem (16)
can be equivalently stated as
M K
max ∑ c j log [∑ α i θ i j ]
α∈RK , θ∈RK×M j=1 i=1

subject to α i ≥ 0, i = 1, 2, . . . , K,
θ i j ≥ 0, i = 1, 2, . . . , K, j = 1, 2, . . . , M,
K
∑ α i = 1,
i=1
M
∑ θ i j = 1, i = 1, 2, . . . , K, (17)
j=1

which is a general non-linear constrained maximization problem.

It turns out that (17), and equivalently the MLE problem (16), can be solved explicitly.
The key step in obtaining the expression for an explicit solution to (16) is given by the
following lemma.
Lemma 1. Let c 1 , c 2 , . . . , c M fulfill Assumption 2. Then,
ϕ⋆ = (ϕ⋆1 , ϕ⋆2 , . . . , ϕ⋆M ) (18)
where
cj
ϕ⋆j = , j = 1, 2, . . . , M, (19)
N
and N = ∑ M
j=1 c j , is the global solution to the maximization problem

M
cj
max ∏ ϕj (20a)
ϕ∈R M j=1

subject to ϕ j ≥ 0, j = 1, 2, . . . , M (20b)
M
∑ ϕ j = 1. (20c)
j=1
3. GLR Test Statistic 129

Proof. First note that by (20b) and Assumption 2 it holds that ϕ j ≥ 0 and c j > 0 for
j = 1, 2, . . . , M. Furthermore, by definition of c j in (13), it also noted that ∑ M
j=1 c j = N.
Consider now the weighted arithmetical and geometrical averages of the quantities
ϕj
cj
≥ 0 with weights c j > 0 for j = 1, 2, . . . , M. According to the inequality of weighted
arithmetic and geometric means, see, e.g., Hardy et al. (1934), it then holds that
¿
c
1 ⎛ M ϕj ⎞ ÁÁ
N
M ϕj j
∑ À∏ ( ) ,
⋅ cj ≥ Á (21)
N ⎝ j=1 c j ⎠ j=1 c j

ϕ1 ϕ2 ϕM
with equality if and only if c1
= c2
=⋯= cM
. For the left hand side of (21), it holds
ϕj
that 1
N
(∑ M
j=1 c j ⋅ c j) = 1
N ∑
M
j=1
1
ϕ j = due to (20c). Exploiting this fact and re-writing
N
√ √ cj
N M ϕj cj N ∏M
j=1 ϕ j
the right hand side of (21) as ∏ j=1 ( c j ) = c j , the inequality (21) can be
M
∏ j=1 c j
equivalently stated as
M
j c 1 M cj M cj cj
∏ ϕj ≤ ∏c = ∏( ) . (22)
j=1 N N j=1 j j=1 N

ϕ ϕ ϕ
Now assume that equality holds in (21), and let C = c 11 = c 22 = ⋯ = c MM . Under (20c),
it then holds that 1 = ∑ M M M
j=1 ϕ j = ∑ j=1 C ⋅ c j = C ∑ j=1 c j = C ⋅ N which is equivalent to
c cj
that C = N . Hence, for the objective function ∏ j=1 ϕ j j in (20a) it holds that ∏ M
1 M
j=1 ϕ j ≤
M jc cj ϕj 1 cj
∏ j=1 ( N ) under (20b), with equality under (20c) if and only if cj
= N
⇔ ϕj = N
,
j = 1, 2, . . . , M. This completes the proof.

Note that since log [⋅] is a strictly increasing function, Lemma 1 is also applicable
cj
to the problem of maximizing the function log ∏ M M
j=1 ϕ j = ∑ j=1 c j log ϕ subject to the
conditions (20b) and (20c).
By using Lemma 1, a condition for a solution to the maximization problem (17), and
thereby the MLE problem (16), can be obtained.

Theorem 1. Let R be a set of residual samples, define c 1 , c 2 , . . . , c M according to (13), and

let Assumptions 1 and 2 be valid. Then, any α ⋆ ∈ Υ and θ ⋆ ∈ Θ such that
K cj
⋆ ⋆
∑ αi θ i j = , j = 1, 2, . . . , M, (23)
i=1 N

is a solution to the MLE problem (16).

Proof. Assumption 1 implies that the joint distribution of R is given by (12). With c j
defined according to (13), the likelihood (11) can be written as (14) and by exploiting the
structure of the parameter spaces (6) and (9), it trivially follows that the MLE problem (16)
can be equivalently reformulated as the maximization problem (17). From Lemma 1, and
130 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

the fact that log [⋅] is a strictly increasing function, it follows that any α ⋆ ∈ Υ and θ ⋆ ∈ Θ
that satisfies Nj = ∑Ki=1 α ⋆i θ ⋆i j , j = 1, 2, . . . , M, is a solution to the maximization problem
c

M K
max ∑ c j log [∑ α i θ i j ]
α∈RK , θ∈RK×M j=1 i=1
K
subject to ∑ α i θ i j ≥ 0, j = 1, 2, . . . , M, (24)
i=1
M K
∑ ∑ α i θ i j = 1.
j=1 i=1

Now note that (24) has the same objective function as (17) and that the feasible set of (17) is
contained in the feasible set of (24), since α i ≥ 0 and θ i j ≥ 0 implies ∑ M K
j=1 ∑ i=1 α i θ i j ≥ 0
and ∑Ki=1 α i = 1 and ∑ M M K K M
j=1 θ i j = 1 implies that ∑ j=1 ∑ i=1 α i θ i j = ∑ i=1 α i ∑ j=1 θ i j =
∑ i=1 α i ⋅1 = 1, since θ ∈ Θ. Clearly, (α ⋆ , θ ⋆ ) is contained in the feasible set of problem (17)
K

and it follows that (α ⋆ , θ ⋆ ) is a solution also to (17). It now remains to show that
(α ⋆ , θ ⋆ ) is a global solution to (17). Since log [⋅] is a non-decreasing concave function,
and ∑Ki=1 α i θ i j is a linear function, it holds that log [∑Ki=1 α i θ i j ] is a concave function.
Therefore, the objective function in (17) is a convex sum of concave functions, since c j > 0
due to Assumption 2, and hence a concave function. Since all constraints in (17) are
linear, it follows that (17) is a concave optimization problem. Thus, the solution (α ⋆ , θ ⋆ )
is a global maximizer to (17) and hence a solution to the MLE problem (16).

Numerator MLE Problem

Consider now the MLE problem
max L (α, θ NF ∣R) , (25)
α∈Υ

in the numerator of the GLR (8).

Note that (25) and (16) differs by that θ is fixed to θ NF in (25).
With the notion of Section 2, the parameter θ NF characterizes the set of distributions
of the no-fault residual for all operating modes of the system. In this sense, the MLE
problem (25) corresponds to finding a no-fault distribution that is most likely to fit the
residual samples in R.
By again using Assumption 1, the log-likelihood function (15), and exploiting the
structure of the space (6) of the parameter α, the MLE problem (25) can be equivalently
stated as the non-linear constrained maximization problem
M K
NF
max ∑ c j log [∑ α i θ i j ]
α∈RK j=1 i=1

subject to α i ≥ 0, i = 1, 2, . . . , K, (26)
K
∑ α i = 1.
i=1
4. Online Residual Evaluation Algorithm 131

In the general case, it is unfortunately not possible to find an explicit expression for a
solution to the maximization problem (26), or equivalently the MLE problem (25), as
was the case with the MLE problem (16). There are however several efficient numerical
approaches, see, e.g., Nocedal and Wright (2006).
By using similar arguments as in the proof of Theorem 1, it can be shown that also (26)
is a concave maximization problem. The concavity property facilitates the numerical
solving since it implies that if a local maximum can be found, then it is also a global
maximum.

4 Online Residual Evaluation Algorithm

Typically, residual evaluation is to be done in an online environment subject to real-time
constraints, i.e., computational times in order of micro- or milliseconds with strict dead-
lines. Unfortunately, it is in general not feasible to solve the non-linear MLE problem (25),
or equivalently (26), under such conditions. In this section, a relaxed version of the MLE
problem (25) is proposed. The relaxed problem requires less computational effort and
results in a residual evaluation test that under certain conditions performs better than
the residual evaluation test based on the original MLE problem.

4.1 Relaxed Problem

In light of Theorem 1, and since the problems (26) and (17) exhibit significant similarities,
an intuitive solution to problem (26) is to, if possible, choose α ∈ Υ so that
K cj
NF
∑ αi θ i j = , j = 1, 2, . . . , M. (27)
i=1 N

However, since K < M, see Section 2.2, (27) corresponds to an overdetermined set of
equations which in general has no solution. Motivated by this discussion, it makes sense
cj
to chose α so that each ∑Ki=1 α i θ NF
i j is as close as possible to N for j = 1, 2, . . . , M. Thus,
the following relaxation of the problem (26) is considered

1 K ⋆ 2
min ∥ ∑ α i θ NF
i − ϕ ∥2
α∈RK 2 i=1
subject to α i ≥ 0, i = 1, 2, . . . , K, (28)
K
∑ α i = 1,
i=1

where ϕ⋆ is defined by (18).

The relaxed problem (28) is equivalent to a linear least squares problem with equality
and non-negative constraints. Solving (28) therefore typically requires less computational
effort than solving the original general non-linear maximization problem (26). Solving
of (28) will be further discussed in Section 4.3.
132 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

In order to compare the fault detection properties of the residual evaluation tests
based on the relaxed problem (28) and the original MLE problem (26), the following
result is given.
Lemma 2. Let c 1 , c 2 , . . . , c M fulfill Assumption 2, let θ NF ∈ Θ, and
K
ΦNF = {ϕ ∶ ϕ = ∑ α i θ NF
i , ∀α ∈ Υ} . (29)
i=1

Further, let ϕ⋆ ∈ ΦNF , and let α O and α R be solutions to the original problem (26) and
relaxed problem (28), respectively. Then, it holds that
K K
O NF R NF ⋆
∑ αi θ i = ∑ αi θ i = ϕ . (30)
i=1 i=1

Proof. First note that ϕ⋆ ∈ ΦNF is equivalent to that the set

K
ΥNF = {α ∈ Υ ∶ ϕ⋆ = ∑ α i θ NF
i }, (31)
i=1

is non-empty. Assume that ΥNF ≠ ∅ and consider first the optimization problem (26).
Since ΥNF ≠ ∅, it follows from Lemma 1, and the fact that log [⋅] is an increasing function,
that any optimal solution to (26) is contained in ΥNF . In particular, this holds for α O and
thus ϕ⋆ = ∑Ki=1 α O NF
i θ i . Consider next the optimization problem (28). Again Υ
NF
≠∅
O NF
implies that any optimal solution to (28), in particular α , is contained in Υ . Hence,
ϕ⋆ = ∑Ki=1 α Ri θ NF
i and the proof is complete.

Consider the hypotheses in (7) and the GLR test statistic λ (R) defined by (10)
and (8). Define the test statistic
L (α R , θ NF ∣R)
λR (R) = −2 log , (32)
L (α ⋆ , θ ⋆ ∣R)
where (α ⋆ , θ ⋆ ) is a solution to the original MLE problem (16) as present in (8), but where
α R is a solution to the relaxed numerator MLE problem (28).
The power of the residual evaluation test λ (R) > J can be quantified by the power
function (Casella and Berger, 2001)
β λ (α, θ) = Pr (reject H 0 ∣α, θ) = Pr (λ (R) > J∣α, θ) , (33)
where J is a fixed threshold. If α ∈ Υ and θ = θ NF in (33), i.e., under H 0 , the power
function gives the probability of false detection, or Type I error. Otherwise, the power
function gives the probability of detection for fixed α and θ, or equivalently the probability
of missed detection or Type II error, by 1 − β λ (α, θ).
Consider now the power function
β λR (α, θ) = Pr (λR (R) > J∣α, θ) , (34)
for the residual evaluation test λR (R) > J, based on the relaxed problem (28). The
relation between the power functions (33) and (34) is given by the following result.
4. Online Residual Evaluation Algorithm 133

Theorem 2. It holds that

β λR (α, θ) ≥ β λ (α, θ) . (35)
ϕ⋆j = Nj ,
c
Proof. It is first noted that according to Theorem 1, it holds that j = 1, 2, . . . , M,
⋆
and thus Lemma 2 is applicable. According to Lemma 2, it holds that ϕ = ∑Ki=1 α Oi θi =
NF
K R NF ⋆ NF O NF R NF
∑ i=1 α i θ i if ϕ ∈ Φ . This implies, due to (14), that L (α , θ ∣R) = L (α , θ ∣R)
if ϕ⋆ ∈ ΦNF . Due to the concavity property of the likelihood function L (α, θ∣R), and
the fact that α O is a solution to the MLE problem (25), it follows that
L (α R , θ NF ∣R) ≤ L (α O , θ NF ∣R) ,
with equality if ϕ⋆ ∈ ΦNF . Thus, it holds that
L (α R , θ NF ∣R) L (α O , θ NF ∣R)
≤ , (36)
L (α ⋆ , θ ⋆ ∣R) L (α ⋆ , θ ⋆ ∣R)
and equivalent that λR (R) ≥ λ (R), due to (32) and (10), again with equality if ϕ⋆ ∈ ΦNF .
The claim (35) then follows directly by definitions (33) and (34).
The implication of Theorem 2 is that the residual evaluation test λR (R) > J, based
on the relaxed problem (28), gives greater or equal probability for detection than the test
λ (R) > J, based on the original problem (26). Or equivalently, that the Type II error,
i.e., the probability for missed detection, for the test λR (R) > J always is smaller than,
or equal to, the Type II error for the test λ (R) > J.
In general, unfortunately, the test λR (R) > J gives larger probability for false detec-
tion, i.e., Type I error, than the test λ (R) > J. This is a direct consequence of Theorem 2.
However, asymptotically the condition ϕ⋆ ∈ ΦNF holds under hypothesis H 0 , i.e., in the
no-fault case, which implies that also the probabilities for false detection becomes equal
for the two tests. This fact is formalized in the following result.
Theorem 3. Let N denote the number of residual samples in R, and let H 0 in (7) be valid.
Then, it holds that
lim β λR (α, θ) − β λ (α, θ) = 0. (37)
N→∞

Proof. Define ϕ = ∑Ki=1 α i θ i and note that from (7), it can be deduced that ϕ ∈ ΦNF is
equivalent to that α ∈ Υ and θ = θ NF , i.e., that H 0 in (7) is valid. Thus, by assumption,
it holds that ϕ ∈ ΦNF . Consider now ϕ⋆ and note that due to the invariance prop-
erty (Casella and Berger, 2001) of maximum likelihood estimates it holds that if (α ⋆ , θ ⋆ )
are the MLE of (α, θ), which indeed is true by assumption, then ϕ⋆ = ∑Ki=1 α ⋆i θ ⋆i is the
MLE of ϕ. Lemma 5 (found in Appendix A) then implies that
lim Pr (∣ϕ⋆ − ϕ∣ ≥ ε) = 0,
N→∞

for all ε > 0 and ϕ ∈ Φ′ , with Φ′ defined by (70). Since it holds that ϕ ∈ ΦNF by
assumption, it therefore holds that ϕ⋆ ∈ ΦNF when N → ∞. Since ϕ⋆ ∈ ΦNF holds, (36)
holds with equality which is equivalent to that λR (R) = λ (R). By (33) and (34) this is
equivalent to β λR (α, θ) = β λ (α, θ), and thus (37) holds.
134 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

0.9

λ R (R)
λ(R)
0.8

0.7

0.6

0.5

0.4 0 1 2 3 4
10 10 10 10 10
N

Figure 4: Comparison of test quantities λR (R) and λ(R) under hypothesis H 0 , by means
of the quantity λλ(R)
R (R)
, for different values of the size N of the residual sample R.

Theorem 3 is empirically illustrated in Figure 4, which shows a comparison of the test

statistics λR (R) and λ(R), under hypothesis H 0 , as the size N of the residual sample
R grows. In this particular case, the parameters M = 80 and K = 25 was used. The
comparison is done by means of the quantity λλ(R) R (R)
, and Figure 4 shows the average of
10,000 Monte Carlo simulations using synthetic data. It is clear that the test quantities
λR (R) and λ(R) are almost equal when N is large, in this case for N > 1000. Since both
test λR (R) > J and λ(R) > J are based on the same threshold J, the situation in Figure 4
implies that the power functions β λR (α, θ) and β λ (α, θ) are almost identical under H 0
when N is sufficiently large.
To summarize, Theorem 2 implies that the test λR (R) > J, based on the relaxed
problem (28), will result in greater or equal probability for detection than the GLR test
λ (R) > J, based on the original MLE problem (26). Moreover, according to Theorem 3,
if N is sufficiently large, then also the probabilities for false detection will be almost equal
for two tests.
In an application where computational effort is crucial, and when implementation
matters limit usage of a “sufficiently large” N, a switch from the original MLE prob-
lem (26) to the relaxed problem (28), means trading probability of false detection against
computational feasibility.

4.2 Residual Evaluation Algorithm

The proposed method for residual evaluation is summarized as an algorithm below. Input
to the algorithm is a set of residual samples R = {r 1 , r 2 , . . . , r N }, a no-fault residual
4. Online Residual Evaluation Algorithm 135

distribution parameter θ NF , and a detection threshold J. Output is a decision whether to

reject hypothesis H 0 in (7) or not, i.e., whether a fault is present in the system or not.

Step 1: Compute c 1 , c 2 , . . . , c M according to (13).

Step 2: Obtain α R by solving (28).

Step 3: Obtain (32) by computing

cj
M K
∏ j=1 (∑ i=1 α Ri θ NF
ij )
λR = −2 log M cj cj . (38)
∏ j=1 ( N )

Step 5: Reject H 0 if λR > J.

Note that for use with sequential residual data, the samples in R may be collected by
using a sliding window, i.e., at sampling instant t the set of residual samples

R t = {r t−N+1 , r t−N+2 , . . . , r t } ,

is used, where r t denotes the residual sample collected at instant t.

Parameter Choices

The parameters involved in the residual evaluation are the number N of residual samples
in R, the detection threshold J, and the no-fault distribution parameter θ NF . The first two
parameters, N and J, are discussed below. The parameter θ NF is the topic of Section 5.
According to Theorem 3, the relaxation (28) of the MLE problem (25) is justified in
terms of the probability for false detection if N is sufficiently large. The actual meaning
of “sufficiently large” is application dependent and must be evaluated from case to case.
This can for example be done by comparing the test quantities λR (R) and λ(R), under
hypothesis H 0 , for different values of N in the same manner as in Figure 4.
In general, given that N is large enough to justify the relaxation, the choice of N
is a trade-off between detection performance and complexity. A large N will give the
test statistic smoothed, low-pass, characteristics. This makes it possible to detect small
changes in the residual, but on the other hand a large N may increase the detection time.
Computational and memory aspects will be discussed in Section 4.3.
The choice of detection threshold J is a trade-off between detection time, and test
power, in terms of probability of false detection and probability of missed detection. The
higher the threshold, the longer the detection time, the lower the probability of false
detections but the higher the probability of missed detection. The actual selection of
threshold may be aided by the fact that the test statistic based on the GLR, ideally, is
Chi-squared distributed (Willsky and Jones, 1976).
136 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

4.3 Implementation Issues and Computational Complexity

Typically, the residual evaluation algorithm outlined in Section 4.2 is implemented and
executed in real-time in an online environment. This poses strict restrictions on the
computational complexity of the algorithm, in terms of requirements of computing time
and storage.
The main potential computational pitfalls of the algorithm are related to Step 1 and
Step 2, i.e., computing the bin counts c 1 , c 2 , . . . , c M according to (13) and solving the
equality and inequality constrained linear least square problem (28). These two issues
will now be considered, starting with the former.

Computing the Bin Counts

Computing the bin counts c 1 , c 2 , . . . , c M given a set of residual samples R corresponds to,
for each x j ∈ X , counting how many samples in R that takes value x j , where X denotes
the range space of the residual, see Section 2.2.
As said in Section 3.1, the quantities c 1 , c 2 , . . . , c M can be obtained from a regular
histogram, with M bins, computed from R and the computational complexity for this
problem depends on the parameters M and N, i.e., the number of bins in the histogram,
and the number of samples in R, respectively.
The number of required computations for computing a regular histogram with M bins
from a set of N samples, is M × N and grows linearly with both M and N. Considering
the memory requirements, the N residual values and the M bin counts need to be stored,
and these requirements also grow linearly. The conclusion is that if only there is enough
memory available, the histogram calculations, and thus the computation of the bin
counts, can easily be performed in real-time in an online environment.

Solving the Constrained Linear Least Square Problem

A variety of numerical methods have been developed for solving linear least square
problems with inequality and equality constraints, see, e.g., Haskell and Hanson (1981);
Lawson and Hanson (1974); Bjorck (1996); Zhu and Rong Li (2007). Most methods are
based on convex optimization (Boyd and Vandenberghe, 2004), where primal-dual meth-
ods, including interior point methods (Wright, 1997) and the active set method (Bjorck,
1996), are of particular interest.
Convex optimization problems can be efficiently solved (Boyd and Vandenberghe,
2004; Wright, 1997), using for example algorithms with worst-case polynomial com-
plexity (Nesterov and Nemirovskii, 1994). State-of-the-art algorithms often exploits
code-generation, where solvers are customized to a specific problem class. One such
example is CVXGEN (Mattingley and Boyd, 2012), which enables real-time, i.e., solving
time scales in microseconds or milliseconds with strict deadlines, solving of modest-sized
quadratic optimization problems (Mattingley and Boyd, 2010).
The absolute requirements on memory and computation time for solving the linear
least square problem (28) by using any of the above methods, depends on the dimension
and structure of the K × M matrix θ NF , where K denotes the number of considered
operating modes of the system, and M the number of bins in the above mentioned
5. Learning No-Fault Distribution Parameters 137

histogram. The most crucial parameter of these two is K, which in this sense should
be kept as low as possible. Implications of the value of this quantity, in the context of
residual evaluation performance, is further discussed in Section 5.
It is worth noting that the complexity of the problem (28) does not depend on the
number N of residual samples in R. This is favorable since it is only justified to consider
the relaxed problem (28) instead of the MLE problem (25) if N is sufficiently large, see
Section 4.1.

5 Learning No-Fault Distribution Parameters

In previous sections, it was assumed that the distribution of the residual was known,
by means of the parameter θ NF , for K operating modes of the no-fault system. Given a
set of residual samples, the problem was to determine if the set of samples originated
from the distribution (3) with θ fixed to θ NF . In the context of this section, however, the
parameter θ NF , as well as K, are considered to be unknown and the task at hand is to
learn, i.e., estimate, these using a large set of residual samples, denoted training data.
It is important to stress that the learning is done in an off-line environment with
less restrictions on computational complexity, while the actual residual evaluation, as
considered in Section 4, typically, is performed online.

5.1 Problem Characterization

With the notion of Section 2, the distribution parameter θ NF i , i.e., the i-th row of the
K × M matrix which constitutes the parameter θ NF , characterizes the distribution of the
no-fault residual when the considered system is in operating mode i. Thus, the value of
K determines the number of considered operating modes of the system and θ NF the set
of no-fault residual distributions associated with these operating modes.
Note that if training data partitioned according to operating mode is given, the pa-
rameter θ NF can be directly obtained by means of Lemma 1. Specifically, the distribution
parameter θ NFi is obtained by computing a normalized histogram with M bins for the
part of the data corresponding to operating mode i.
If the total number of operating modes of the system is known, this knowledge can be
exploited and K set accordingly. In general, however, K is unknown and must be learned
from the training data. The importance and meaning of the value of K is discussed next.
A large K allows for a complete description of the set of no-fault residual distributions
as specified by θ NF , which may be desirable. However, if K is too large, the set of
distributions may become too large in the sense that any distribution in the form (3) can
be characterized by θ NF . This may reduce the fault detection performance of the residual
evaluation test developed in previous sections, since almost any set of residual samples
will be considered as generated from a no-fault system, which means no alarm, even if
there is a fault present. In addition, a large K results in a θ NF of large dimension, which
affects the computational issues addressed in Section 4.3. So in this sense, K should
be kept as low as possible. A too small K, on the other hand, may give an insufficient
description of the set of all no-fault distributions. This typically also leads to decreased
138 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

fault detection performance, either in the form of missed detections or false alarms,
depending on the strategy used when setting the alarm threshold.
In conclusion, the choice of K and θ NF is a trade-off between fault detection perfor-
mance and computational effort. However, in order to take the fault detection perfor-
mance into account, training data from a set of representative fault cases is needed. In
the context of this work it is however assumed that only no-fault training data is available
due to a number of reasons. First of all, the amount of available no-fault data is typically
substantially larger than the available amount of fault data, since faults are rare. To create
fault data, one alternative is to inject faults in the real system. This is however considered
to be expensive, both in terms of time and money, since it typically require hardware
modifications and active usage of the system. Another alternative is to create fault data
by simulation. To give realistic results, this on the other hand requires models capable of
describing the faulty system, which in turn require detailed knowledge regarding the
behavior of the faulty system and possibly also its environment. This kind of information
is seldom available for real applications.
Motivated by this discussion, fault detection performance will not be explicitly
considered in the learning of K and θ NF . Instead, the learning problem will be formulated
as a trade-off between the ability of K and θ NF to characterize the set of all no-fault
residual distributions, i.e., model fit, and computational effort. The main motivation
for this choice is that a good characterization of the no-fault case will hopefully make
it possible to detect deviations from the no-fault case, meaning good fault detection
performance. The resulting fault detection performance is however empirically studied
in Section 6.

5.2 Problem Formulation

Consider a set D = (r 1 , r 2 , . . . , r ND ) of ND residual samples ordered according to time.
The residual samples in D will now be split into residual sample sets
R k = {r(k−1)n+1 , r(k−1)n+2 , . . . , r k−n } , (39)
containing n consecutive residual samples from D. To this end, let n < ND , and define
T = (R1 , R2 , . . . , R NT ) , (40)

where NT = ⌊ NnD ⌋, and R k is given by (39) for k = 1, 2, . . . , NT . The collection T of

residual sample sets R k , will henceforth be referred to as the training data.
In the following, it is assumed that each R k ∈ T contains residual samples from
only one operating mode. In practice, this can be achieved by choosing n such that the
time it takes to collect a set of n residual samples is shorter than the time the system
spends in one operating mode, as well as longer than the transition time between any
two operating modes.

Formalization of Learning Problem

Let V (T , θ) denote a metric that quantifies model fit, i.e., how well the set of distributions
characterized by a given parameter θ is able to describe a data set T in the form (40).
5. Learning No-Fault Distribution Parameters 139

A general approach for enabling a trade-off between goodness of model fit and model
complexity when identifying parameters in a model is to combine the model fit metric,
in the present case V (T , θ), with some metric that reflects the model complexity (Ljung,
1999; Söderström and Stoica, 1989).
In the context of this work, required computational effort rather than model com-
plexity is of direct interest. As said in Section 4.2, the required computational effort for
the residual evaluation algorithm presented in Section 4.2 is strongly dependent on the
dimension K × M of θ NF , and in particular the value of K. Since the larger the value of
K, the higher the computational requirements, a function C (K) that increases with K
is suitable for quantification of the computational effort. Typically, the actual choice of
C (K) is implementation dependent. In general, there are many options, see, e.g., Ljung
(1999); Söderström and Stoica (1989). One alternative is to exploit the information criteria
due to Akaike (Akaike, 1974).
Given V (T , θ) and C (K), the learning problem as stated in Section 5.1 can be
formulated as the problem

(K ⋆ , θ NF ) = arg max (V (θ, T ) − C (K)) , (41)

K , θ∈Θ (K)

where the notation Θ(K) for the space defined in (9) is introduced to stress the depen-
dency between the space and K. The topic of the remaining of this section is to derive a
suitable metric V (T , θ) for quantification of model fit.

Quantification of Model Fit

To be able to exploit the developments in previous sections, a likelihood-based framework
is adopted for quantification of model fit, and an expression for the (log)-likelihood
l (θ∣T ) is sought.
To this end, recall from Section 3.1 that under Assumption 1, the joint pmf for a set
of residual samples, in this case R k ∈ T , can be written as

p (R k ∣α k , θ) = ∏ p (r p ∣α k , θ)
r p ∈R k
K (42)
= ∏ ∑ α k i p (r p ∣θ i ) ,
r p ∈R k i=1

where α k = (α k1 , α k2 , . . . , α k K ) contains the mixture weights associated with R k . By the

construction in (39), it holds that R i ∩ R j = ∅ for any pair R i ∈ T and R j ∈ T , where
i ≠ j. This, Assumption 1 and (42), implies that
NT
p (T ∣θ, α 1 , α 2 , . . . , α NT ) = ∏ p (R k ∣α k , θ)
k=1
NT K
(43)
= ∏ ∏ ∑ α k i p (r p ∣θ i )
k=1 r p ∈R k i=1
140 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

Let c k j denote the total number of residual samples in R k that takes value x j , c.f. (13).
The log-likelihood of θ and α k , k = 1, 2, . . . , NT , given T , can then be written as

l (θ, α 1 , α 2 , . . . , α NT ∣T ) = log p (T ∣θ, α 1 , α 2 , . . . , α NT )

NT K
= log ∏ ∏ ∑ α k i p (r p ∣θ i )
k=1 r p ∈R k i=1
NT M K ck j
= log ∏ ∏ (∑ α k i p (x j ∣θ i )) (44)
k=1 j=1 i=1
NT M K ck j
= log ∏ ∏ (∑ α k i θ i j )
k=1 j=1 i=1
NT M K
= ∑ ∑ c k j log [∑ α k i θ i j ]
k=1 j=1 i=1

The likelihood function l (θ, α 1 , α 2 , . . . , α NT ∣T ) in (44) contains both the parameter

of interest θ, and the nuisance parameters α k , k = 1, 2, . . . , NT . Thus, the nuisance param-
eters α k must be eliminated from (44). There are mainly two standard approaches (Basu,
1977) for doing this. The first approach is to fix a prior probability distribution for the nui-
sance parameters, compute the posterior, and then integrate out the nuisance parameter
from the posterior to arrive at the posterior marginal distribution of the parameter of in-
terest, see for example Berger et al. (1999). The second approach is to replace the nuisance
parameters in the original likelihood function with their conditional maximum likeli-
hood estimates. The resulting function, which not indeed is a pure likelihood function
anymore, is referred to as a profile likelihood or maximized likelihood, see, e.g., Patefield
(1977); Murphy and Vaart (2000).
In the context of this section, the mixture weight α k i specifies the probability that the
samples in R k were collected when operating mode i was present. As said Section 2.1,
this probability, and all other probabilities related to the nuisance parameters α k are
assumed to be unknown, which complicates the usage of the first approach mentioned
above.
Motivated by this discussion, the second approach is adopted for elimination of α k ,
k = 1, 2, . . . , NT , from (44). The resulting profile likelihood of θ, given T , takes the form

lˆ (θ∣T ) = max l (θ, α 1 , α 2 , . . . , α NT ∣T )

α 1 ,α 2 ,...,α NT ∈Υ
NT M K
= max ∑ ∑ c k j log [∑ α k i θ i j ]
α 1 ,α 2 ,...,α NT ∈Υ k=1 j=1 i=1
(45)
NT M K
= ∑ max ∑ c k j log [∑ α k i θ i j ]
k=1 α k ∈Υ j=1 i=1

Under the assumption that each R k ∈ T contains residual samples from only one
operating mode, it holds that each α k , k = 1, 2, . . . , NT , contains one and only one
5. Learning No-Fault Distribution Parameters 141

non-zero element, equal to one. In this case,

M K M
max ∑ c k j log [∑ α k i θ i j ] = max ∑ c k j log θ i j ,
α k ∈Υ j=1 i=1 i∈{1,2,...,K} j=1

and thus the (profile) likelihood (45) of θ, given T , can be written as

NT M
lˆ (θ∣T ) = ∑ max ∑ c k j log θ i j . (46)
k=1 i∈{1,2,...,K} j=1

Motivated by these developments, the metric

NT M
V (T , θ) = lˆ (θ∣T ) = ∑ max ∑ c k j log θ i j , (47)
k=1 i∈{1,2,...,K} j=1

will be used to quantify how well the set of distributions characterized by a given param-
eter θ is able to describe a data set T .

5.3 Learning Algorithm

Consider now the learning problem as formulated in (41). According to Section 2.2 and
the fact that it is required that K < M, the feasible set of K ⋆ is bounded. Moreover, the
quantity C (K) is not dependent on θ. Thus, given that the problem max θ∈Θ(K) V (T , θ)
can be solved for a given K, the learning problem (41) can be solved by an exhaustive
search over the feasible set of K ⋆ .
The key step when searching for K ⋆ and θ NF that solve (41), is therefore to find, for a
given K, a θ (K) that satisfies

θ (K) = arg max V (T , θ) . (48)

θ∈Θ (K)

This is the topic of the remainder of this section.

Method Outline
The basic idea of the proposed approach for finding θ (K) is to first calculate a distribution
parameter θ k ∈ Θ(1) for each R k ∈ T by exploiting Theorem 1 and form the set

Ψ = (θ 1 , θ 2 , . . . , θ NT ) , (49)

where

θ k = arg max l (θ∣R k ) , (50)

θ∈Θ (1)

for k = 1, 2, . . . , NT . Then group the distribution parameters in Ψ into K clusters

P1 , P2 , . . . , PK according to their similarity, and finally calculate the distribution parame-
ter θ ⋆i , which constitute the i-th row of θ (K) , from the distribution parameters in cluster
Pi .
142 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

For an illustration of the approach, consider the residual sample sets

T = (R1 , R2 , . . . R9 ) ,
defined according to Figure 5a. Note that the sets R k in Figure 5a have been generated
in an ideal way for the purpose of illustration. The set of corresponding distribution
parameters Ψ = (θ 1 , θ 2 , . . . θ 9 ) is illustrated in Figure 5b, and the sought clusters are
P1 = {θ 1 , θ 2 , θ 3 }, P2 = {θ 4 , θ 5 , θ 6 }, and P3 = {θ 7 , θ 8 , θ 9 }. The resulting distribution
parameters θ ⋆1 , θ ⋆2 , and θ ⋆3 , calculated as the mean of the parameters in the clusters P1 ,
P2 , and P3 , respectively, are shown in Figure 6. Note the similarity between Figure 6 and
Figure 3b, where the latter in fact shows the true distribution parameters.

Algorithm
The general algorithm for finding a solution to (48) is given below. The input to the
algorithm is a set of residual samples D and constants n and K. The output is a distribution
parameter θ (K) .
In the algorithm, D (p (r∣θ k ) ∥p (r∣θ ⋆i )) denotes the Kullback-Leibler (KL) diver-
gence (Kullback and Leibler, 1951) between the probability distributions characterized
by p (r∣θ k ) and p (r∣θ ⋆i ). The KL-divergence is one way to quantify the similarity of
probability distributions and is properly defined in Section 5.4.
Step 1: Let T be defined by (40).
Step 2: Let Ψ be defined by (49).
Step 3: Partition Ψ into P⋆ = (P1 , P2 , . . . , PK ) such that
K
P⋆ = arg min ∑ ∑ D (p (r∣θ k ) ∥p (r∣θ ⋆i )) , (51)
P i=1 θ k ∈P i

where
1
θ ⋆i = ∑ θk , i = 1, 2, . . . , K. (52)
∣P i ∣ θ k ∈P i

Step 4: Let
⋆ ⋆
⎛ θ 1 ⎞ ⎛ θ 11 θ ⋆12 ⋯ θ ⋆1M ⎞
⎜θ⋆ ⎟ ⎜ θ⋆ θ ⋆22 θ ⋆2M ⎟
θ (K) = ⎜ 2 ⎟ = ⎜ 21
⋯
⎟. (53)
⎜ ⋮ ⎟ ⎜ ⋮ ⋮ ⋮ ⋮ ⎟
⎝θ ⋆ ⎠ ⎝θ ⋆ θ ⋆K2 ⋯ θ ⋆ ⎠
K K1 KM

The most crucial part of the above algorithm is Step 3, in which a particular partition
of the set Ψ should be computed. This problem in fact corresponds to a hard K-means
clustering problem (Bishop, 2006), for which efficient heuristic methods exists (Lloyd,
1982). Implementation issues are discussed in Section 5.5.
The justification of the algorithm, in terms of its ability to provide a solution to the
problem (48), is given in next section.
5. Learning No-Fault Distribution Parameters 143

R1 R2 R3 R4 R5 R6 R7 R8 R9
(a) Residual sample sets in T

θ1 θ2 θ3

θ4 θ5 θ6

θ7 θ8 θ9

(b) Distribution parameters in Ψ

Figure 5: Illustration of the proposed learning algorithm. Figure 5a shows the residual
sample sets in T and Figure 5b the corresponding distribution parameters in Ψ.
144 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

θ1
θ2
0.3
θ3

0.25
p(r = xi |α, θ)
0.2

0.15

0.1

0.05

0
0.17 0.27 0.37 0.48 0.58 0.68
xi

Figure 6: The distribution parameters learned from the training data in Figure 5a.

5.4 Justification of Learning Algorithm

This section contains technical developments necessary for proving that the algorithm
defined by Steps 1-4 in Section 5.3 indeed gives a solution to the problem (48) as output.
This is done in the following manner. First, a sufficient condition for a solution to the
problem (48) is given. The condition is given in terms of properties of a partition of the
set T , computed in Step 1 of the algorithm. Next, the sufficient condition is transformed
into a condition on a partition of the set Ψ, defined in Step 2. Finally, it is verified that
the partition of Ψ computed by means of K-means clustering in Step 3 satisfies this
condition.
A sufficient condition for a solution to the problem (48) is given below.
Theorem 4. Let D be a set of ND residual samples fulfilling Assumption 1, let n < ND ,
and let T be defined by (40). For a given positive integer K, if T = (T1 , T2 , . . . , TK ) is a
partition of T such that for each block T i ∈ T and for each element R k ∈ T i , it holds that
l (θ ⋆i ∣R k ) ≥ l (θ ⋆p ∣R k ) , p = 1, 2, . . . , K, (54)
where
θ ⋆i = arg max ∑ l (θ∣R k ) , i = 1, 2, . . . , K, (55)
(1)
θ∈Θ R k ∈T i

then
V (T , θ (K) ) = max V (T , θ) , (56)
θ∈Θ (K)

with V (T , θ) and θ (K) defined by (47) and (53), respectively.

5. Learning No-Fault Distribution Parameters 145

Proof. It is first noted that by Assumption 1, the joint pmf for the samples in R k ∈ T
is given by (42), which is equivalent to (12). From (15), and the fact that θ ∈ Θ(1) due
to (55), which implies that K = 1 and α 1 = 1 in (15), it holds that
M
l (θ∣R k ) = ∑ c k j log θ j , (57)
j=1

where c k j , j = 1, 2, . . . , M, denotes the total number of samples in R k that takes value x j .

Given is that T = (T1 , T2 , . . . , TK ) is a partition of T , such that (54) is satisfied for each
block T i ∈ T and for each element R k ∈ T i , with θ ⋆i , i = 1, 2, . . . , K, defined according
to (55). From (54) and (57) it follows that for each T i ∈ T and for each R k ∈ T i , it holds
that
M M
⋆ ⋆
∑ c k j log θ i j ≥ ∑ c k j log θ p j , (58)
j=1 j=1

for p = 1, 2, . . . , K. Due to (58) it holds that for each T i ∈ T and for each R k ∈ T i
M M
⋆ ⋆
max ∑ c k j log θ p j = ∑ c k j log θ i j . (59)
p∈{1,2,...,K} j=1 j=1

Due to (59) and the fact that T = (T1 , T2 , . . . , TK ) is a partition of T = (R1 , R2 , . . . , R NT ),

it holds that
NT M
V (T , θ ⋆ ) = ∑ max ∑ c k j log θ p j
⋆

k=1 p∈{1,2,...,K} j=1

K M
⋆
=∑ ∑ max ∑ c k j log θ p j (60)
i=1 R k ∈T i p∈{1,2,...,K} j=1
K M
= ∑ ∑ ∑ c k j log θ ⋆i j
i=1 R k ∈T i j=1

By definition (55), it holds that θ ⋆i ∈ Θ(1) , i = 1, 2, . . . , K, and therefore that θ (K) ∈ Θ(K)
with θ (K) defined by (56). To show that (56) is satisfied, it is sufficient to show that
V (T , θ ⋆ ) is a maximum value. Since θ ⋆i = (θ ⋆i1 , θ ⋆i2 , . . . , θ ⋆i M ) only is present in the term
M
⋆
∑ ∑ c k j log θ i j , (61)
R k ∈T i j=1

in (60), it follows that V (T , θ ⋆ ) as given by (60) is a maximum if (61) is a maximum,

for each i = 1, 2, . . . , M. It is now noted that, due to (57), (55) is equivalent to
M
θ ⋆i = arg max ∑ ∑ c k j log θ j , i = 1, 2, . . . , K,
(1)
θ∈Θ R k ∈T i j=1

which completes the proof.

146 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

The implication of Theorem 4, is that the solving of (48) can be reduced to finding a
partition T = (T1 , T2 , . . . , TK ) of the set T , defined according to (40), that fulfills (54).
Next result, establishes a relation between the sought partition T of T and a partition P
of the set Ψ computed in Step 2 of the algorithm.
To this end, KL-divergence needs to be properly defined. In general, for two distribu-
tions of a discrete random variable R with range X that are characterized by the pmf ’s
f 1 (r) and f 2 (r), the KL-divergence between f 1 (r) and f 2 (r) is defined as
f 1 (x k )
D ( f 1 (r)∥ f 2 (r)) = ∑ f 1 (x k ) log . (62)
x k ∈X f 2 (x k )
It follows that D ( f 1 (r)∥ f 2 (r)) ≥ 0, with equality if and only if f 1 (r) ≡ f 2 (r).
A transformation of the sufficient condition in Theorem 4 on a partition T of T to a
partition P of the set Ψ is given by the following lemma.
Lemma 3. Let P i ⊆ Ψ, let
T i = {R k ∈ T ∶ θ k ∈ P i } (63)
and let all residual samples in all R k ∈ T i fulfill Assumption 1. Then, for any θ p , θ q ∈ Θ(1)
and for each R k ∈ T i it holds that
l (θ p ∣R k ) ≥ l (θ q ∣R k ) , (64)
if and only if for each θ k ∈ P i it holds that
D (p (r∣θ k ) ∣∣p (r∣θ q )) ≤ D (p (r∣θ k ) ∣∣p (r∣θ q )) . (65)
Moreover, it holds that
arg max ∑ l (θ∣R k ) = arg min ∑ D (p (r∣θ k ) ∣∣p (r∣θ)) .
(1) (1) (66)
θ∈Θ R k ∈T i θ∈Θ θ k ∈P i

Proof. Given in Appendix A.

The problem of finding a partition T of T fulfilling the sufficient condition in Theo-
rem 4 can with aid of Lemma 3 be equivalently stated as the problem of finding a partition
P of Ψ fulfilling the condition (65). Next result verifies that a partition of Ψ computed in
Step 3 of the algorithm indeed satisfies (65).
Lemma 4. Let D be a set of ND residual samples fulfilling Assumption 1, let n < ND , let
T be defined by (40), let Ψ be defined by (49), and let K be a positive integer. Further,
let P⋆ = (P1 , P2 , . . . , PK ) be a partition of Ψ such that (51) holds and θ ⋆i , i = 1, 2, . . . , K,
satisfies (52). Then, it holds that
θ ⋆i = arg min ∑ D (p (r∣θ k ) ∣∣p (r∣θ)) , (67)
(1)
θ∈Θ θ k ∈P i

for i = 1, 2, . . . , K. Moreover, for each block P i ∈ P⋆ and for each element θ k ∈ P i it holds
that
D (p (r∣θ k ) ∣∣p (r∣θ ⋆i )) ≤ D (p (r∣θ k ) ∣∣p (r∣θ ⋆j )) , (68)
for j = 1, 2, . . . , K.
5. Learning No-Fault Distribution Parameters 147

Proof. Given in Appendix A.

With help of Theorem 4, Lemma 3, and Lemma 4, it can be proved that the output
from the algorithm in Section 5.3 indeed is a solution to the problem (48).

Theorem 5. Let D be a set of ND residual samples fulfilling Assumption 1, let n < ND ,

and let K be a positive integer. Further, let D, n, and K, be input to the algorithm defined
by Steps 1-4 in Section 5.3 and let θ (K) be the output. Then, θ (K) is a solution to (48).

Proof. Due to Step 3 in the algorithm, it is clear that the partition P⋆ = (P1 , P2 , . . . , PK )
fulfills (51) and that θ ⋆i , i = 1, 2, . . . , M, fulfills (52). Lemma 4 then implies that (68)
holds for each block P i ∈ P⋆ and for each element θ k ∈ P i , and that θ ⋆i , i = 1, 2, . . . , M,
fulfills (67). Now define T = (T1 , T2 , . . . , TK ) with T i according to (63) for i = 1, 2, . . . , K.
Note that due to (49) and (63), it follows that there is block T i ∈ T and an element R k ∈ T i
for each element θ k ∈ P i and for each block P i ∈ P⋆ , and vice versa. The fact that P⋆ is a
partition of Ψ, then implies that T is a partition of T . Appliance of Lemma 3 to each block
P i ∈ P⋆ then asserts that the partition T satisfies l (θ ⋆i ∣R k ) ≥ l (θ ⋆j ∣R k ) for each block
T i ∈ T and for each element R k ∈ T i , for all j = 1, 2, . . . , K. Further, since (67) holds
for θ ⋆i and due to (66) in Lemma 3, it follows that θ ⋆i = arg max θ∈Θ(1) ∑Rk ∈T i l (θ∣R k ),
i = 1, 2, . . . , M. The claim then follows directly from Theorem 4.

5.5 Implementation Issues

As said in Section 5.3, the most crucial part of the learning algorithm is Step 3, i.e., to
find a partition P of Ψ by means of hard K-means clustering (Bishop, 2006).
The complexity properties of the general K-means clustering problem depends on
which similarity measure, in the present case the KL-divergence, that is used in (51). For
instance, the problem is NP-hard (Aloise et al., 2009) when the (squared) Euclidean
distance is used, but can be solved in a polynomial time if a variance-based measure is
used (Inaba et al., 1994).
There are however a variety of heuristic algorithms available for solving the general
clustering problem approximately. One widely used (Berkhin, 2002) and in practice
often successful alternative, is the local search based K-Means algorithm (MacQueen,
1967; Lloyd, 1982), which also is referred to as Lloyd’s algorithm. For the particular, and
present, case when the KL-divergence is used as similarity measure, am approximate
solution to the clustering problem can be computed with the K-means algorithm in
polynomial time (Manthey and R0̈glin, 2009). For a general treatment of clustering
problems with similarity measures based on Bregman divergences, including the KL-
divergence, see Banerjee et al. (2005).
The K-means algorithm solves (51) by alternating two steps: i) given a set of distri-
bution parameters, assign each θ k ∈ Ψ to the most similar, in a KL-divergence sense,
distribution parameter, ii) update the distribution parameters according to the new
assignments. These two steps are iterated until no assignments change, which eventually
will be the case after a finite number of iterations (Selim and Ismail, 1984; Bottou and
Bengio, 1995).
148 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

As a remark, it is noted that the assignment and update steps in fact (Bishop, 2006)
correspond to the Expectation and Maximization steps, respectively, in the EM-algorithm
(Dempster et al., 1977). Thus, when the K-means algorithm is employed for solving
the clustering problem in Step 3, the learning algorithm in a sense resembles the EM-
algorithm.
It is also noted that in a practical implementation of the learning algorithm, the
training data set T is preferably split into an estimation data set E and a validation data
set V, in order to avoid over-fitting, see, e.g., Ljung (1999). In this setting, the estimation
data set E is used when solving (48) to obtain θ (K) , for a fixed K, and then the validation
data set V is used to evaluate if the obtained solution θ (K) and K satisfies (41).

Parameter Choices
The only parameter involved in the learning problem (41) is n, the number of residual
samples used in each R k when calculating the set T according to (40), which is done in
Step 1 of the algorithm.
The choice of n is determined by the properties of the considered system. As said
in Section 5.2, n should be chosen so that each R k ∈ T contains residual samples from
only one operating mode of the system. In order to achieve this, n should be chosen so
that the time it takes to collect a set of n residual samples is less than the average time
that the system spends in one operating mode.
Before learning the parameter θ NF , the quantization M of the residual, i.e., the size
of the residual range space and thereby the resolution of the residual distribution (1),
must be determined and the training data in D formated accordingly. Choosing M, in
fact, corresponds to the well-studied, but nevertheless difficult, problem of choosing the
number of bins in a regular histogram given a sample of data. Numerous approaches for
solving this problem exist, see for example Davies et al. (2009) and references therein.
Regardless of the method used to solve the problem, the choice of M is a trade-off
between accuracy and computational complexity, in terms of time and storage. A larger
M results in a more accurate discretization of the residual and higher resolution of the
probability distributions. On the other hand, a large M requires more memory and
involves more computations. The choice of M is also related to the choice of n and N,
since a small n, or N, together with a large M will result in an inadequate estimation of
the distribution, i.e., a sparse histogram.
The resolution of the residual also affects the fault detection performance in the
sense that if the resolution is high, small deviations of the residual can be perceived and
thereby small faults can be detected. As a guideline, the resolution of the residual can be
matched to the size of the smallest fault that should be possible to detect.

6 Application Example
The proposed residual evaluation approach has been applied to the problem of fault
detection in the gas-flow system of a Scania 6 cylinder, 13 liter, truck diesel engine
equipped with Exhaust Gas Recirculation (EGR), Variable Geometry Turbine (VGT),
6. Application Example 149

and intake throttle. The overall purpose of the study was to evaluate and demonstrate
the proposed on-line residual evaluation algorithm, as well as the off-line algorithm
for learning no-fault residual distributions, using measurement data. In addition, it is
also illustrated how the fault detection performance of the residual evaluation test is
influenced by different values of the involved parameters, in particular the size N of the
residual sample set R, and the number K of no-fault distribution parameters in θ NF .

6.1 Automotive Gas-Flow Diagnosis

The automotive gas-flow system, or rather the truck diesel engine itself, is a complex
system that operates in a variety of different operating modes characterized by for instance
ambient pressure and temperature, engine torque, engine speed, etc. Fault diagnosis of
the gas-flow system consists of detecting and isolating faults in sensors that measure
pressure, temperature, and mass-flow, actuators that control the EGR, VGT and intake
throttle, as well as faults related to, e.g., manifold leakages and clogged air filters. The
main incentives for gas-flow diagnosis are fault management by means of fault tolerant
control, On-Board Diagnosis (OBD) regulations, and repair and maintenance.
The model of the gas-flow system, which is described in Wahlström and Eriksson
(2011), relies on both fundamental first principle physics and gray-box modeling. For
diagnosis of the gas-flow system, a set of model-based residual generators were designed
with the sequential residual generation method described in Svärd and Nyberg (2010).
Naturally, the model does not describe all aspects of the system, leading to that all
residuals exhibit properties similar to those illustrated in Figure 1.
The particular residual considered in this study is sensitive to 10 faults: 3 leakages, 6
sensor faults, and 1 actuator fault. The value of the residual is based on a comparison of
two modeled values of the temperature before the cylinders.

6.2 Learning of No-Fault Distribution Parameters

The data set used for the learning contains measurements from parts of a test drive,
including both city and high-way driving, from Södertälje to Arvidsjaur in Sweden.
The data set contains in total 156,912 measurements sampled at a rate of 0.1 s, which
corresponds to more than 4 hours of driving. The measurements in the data set were
used as input to the considered residual generator and the residual samples used in the
study were computed off-line. In order to minimize the risk of over-fitting the no-fault
distribution parameters to the training data, the set of residual samples was divided into
an estimation data set, E, and a validation data set, V, of equal size.

Parameter Values
The value of the parameter M, i.e., the quantization of the residual samples, was chosen
to be M = 80. This makes it theoretically possible to detect faults that cause deviations
of the residual of about 3 kelvin. For this application, this is a good trade-off between
complexity, in terms of required memory and computational effort, and accuracy.
150 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

5
x 10
−1.4

−1.6

−1.8

−2

−2.2

−2.4

−2.6

−2.8 V (E, θ (K) )

V (V, θ(K) )
10 20 30 40 50 60 70
K

Figure 7: Evaluation of model fit metrics V (E , θ (K) ) (dashed, black) and V (V , θ (K) )
(solid, red) for different of values of K.

By a brief analysis of the residual samples, it seems that the minimum time that the
gas-flow system spends in one operating mode is approximately 4 s. This can be seen in
Figure 1, which in fact shows a subset of the residual samples used in this study. Since
the sample rate is 0.1 s, the parameter n, which specifies the number of residual samples
in each R k in the set T calculated in Step 1 of the algorithm, should be chosen to satisfy
n < 40, see Section 5.5. Based on this, the parameter was chosen to be n = 32.

Results
The algorithm for learning no-fault distribution parameters described in Section 5.3,
was implemented in Matlab. To solve the involved clustering problem, the K-means
algorithm (MacQueen, 1967; Lloyd, 1982) was employed. The algorithm was run with
K ∈ {1, 2, . . . , 79}.
Figure 7 shows the model fit metric (47) evaluated for the estimation data set E and
validation data set V, and with the parameters θ (K) , K ∈ {1, 2, . . . , 79}, obtained as output
from the algorithm. In Figure 7 it can first of all be seen that the quantitative behaviors
of V (E , θ (K) ) and V (V , θ (K) ) are similar, but that V (E , θ (K) ) always is larger than
V (V , θ (K) ). The latter seems natural since the data set E indeed was used as input to
the learning algorithm. Second, it can also be noticed that the improvement in model fit
as a function of K is larger for smaller K.
Based on the above observations, and with respect to the trade-off between model
fit and required computational effort stated by (41), K = 10 was chosen. The 10 no-fault
distribution parameters, i.e., the rows of θ (10) , are shown in Figure 8. Note that the
characteristics of the learned distribution parameters are quite different, some are multi-
6. Application Example 151

0.5
0.2

θ1

θ2
0.1
0 0
20 40 60 80 20 40 60 80
0.2
0.1

θ3

θ4
0.1

0 0
20 40 60 80 20 40 60 80

0.2
θ5

θ6
0.2

0 0
20 40 60 80 20 40 60 80
0.4

0.2
θ7

θ8
0.2

0 0
20 40 60 80 20 40 60 80

0.05

θ10
θ9

0.05

0 0
20 40 60 80 20 40 60 80
xi xi

Figure 8: The no-fault distribution parameters contained in θ NF = θ 10 .

modal and some have only one single mode. In addition, the distribution parameters are
overlapping.

6.3 Evaluation Setup

The set of residual samples used in the evaluation is based on the validation data set V,
which contains in total 78,456 residual samples. Note that this data set is different than
the estimation data set used to learn the no-fault distribution parameters as described
above.

Considered Fault
The fault considered in the evaluation is a fault in the boost pressure sensor. The relation
between the boost pressure sensor signal y pim and the considered residual is dynamic,
and the residual value r depends on the derivative of the boost pressure sensor signal,
as well as the actual sensor signal, i.e., r = F(y pim , ẏ pim , . . .), where F(⋅) is a non-linear
function. The considered fault scenario is a gain fault in the boost pressure sensor, that is,
the sensor signal y pim fed to the residual generator is y pim = δ ⋅ pim , where pim is the actual
boost pressure, and δ ≠ 1 indicates a gain fault. Gain faults in the range δ ∈ [0.2, 1.8]
were implemented off-line by modification of the sensor signal.

Fault Detection Performance Metrics

The main metric considered in the evaluation is the power function, in this context
defined as

β λR (δ) = Pr (detection∣δ) = Pr(λR (R) > J∣δ), (69)

152 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

for the test λR (R) > J, defined in Section 4. Note that δ = 1 in the power function (69)
corresponds to that α ∈ Υ and θ = θ NF in the power function (34).
To study another important aspect of the detection performance, the Mean Time
to Detection (MTD) will also be considered. Note that the choices of the values of the
parameters N and J, i.e., the size of the residual sample set R and the detection threshold,
respectively, are a trade-off between the metrics measured by the power function and
the MTD, see Section 4.2.
In order to be able to say something about the relative performance of the proposed
residual evaluation approach, it will be compared to the often in practice used norm-
based residual evaluation approach built upon the test statistic s(R) = N1 ∑r k ∈R̄ r̄ 2k
where R ¯ = (r̄ 1 , r̄ 2 , . . . , r̄ N ) is a low-passed filtered version of the sample R. Note that
the purpose of this comparison merely is to give a feeling of the relative performance
of the proposed residual evaluation approach, and the comparison is not claimed to
be exhaustive. The low-pass filtering was in this study performed with a first-order
Butterworth filter and for comparison, four different cut-off frequencies, f 1 = 0.005
Hz, f 2 = 0.05 Hz, f 3 = 0.5 Hz, and f 4 = 4.5 Hz, were used. The corresponding test
statistics are denoted s 1 , s 2 , s 3 , and s 4 . Recall that the residual is sampled at a rate of 0.1 s,
corresponding to a frequency of f s = 10 Hz.

Implementation Details

The residual evaluation algorithm described in Section 4.2, was implemented in Matlab.
To solve the optimization problem (28), a tailored solver was generated using the soft-
ware tool CVXGEN (Mattingley and Boyd, 2012), see Section 4.3. With this solver, the
optimization problem (28) in the setting of this study, could be solved in the time scale
of 10−4 s. Solving the corresponding problem using the Matlab optimization toolbox
results in solving times of the magnitude of 10−3 s. Solving the original numerator MLE
problem (25) using the Matlab optimization toolbox however renders solving times of
magnitude 10−1 s.
As said in Section 4, it is only justified, in terms of the probability of false detection,
to consider the relaxed problem (28) instead of the original MLE problem (25) if the size
N of the set of residual samples R is sufficiently large. To investigate the meaning of
sufficiently large in the context of this study, Figure 9 shows a comparison of the solutions
to the respective problems, as well as a comparison of the corresponding test statistics, for
different values of N in the no-fault case. Figure 9a shows a comparison of the solution
α R to the relaxed problem (28) and the solution α O to the original MLE problem (25),
by means of the quantity ∥ϕR − ϕO ∥22 , where ϕR = ∑Ki=1 α Ri θ NF K O NF
i and ϕO = ∑ i=1 α i θ i .
Figure 9b shows a comparison of the test statistics λR (R), based on the relaxed problem
and λ(R), based on the original MLE problem, by means of the quantity λλ(R) R (R)
. The
results shown in Figure 9 are the average of 150,000 runs. Based on Figure 9, it was
concluded that in the context of this study, N > 1000 is good enough to justify the
switch to the relaxed problem. Recall from Section 4.3 that the complexity of the relaxed
problem, in terms of computational time and memory, is independent of N.
The threshold J for the test λR (R) > J, as well as the thresholds for the norm-based
6. Application Example 153

−1
10
0.95

0.9
φR − φO 22

0.85

λR (R)
λ(R)
0.8

−2
10 0.75

0.7

2 3 2 3
10 10 10 10
N N
(a) Comparison of α R and α O . (b) Comparison of λR (R) and λ(R).

Figure 9: Investigation of how the relation between the solutions α R and α O to the
relaxed (28) and original (25) MLE problems, respectively, as well as the corresponding
test quantities, λR (R) and λ(R), changes with the size N of the residual sample R.

tests, was computed based on the estimation data set used in the learning of the no-fault
distribution parameters. All thresholds were computed in order to give a probability of
false detection of 5 %. All residual sample sets were taken from the validation data set by
using a sliding window, see Section 4.2.

6.4 Evaluation Results

Figure 10 shows the residual and the test statistics λR (R) and s 1 (R), for size N = 1024 of
the set of residual samples R, in a test case when an abrupt fault occurs at time t = 450 s.
The fault is a 10 % gain fault in the boost pressure sensor, which correspond to δ = 1.1.
For the test statistic λR (R), the parameter θ NF = θ (10) illustrated in Figure 8 was used.
It can be noted that, as in Figure 1, the residual in Figure 10 is non-zero in the no-fault
case, i.e., for t < 450 s, and its distribution exhibit non-stationary features in both the
no-fault and fault cases. Further, it can also be seen that the difference between the
residual in the no-fault and fault cases are small, but that there is a significant difference
between the test statistic λR (R) in the no-fault and fault cases. Since λR (R) is above the
threshold in the fault case, the present fault can be detected. The fault can however not
be detected in a reliable way with the test statistic s 1 (R), which in this case performed
better than each of the test statistics s 2 (R), s 3 (R), and s 4 (R).

Power as Function of N
To illustrate how the power of the test λR (R) > J varies with the number N of residual
samples in R, Figure 11 shows the power function for the test for different values of N
and parameter θ NF = θ (10) . Figure 11 clearly shows that the power of the test increases
with N.
In Figure 11, it can be seen that as small faults as δ ≈ 0.95 and δ ≈ 1.05, corresponding
to gain faults in the boost pressure sensor of about ± 5 %, may be possible to detect if N
154 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

200

100
r

0
300 350 400 450 500 550 600 650 700

3000
λR

2000
1000
300 350 400 450 500 550 600 650 700
6
x 10
2
1.5
s1

1
0.5

300 350 400 450 500 550 600 650 700

Time [s]

Figure 10: Residual r (top), test statistic λR (R) (middle), and test statistic s 1 (R) (bottom),
when an abrupt fault occurs at t = 450 s. The fault is a 10 % gain fault in the boost pressure
sensor, which corresponds to δ = 1.1.
6. Application Example 155

0.9

0.8

0.7

0.6
βγ (δ)

0.5

0.4

0.3 N = 64
N = 128
0.2 N = 256
N = 512
N = 1024
0.1 N = 2048
N = 4096
N = 8192
0
0.4 0.6 0.8 1 1.2 1.4 1.6 1.8
Fault Size δ

Figure 11: Power function β λR (δ) for the test λR (R) > J for different sizes N of the
sample R. The power increases with N.

is sufficiently large. To further illustrate this, Figure 12 shows the Receiver Operating
Characteristic (ROC) curve for different values of N, for a test case with δ = 1.05. The
ROC curve shows the relation between the True Positive Rate (TPR) of detection (y-axis),
and the False Positive Rate (FPR) of detection (x-axis), i.e., the relation between correct
detections and false detections, when the detection threshold J is varied. Figure 12 again
shows that the detection performance increases with N, but also that the rate of false
detections can be made lower than the rate of actual detections even for moderate values
of N.

Power as Function of K

To analyze how the power of the test λR (R) > J varies with different values of the
parameter θ NF = θ (K) , specifying the set of no-fault residual distributions, or more
specifically with K, i.e., the number of operating modes of the system, Figure 13 shows
the power function for the test for different values of K. All considered parameters θ (K)
were obtained by means of the algorithm described in Section 5. To also see how the
power of the test depends on the relation between K and N, Figure 13 shows how the
power function depends on K for different values of N.
The general conclusion from the evaluation shown in Figure 13, is that for a given
256 ≤ N ≤ 1024, the power of the test λR (R) > J is almost equal for all considered K.
For small N, e.g., N = 64, however, the power increases with K and for large N, e.g.,
N = 4096, the power increases as K decreases. The liable rationale behind this is that a
small K results in a generic and averaged, in terms of operating modes, description of
156 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

0.9

0.8

0.7

0.6
TPR

0.5

0.4

0.3 N = 64
N = 128
0.2 N = 256
N = 512
N = 1024
0.1 N = 2048
N = 4096
N = 8192
0
0 0.2 0.4 0.6 0.8 1
FPR

Figure 12: ROC for test λR (R) > J when δ = 1.05 for different sizes N of the sample R.

the set of no-fault residual distributions. A large set of residual samples typically means
residual samples from a variety of operating modes, while a small set of residual samples
on the other hand means residual samples from only a few operating modes. This means
that a parameter θ NF corresponding to a small K, typically can describe the distribution
of a large set of no-fault residual samples, i.e., a large N, better than the distribution of
a small set of no-fault residual samples, i.e., a small N. An accurate description of the
no-fault residual distribution makes it possible to distinguish such from a faulty residual
distribution, which indeed means good detection power.

Comparison of Tests

Figure 14 shows a comparison of the power functions for the tests based on the test
statistics λR (R), s 1 (R), s 2 (R), s 3 (R), and s 4 (R), for different values of the parameter
N, which specifies the number of residual samples in R. For the test statistic λR (R), the
parameter θ NF = θ (10) illustrated in Figure 8 was used.
Figure 14 shows that the powers of all tests increases with N and that the differences
between the power of the tests seem to decrease with an increasing N. It can also be seen
that the power function for the test based on λR (R) is near symmetric for all N, while
the power functions for the other tests are asymmetric and tend to be less powerful for
faults sizes δ < 1. The difference in power for δ < 1 is for example significant for N = 64.
The mean time to detection (MTD) for each of the tests based on λR (R), s 1 (R),
s 2 (R), s 3 (R), and s 4 (R), is shown in Figure 15, for different sizes N of the sample R.
In order to get comparable results, the MTD was computed as the mean of the
detection time for the two largest faults, corresponding to δ = 0.2 and δ = 1.8, since all
7. Conclusions 157

N = 64 N = 256
1 1

0.8 0.8

0.6 0.6
β(δ)

0.4 0.4

0.2 0.2

0.5 1 1.5 0.5 1 1.5

N = 1024 N = 4096
1 1

0.8 0.8

0.6 0.6
β(δ)

K = 3
0.4 0.4 K = 10
K = 22
0.2 0.2 K = 30
K = 48
K = 64
0 0
0.5 1 1.5 0.5 1 1.5
Fault Size δ Fault Size δ

Figure 13: Comparison of power functions for the test based on λR (R) for a set of no-fault
distribution parameters θ (K) with different values of K.

considered test statistics are able to detect these faults to some extent, see Figure 14. Each
fault was injected in the test sequence at 10 time instances.
In Figure 15, it can be seen that the MTD’s for all tests increase for N > 256. For
N < 256, however, the MTD decreases with N for the norm-based tests and increases
with N for the test based on λR (R). It is worth noting that the MTD for the test based
on λR (R) is smaller for all N than the MTD’s for all other tests.

7 Conclusions
As illustrated by Figure 1, residuals in practice often deviate from zero even in the
no-fault case due to uncertainties and disturbances caused by for example modeling
errors, measurement noise, and unmodeled phenomena. In addition, due to changes
in the operating mode of the underlying system, the magnitude of uncertainties and
disturbances is time-varying, causing the behavior of residuals to be non-stationary. To
handle these issues, a novel statistical residual evaluation approach has been proposed.
The main contribution is to base the residual evaluation on an explicit comparison of
the probability distribution of the residual, estimated on-line using current data, with a
no-fault residual distribution. The no-fault distribution is based on a set of a-priori known
158 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

N = 64 N = 256
1 1

0.8 0.8

0.6 0.6
β(δ)

0.4 0.4

0.2 0.2

0 0
0.5 1 1.5 0.5 1 1.5

N = 1024 N = 4096
1 1

0.8 0.8

0.6 0.6
β(δ)

γ(R)
0.4 0.4 s1 (R)
s2 (R)
0.2 0.2 s3 (R)
s4 (R)
0 0
0.5 1 1.5 0.5 1 1.5
Fault Size δ Fault Size δ

Figure 14: Comparison of power functions for the tests based on λR (R) (solid with dot
markers), s 1 (R) (solid), s 2 (R) (dashed), s 3 (R) (dash-dotted), and s 4 (R) (dotted), for
different sizes N of the sample R.

λR (R)
MTD [samples]

s 1 (R)
s 2 (R)
10
2 s 3 (R)
s 4 (R)

64 128 256 512 1024 2048 4096 8192

N [samples]

Figure 15: Comparison of the Mean Time to Detection (MTD) for the tests based on
λR (R) (solid with dot markers), s 1 (R) (solid), s 2 (R) (dashed), s 3 (R) (dash-dotted),
and s 4 (R) (dotted), for different sizes N of the sample R.
A. Proofs of Theorems and Lemmas 159

no-fault distributions, and is continuously adapted to the current operating mode of the
system by means of the likelihood maximization problem (26). A computational efficient
version of the residual evaluation test statistic suitable for online implementation has
been derived by considering a properly chosen approximation (28) to the maximization
problem (26). The fault detection properties of the resulting residual evaluation test have
been analyzed by means of Theorems 2 and 3.
As a second contribution, a method has been proposed for learning the required set
of no-fault residual distributions off-line from training data. Thus, by using this method,
the overall residual evaluation method is data-driven and no assumptions regarding the
properties of the probability distribution of the residual, nor the properties of the faults
to be detected, are needed. The method was given by means of an algorithm based on
K-means clustering, and was theoretically justified in Theorem 5.
The proposed residual evaluation method has been evaluated with measurement
data on a residual for fault detection in the gas-flow system of a Scania truck diesel
engine. The proposed test statistic performs well despite non-conventional properties
of the considered residual. For instance, the method outperforms regular norm-based
methods using constant thresholding in the sense that small faults can be detected in cases
where these methods fail. It has been empirically investigated how the fault detection
performance of the proposed method is influenced by different values of the involved
parameters.

Acknowledgment
This work was sponsored by Scania and VINNOVA (Swedish Governmental Agency for
Innovation Systems).

A Proofs of Theorems and Lemmas

Lemma 5. Let {r 1 , r 2 , . . . , r N } be a set of iid samples from the pmf p (r∣ϕ) described by (1),
let ϕ⋆N be the MLE of ϕ based on {r 1 , r 2 , . . . , r N }, and let
⎧
⎪ M ⎫
⎪
Φ′ = ⎨ϕ ∈ R M ∶ ϕ j > 0,
⎪ ⎪
∑ ϕ j = 1⎬ . (70)
⎪
⎪ j=1
⎪
⎪
⎩ ⎭
Then, for every ε > 0 and ϕ ∈ Φ′ , it holds that

lim Pr (∣ϕ⋆N − ϕ∣ ≥ ε) = 0. (71)

N→∞

Proof. According to (Casella and Berger, 2001, Theorem 10.1.6), (71) holds if the following
regularity conditions on p (r∣ϕ) are satisfied: i) r 1 , r 2 , . . . , r N are iid samples from p (r∣ϕ);
ii) the parameter ϕ is identifiable, i.e., if ϕ ≠ ϕ′ , then p (r∣ϕ) ≠ p (r∣ϕ′ ); iii) the densities
p (r∣ϕ), for all ϕ ∈ Φ′ , have common support, and p (r∣ϕ) is differentiable in ϕ; iv) the
parameter space Φ′ contains an open set φ of which the true parameter ϕ is an interior
point. It is first noted condition i) is trivially satisfied by assumption. For condition ii),
160 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

assume that ϕ ≠ ϕ′ . This implies that there exists k ∈ {1, 2, . . . , M} such that ϕ k ≠ ϕ′k ,
and it holds that

p (r = x k ∣ϕ) = ϕ k ≠ ϕ′k = p (r = x k ∣ϕ) ,

and hence p (r∣ϕ) ≠ p (r∣ϕ′ ). Regarding condition iii), it is recalled that the support of a
function is the set of points where the function is non-zero zero. Thus, the first part of
condition iii) is trivially satisfied due to the form of the pmf p (r∣ϕ) in (1) and the prop-
erties of the parameter space Φ′ defined by (70). Considering next the differentiability, it
holds that
⎧
⎪
∂ ⎪1 k=j
p (x j ∣ϕ) = ⎨
∂ϕ k ⎪
⎪0 k≠j
⎩
for j = 1, 2, . . . , M, and hence condition iii) is satisfied. For condition iv), it is noted that
the parameter space Φ′ is an open set. Therefore every ϕ ∈ Φ′ is an interior point of an
open set and condition iv) is satisfied. This completes the proof.

Lemma 6. Let R be a set of residual samples, c 1 , c 2 , . . . , c M be defined according to (13),

and let Assumptions 1 and 2 be valid. Further, let α ⋆ ∈ Υ and θ ⋆ ∈ Θ(K) fulfill

K cj
⋆ ⋆
∑ αi θ i j = , (72)
i=1 N

(K)
where N = ∑ M
j=1 c j . Then, for each α ∈ Υ and θ ∈ Θ it holds that

1 L (α ⋆ , θ ⋆ ∣R)
D (p (r∣α ⋆ , θ ⋆ ) ∥p (r∣α, θ)) = log , (73)
N L (α, θ∣R)

where p (r∣⋅) is given by (3) and L (⋅, ⋅∣R) by (14).

Proof. It is first noted that p (x j ∣α, θ) = p (r = x j ∣α, θ) = ∑Ki=1 α i θ i j according to (3)

and (1). By using this, (62), and (72), the left hand side of (73) can be written as

M p (x j ∣α ⋆ , θ ⋆ )
D (p (r∣α ⋆ , θ ⋆ ) ∥p (r∣α, θ)) = ∑ p (x j ∣α ⋆ , θ ⋆ ) log
j=1 p (x j ∣α, θ)
∑ i=1 α ⋆i θ ⋆i j
M K K
= ∑ (∑ α ⋆i θ ⋆i j ) log K
(74)
j=1 i=1 ∑ i=1 α i θ i j
M j c
cj
=∑ log K N .
j=1 N ∑ i=1 α i θ i j

Consider next the right hand side of (73). Due to the prerequisites of the lemma, the
likelihood l (⋅, ⋅∣R) is given by (15). With this, the right hand side of (73) can be written
A. Proofs of Theorems and Lemmas 161

as
1 L (α ⋆ , θ ⋆ ∣R) 1
log = (l (α ⋆ , θ ⋆ ∣R) − l (α, θ∣R))
N L (α, θ∣R) N
1 ⎛M K
⋆ ⋆
M K ⎞
= ∑ c j log [∑ α i θ i j ] − ∑ c j log [∑ α i θ i j ]
N ⎝ j=1 i=1 j=1 i=1 ⎠
∑ i=1 α ⋆i θ ⋆i j
K
1 M
= ∑ c j log K
N j=1 ∑ i=1 α i θ i j
cj
1 M
= ∑ c j log K N ,
N j=1 ∑ i=1 α i θ i j
which equals (74).
Proof of Lemma 3. First note that (63) implies that for each θ k ∈ P i there is an element
R k ∈ T i , and vice versa. By using the same arguments as in the proof of Theorem 4, it
holds that the log-likelihood l (θ k ∣R k ) is given by (57). Thus, each MLE problem in (49)
is equivalent to (16) if K = 1 and α 1 = 1, or equivalently (17), and Theorem 1 is applicable.
c
From Theorem 1 it then follows that θ k j = nk j , j = 1, 2, . . . , M, for each θ k ∈ Ψ. From
Lemma 6, again with K = 1 and α 1 = 1, it follows that
1 L (θ k ∣R k )
D (p (r∣θ k ) ∥p (r∣θ)) = log
n L (θ∣R k )
(75)
1
= (l (θ k ∣R k ) − l (θ∣R k )) ,
n
for any θ ∈ Θ(1) . Consider now the inequality (65). By exploiting (75), the inequality (65)
can be written as
D (p (r∣θ k ) ∥p (r∣θ p )) ≤ D (p (r∣θ k ) ∥p (r∣θ q ))
⇐⇒
1 1
(l (θ k ∣R k ) − l (θ p ∣R k )) ≤ (l (θ k ∣R k ) − l (θ q ∣R k ))
n n
⇐⇒
l (θ p ∣R k ) ≥ l (θ q ∣R k ) ,
and equivalence between (65) and (64) has been established. Consider now (66). By
again using (75) and (63), it follows that
1
arg min ∑ D (p (r∣θ k ) ∥p (r∣θ)) = arg min ∑ (l (θ k ∣R k ) − l (θ∣R k )) . (76)
(1) (1) n
θ∈Θ θ k ∈P i θ∈Θ R k ∈T i

Since θ only is present in the term l (θ∣R k ) in (76), and due to the minus sign in front
of this term, (76) can be written as
1
arg min ∑ (l (θ k ∣R k ) − l (θ∣R k )) = arg max ∑ l (θ∣R k ) ,
(1)
θ∈Θ R ∈T i n θ∈Θ (1) R k ∈T i
k
162 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

and the proof is complete.

Proof of Lemma 4. First note that by using the same arguments as in Theorem 4 and
c
Lemma 3 it holds that the likelihood function l (θ k ∣R k ) is given by (57) and that θ k j = nk j ,
j = 1, 2, . . . , M, for each θ k ∈ Ψ. Consider now the claim (67). Define T i according to (63)
for i = 1, 2, . . . , K. Due to (63), (52), and since θ k ∈ P i ∈ P⋆ and P⋆ = ⋃P i ∈P⋆ ⋃θ k ∈P i θ k =
Ψ, it follows that
1 1 ck j
θ ⋆i j = ∑ θk j = ∑
∣P i ∣ θ k ∈P i ∣T i ∣ Rk ∈T i n
(77)
∑Rk ∈T i c k j
= ,
∣T i ∣ ⋅ n

for i = 1, 2, . . . , K and j = 1, 2, . . . , M. It is now noted that ∑Rk ∈T i c k j denotes the number

of samples in all R k ∈ T i that takes value x j , and that ∣T i ∣ ⋅ n denotes the total number of
samples in all R k ∈ T i , which indeed is equal to ∑ M j=1 ∑R k ∈T i c k j . From (77), it can thus
be deduced that θ ⋆i j = ∑M j c , where c j = ∑Rk ∈T i c k j . Theorem 1 then implies that
c
j=1 j

θ ⋆i = arg max l (θ∣ ∪Rk ∈T i R k ) (78)

θ∈Θ (1)

for i = 1, 2, . . . , K. Now note that due to the properties of the log-likelihood function (57)
it holds that
M
l (θ∣ ∪Rk ∈T i R k ) = ∑ ∑ c k j log θ j
j=1 R k ∈T i
M
= ∑ ∑ c k j log θ j (79)
R k ∈T i j=1

= ∑ l (θ∣R k )
R k ∈T i

and thus (78) turns into

θ ⋆i = arg max ∑ l (θ∣R k ) ,

θ∈Θ (1) R k ∈T i (80)

for i = 1, 2, . . . , K. From (80), the claim (67) follows directly via (66) in Lemma 3. Now
turn to the claim (68) and denote
K
M(P⋆ ) = ∑ ∑ D (p (r∣θ k ) ∥p (r∣θ ⋆i )) , (81)
i=1 θ k ∈P i

where, due to (67), it holds that

θ ⋆i = arg min ∑ D (p (r∣θ k ) ∣∣p (r∣θ)) , (82)

(1) θ∈Θ θ k ∈P i
A. Proofs of Theorems and Lemmas 163

for i = 1, 2, . . . , K. To show that (68) holds by contradiction, assume that there exists
θ p ∈ P i , for some P i ∈ P⋆ , such that

D (p (r∣θ p ) ∣∣p (r∣θ ⋆i )) > D (p (r∣θ p ) ∣∣p (r∣θ ⋆j )) , (83)

for some j = 1, 2, . . . , K. Now define

M̄ = M(P⋆ ) + D (p (r∣θ p ) ∣∣p (r∣θ ⋆j )) − D (p (r∣θ p ) ∣∣p (r∣θ ⋆i )) , (84)

and note that, due to (83), it holds that M̄ < M(P⋆ ). Define a new partition P′ of Ψ by
moving θ p from block P i ∈ P⋆ to block P j ∈ P⋆ , i.e., let P′ = (P′1 , P′2 , . . . , P′K ) where

⎧
⎪P i ∖ {θ p } , l=i
⎪
⎪
P′l
⎪
= ⎨P j ∪ {θ p } , l=j (85)
⎪
⎪
⎪
⎪
⎩P l , else.

Form
K
M(P′ ) = ∑ ∑ D (p (r∣θ k ) ∥p (r∣θ ′l )) (86)
l =1 θ k ∈P′l

where

θ ′l = arg min ∑ D (p (r∣θ k ) ∣∣p (r∣θ)) , (87)

(1)
θ∈Θ θ k ∈P′l

for l = 1, 2, . . . , K. It is first noted that due to Lemma 3, and a similar argument as above
including (79), (78), and (77), the distribution parameters θ ′l , l = 1, 2, . . . , K, satisfy (52).
Consider now the quantity M̄ − M(P′ ), which by using (84) and (86) can be written as

M̄ − M(P′ ) = M(P⋆ ) + D (p (r∣θ p ) ∣∣p (r∣θ ⋆j )) − D (p (r∣θ p ) ∣∣p (r∣θ ⋆i ))

K (88)
− ∑ ∑ D (p (r∣θ k ) ∥p (r∣θ ′l )) .
l =1 θ k ∈P′l

Due to (81) and the properties of the partition P′ as given by (85), it holds that

M(P⋆ ) + D (p (r∣θ p ) ∣∣p (r∣θ ⋆j )) − D (p (r∣θ p ) ∣∣p (r∣θ ⋆i ))

K
= ∑ ∑ D (p (r∣θ k ) ∥p (r∣θ ⋆l )) ,
l =1 θ k ∈P′l

and therefore (88) can be written as

K K
M̄ − M(P′ ) = ∑ ∑ D (p (r∣θ k ) ∥p (r∣θ ⋆l )) − ∑ ∑ D (p (r∣θ k ) ∥p (r∣θ ′l )) . (89)
l =1 θ k ∈P′l l =1 θ k ∈P′l
164 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

It is now noted that due to (87) it holds that

K K
′ ⋆
∑ ∑ D (p (r∣θ k ) ∥p (r∣θ l )) ≤ ∑ ∑ D (p (r∣θ k ) ∥p (r∣θ l ))
l =1 θ k ∈P′l l =1 θ k ∈P′l

and therefore (89) implies that M̄ − M(P′ ) ≥ 0, or equivalently that M(P′ ) ≤ M̄. Thus,
it holds that M(P′ ) ≤ M̄ < M(P⋆ ), which contradicts the statement (51). Hence, (83)
cannot hold and consequently (68) holds and the proof is complete.
References 165

References
M. Abid, W. Chen, S. X. Ding, and A.Q. Khan. Optimal residual evaluation for nonlinear
systems using post-filter and threshold. International Journal of Control, 84(3):526 – 39,
2011.

H. Akaike. A new look at the statistical model identification. IEEE Transactions on

Automatic Control, 19(6):716 – 723, 1974.

I. M. Al-Salami, S. X. Ding, and P. Zhang. Statistical based residual evaluation for

fault detection in networked control systems. In Proceedings of Workshop on Advances
Control and Diagnosis, Nancy, France, 2006. Nancy University.

I. M. Al-Salami, K. Chabir, D. Sauter, and C. Aubrun. Adaptive thresholding for

fault detection in networked control systems. In Proceedings of the IEEE International
Conference on Control Applications, pages 446 – 451, Yokohama, Japan, 2010.

D. Aloise, A. Deshpande, P. Hansen, and P. Popat. Np-hardness of euclidean sum-of-

squares clustering. Machine Learning, 75:245–248, 2009.

A. Banerjee, S. Merugu, I. S. Dhillon, J. Ghosh, and J. Lafferty. Clustering with bregman

divergences. Journal of Machine Learning Research, 6(10):1705 – 1749, 2005.

M. Basseville and I. V. Nikiforov. Detection of Abrupt Changes - Theory and Application.

Prentice-Hall, 1993.

D. Basu. On the elimination of nuisance parameters. Journal of the American Statistical

Association, 72(358):355–366, 1977.

J. O. Berger, B. Liseo, and R. L. Wolpert. Integrated likelihood methods for eliminating

nuisance parameters. Statistical Science, 14(1):1–22, 1999.

P. Berkhin. Survey of clustering data mining techniques. Techniques, 10(c):1–56, 2002.

C. M. Bishop. Pattern Recognition and Machine Learning. Springer, 2006.

A. Bjorck. Numerical Methods for Least Squares Problems. SIAM, Philadelphia, PA,
1996.

M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki. Diagnosis and Fault-Tolerant

Control. Springer, second edition, 2006.

M. R. Blas and M. Blanke. Stereo vision with texture learning for fault-tolerant automatic
baling. Computers and Electronics in Agriculture, 75(1):159 – 68, 2011.

L. Bottou and Y. Bengio. Convergence properties of the K-Means algorithm. In Advances

in Neural Information Processing Systems, volume 7. MIT Press, Denver, 1995.

S. Boyd and L. Vandenberghe. Convex Optimization. Cambridge Univ. Press, Cambridge,

U.K, 2004.
166 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

G. Casella and R. L. Berger. Statistical Inference. Duxbury Press, second edition, 2001.
J. Chen and R. J. Patton. Robust Model-Based Fault Diagnosis for Dynamic Systems. MA:
Kluwer, Boston, 1999.
R. N. Clark. State estimation schemes for instrument fault detection. In R. J. Patton,
P. M. Frank, and R. N. Clark, editors, Fault Diagnosis in Dynamic Systems: Theory and
Application, chapter 2, pages 21–45. Prentice Hall, 1989.
L. Davies, U. Gather, D. Nordman, and H. Weinert. A comparison of automatic his-
togram constructions. ESAIM: Probability and Statistics, 13:181–196, 2009.
A. P. Dempster, N. M. Laird, and D. B. Rubin. Maximum likelihood from incomplete
data via the em algorithm. Journal of the Royal Statistical Society, 39(1):1–38, 1977.
S. X. Ding, P. Zhang, and E. L. Ding. Fault detection system design for a class of stochas-
tically uncertain systems. In Hong-Yue Zhang, editor, Fault Detection, Supervision and
Safety of Technical Processes 2006, pages 705 – 710. Elsevier Science Ltd, 2007.
A. Emami-Naeini, M. M. Akhter, and S. M. Rock. Effect of model uncertainty on failure
detection: the threshold selector. IEEE Transactions on Automatic Control, 33(12):1106
–1115, 1988.
P. M. Frank. Enhancement of robustness in observer-based fault-detection. International
Journal of Control, 59(4):955–981, 1994.
P. M. Frank. Residual evaluation for fault diagnosis based on adaptive fuzzy thresh-
olds. In IEE Colloquium on Qualitative and Quantitative Modelling Methods for Fault
Diagnosis, pages 401 –411, 1995.
P. M. Frank and X. Ding. Survey of robust residual generation and evaluation methods
in observer-based fault detection systems. Journal of Process Control, 7(6):403 – 424,
1997.
J. J. Gertler. Fault Detection and Diagnosis in Engineering Systems. Marcel Dekker, 1998.
F. Gustafsson. Adaptive Filtering and Change Detection. Wiley, 2000.
G. H. Hardy, J. E. Littlewood, and G. Polya. Inequalities. Cambridge, 1934.
K.H. Haskell and R.J. Hanson. An algorithm for linear least squares problems with
equality and nonnegativity constraints. Mathematical Programming, 21(1):98–118, 1981.
T. Höfling and R. Isermann. Fault detection based on adaptive parity equations and
single-parameter tracking. Control Engineering Practice, 4(10):1361 – 1369, 1996.
M. Inaba, N. Katoh, and H. Imai. Applications of weighted voronoi diagrams and
randomization to variance-based k-clustering: (extended abstract). In Proceedings of
the tenth annual symposium on Computational geometry, SCG ’94, pages 332–339, New
York, NY, USA, 1994. ACM.
References 167

A. Ingimundarson, A. G. Stefanopoulou, and D. A. McKay. Model-based detection of

hydrogen leaks in a fuel cell stack. IEEE Transactions on Control Systems Technology, 16
(5):1004 –1012, 2008.
S. Kullback and R. A. Leibler. On information and sufficiency. Annals of Mathematical
Statistics, 22(1):79–86, 1951.
C.L. Lawson and R.J. Hanson. Solving Least Squares Problems. Prentice-Hall, Englewood
Cliffs, NJ, 1974.
W. Li, Z. Zhu, and S. X. Ding. Fault detection design of networked control systems. IET
Control Theory and Applications, 5(12):1439 – 49, 2011.
L. Ljung. System Identification - Theory for the User. Prentice-Hall, Upper Saddle River,
N.J., 2 edition, 1999.
S. P. Lloyd. Least squares quantization in pcm. IEEE Transactions on Information
Theory, 28(2):129–137, 1982.
J. B. MacQueen. Some methods for classification and analysis of multivariate ob-
servations. In Proceedings of 5th Berkeley Symposium on Mathematical Statistics and
Probability, pages 281–297. University of California Press, 1967.
B. Manthey and H. R0̈glin. Worst-case and smoothed analysis of k-means clustering
with bregman divergences. In Yingfei Dong, Ding-Zhu Du, and Oscar Ibarra, editors,
Algorithms and Computation, volume 5878 of Lecture Notes in Computer Science, pages
1024–1033. Springer Berlin, Heidelberg, 2009.
J. Mattingley and S. Boyd. Real-time convex optimization in signal processing. IEEE
Signal Processing Magazine, 27(3):50–61, 2010.
J. Mattingley and S. Boyd. CVXGEN: a code generator for embedded convex optimiza-
tion. Optimization and Engineering, 13(1):1–27, 2012.
S. A. Murphy and A. W. van der Vaart. On profile likelihood. Journal of the American
Statistical Association, 95(450):449–465, 2000.
Y. Nesterov and A. Nemirovskii. Interior Point Polynomial Algorithms in Convex Pro-
gramming. SIAM, Philadelphia, PA, 1994.
J. Nocedal and S. J. Wright. Numerical Optimization. Springer, second edition, 2006.
M. Nyberg and T. Stutte. Model based diagnosis of the air path of an automotive diesel
engine. Control Engineering Practice, 12(5):513 – 525, 2004.
W. M. Patefield. On the maximized likelihood function. The Indian Journal of Statistics,
Series B (1960-2002), 39(1):92–96, 1977.
Y. Peng, A. Youssouf, P. Arte, and M. Kinnaert. A complete procedure for residual
generation and evaluation with application to a heat exchanger. IEEE Transactions on
Control Systems Technology, 5(6):542 – 555, 1997.
168 Paper C. Data-Driven and Adaptive Statistical Residual Evaluation . . .

S. Z. Selim and M. A. Ismail. K-Means-type algorithms: A generalized convergence

theorem and characterization of local optimality. IEEE Transactions on Pattern Analysis
and Machine Intelligence, PAMI-6(1):81–87, 1984.
H. Sneider and P. M. Frank. Observer-based supervision and fault detection in robots
using nonlinear and fuzzy logic residual evaluation. IEEE Transactions on Control
Systems Technology, 4(3):274 –282, 1996.

T. Söderström and P. Stoica. System Identification. Prentice-Hall Int., London, UK,

1989.
C. Svärd and M. Nyberg. Residual generators for fault diagnosis using computation
sequences with mixed causality applied to automotive systems. IEEE Transactions on
Systems, Man and Cybernetics, Part A: Systems and Humans, 40(6):1310–1328, 2010.

C. Svärd, M. Nyberg, E. Frisk, and M. Krysander. Residual evaluation for fault diagnosis
by data-driven analysis of non-stationary probability distributions. In Proceedings of
the 50th IEEE Conference on Decision and Control and European Control Conference
(CDC-ECC 2011), 2011.

J. Wahlström and L. Eriksson. Modeling diesel engines with a variable-geometry

turbocharger and exhaust gas recirculation by optimization of model parameters for
capturing non-linear system dynamics. Proceedings of the Institution of Mechanical
Engineers, Part D: Journal of Automobile Engineering, 225(7), 2011.
X. Wei, H. Liu, and Y. Qin. Fault diagnosis of rail vehicle suspension systems by using
glrt. In Control and Decision Conference (CCDC), 2011 Chinese, pages 1932 –1936, 2011.

A. Willsky and H. Jones. A generalized likelihood ratio approach to the detection and
estimation of jumps in linear systems. IEEE Transactions on Automatic Control, 21(1):
108 – 112, 1976.
S. J. Wright. Primal-Dual Interior-Point Methods. SIAM, Philadelphia, PA, 1997.

X. Zhang, M. M. Polycarpou, and T. Parisini. A robust detection and isolation scheme

for abrupt and incipient faults in nonlinear systems. IEEE Transactions on Automatic
Control, 47(4):576 –593, 2002.
M. Zhong, H. Ye, S.X. Ding, and G. Wang. Observer-based fast rate fault detection for
a class of multirate sampled-data systems. IEEE Transactions on Automatic Control, 52
(3):520 – 525, 2007/03/.
Y. Zhu and X. Rong Li. Recursice least squares with linear constraints. Communications
in Information and Systems, 7(3):287–312, 2007.
 Paper D

Automotive Engine FDI by Application of an

Automated Model-Based and Data-Driven
Design Methodology☆

☆ Submitted to Control Engineering Practice, 2012.

169
Automotive Engine FDI by Application of an
Automated Model-Based and Data-Driven
Design Methodology
Carl Svärd, Mattias Nyberg, Erik Frisk, and Mattias Krysander

Vehicular Systems, Department of Electrical Engineering,

Linköping University, SE-581 83 Linköping, Sweden.

Abstract

Fault detection and isolation (FDI) in automotive diesel engines is important

in order to achieve and guarantee low exhaust emissions, high vehicle uptime,
and efficient repair and maintenance. This paper illustrates how a set of gen-
eral methods for model-based sequential residual generation and data-driven
statistical residual evaluation can be combined into an automated design method-
ology. The automated design methodology is then utilized to create a complete
FDI-system for an automotive diesel engine. The performance of the obtained
FDI-system is evaluated using measurements from road drives and engine
test-bed experiments. The overall performance of the FDI-system is good in
relation to the required design effort, in particular since no specific tuning of
the FDI-system, nor any adaption of the design methodology, were needed. It is
illustrated how estimations of the statistical powers of the fault detection tests
in the FDI-system can be used to further increase the performance, specifically
in terms of fault isolability.

171
172 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

1 Introduction
Emission related legislations (United Nations, 2008; European Parliament, 2009; Califor-
nia EPA, 2010; United States EPA, 2009) require on-board diagnosis (OBD) of all faults
in automotive engines that may lead to increased exhaust emissions. In addition, fault
accommodation by, e.g., fault-tolerant control (FTC) (Blanke et al., 2006), and off-board
diagnosis, are means in order to meet dependability requirements in the form of high
vehicle uptime, high safety, and efficient repair. A necessity for both diagnosis and fault
accommodation is fault detection and isolation (FDI).
Automotive engines pose several challenges and difficulties when it comes to design
of FDI-systems. Typically, engines are optimized for low-cost and high functionality, and
not for FDI, which means that there is no hardware redundancy in the form of multiple
sensors. To obtain good detection and isolation of faults it is therefore necessary to
employ analytical redundancy and model-based FDI. Due to the inherent complexity of
automotive engines, as well as their multi-domain features due to chemical, mechanical,
and thermodynamic subsystems, modeling results in large-scale, dynamic, and highly
non-linear systems (Wahlström and Eriksson, 2011). Thus, such models must be handled
by the methods used in the design of the FDI-system.
As a consequence of the complexity of automotive engines, in combination with their
wide operating range, models are typically not fully capable of capturing their behavior
in all operating modes. This results in model errors, and in particular stationary model
errors (Höckerdal et al., 2011a,b), regardless of substantial modeling work. In addition, a
model may be more accurate in one operating mode than another and since the operating
mode of the engine varies in time, so does the magnitude and nature of the model errors.
These aspects must be taken into account in the design of the FDI-system.
It is clear that design of a complete model-based FDI-system for an automotive
engine, and for large-scale real-world systems in general, is an intricate task that de-
mands a substantial engineering effort. An optimal solution in general requires detailed
knowledge of the behavior of the system and well-defined requirements, which typically
not is available during early design stages. In order to make the overall design process
more systematic and efficient, and in this way enable re-design or re-configuration, and
eventually higher quality, a generic automated methodology for design of FDI-systems
has been developed.
The design methodology relies on previously developed methods for sequential
residual generation (Svärd and Nyberg (2010), Paper B), and statistical residual evalua-
tion (Paper C). The residual generation methods described in Svärd and Nyberg (2010)
and Paper B are together able to design residual generators for fault detection and isola-
tion in systems described by complex large-scale models. This was demonstrated in Svärd
and Nyberg (2012), where they were combined with a residual evaluation approach based
on the Kullback-Leibler divergence (Kullback and Leibler, 1951) and applied to the Wind
Turbine Benchmark (Fogh Odgaard et al., 2009). The residual evaluation approach
employed in Svärd and Nyberg (2012) was however not able to fully handle the issue
concerning time-varying uncertainties related to model errors and operating modes
discussed above. In this work, the automated design methodology is refined by means
of the data-driven statistical residual evaluation approach described in Paper C, which
2. Automotive Diesel Engine System 173

indeed is able to handle this issue.

This paper illustrates how an FDI-system for an automotive diesel engine can be
designed by application of this automated design methodology. The overall aim, and the
main contribution, is to demonstrate how a set of general methods may be combined
into a complete methodology in order to solve a real industrial problem, in this case the
indeed challenging problem of automotive diesel engine FDI (Nyberg and Stutte, 2004).
In this sense, this work serves as an illustration of the state-of-practice in model-based
FDI, and in particular sequential residual generation, e.g., Staroswiecki and Declerck
(1989); Cassar and Staroswiecki (1997); Staroswiecki (2002); Pulido and Alonso-González
(2004); Ploix et al. (2005); Travé-Massuyès et al. (2006); Blanke et al. (2006); Svärd and
Nyberg (2010), and statistical residual evaluation, e.g., Willsky and Jones (1976); Gertler
(1998); Basseville and Nikiforov (1993); Peng et al. (1997); Al-Salami et al. (2006); Blas and
Blanke (2011); Wei et al. (2011). Moreover, as a secondary contribution, the usefulness and
properties of the specific methods described in Svärd and Nyberg (2010), Paper B, and
Paper C, are illustrated and discussed. For instance, it is empirically shown how the usage
of residual generators utilizing both integral and derivative causality, i.e., mixed causality,
increases the fault isolability, and how time-varying model errors can be handled in the
framework of statistical likelihood-based residual evaluation.
The paper is structured as follows. Section 2 presents the considered automotive
diesel engine system and the model of the system used in the design of the FDI-system.
Section 3 gives an overview of the different stages in the automated design methodology
from a user perspective. The different methods and their key properties are briefly
discussed but technical details are kept at a minimum. Full details can be found in Svärd
and Nyberg (2010), Paper B, and Paper C. Sections 4 and 5 describe how the automated
methodology was applied to the diesel engine system and discuss details and different
aspects of the resulting FDI-system. In Section 6, the FDI-system is experimentally
evaluated and some final remarks are given in Section 7.

2 Automotive Diesel Engine System

The system considered in this work is a 13-liter six-cylinder Scania truck diesel engine
equipped with Exhaust Gas Recirculation (EGR), Variable Geometry Turbochargers
(VGT), and intake throttle. A schematic of the system is shown in Figure 1. This section
describes the system and the model used in the design of the proposed FDI-system.

2.1 System Description

Consider Figure 1. Air of temperature Tbc and pressure pbc enters the system and passes
the compressor side of the VGT. The compressed air, with mass-flow Wc , then enters
the intercooler after which the pressure of the air is denoted pic . The cooled air then
passes the intake throttle, whose position is given by xth , and which is used to control
the amount of air entering the intake manifold.
The air mass-flow after the intake throttle is denoted Wth , and the pressure and
temperature of the air in the intake manifold are denoted pim and Tim , respectively. In
174 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

xegr
EGR-cooler

pamb
EGR-valve Tamb
Wegr
ρ
ne
xvgt
Intake pim Wei Weo pem Wt
manifold Tim Tem
Turbine
Exhaust
manifold
ωt
Wth Cylinders
xth pbc
pic Tbc
Wc

Intake throttle Intercooler Compressor

Figure 1: Schematic of the automotive diesel engine system. Locations of considered

faults are illustrated with triangles.

the intake manifold, the air is mixed with recirculated exhaust gases, whose mass-flow is
denoted Wegr , before it enters the cylinders. The amount of recirculated gas is controlled
by the EGR-valve, whose position is denoted xegr . The total mass-flow of the gas entering
the cylinders is denoted Wei .
In the cylinders, the gas is mixed with fuel and then combusted. The amount of fuel
injected into the cylinders is given by ρ, and the rotational speed of the engine is denoted
ne . After the combustion, the gas enters the exhaust manifold. The mass-flow of the
exhaust gas is denoted Weo , and the pressure and temperature of the gas in the exhaust
manifold pem and Tem , respectively. The exhaust gas then passes the turbine side of the
VGT, whose rotational speed is given by ωt , and leaves the system with mass-flow Wt .
The geometry of the VGT is controlled with the VGT-valve, whose position is denoted
xvgt .

2.2 Sensors and Actuators

The system is equipped with 4 actuators, u xth , u xegr , u xvgt , u ρ , and 7 sensors, y pamb , y Tamb ,
y pic , y pim , y Tim , y pem , y ne . See Table 1 for details.

2.3 Faults
Faults in all sensors and actuators in Table 1, except in actuator u ρ and sensor y ne ,
are considered. All faults along with their description can be found in Table 2. The
2. Automotive Diesel Engine System 175

Table 1: Sensors and Actuators.

Signal Description
u xth Throttle position actuator
u xegr EGR-valve position actuator
u xvgt VGT-valve position actuator
uρ Injected fuel actuator
y ne Engine speed sensor
y pamb Ambient temperature sensor
y Tamb Ambient pressure sensor
y pic Inter-cooler pressure sensor
y pim Inlet manifold pressure sensor
y Tim Inlet manifold temperature sensor
y pem Exhaust manifold pressure sensor

approximate locations of the faults are marked with triangles in Figure 1.

Modeling of Faults
The faults are modeled as additive signals in corresponding equations in the nominal
model presented in next section. For example, fault ∆ y pim , representing a fault in the
intake manifold pressure sensor y pim , is modeled by simply adding ∆ y pim to the equation
describing the relation between the sensor value y pim and the actual intake manifold
pressure pim , i.e., y pim = pim + ∆ y pim .
The main argument for using this fault modeling approach is that it is considered
to be hard, or even impossible, to know how a faulty component behaves in reality and
data for evaluation and validation of a more detailed fault model is seldom available.
Moreover, modeling faults in this way also results in a minimum of fault modes, which
gives a smaller model. This is beneficial since a smaller model simplifies several steps in
model-based diagnosis, for example residual generation or fault isolation. The last but
not least argument is simplicity, since extending the nominal model with additive fault
signals is straightforward and easy. Nevertheless, the approach has shown to provide
good results (Svärd and Nyberg, 2012).
The adopted approach is nonetheless general, and no assumptions are made regarding
for example the time-behavior of faults. Note for example that the approach is able
to handle multiplicative faults even though the fault signal is assumed to be additive.
Consider for example a multiplicative fault in y pim given by y pim = δ ⋅ pim , δ ≠ 1, which
can be equivalently described by ∆ y pim = pim (δ − 1).

2.4 Model
The model of the automotive diesel engine can be found in Appendix A. The model
contains in total 46 equations, 43 unknown variables, 11 known variables, of which 4 are
actuators and 7 sensors, and 9 faults. Of the 46 equations, 5 are differential equations
176 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

Table 2: Considered Faults.

Fault Description
∆ y pamb Fault, ambient pressure sensor
∆ y Tamb Fault, ambient temperature sensor
∆ y pic Fault, intercooler pressure sensor
∆ y pim Fault, intake manifold pressure sensor
∆ y Tim Fault, intake manifold temperature sensor
∆ y pem Fault, exhaust manifold pressure sensor
∆ u xth Fault, throttle position actuator
∆ u xegr Fault, EGR-valve position actuator
∆ u xvgt Fault, VGT-valve position actuator

and the rest algebraic equations.

The model describes the gas-exchange system of the engine and is described in Wahlström
and Eriksson (2011). The model relies on both fundamental first principle physics and
gray-box modeling.

Non-Linear Model Equations

Due to the non-linear characteristics of the considered engine system, the model in
γ
Appendix A contains several non-linear functions. For instance, the function Ψthth (Πth )
found in equation e 7 is given by

⎪Ψ∗ (Πth )
⎧
⎪ if Πth ≤ Πth,lin
Ψth (Πth ) = ⎨ th , (1)
⎪
⎪ Ψ∗ (Π ) 1−Πth if Πth > Πth,lin
⎩ th th,lin 1−Πth,lin
where
√
∗ 2γth 2/γ 1+1/γ
Ψth (Πth ) = (Πth th − Πth th ),
γth − 1

and Πth,lin and γth are parameters.

For more details, see Wahlström and Eriksson (2011). For notational simplicity,
complicated non-linearities like (1) have in the model given in Appendix A been denoted
γ
by functions named in analogy with Ψthth (Πth ). For instance, f Te Wf (Wf ) in e 13 and
ηtm,ωt (ωt ) in e 18 .

3 Overview of Design Methodology

This section presents an overview of the automated methodology used to design the
FDI-system for the automotive diesel engine. The actual methods used in the different
design stages are explained and discussed. First, however, a brief description of the
structure of the FDI-system is given.
3. Overview of Design Methodology 177

Residual Residual Fault

Generation Evaluation Isolation

Measurements Residuals Detection Results Isolation Results

Figure 2: Overview of the FDI-system.

Model Design of Residual

Diagnosis Residual Generators Generators
Requirement

Design of Residual
No-Fault Residual Evaluators Evaluators
Data

Figure 3: Overview of design methodology.

3.1 Structure of FDI-System

The proposed FDI-system for the engine contains the subsystems: residual generation,
residual evaluation, and fault isolation, see Figure 2.
Measured signals, y, in this case from the actuators and sensors listed in Table 1,
are used as input to the residual generation block. This block contains a set of residual
generators, R 1 , R 2 , . . . , R n , each used to monitor a part of the system. The output from
the residual generation block is a set of residual signals, r 1 , r 2 , . . . , r n , with r i = R i (y).
The residual signals are used as input to the residual evaluation block, which contains a
set of residual evaluators, T1 , T2 , . . . , Tn . The aim of the residual evaluation is to detect
changes in the residual signal behavior caused by faults in the system. The output from
the residual evaluation block is a set of binary fault detection signals, d 1 , d 2 , . . . , d n ,
with d i = Ti (r i ). Each d i indicates if a fault is present or not in the part of the system
monitored by the corresponding residual generator R i . The set of fault detection signals
d 1 , d 2 , . . . , d n is finally used as input to the fault isolation block, where they are used to
isolate the detected fault(s).

3.2 Automated Design Methodology

An overview of the overall methodology used to design the residual generators and
residual evaluators, is shown in Figure 3.
The design methodology depicted in Figure 3 have been developed with the aim to
be automated to a high extent and requires limited human interaction. The methodology
requires the following input:

• A model M = (E, X, D, Y, F) of the system, where E is a set of differential-algebraic

equations relating the unknown variables X, differentiated variables D, known
variables Y, and fault variables F.

• A diagnosis requirement F, given as a set of ordered fault pairs (∆ i , ∆ j ) ∈ F × F.

The interpretation of (∆ i , ∆ j ) ∈ F is that fault ∆ i should be isolable from fault ∆ j .
178 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

• No-fault data Y, given in the form of measurements of the variables in Y.

The output is a set of residual generators R 1 , R 2 , . . . , R n , and a set of residual evaluators,
T1 , T2 , . . . , Tn . The specific methods used to design the residual generators and residual
evaluators are described in subsequent sections. Design of the fault isolation subsystem
is briefly discussed in Section 5.3.

3.3 Residual Generation

The method used to design the individual residual generators is described in Svärd
and Nyberg (2010) and belongs to a class of methods referred to as sequential residual
generation, based on ideas originally described in Staroswiecki and Declerck (1989).
Similar approaches are described and exploited in for example Cassar and Staroswiecki
(1997); Staroswiecki (2002); Pulido and Alonso-González (2004); Ploix et al. (2005);
Travé-Massuyès et al. (2006); Blanke et al. (2006).
This class of methods has shown to be successful for real applications (Dustegor et al.,
2004; Izadi-Zamanabadi, 2002; Cocquempot et al., 1998), and also has the potential to
be automated to a high extent (Svärd and Nyberg, 2012). The key property of the specific
method described in Svärd and Nyberg (2010) is its ability to handle mixed causality,
which greatly increases the possibility to detect and isolate faults in large-scale complex
models. This issue is discussed and illustrated in Section 4.
In general, it is possible to create thousands of residual generators with the method
from (Svärd and Nyberg, 2010) for large models. Regarding implementation aspects
such as complexity and computational load it is infeasible, or even impossible, to use all
these residual generators in the FDI-system. In addition, it is often possible to meet the
stated diagnosis requirement with a small subset of all residual generators. Therefore,
the set of residual generators to be contained in the FDI-system is selected by means of a
two-step approach, as also elaborated in Nyberg (1999); Krysander (2006); Nyberg and
Krysander (2008), which is described next.

Two-Step Approach
Given the model M of the system and the diagnosis requirement F, the two steps
illustrated in Figure 4 are conducted. In the first step, a large set of candidate residual
generators, in the form of subsets of the model equations, is found. This step is done in
an exhaustive manner, in the sense that all model equation subsets that can be used as
input to the sequential residual generation method (Svärd and Nyberg, 2010) are found.
For this particular method, it can be shown (Svärd and Nyberg, 2010) that candidate
residual generators by necessity should be based on Minimal Structural Overdetermined
(MSO) sets of equations. There exists efficient algorithms for finding all MSO sets, given
a model, see, e.g., Krysander et al. (2008).
In general, all candidate residual generators found in the first step are not realizable,
i.e., it is not possible to create residual generators from all found candidate residual
generators with the considered method. Therefore, in the second step, a set of realizable
candidate residual generators that fulfills the diagnosis requirement F are selected and
the final set of residual generators R 1 , R 2 , . . . , R n is created.
3. Overview of Design Methodology 179

Candidate
Generate Candidate Residual
Model Generators
Residual Generators

Select and Realize Residual

Diagnosis Generators
Requirement Residual Generators

Figure 4: Design of residual generators.

Realizability of Candidate Residual Generators

Realizability is a general property of a candidate residual generator, i.e., a set of equations,
with respect to a given residual generation method, see Paper B. In the context of the
method (Svärd and Nyberg, 2010), a set of of equations S ⊆ E is said to be realizable if it
can be written in the form

ż = f (z, w1 , w2 , . . . , wm , y) (2a)
w1 = g 1 (z, y) (2b)
w2 = g 2 (z, w1 , ẇ1 , y) (2c)
⋮
wm = g m (z, w1 , ẇ1 , w1 , ẇ2 , . . . , wm−1 , ẇm−1 , y) (2d)

where z is a vector of differentiated variables, w i , i = 1, 2, . . . , m, vectors of algebraic

variables, and y a vector of known variables. In addition, it is for realizability required
that (2) is stable.
A sufficient condition for the ability to transform the equations in S into the form (2),
is the existence of a computation sequence for the unknown variables contained in z and
w i , i = 1, 2, . . . , m. The existence of a computation sequence depends naturally on the
properties of the equations in S, but also on the causality assumption, i.e., regarding
whether integral and/or derivative causality (Blanke et al., 2006) may be used to handle
differential equations in the computation sequence, and a given set of algebraic equation
solving tools. For further details, see Svärd and Nyberg (2010).

Selection of Residual Generators

Motivated by implementation aspects, it is in the second step desirable to find a minimal
cardinality set of realizable residual generators that fulfills the diagnosis requirement F.
If the number of found candidate residual generators is large, which typically is the case
for large-scale models such as the one considered in this work, the problem of finding
such a minimal set of residual generators is hard, or even impossible, to solve optimally.
However, by relaxing the minimal cardinality requirement, a near optimal solution to the
selection problem can be efficiently computed by means of the greedy residual generator
selection algorithm developed in Paper B.
In the greedy selection algorithm, in each iteration given the set of already selected
candidate residual generators, the candidate residual generator able to isolate most of the
180 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

Residual No-Fault
Generators Estimate Residual Distributions Create Residual Residual
No-Fault Distributions Evaluation Tests Evaluators
Data

Figure 5: Design of residual evaluators.

not already isolable faults in the given diagnosis requirement F is selected, and added to
the solution if it is realizable. This procedure is repeated until F is fulfilled, or no useful
candidate residual generators remains.
In addition to make the selection problem tractable, the greedy selection algorithm
has some additional properties. Specifically, it can be shown (Paper B that if, and
only if, the given diagnosis requirement can be fulfilled for the given model with the
method (Svärd and Nyberg, 2010), then the algorithm will provide a solution.

3.4 Residual Evaluation

The method used to design residual evaluators is described in Paper C. The key property
of this statistical and data-driven method is its ability to handle residuals whose stochastic
behavior vary with the current operating mode of the underlying system. The method is
based on a comparison of the probability distribution of the residual, estimated online
using current data, with a no-fault residual distribution. The no-fault distribution is
based on a set of distributions estimated off-line using training data, and is continuously
adapted to the current operating mode of the system.
The method used for design of residual evaluators is illustrated in Figure 5. Given a set
of residual generators R 1 , R 2 , . . . , R n and no-fault data Y in the form of measurements of
the input to the residual generators, the residual generators are run and no-fault residual
samples created. By application of the method developed in Paper C which utilizes
K-Means clustering (MacQueen, 1967; Lloyd, 1982), the set of no-fault residual samples
is then used to estimate a set θ NF i of K no-fault distributions for each of the residuals
r 1 , r 2 , . . . , r n , obtained as output from the residual generators R 1 , R 2 , . . . , R n .

Test Statistic
The obtained no-fault residual distributions are then used to create a residual evaluator Ti
for each of the residuals r 1 , r 2 , . . . , r n . The residual evaluator Ti , with the binary detection
signal d i as output, comprises a fault detection test
⎧
⎪
⎪1 if λ i (R i ) > J i ,
d i = Ti (R i ) = ⎨ (3)
⎪
⎪0 else,
⎩
where λ i is a test statistic, R i is a set of discretized samples from residual r i , and J i is a
constant detection threshold.
The test statistic λ i in each fault detection test is designed with the method developed
in Paper C and based on the Generalized Likelihood Ratio (GLR) test. Given a set
4. Design of Residual Generators 181

R i of samples of the residual r i , and the matrix θ NF

i containing the estimated no-fault
distributions of r i , the test statistic is given by

max L (α, θ NF
i ∣R i )
α
λ i (R i ) = −2 log , (4)
max L (α, θ∣R i )
α, θ

where L (α, θ∣R i ) denotes the likelihood of the parameters α and θ, given the residual
samples in R i . The parameters α and θ fully specify the probability distribution of the
samples in R i . In this sense, the quantity in the denominator of (4) corresponds to the
most likely distribution of the samples in R i , and the quantity in the numerator to the
most likely no-fault residual distribution.

Maximum Likelihood Estimations

In Paper C, it is shown that an explicit solution to the maximum likelihood estimation
(MLE) problem in the denominator of (4) can be obtained from the normalized histogram
of the samples in R i . The MLE problem in the numerator however needs to be solved
numerically. In order to enable implementation of the residual evaluators in an online
environment subject to real-time constraints, this problem can be relaxed and posed
as a constrained linear least square problem. This problem can be efficiently solved in
real-time using methods based on convex optimization (Mattingley and Boyd, 2010).
For technical details, see Paper C.

4 Design of Residual Generators

As said in Section 1 it is by OBD-legislations required that emission critical faults in
an automotive engine are detected and isolated. For the considered engine, all faults
found in Table 2 are emission critical. In addition, if not accommodated in time, the
faults in Table 2 may also lead to decreased safety, increased fuel consumption, decreased
driveability, or even engine breakdown. The latter indeed reduces vehicle uptime.
Motivated by this, it is required that all faults found in Table 2 can be detected and
isolated from each other. Thus, the diagnosis requirement F for the diesel engine consists
of all unique pairwise combinations of the 9 faults in Table 2, i.e.,

F = {(∆ y pamb , ∆ y Tamb ) , (∆ y pamb , ∆ y pic ) , . . . , } (5)

with ∣F∣ = 9 × 9 − 9 = 72.

4.1 Candidate Residual Generators

The model of the engine given in Appendix A together with the diagnosis requirement
F , were used as input to a Matlab implementation of the two-step residual generation
methodology outlined in Section 3.3 and Figure 4.
In total 14, 242 candidate residual generators could be found for the engine model.
These are based on 270 MSO sets, found using the algorithm described in Krysander et al.
182 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

(2008). An MSO set by definition contains one more equation than unknown variables.
Given an MSO set, a sequential residual generator is created by removing one equation
and then finding a computation sequence for the unknown variables in the remaining
just-determined set of equations. The number of candidate residual generators that can
be created from a single MSO set thus equals the number of equations in the MSO set.
This is the rationale behind the number of 14, 242 candidate residual generators.

4.2 Residual Generator Selection and Realization

The algorithm (Svärd and Nyberg, 2010) for finding computation sequences for the candi-
date residual generators was configured to allow both integral and derivative causality, i.e.,
mixed causality, and also to use Maple as algebraic equation solving tool, see Section 3.3.
Using the greedy selection algorithm (Paper B) described in 3.3, 8 residual generators,
R 1 , R 2 , . . . , R 8 , were selected and realized. For instance, the residual generator R 3 has
the form
Pt η m − Pc
ω̇t = (6a)
Jt ωt
Re Tem
Ṫem = (Win cve (Tem,in − Tem ) + Re (Tem,in Win − Tem Wout )) (6b)
pem Vem cve
Re Tem Re
ṗem = (Weo − Wegr − Wt + ∆ Wem ) + (Win cve (Tem,in − Tem ) (6c)
Vem Vem cve
+Re (Tem,in Win − Tem Wout ))
pamb = y pamb (6d)
pbc = pamb (6e)
xvgt = u xvgt (6f)
⋮
h tot πd pi pe l pi pe n pi pe
Tem,in = Tamb + (Te − Tamb ) exp (− ) (6g)
Weo cpe
( ṗim Vim − Ra Tim Wth + Wei Ra Tim )
Wegr = (6h)
Ra Tim
⋮
Wc c pa Tbc 1−1/γ
Pc = (Πc a − 1) , (6i)
ηc

with the residual equation r = y pem − pem , corresponding to equation e 43 in Appendix A.

Clearly, the structure of residual generator R 3 is in accordance with (2). Moreover,
it is noted that residual generator R 3 exploits mixed causality. Integral causality is for
example used in (6b) when variable Tem is computed. Derivative causality is employed
when variable Wegr is computed in (6h), since ṗim , the derivative of pim , is used.
The use of derivative causality in general assumes that derivatives of known or pre-
viously computed variables can be computed or estimated. In this work, estimation of
4. Design of Residual Generators 183

Table 3: Fault Signature Matrix.

∆ y pamb

∆ y Tamb

∆ u xegr
∆ y pem

∆ u xvgt
∆ y pim

∆ y Tim

∆ u xth
∆ y pic
R1 x x x x x x x
R2 x x x x x x x x
R3 x x x x x x x x
R4 x x x x x x x x
R5 x x x x x x x x
R6 x x x x x x x x
R7 x x x x x x x x
R8 x x x x x x x x

derivatives is done by appliance of a low-pass FIR-filter with coefficients calculated accord-

ing to Vainio et al. (1997). This approach was used since it is simple and straightforward
to implement, and gave good results.
The use of integral causality presupposes that ordinary differential equations can be
solved, which in general assumes that consistent initial conditions for the state-variables
are available. There are 5 different state variables present in the set of selected residual gen-
erators: the intake manifold pressure pim , the exhaust manifold pressure pem , intercooler
pressure pic , the exhaust manifold temperature Tem , and the turbine speed ωt . As seen in
Table 1, the three pressures are measured directly. Thus, the values of the corresponding
measured variables at the starting time instant are used as initial conditions for these
variables, e.g., pim (t 0 ) = y pim (t 0 ). For the non-measured state-variable Tem , the initial
condition is set to the value of the measured inlet air temperature y Tim at the starting
time instant. The initial condition for the state-variable ωt is set to a constant nominal
value.

Fault Detectability

Table 3 shows the fault signature matrix (FSM) for the 8 selected residual generators
with respect to the faults in Table 2. In this context, the FSM contains an “x” in position
(R i , ∆ x ) if the equation containing fault ∆ x is used in the computation sequence on
which the residual generator R i is based. This should be interpreted as that residual
generator R i may be sensitive to fault ∆ x , meaning that it may respond to the fault. The
sensitivity of residual generator R i to the fault ∆ x however strongly depends on the
properties of R i , the size and temporal properties of ∆ x , and also on for example the
current operating mode of the system. In order to verify that R i is indeed sensitive to
∆ x , it is necessary to implement and run R i using representative data from relevant fault
cases. This will be done in Section 6.
Clearly, assuming that Table 3 reflects the fault sensitivity, there is more than one
residual generator that is sensitive to each of the 9 considered faults and thus all 9 faults
can, in theory, be detected.
184 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

Table 4: Isolability Matrix.

∆ y pamb

∆ y Tamb

∆ u xegr
∆ y pem

∆ u xvgt
∆ y pim

∆ y Tim

∆ u xth
∆ y pic
∆ y pamb x x
∆ y Tamb x x x
∆ y pic x x x
∆ y pim x x x
∆ y Tim x x x
∆ y pem x x x
∆ u xth x x x
∆ u xegr x x x
∆ u xvgt x x

Fault Isolability
In general, given a set of residual generators, a fault ∆ x is said to be isolable from a fault
∆ y if the set contains a residual generator that is sensitive to fault ∆ x but not to fault ∆ y ,
see for example Paper B. As seen in Table 3, all 8 residual generators may be sensitive to
the faults ∆ y pamb and ∆ u xvgt . This is also indicated in Table 4, which shows the resulting
isolability matrix for the 8 selected residual generators. In Table 4, for instance, the “x” in
position (∆ y Tamb , ∆ y pamb ) denotes that fault ∆ y Tamb is not isolable from fault ∆ y pamb using
the residual generators R 1 , R 2 , . . . , R 8 .
Clearly, according to Table 4, the diagnosis requirement F in (5) not is met since,
for example, ∆ y Tamb not is isolable from ∆ y pim . Nevertheless, due to the properties of
the greedy selection algorithm discussed in Section 3.3, Table 4 shows the maximum
attainable isolability for the engine model, given the method for residual generation
considered in this work. The cardinality of the set of selected residual generators may
however not be minimal. See Paper B for more details.

4.3 Properties of Selected Residual Generators

Some additional properties for the 8 selected residual generators can be found in Table 5.
The first column in Table 5 shows which residual equation the corresponding residual
generator uses, i.e., which model equation that is used to compute the residual in the
corresponding residual generator. It can be noted that a majority of the 8 residual
generators use either equation e 39 , or equation e 41 , as residual equation, corresponding
to r = y pim − pim and r = y pem − pem , respectively. This is a direct consequence of that the
greedy selection algorithm was supplemented with an additional heuristic in order to
make the final deployment of the residual generators as simple as possible. In those cases
when the greedy heuristic described in Section 3.3 identified more than one candidate,
the algorithm was configured to prefer small candidate residual generators, in terms
of number of equations, before large candidate residual generators, and also to prefer
candidate residual generators using sensor equations, i.e., e 36 , e 37 , . . . , e 41 , as residuals.
4. Design of Residual Generators 185

Table 5: Properties of the Selected Residual Generators.

Residual IC DC #Equations #Inputs

R1 e 41 x x 42 (5) 9
R2 e7 x x 43 (5) 10
R3 e 41 x x 43 (4) 10
R4 e 39 x 44 (4) 10
R5 e 39 x x 44 (4) 10
R6 e 41 x 44 (4) 10
R7 e 41 x 41 (3) 10
R8 e 39 x x 43 (5) 10

Columns 2 and 3 in Table 5 show if the corresponding residual generator uses integral
causality (IC) and/or derivative causality (DC), respectively. Clearly, 5 out of 8 residual
generators employs mixed causality. Column 4 shows the number of equations contained
in the computation sequence on which the corresponding residual generator is based,
and the value in parenthesis how many of those equations that are differential equa-
tions. Recalling that the model contains in total 46 equations, of which 5 are differential
equations, it can be concluded that all residual generators uses a substantial part of the
complete model in spite of the above mentioned heuristic. This issue is further illustrated
by column 5 in Table 5, which shows how many of the 11 available signals in Table 1 that
each residual generator uses as input.
Columns 4 and 5 explain why most of the 8 selected residual generators may be
sensitive to most of the 12 faults, as illustrated in Table 3. In fact, this property holds
for all candidate residual generators which on average use about 40 equations, and is a
direct consequence of the properties of the automotive engine system. Specifically, the
system contains many physical interconnections, for example due to the shaft connecting
the turbine and the compressor and thus the intake and the exhaust parts of the engine,
see Figure 1. This leads to a model with coupled equations, in the sense that there are
sets of equations containing the same set of unknown variables. This fact implies that
a fault affecting one of these equations influences a large amount of the other model
equations. This fact, in combination with the relatively small number of sensors, makes
fault decoupling non-trivial and results in the situation shown in Table 3.

4.4 Comments on Realizability

The results presented above were obtained using mixed causality, i.e., computation
sequences with both integral and derivative causality were allowed. For comparison,
the algorithm (Svärd and Nyberg, 2010) for finding computation sequences was also
configured to use solely integral and derivative causality. For the case with derivative
causality, no realizable candidate residual generator were found. In the integral causality
case, a set of 4 residual generators was selected. In fact, two of these residual generators
were also found when adopting mixed causality and can be found as R 6 and R 7 in Table 5.
Before termination, the greedy selection algorithm discarded in total 4,739 of the
186 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

Table 6: Isolability Matrix when using Integral Causality.

∆ y pamb

∆ y Tamb

∆ u xegr
∆ y pem

∆ u xvgt
∆ y pim

∆ y Tim

∆ u xth
∆ y pic
∆ y pamb x x x x x
∆ y Tamb x x x x x
∆ y pic x x x x x x
∆ y pim x x x x x x
∆ y Tim x x x x x
∆ y pem x x x x x x
∆ u xth x x x x x x
∆ u xegr x x x x x
∆ u xvgt x x x x x

14,242 candidate residual generators for not being realizable in the mixed causality case,
and 7,133 candidates in the integral causality case. The corresponding numbers in terms
of MSO sets are 91 and 135, respectively, out of 270. In the derivative causality case, ap-
parently, all candidate residual generators were discarded due to non-realizability. It can
be concluded that mixed causality improves realizability, in the sense that considerably
more candidate residual generators can be realized, which implies that more faults can be
isolated. This can be seen by comparing Table 4 with Table 6, which shows the resulting
isolability matrix when using only integral causality.
The large amount of discarded candidate residual generators, independent on the
causality assumption, is due to that no computation sequence can be found for these
candidate residual generators. This in turn is to a large extent caused by non-invertible
non-linear functions in the model. To illustrate this aspect, consider the equation

pic Ath,max γth

e7 ∶ Wth = √ Ψ (Πth ) fth (xth ),
Tim Ra th

where Wth , pic , Tim , Πth , and xth are unknown variables, Ath,max and Ra are parameters,
γ γ
and Ψthth (⋅) and fth (⋅) are non-linear functions, with Ψthth (Πth ) given by (1). Clearly, the
γ th
function Ψth (Πth ) is not invertible with respect to Πth which implies that the variable
Πth can not be computed from the equation e 7 . The same holds for the variable xth ,
since the function fth (⋅) is non-invertible with respect to xth . This implies that only the
variables Wth , pic , and Tim , can be computed from equation e 7 . Most of the equations in
the diesel engine model exhibit this property, and this substantially limits how unknown
variables in the model can be computed, which in turn explains the large amount of
non-realizable, and thus discarded, candidate residual generators.

Stability Analysis
In comparison, only a fraction of the discarded candidate residual generators were
discarded due to not being stable. Nevertheless, the stability analysis is an important part
5. Design of Residual Evaluators 187

of the realization algorithm since stability is an important property in order to guarantee

good dynamical behavior of residual generators. In fact, the considered diesel engine
system exhibit a non-minimum phase behavior, see Wahlström and Eriksson (2011) for
an analysis regarding this, which imply that there indeed are unstable candidate residual
generators.
For sake of simplicity, combined with the urge to be able to conduct the stability
analysis in an automated manner with a minimum of user input, the stability analysis is
based on linearization. In each of 20 different equilibrium points, the non-linear residual
generator obtained from the series of computations described by the corresponding
computation sequence, is first linearized. If any of the eigenvalues of the linearized
residual generator is greater or equal to zero in any of the 20 equilibrium points, the
residual generator is discarded.
The 20 equilibrium points correspond to stationary operating points of the engine,
parameterized by the injected fuel amount, u δ , and engine speed, u n e . The linearization is
done by finite difference approximation. Although the adopted stability analysis approach
is simple, it is able to discard the residual generators that were observed to be unable to
use due to instability. This has been verified through extensive experimental evaluations.

5 Design of Residual Evaluators

As said in Section 3.4, the first step in the residual evaluator design method is to estimate
the probability distributions of the residuals r 1 , r 2 , . . . , r 8 obtained as output from the
residual generators R 1 , R 2 , . . . , R 8 , given the no-fault data set Y.

5.1 Estimation of No-Fault Residual Distributions

To capture the behavior of the residuals in a variety of the operating modes of the
diesel engine system, the no-fault data set Y was formed from two data sets of different
characteristics. The first data set is about half an hour long and contains engine test-bed
measurements from a World Harmonized Transient Cycle (WHTC) test cycle. The
second data set is approximately 2 hours long and contains measurements from a part of
a test drive in the south of Sweden, including both city and high-way driving. To reduce
the risk of over-fit, the data sets were split into an estimation data set and a validation
data set, of equal size. The data was sampled at a rate of 100 Hz, and consequently the
estimation and validation data sets contain approximately 450,000 samples, each.
The 8 residual generators were run off-line using the measurements in Y as input to
obtain no-fault residual samples. A set of samples from residuals r 5 is shown in Figure 6.
Note the non-ideal behavior of the residual caused by uncertainties, mainly model errors
of time-varying nature and magnitude, mentioned in Section 1.
Using a Matlab implementation of the algorithm in Paper C, a set θ NF of K = 20
probability density functions were estimated for each residual, see Section 3.4. Figure 7
shows the 20 estimated no-fault residual distributions for the residual r 5 obtained as
output from residual generator R 5 .
188 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

4
x 10
1

0
r5

−1

−2

−3
100 120 140 160 180 200 220 240 260 280 300
Time [s]

Figure 6: A subset of no-fault samples from residual r 5 .

0.1
0.2
0.2 0.2
θ1

θ2

θ3

θ4

0.05 0.1
0.1 0.1

0 0 0 0
20 40 60 80 20 40 60 80 20 40 60 80 20 40 60 80
0.15 0.04 0.15
0.1 0.1
0.1
θ5

θ6

θ7

θ8

0.02
0.05 0.05 0.05

0 0 0 0
20 40 60 80 20 40 60 80 20 40 60 80 20 40 60 80

0.08 0.2
0.15
0.06 0.2
θ10

θ11

θ12
θ9

0.1
0.04 0.1 0.1
0.05 0.02
0 0 0 0
20 40 60 80 20 40 60 80 20 40 60 80 20 40 60 80

0.6 0.6 0.4

0.6
θ13

θ14

θ15

θ16

0.4 0.4
0.4
0.2
0.2 0.2 0.2

0 0 0 0
20 40 60 80 20 40 60 80 20 40 60 80 20 40 60 80

0.1 0.3
0.2 0.06
θ17

θ18

θ19

θ20

0.2
0.04
0.1 0.05
0.02 0.1
0 0 0 0
20 40 60 80 20 40 60 80 20 40 60 80 20 40 60 80
xi xi xi xi

Figure 7: The set of 20 estimated no-fault distributions for residual r 5 .

5. Design of Residual Evaluators 189

6
x 10
−0.9

−1

−1.1

−1.2
(θ NF |Y)

−1.3

−1.4

−1.5

−1.6

−1.7 Estimation Data

Validation Data
10 20 30 40 50 60 70
K

Figure 8: Fit of the set of estimated no-fault distributions for different values of K, i.e.,
for different number of distributions in the set, to the estimation and validation data sets.
The figure shows the average of the fit for all 8 residuals.

For this application, 20 distributions per residual is a good trade-off between model
fit and complexity since the gain in model fit obtained when choosing a higher number
is marginal in comparison with the corresponding increase in computational effort. This
is illustrated in Figure 8, which shows the model fit in the form of the log-likelihood
ℓ (θ NF ∣Y) of the distributions in θ NF given the no-fault data Y. The quantity shown in
Figure 8 is the averaged model fit for all 8 residuals, evaluated for different number of
distributions and for both the estimation and validation data.

5.2 Residual Evaluators

For each of the residuals r 1 , r 2 , . . . , r 8 , a residual evaluator Ti in the form (3) was created.
The sampling of residual values for the sets R i , i = 1, 2, . . . , 8, was done by means of
a sliding window. The number of samples in each sliding window was chosen to be
1024. The choice of this number is a trade-off between detection performance and
computational complexity. For a thorough discussion of this issue, see Paper C.
To solve the relaxed version of MLE problem in the numerator of (4), see Section 3.4,
a tailored solver was generated using the software tool CVXGEN (Mattingley and Boyd,
2012). The detection thresholds J i , i = 1, 2, . . . , 8, were computed in order to give a
probability of false detection of 1%, by using the validation data set used in Section 5.1.
190 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

5.3 Fault Isolation Strategy

As illustrated in Figure 2, the binary fault detection signals based on the residual evalua-
tors (3), are used as input to the fault isolation block. This section briefly describes the
strategy used for fault isolation.
Due to the issue regarding fault sensitivity discussed in Section 4.2, and since the
complete behavior of the no-fault residuals not are captured by the estimated no-fault
distributions, the statistical power of the fault detection tests in (3) are not ideal. That is,
the probability for detection is not one for all faults, in all situations, and the probability
for false detections is not always zero. To take this into account, the fault isolation scheme
is configured to interpret an “x” in a certain row of the FSM in Table 3 as if the test in
the corresponding residual evaluator may respond, if the corresponding fault occurs.
Consequently, no conclusion is drawn if a residual evaluator not alarms, see Nyberg
(1999).
Given a set of alarming residual evaluators, i.e., non-zero detection signals d i , the
fault signatures of the corresponding residuals are matched using the FSM in Table 3.
For an example, if only d 1 = 1, the row corresponding to R 1 in Table 3 is considered and it
is concluded that either of the faults ∆ y pamb , ∆ y Tamb , ∆ y pim , ∆ y Tim , ∆ y pem , ∆ u xegr , and ∆ u xvgt ,
may be present in the system. If also the detection signals d 2 , d 3 , d 4 , d 5 , d 7 , and d 8 , are
non-zero, it is concluded that either of the faults ∆ y pim , ∆ y pamb , and ∆ u xvgt , may be present.
This is in accordance with standard consistency-based diagnosis, see, e.g., de Kleer and
Williams (1987); Reiter (1987); Greiner et al. (1989).

6 Experimental Evaluation
This section presents an experimental evaluation of the designed FDI-system. The
evaluation consists of two parts, with different purposes. The first part, presented in
Section 6.1, focus on the fault detection performance of the individual residual generators
and residual evaluators, whereas the second part, presented in Section 6.2, focus on the
detection and isolation performance of the complete FDI-system.

6.1 Fault Detection Performance

The purpose of this part of the evaluation is to investigate the fault detection performance
of the individual fault detection tests, comprised of the residual generators along with
their corresponding residual evaluators.

Metrics
The fault detection performance is studied by means of the statistical power of the fault
detection tests, for different sizes of the considered faults in Table 2. To quantify the
power of a test, the power function (Casella and Berger, 2001) will be used. In this context,
the power function for the fault detection test (3) for residual r i is defined as

β i (δ) = Pr (d i = 1∣δ) = Pr (λ i (R i ) > J i ∣δ) , (7)

6. Experimental Evaluation 191

where λ i is the test statistic, R i a set of samples from residual r i , J i is the detection
threshold, and δ is a fixed fault size. In the no-fault case, i.e., when δ corresponds to a
fault of size zero, the power function (7) gives the probability of false detection, or Type
I error (Casella and Berger, 2001). Otherwise, the power function gives the probability
of detection for fixed δ, or equivalently the probability of missed detection or Type II
error, by 1 − β i (δ).
In order to obtain a scalar metric for the detection performance of a specific detection
test with respect to a set D of different fault sizes, the quantity
1
∑ β i (δ) , (8)
∣D∣ δ∈D

will also be considered, where β i (δ) is the power function for detection test i. The
quantity (8) in some sense reflects the average detection performance of the detection
test. It may be noted that for an ideal test, i.e., whose probability for detection is one for
all fault sizes, the quantity (8) is equal to one.

Setup
In total 5 data sets were used in the evaluation. The data is not the same as the data
described in Section 5. Each data set contains measurements collected during a drive
on the Swedish west coast. The data sets contain measurements from in total approxi-
mately 2.5 hours of driving, and includes both high-way and city driving under different
conditions.
The considered fault type is gain fault. In the case of for example sensor fault ∆ y pamb ,
this means that the sensor signal y pamb fed to the residual generators is y pamb = δ ⋅ pamb
where δ ≠ 1 indicates a fault. The gain faults were implemented off-line by modification
of the corresponding sensor or actuator measurement signals.

Behaviors of Residuals and Test Statistics

Before presenting quantitative results by means of the metrics (7) and (8) some qualitative
results are presented in order to provide some insight of the properties of the residuals
and test statistics on which the fault detection tests are based.
Figure 9 shows the residuals r 1 , r 2 , . . . , r 8 and test statistics λ 1 , λ 2 , . . . , λ 8 when fault
∆ y pic of size δ = 1.2 is abruptly injected at time t = 700 s. Figure 10 shows the residuals
and test statistics when fault ∆ u xth of size δ = 0.3 is injected at time t = 700 s.
First of all, it is noted that the residuals in Figures 9a and 10a are all non-zero in both
the no-fault and fault cases. In addition, all residuals exhibit non-stationary behaviors.
It is clear that a conventional residual evaluation approach by means of for example
constant thresholding would not be sufficient for these residuals. Moreover, consider
for instance residual r 5 in Figure 10a whose response to the fault is quite subtle, in the
sense that the behavior of the residual before and after the fault injection is similar.
Nevertheless, the test statistic λ 5 clearly indicates the presence of a fault.
According to the FSM in Table 3, residuals r 1 and r 8 may be sensitive to fault ∆ y pic .
This is hard to deduce from Figure 9a, but evident in Figure 9b since all test statics but λ 1
192 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

Table 7: Averaged Power for all Tests and all Faults.

∆ y pamb

∆ y Tamb

∆ u xegr
∆ y pem

∆ u xvgt
∆ y pim

∆ y Tim

∆ u xth
∆ y pic
T1 .01 .03 0 .17 .18 .74 .01 .05 .11 .22
T2 .38 .06 .62 .32 .01 .38 .09 .01 .11 .28
T3 .07 .05 .75 .40 .07 .25 .06 .01 .16 .23
T4 .01 0 .83 .47 .02 0 .11 0 .02 .49
T5 .01 0 .75 .53 .12 .44 .16 .01 0 .41
T6 .09 .10 .81 .01 .40 .86 .11 .06 .34 .35
T7 .01 .04 0 .19 .13 .39 .01 .07 .12 .16
T8 .65 .41 .02 .45 .59 .84 .12 .05 .33 .43
.31 .12 .76 .36 .26 .56 .11 .07 .20

and λ 8 respond clearly to the injected fault. However, the test statistic λ 7 do not cross the
detection threshold. It is noted that this indeed corresponds to a typical situation and is
taken into account in the fault isolation scheme, see Section 5.3. It may be noted that a
traditional column matching approach (Gertler, 1998) not is sufficient for this, typical,
case.
For the fault ∆ u xth , Table 3 states that residuals r 1 and r 7 should not be sensitive
to the fault. Again, this is hard to tell from Figure 10a but Figure 10b clearly shows
that test statistics λ 1 and λ 7 do not respond to the fault. As also seen in Figure 10b,
the response from the test statistic λ 3 is weak and it only barely crosses the detection
threshold. The responses from test statistics λ 2 and λ 8 are even weaker and they do not
cross the detection thresholds at all. This issue will be further discussed in Sections 6.1
and 6.2.

Results and Comments

Table 7 shows the quantity (8) for the fault detection test based on the residual evaluators
T1 , T2 , . . . , T8 and all faults in Table 2. Entries close to zero, specifically ≤ 0.02, have been
marked bold. The right most column gives the average of each row, with the bold entries
removed, and the same holds for the last row, but instead for the columns. Figure 11
explicitly shows the estimated power functions β 1 , β 2 , . . . , β 8 for the faults ∆ y pic and
∆ u xth . The power functions were estimated by means of the fraction of samples for which
the corresponding test alarmed, i.e., where d i = 1.
As seen in both Figure 11 and Table 7, the powers of all tests are not ideal for all faults
and all fault sizes. For example, some tests, e.g., T2 , respond only to sizes δ > 1 for some
faults, and only to sizes δ < 1 for other faults. However, for instance fault ∆ y pic result in
nice test power for almost all tests.
By considering the right most column in Table 7, it can be deduced that the average
fault detection performances for all tests are comparable, but that tests T4 , T5 , T6 , and
T8 , seem to be slightly better than the other tests. By considering the last row in Table 7,
it can be deduced that the pressure sensor faults, ∆ y pic , ∆ y pim , and ∆ y pem , seem to result
6. Experimental Evaluation 193

4
x 10
15
2000
10
r1

5 1500

λ1
0 1000

660 680 700 720 740 760 780 800 500

660 680 700 720 740 760 780 800

0.2 2500
0 2000
r2

−0.2

λ2
1500
−0.4
1000
660 680 700 720 740 760 780 800 500
5
x 10 660 680 700 720 740 760 780 800

0 3000
r3

λ3
−5 2000

−10 1000
660 680 700 720 740 760 780 800
4
x 10 660 680 700 720 740 760 780 800

15000
0
−1
r4

10000
λ4

−2
−3 5000

660 680 700 720 740 760 780 800

4 660 680 700 720 740 760 780 800
x 10

0 2500
2000
−2
r5

λ5

1500
−4 1000
500
660 680 700 720 740 760 780 800
4 660 680 700 720 740 760 780 800
x 10

2500
10 2000
r6

λ6

5 1500
0 1000
500
660 680 700 720 740 760 780 800
660 680 700 720 740 760 780 800
4
x 10
2000
10 1500
λ7
r7

5 1000
0 500
660 680 700 720 740 760 780 800 660 680 700 720 740 760 780 800
4
x 10 800

2 600
λ8

1
r8

400
0
200
−1

660 680 700 720 740 760 780 800 660 680 700 720 740 760 780 800

Time [s] Time [s]

(a) Residuals (b) Test Statistics

Figure 9: Residuals r 1 , r 2 , . . . , r 8 and test statistics λ 1 , λ 2 , . . . , λ 8 when fault ∆ y pic is in-

jected at time t = 700 s.
194 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

4
x 10

15 2000

10 1500
r1

λ1
5
1000
0
660 680 700 720 740 760 780 800 500
660 680 700 720 740 760 780 800

1400
0.2 1200
1000
r2

λ2
800
600
−0.2 400
200
660 680 700 720 740 760 780 800
5 660 680 700 720 740 760 780 800
x 10
4 1400
1200
2 1000
r3

λ3
800
0
600
−2 400
660 680 700 720 740 760 780 800 200
4 660 680 700 720 740 760 780 800
x 10

6 3000
4
2000
r4

λ4

2
0 1000

660 680 700 720 740 760 780 800

4 660 680 700 720 740 760 780 800
x 10

5 1500
0
λ5
r5

1000
−5
−10 500

660 680 700 720 740 760 780 800

660 680 700 720 740 760 780 800
4
x 10
2000
15
1500
λ6

10
r6

1000
5
500
0
660 680 700 720 740 760 780 800
660 680 700 720 740 760 780 800
4
x 10
2000
15
1500
λ7

10
r7

1000
5
500
0
660 680 700 720 740 760 780 800 660 680 700 720 740 760 780 800
4
x 10 800
6
600
4
λ8

2
r8

400
0
−2 200

660 680 700 720 740 760 780 800 660 680 700 720 740 760 780 800

Time [s] Time [s]

(a) Residuals (b) Test Statistics

Figure 10: Residuals r 1 , r 2 , . . . , r 8 and test statistics λ 1 , λ 2 , . . . , λ 8 when fault ∆ u xth is

injected at time t = 700 s.
6. Experimental Evaluation 195

1 1 1 1

β1 (δ)

β2 (δ)
β1 (δ)

β2 (δ)
0.5 0.5 0.5 0.5
0 0 0 0
0.8 1 1.2 0.8 1 1.2 0.5 1 1.5 0.5 1 1.5
1 1 1 1

β3 (δ)

β4 (δ)
β3 (δ)

β4 (δ)
0.5 0.5 0.5 0.5
0 0 0 0
0.8 1 1.2 0.8 1 1.2 0.5 1 1.5 0.5 1 1.5
1 1 1 1

β5 (δ)

β6 (δ)
β5 (δ)

0.5 β6 (δ) 0.5 0.5 0.5

0 0 0 0
0.8 1 1.2 0.8 1 1.2 0.5 1 1.5 0.5 1 1.5
1 1 1 1

β7 (δ)

β8 (δ)
β7 (δ)

β8 (δ)

0.5 0.5 0.5 0.5

0 0 0 0
0.8 1 1.2 0.8 1 1.2 0.5 1 1.5 0.5 1 1.5
Fault Size δ Fault Size δ Fault Size δ Fault Size δ
(a) Fault ∆ y pic (b) Fault ∆ u xth

Figure 11: Power functions β i (δ), i = 1, 2, . . . , 8, for faults ∆ y pic and ∆ u xth .

in best overall averaged test power than all other faults. Faults ∆ y Tamb , ∆ u xth , and ∆ u xegr ,
result in quite poor test power in comparison. This can also be seen in Figure 11.
The correspondence between the FSM in Table 3 and the averaged test powers in
Table 7 when it comes to non-sensitive residual generators is good, in the sense that an
empty entry in Table 3 always corresponds to a zero, or almost zero, entry in Table 7.
However, the converse is not always true, since there are zero, or almost zero, entries in
Table 7 where there are an “x” in Table 3. In particular, this holds for faults ∆ y pamb and
∆ u xvgt . According to Table 3, all residual generators may be sensitive to faults ∆ y pamb and
∆ u xvgt . However, as indicated by Table 7, all tests do not respond to these faults.

6.2 Performance of FDI-System

The aim of this part of the evaluation is to investigate the detection and isolation perfor-
mance of the complete FDI-system.

Metrics
To this end, the following metrics are considered.

Detection Time (DT): Time from fault injection to first detection by any test that may
be sensitive to the fault.

Isolation Time (IT): Time from fault injection to first correct fault isolation statement.

Missed Detection Rate (MDR): The fraction of test runs for which the injected fault
not is detected by any of the tests that may be sensitive to the fault.

Missed Isolation Rate (MIR): The fraction of test runs for which a correct fault isola-
tion statement not is obtained.
196 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

Table 8: Fault Specifications.

Fault Specification
∆ y pamb y pamb = 0.5 ⋅ pamb
∆ y Tamb y Tamb = 1.3 ⋅ Tamb
∆ y pic y pic = 1.2 ⋅ pic
∆ y pim y pim = 0.9 ⋅ pim
∆ y Tim y Tim = 0.7 ⋅ Tim
∆ y pem y pem = 0.8 ⋅ pem
∆ u xth u xth = 0.3 ⋅ u xth
∆ u xegr u xegr = 0.4 ⋅ u xegr
∆ u xvgt u xvgt = 0.5 ⋅ u xvgt

False Detection Rate (FDR): The fraction of samples for which the injected fault is
detected by a test that should not be sensitive to the fault, or a fault is detected by
any test in a no-fault condition.
Note that all metrics are defined with respect to the complete FDI-system, and not
in the context of the individual tests. This means, for instance, that a run in which where
only one out of several sensitive tests responds, not will be regarded as a missed detection.
A situation where only one out of several possible tests responds falsely, will on the
other hand be counted as a false detection. Also note that missed detections and missed
isolations are counted on test run basis, whereas false detections are counted on sample
basis.
Moreover, note that with a correct fault isolation statement it is meant an isolation
statement in accordance with the isolability matrix in Table 4. That is, when fault ∆ y pamb
has occurred, the correct fault isolability statement is that either of the faults ∆ y pamb or
∆ u xvgt has occurred.

Setup
In total 12 different data sets were used in this part of the evaluation. As in the previous
study, the data sets contain measurements from drives with both high-way and city parts
under different conditions. Each fault specified in Table 8 was injected abruptly after
a fixed time one at a time in each of the 12 data sets. This means that there were in
total 12 test runs per fault. The sizes of the faults as specified in Table 8 were chosen in
consultation with experienced engineers in order to be realistic for the considered diesel
engine.

Results and Comments

Table 9 gives the mean, minimum, and maximum, detection time (DT), mean, mini-
mum, and maximum, isolation time (IT), as well as the missed detection rate (MDR),
missed isolation rate (MIR), and false detection rate (FDR), for all considered faults. The
detection times and isolation times are given in seconds.
6. Experimental Evaluation 197

Table 9: Results

∆ y pamb

∆ y Tamb

∆ u xegr
∆ y pem

∆ u xvgt
∆ y pim

∆ y Tim

∆ u xth
∆ y pic
Mean 49.1 78.4 33.2 41.1 86.5 39.2 66.5 75.0 90.9
DT Min 5.0 2.3 18.7 18.7 4.8 11.9 9.4 2.9 6.1
Max 83.6 35.9 72.5 115.0 290.5 61.3 166.8 116.9 144.3
Mean - - 221.0 149.0 - 523.0 308.8 - -
IT Min - - 97.0 96.6 - 261.4 227.2 - -
Max - - 437.9 223.8 - 784.7 369.5 - -
MDR 0 0 0 0 0 0 0 0 0
MIR 1 1 0.75 0.67 1 0.83 0.75 1 1
FDR 0.043 0.076 0.057 0.067 0.043 0.049 0.056 0.051 0.043

First of all, it can in Table 9 be noted that all faults can be detected within reasonable
time, meaning that there were no missed detections. As seen, however, ideal isolation
statements were not obtained for all faults. Nevertheless, the injected fault was contained
in each of the obtained isolation statement. The occurrence of missed isolations can be
explained by the fact that the FSM in Table 3 used in the isolation scheme, see Section 5.3,
does not completely reflect the fault sensitivity of the tests in the FDI-system. This was
illustrated in Figures 9b and 10b and will be further considered in next section.
It is evident from Table 9 that the conclusion in Section 6.1 regarding the ability to
detect the pressure sensor faults ∆ y pic , ∆ y pim , and ∆ y pem in a reliable way, is supported
by Table 9. All of these faults result in comparatively short detection times, low rates of
false detections, and can in addition be isolated to a higher extent than the other faults.
The same holds for the conclusions in Section 6.1 regarding the faults ∆ y Tamb and ∆ u xegr ,
which according to Table 9 results in longer detection times, and higher rates of false
detection.
The absolute values of the metrics in Table 9 depend mainly on the value of the
detection thresholds. The higher the detection thresholds, the lower the rate of false
detection, the higher the rate of missed detection, and the longer the detection and
isolation times, and vice versa. In addition, as said in Section 5.2, the detection and
isolation times is affected by the size of the sliding windows used to collect samples for
the residual evaluation.

6.3 Final Tuning

Until now, no specific tuning of the FDI-system has been performed. In this section it
is illustrated how the FDI-system can be tuned in order to give lower rates of missed
isolation for all faults.
As said in Section 6.2, the missed isolations is a direct consequence of the mismatch
between the fault sensitivity as specified by the FSM used in the isolation process, and the
actual fault sensitivity. There are at least two approaches for solving this issue. The first
approach is to lower the detection thresholds. This would obviously resolve situations
198 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

Table 10: Adjusted Fault Signature Matrix.

∆ y pamb

∆ y Tamb

∆ u xegr
∆ y pem

∆ u xvgt
∆ y pim

∆ y Tim

∆ u xth
∆ y pic
T1 x x x x x x
T2 x x x x x x x
T3 x x x x x x x x
T4 x x x
T5 x x x x x
T6 x x x x x x x x
T7 x x x x x x
T8 x x x x x x x x

similar as those depicted in Figures 9b and 10b, where a test responds but the response
not is sufficient in order for the test statistic to cross the threshold. However, this would
also increase the amount of false detections. In addition, the situation where a test do
not respond at all to a fault, is not handled.
The second approach is to instead adjust the FSM so that it indeed represent the actual
fault sensitivity of the tests. This can for example be done by exploiting the averaged
test powers in Table 7. The benefit with this approach is that, in addition, the detection
thresholds can be adjusted in order to achieve desired detection times, and desired
rates of false and missed detections. The main drawback is that it may affect the overall
detectability and isolability properties of the FDI-system, due to additional zeros in the
adjusted FSM. See (Krysander, 2006, Chapter 11) for a more general treatment of this
issue. Moreover, it should be noted that the adjustment of the FSM typically relies on
estimated test power, which strongly depends on the features of the available data.

Results
Both approaches were applied. However, the first approach did not give satisfactory
results. Despite detection thresholds resulting in fault detection rates in the magnitude
of 30-40 %, the resulting missed isolation rates were not lower for all faults.
Using the second approach, the averaged powers of the residual evaluation tests as
given in Table 7 were used in order to adjust the entries of the FSM in Table 3. Specifically,
each “x” in the FSM in Table 3 was removed if the corresponding entry in Table 7 was
lower than 0.02. The removed entries are marked with bold in Table 7. The adjusted
FSM, now for residual evaluators instead of the residual generators, is given in Table 10.
The resulting isolability matrix is shown in Table 11, which should be compared with
the original isolability matrix given in Table 4. It can be noted that the isolability in fact
has increased in the sense that a larger fraction of the diagnosis requirement F in (5) is
fulfilled. Specifically, 58 of the 72 fault pairs in F can now be isolated from each other, in
comparison with 56 before.
Results in accordance with Table 9 are given for the FDI-system with the adjusted
FSM in Table 12. The same detection thresholds and data were used as in the evaluation
7. Conclusions 199

Table 11: Isolability Matrix based on Adjusted Fault Signature Matrix.

∆ y pamb

∆ y Tamb

∆ u xegr
∆ y pem

∆ u xvgt
∆ y pim

∆ y Tim

∆ u xth
∆ y pic
∆ y pamb x x x x x
∆ y Tamb x x x
∆ y pic x x
∆ y pim x
∆ y Tim x x
∆ y pem x
∆ u xth x
∆ u xegr x x x x x
∆ u xvgt x x x

Table 12: Results with Adjusted Fault Signature Matrix.

∆ y pamb

∆ y Tamb

∆ u xegr
∆ y pem

∆ u xvgt
∆ y pim

∆ y Tim

∆ u xth
∆ y pic

Mean 48.1 82.9 33.2 41.1 87.0 39.2 66.5 77.8 90.7
DT Min 5.0 2.3 18.7 18.7 4.8 11.9 9.4 2.9 6.1
Max 83.6 35.9 72.5 115.0 290.5 61.3 166.8 116.9 144.3
Mean 168.7 228.6 47.2 148.0 142.7 190.4 246.8 315.7 430.5
IT Min 45.5 173.3 28.5 96.6 142.7 57.1 62.0 5.3 129.8
Max 346.3 283.2 94.0 223.8 142.7 784.7 329.6 545.8 612.8
MDR 0 0 0 0 0 0 0 0 0
MIR 0.42 0.75 0 0.58 0.83 0.25 0.42 0.67 0.67
FDR 0.11 0.082 0.064 0.067 0.053 0.049 0.056 0.063 0.069

presented in Table 9.
It can be seen in Table 12 that the missed isolation rate (MIR) is lower for all faults,
in comparison with Table 9. In addition, the isolation times are lower for all faults, and
for some faults, e.g., ∆ y pic , the difference is significant. Furthermore, the detection times
are identical, or comparable, with those given in Table 9. It may be noted that there is
a slight increase in false detection rate. This is a direct consequence of the additional
empty entries in the adjusted FSM shown in Table 10. Every detection of a fault by a
test whose corresponding entry in Table 10 has been removed, now counts as a false
detection.

7 Conclusions
It has been illustrated how an FDI-system for an automotive diesel engine can be de-
signed by application of a generic automated design methodology. No specific adaption
200 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

of the methodology to the automotive diesel engine system was made. Through the appli-
cation, it has been empirically shown that employment of mixed causality substantially
increased the number of realizable residual generators. Foremost, this leads to increased
fault isolability as is evident by comparison of Tables 4 and 6. Moreover, it has been
demonstrated how model errors of time-varying nature and magnitude can be handled
in the framework of statistical likelihood-based residual evaluation. Illustrations are
given in Figures 9 and 10.
The FDI-system, and thus the potential of the automated design methodology, has
been evaluated using road and test-bed measurements. The overall performance of the
FDI-system is good in comparison with the required design effort. The fault sensitivities
of the individual fault detection tests have been investigated by means of the estimated
averaged test power (8). It was concluded that the fault sensitivity indicated in the FSM
in Table 3, not fully corresponded to the fault sensitivity as given by the averaged test
powers shown in Table 7. Specifically, this results in high missed isolation rates. It has
been illustrated that an adjustment of the original FSM by utilization of the averaged
test powers, resulting in the adjusted FSM in Table 10, gives an FDI-system capable
of isolating more faults from each other, as can be seen by a comparison of Tables 11
and 4. In addition, this also resulted in increased fault isolation performance, in terms of
substantially lower missed isolation rater and lower isolation times, in comparison with
the original FSM, which can be seen by a comparison of Tables 12 and 9.

Acknowledgment
This work was sponsored by Scania and VINNOVA (Swedish Governmental Agency for
Innovation Systems).

A Model Equations

Ra Tim
e1 ∶ ṗic = (Wc − Wth )
Vic
Ra Tim
e2 ∶ ṗim = (Wth + Wegr − Wei )
Vim
Re Tem Re
e3 ∶ ṗem = (Weo − Wegr − Wt ) + (Win cve (Tem,in − Tem )
Vem Vem cve
+ Re (Tem,in Win − Tem Wout ))
Re Tem
e4 ∶ Ṫem = (Win cve (Tem,in − Tem ) + Re (Tem,in Win − Tem Wout ))
pem Vem cve
e5 ∶ Win = max(Weo , 0) + max(−Wegr , 0) + max(−Wt , 0)
e6 ∶ Wout = max(−Weo , 0) + max(Wegr , 0) + max(Wt , 0)
pic Ath,max γth
e7 ∶ Wth = √ Ψ (Πth ) fth (xth )
Tim Ra th
A. Model Equations 201

e8 ∶ Πth = f Πth (pim , pic )

ηvol pim ne Vd
e9 ∶ Wei =
120Ra Tim
p 1/γ e
rc − ( pem )
+ cvol2 Wf2 + cvol3 Wf + cvol4
im
e 10 ∶ ηvol = cvol1
rc − 1
10−6
e 11 ∶ Wf = δne n c y l
120
e 12 ∶ Weo = Wf + Wei
q HV f Te Wf (Wf ) f Te ne (ne )
e 13 ∶ Te = Tim +
cpe Weo
h tot πd pi pe l pi pe n pi pe
e 14 ∶ Tem,in = Tamb + (Te − Tamb ) exp(− )
Weo cpe
e 15 ∶ Wegr = f Wegr (pim , pem , Tem , xegr )
Pt η m − Pc
e 16 ∶ ω̇t =
Jt ωt
1−1/γ e
e 17 ∶ Pt ηm = ηtm Wt cpe Tem (1 − Πt )
e 18 ∶ ηtm = ηtm,BSR (BSR)ηtm,ωt (ωt )ηtm,xvgt (xvgt )
Rt ωt
e 19 ∶ BSR = √
1−1/γ
2cpe Tem (1 − Πt e )
pt
e 20 ∶ Πt =
pem
Avgt,max pem
e 21 ∶ Wt = √ f Πt (Πt ) f ωt (ωt,corr ) fvgt (xvgt )
Tem Re
ωt
e 22 ∶ ω t,corr = √
100 Tem
Wc c pa Tbc 1−1/γ
e 23 ∶ Pc = (Πc a − 1)
ηc
pic
e 24 ∶ Πc =
pbc
e 25 ∶ ηc = η c,W (Wc,corr , Πc )η c,Π (Πc )
√
(Tbc /Tref )
e 26 ∶ Wc,corr = √ Wc
(pbc /pref )
pbc πRc3 ωt
e 27 ∶ Wc = Φc
Ra Tbc
k c1 − k c3 Ψc
e 28 ∶ Φc =
k c2 − Ψc
202 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

2
e 29 ∶ k c1 = k c11 (min(Ma, Ma max )) + k c12 min(Ma, Ma max ) + k c13
2
e 30 ∶ k c2 = k c21 (min(Ma, Ma max )) + k c22 min(Ma, Ma max ) + k c23
2
e 31 ∶ k c3 = k c31 (min(Ma, Ma max )) + k c32 min(Ma, Ma max ) + k c33
Rc ωt
e 32 ∶ Ma = √
γa Ra Tbc
1−1/γ a
2c pa Tbc (Πc − 1)
e 33 ∶ Ψc =
Rc2 ωt2
e 34 ∶ pbc = pamb
e 35 ∶ Tbc = Tamb
e 36 ∶ y pamb = pamb + ∆ y pamb
e 37 ∶ y Tamb = Tamb + ∆ y Tamb
e 38 ∶ y pic = pic + ∆ y pic
e 39 ∶ y pim = pim + ∆ y pim
e 40 ∶ y Tim = Tim + ∆ y Tim
e 41 ∶ y pem = pem + ∆ y pem
e 42 ∶ u xth = xth + ∆ u xth
e 43 ∶ u xegr = xegr + ∆ u xegr
e 44 ∶ u xvgt = xvgt + ∆ u xvgt
e 45 ∶ uδ = δ
e 46 ∶ y n e = ne
References 203

References
I. M. Al-Salami, S. X. Ding, and P. Zhang. Statistical based residual evaluation for
fault detection in networked control systems. In Proceedings of Workshop on Advances
Control and Diagnosis, Nancy, France, November 2006. Nancy University.

M. Basseville and I. V. Nikiforov. Detection of Abrupt Changes - Theory and Application.

Prentice-Hall, 1993.

M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki. Diagnosis and Fault-Tolerant

Control. Springer, second edition, 2006.

M. R. Blas and M. Blanke. Stereo vision with texture learning for fault-tolerant automatic
baling. Computers and Electronics in Agriculture, 75(1):159 – 68, 2011.

California EPA. Sections 1971.1, 1968.2, and 1971.5 of title 13, cal-
ifornia code of regulations: HD OBD and OBD II regulations.
http://www.arb.ca.gov/msprog/obdprog/hdobdreg.htm, 2010. California Envi-
ronmental Protection Agency, Air Resources Board.

G. Casella and R. L. Berger. Statistical Inference. Duxbury Press, second edition, 2001.

J. P. Cassar and M. Staroswiecki. A structural approach for the design of failure detection
and identification systems. In Proceedings of IFAC Control Ind. Syst., pages 841–846,
Belfort, France, 1997.

V. Cocquempot, R. Izadi-Zamanabadi, M. Staroswiecki, and M. Blanke. Residual

generation for the ship benchmark using structural approach. In Proceedings of the
UKACC International Conference on Control ’98, pages 1480–1485, September 1998.

J. de Kleer and B. C Williams. Diagnosing multiple faults. Artificial Intelligence, 32(1):

97–130, 1987.

D. Dustegor, V. Cocquempot, and M. Staroswiecki. Structural analysis for residual

generation: Towards implementation. In Proceedings of the 2004 IEEE Inter. Conf. on
Control App., pages 1217–1222, 2004.

European Parliament. Regulation No 595/2009 of the european parliament and of the

council of 18 june 2009 on type-approval of motor vehicles and engines with respect
to emissions from heavy duty vehicles (Euro VI) and on access to vehicle repair and
maintenance information and amending Regulation (EC) No 715/2007 and Directive
2007/46/EC and repealing Directives 80/1269/EEC, 2005/55/EC and 2005/78/EC, 2009.
European Parliament and the Council of the European Union.

P. Fogh Odgaard, J. Stoustrup, and M. Kinnaert. Fault tolerant control of wind turbines
- a benchmark model. In Proceedings of the 7th IFAC Symposium on Fault Detection,
Supervision and Safety of Technical Processes, pages 155–160, Barcelona, Spain, 2009.

J. Gertler. Fault Detection and Diagnosis in Engineering Systems. Marcel Dekker, 1998.
204 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

R. Greiner, B. A. Smith, and R. W. Wilkerson. A correction to the algorithm in reiter’s

theory of diagnosis. Artificial Intelligence, 41:79–88, 1989.
E. Höckerdal, E. Frisk, and L. Eriksson. EKF-based adaptation of look-up tables with
an air mass-flow sensor application. Control Engineering Practice, 19(5):442–453, 2011a.
E. Höckerdal, E. Frisk, and L. Eriksson. Bias reduction in DAE estimators by model
augmentation: Observability analysis and experimental evaluation. In 50th IEEE
Conference on Decision and Control, Orlando, Florida, USA, 2011b.
R. Izadi-Zamanabadi. Structural analysis approach to fault fiagnosis with application
to fixed-wing aircraft motion. In Proceedings of the 2002 American Control Conference,
volume 5, pages 3949–3954, 2002.
M. Krysander. Design and Analysis of Diagnosis Systems Using Structural Methods. PhD
thesis, Linköpings universitet, June 2006.
M. Krysander, J. Åslund, and M. Nyberg. An efficient algorithm for finding minimal
over-constrained sub-systems for model-based diagnosis. IEEE Trans. on Systems, Man,
and Cybernetics – Part A: Systems and Humans, 38(1):197–206, 2008.
S. Kullback and R. A. Leibler. On information and sufficiency. Annals of Mathematical
Statistics, 22(1):79–86, 1951.
S. P. Lloyd. Least squares quantization in pcm. IEEE Transactions on Information
Theory, 28(2):129–137, 1982.
J. B. MacQueen. Some methods for classification and analysis of multivariate ob-
servations. In Proceedings of 5th Berkeley Symposium on Mathematical Statistics and
Probability, pages 281–297. University of California Press, 1967.
J. Mattingley and S. Boyd. Real-time convex optimization in signal processing. IEEE
Signal Processing Magazine, 27(3):50–61, May 2010.
J. Mattingley and S. Boyd. CVXGEN: a code generator for embedded convex optimiza-
tion. Optimization and Engineering, 13(1):1–27, 2012.
M. Nyberg. Automatic design of diagnosis systems with application to an automotive
engine. Control Engineering Practice, 87(8):993–1005, 1999.
M. Nyberg and M. Krysander. Statistical properties and design criterions for AI-based
fault isolation. In Proceedings of the 17th IFAC World Congress, pages 7356–7362, Seoul,
Korea, 2008.
M. Nyberg and T. Stutte. Model based diagnosis of the air path of an automotive diesel
engine. Control Engineering Practice, 12(5):513 – 525, 2004.
Y. Peng, A. Youssouf, P. Arte, and M. Kinnaert. A complete procedure for residual
generation and evaluation with application to a heat exchanger. IEEE Transactions on
Control Systems Technology, 5(6):542 – 555, 1997.
References 205

S. Ploix, M. Desinde, and S. Touaf. Automatic design of detection tests in complex

dynamic systems. In Proceedings of 16th IFAC World Congress, Prague, Czech Republic,
2005.
B. Pulido and C. Alonso-González. Possible conflicts: a compilation technique for
consistency-based diagnosis. "IEEE Trans. on Systems, Man, and Cybernetics. Part B:
Cybernetics", Special Issue on Diagnosis of Complex Systems, 34(5):2192–2206, 2004.
R. Reiter. A theory of diagnosis from first principles. Artificial Intelligence, 32:57–95,
1987.
M. Staroswiecki. Fault Diagnosis and Fault Tolerant Control, chapter Structural Analysis
for Fault Detection and Isolation and for Fault Tolerant Control. Encyclopedia of Life
Support Systems, Eolss Publishers, Oxford, UK, 2002.
M. Staroswiecki and P. Declerck. Analytical redundancy in non-linear interconnected
systems by means of structural analysis. In Proceedings of IFAC AIPAC’89, pages 51–55,
Nancy, France, 1989.
C. Svärd and M. Nyberg. Residual generators for fault diagnosis using computation
sequences with mixed causality applied to automotive systems. IEEE Transactions on
Systems, Man and Cybernetics, Part A: Systems and Humans, 40(6):1310–1328, 2010.
C. Svärd and M. Nyberg. Automated design of an FDI-system for the wind turbine
benchmark. Journal of Control Science and Engineering, vol. 2012, 2012. Article ID
989873, 13 pages.
L. Travé-Massuyès, T. Escobet, and X. Olive. Diagnosability analysis based on
component-supported analytical redundancy. IEEE Trans. on Systems, Man, and Cyber-
netics – Part A: Systems and Humans, 36(6):1146–1160, November 2006.
United Nations. Regulation no. 49: Uniform provisions concerning the measures to
be taken against the emission of gaseous and particulate pollutants from compres-
sionignition engines for use in vehicles, and the emission of gaseous pollutants from
positive-ignition engines fuelled with natural gas or liquefied petroleum gas for use in
vehicles, 2008. ECE-R49.
United States EPA. 40 CFR Part 86, 89, et al: Control of air pollu-
tion from new motor vehicles and new motor vehicle engines; final rule.
http://www.epa.gov/obd/regtech/heavy.htm, 2009. United States Environmental Pro-
tection Agency.
O. Vainio, M. Renfors, and T. Saramaki. Recursive implementation of fir differen-
tiators with optimum noise attenuation. IEEE Transactions on Instrumentation and
Measurement, 46(5):1202 –11207, oct 1997.
J. Wahlström and L. Eriksson. Modeling diesel engines with a variable-geometry
turbocharger and exhaust gas recirculation by optimization of model parameters for
capturing non-linear system dynamics. Proceedings of the Institution of Mechanical
Engineers, Part D: Journal of Automobile Engineering, 225(7), July 2011.
206 Paper D. Automotive Engine FDI by Application of an Automated Design . . .

X. Wei, H. Liu, and Y. Qin. Fault diagnosis of rail vehicle suspension systems by using
glrt. In Control and Decision Conference (CCDC), 2011 Chinese, pages 1932 –1936, may
2011.
A. Willsky and H. Jones. A generalized likelihood ratio approach to the detection and
estimation of jumps in linear systems. IEEE Transactions on Automatic Control, 21(1):
108 – 112, 1976.
 Paper E

Automated Design of an FDI-System for the

Wind Turbine Benchmark☆

☆ Published in Journal of Control Science and Engineering, Volume 2012, Article ID

989873, 13 pages, 2012.

207
Automated Design of an FDI-System for the
Wind Turbine Benchmark

Carl Svärd and Mattias Nyberg

Vehicular Systems, Department of Electrical Engineering,

Linköping University, SE-581 83 Linköping, Sweden.

Abstract

We propose an FDI-system for the wind turbine benchmark designed by appli-

cation of a generic automated method. No specific adaptation of the method
for the wind turbine benchmark is needed, and the number of required human
decisions, assumptions, as well as parameter choices, is minimized. The method
contains in essence three steps: generation of candidate residual generators,
residual generator selection, and diagnostic test construction. The proposed
FDI-system performs well in spite of no specific adaptation or tuning to the
benchmark. All faults in the pre-defined test sequence can be detected and all
faults, except a double fault, can also be isolated shortly thereafter. In addition,
there are no false or missed detections.

209
210 Paper E. Automated Design of an FDI-System . . .

1 Introduction
Wind turbines stand for a growing part of power production. The demands for reliability
are high, since wind turbines are expensive and their off-time should be minimized. One
potential way to meet the reliability demands is to adopt fault tolerant control (FTC),
i.e., prevent faults from developing into failures by taking appropriate actions. A typical
action is reconfiguration of the control system. An essential part of an FTC-system is
the fault detection and isolation (FDI) system, see, e.g., Blanke et al. (2006). To obtain
good detection and isolation of faults, model-based FDI is often necessary.
Design of a complete model-based FDI-system is a complex task and involves by
necessity several decisions, for example, method choices, tuning of parameters, and
assumptions regarding noise distributions and the nature of the faults to be diagnosed. In
general, an optimal solution requires detailed knowledge of the behavior of the considered
system, something that is rarely available for real applications. In this paper, inspired
by work with real industrial applications, we propose an automated design method that
minimizes the number of required human decisions and assumptions. Furthermore, we
investigate the potential of designing an FDI-system for the wind turbine benchmark,
see Fogh Odgaard et al. (2009), using this automated method.
The design method is composed of three main steps. In the first step, a large set of
candidate residual generators are generated using the algorithm described in Krysander
et al. (2008). In the second step, the residual generators most suitable to be included in
the final FDI-system are selected and realized by means of a greedy selection algorithm,
based on ideas elaborated in Svärd et al. (2011). The realization, or construction, of
residual generators is done by use of the algorithms presented in Svärd and Nyberg
(2010). In the third and final step, we design diagnostic tests based on the residuals
obtained as output from the selected set of residual generators. The diagnostic tests
relies on a novel methodology based on a comparison of the probability distributions of
no-fault residuals, estimated offline using no-fault training data, and the distributions of
residuals estimated online using current data.
As it turns out, the proposed FDI-system performs well when evaluated on the test
sequence described in Fogh Odgaard et al. (2009). A tailor-made FDI-system perfectly
tuned for the wind turbine benchmark would probably perform better than the one
we propose. However, in relation to the minimal effort required for application of the
automated design method, and in spite of no extra tuning or specific adaptation to
the benchmark, the performance of the FDI-system is satisfactory; all faults in the test
sequence can be detected within feasible time, and there are no false or missed detections.
Further, all faults, except a double fault, can also be isolated.
The wind turbine benchmark model and the strategy used for modeling of faults,
are described in Section 2. Section 3 presents an overview of the design method. The
method for constructing residual generators is described in Section 4, and the approach
used for selecting residual generators is described in Section 5. The method for design
of diagnostic tests, and the fault isolation scheme is considered in Section 6. Some
implementation specific details are discussed in Section 7. The performance of the
designed FDI-system is evaluated and discussed in Section 8, and Section 9 concludes
the paper.
2. The Wind Turbine Model 211

r g
vw
Blade & Pitch Generator &
Drive Train
System Converter
r g

r, m  g,m g , m

Pg
r m vw, m
 g ,r
Controller

Pr

Figure 1: Overview of the wind turbine system.

2 The Wind Turbine Model

The wind turbine system is described and modeled in Fogh Odgaard et al. (2009), to
which is referred for details. The considered wind turbine system has three rotor blades
and the system contains four sub-systems: blade and pitch system, drive train, generator
and converter, and controller, see Figure 1 and Table 1.

2.1 State-Space Realization of Transfer Functions

The pitch system and converter are modeled as frequency domain transfer functions. The
residual generation algorithm we intend to apply, assume a model described in differential
and algebraic equations. To obtain a model in this form, the transfer functions are realized
as time-domain state-space systems.
The relation between pitch angle reference β r and pitch angle output β i , for each
of the three blades and thus for i = 1, 2, 3, can be realized in state-space form using
observable canonical form, see, e.g., Rugh (1996), as follows

ẋ β i1 (t) = −2ζω n x β i1 (t) + x β i2 (t) (1a)

ẋ β i2 (t) = −ω 2n x β i1 (t) + ω 2n β r (t) (1b)
β i (t) = x β i1 (t), (1c)

where ζ, ω n are parameters, and x β i1 , x β i2 state variables. Using the same approach, the
relation between converter reference τ g,r and output τ g can be written as

ẋ τ g (t) = −α gc x τ g (t) + α gc τ g,r (t) (2a)

τ g (t) = x τ g (t), (2b)

where α gc is a parameter, and x τ g the state variable.

212 Paper E. Automated Design of an FDI-System . . .

Table 1: Signals in the wind turbine system.

Signal Description
vw Wind speed
vw ,m Wind speed measurement
βr Pitch angle reference
βm Pitch angle measurement
ωr Angular rotor speed
ω r,m Angular rotor speed measurement
ωg Generator rotor speed
ω g,m Generator rotor speed measurement
τr Rotor torque
τg Generator torque
τ g,r Generator torque reference
τ g,m Generator torque measurement
Pr Power reference
Pg Generator power

2.2 Fault Modeling

The set of faults to consider for the wind turbine is specified in Fogh Odgaard et al. (2009)
and given by

F = {∆β 1 , ∆β 2 , ∆β 3 , ∆τ g , ∆ω g , ∆β 1,m1 , ∆β 1,m2 , ∆β 2,m1 , ∆β 2,m2 , ∆β 3,m1 , ∆β 3,m2 ,

∆ω r,m1 , ∆ω r,m2 , ∆ω g,m1 , ∆ω g,m2 } ,

where ∆β 1 , ∆β 2 , ∆β 3 , and ∆τ g are actuator faults, ∆ω g a system fault, and ∆β 1,m1 , ∆β 1,m2 ,
∆β 2,m1 , ∆β 2,m2 , ∆β 3,m1 , ∆β 3,m2 , ∆ω r,m1 , ∆ω r,m2 , ∆ω g,m1 , and ∆ω g,m2 , sensor faults.
To incorporate fault information in the nominal model, we have chosen to model
all faults as additive signals in corresponding equations. Thus, we are not taking into
account all information regarding the nature of faults given in Fogh Odgaard et al. (2009).
Consider for example fault ∆β 1 which represents an actuator fault in pitch system 1, see (1),
resulting in changed dynamics of β 1 due to dropped main line pressure or high air content
in the oil. One possible way to model this fault would be as a deviation in parameters
ω n and ζ in (1a) and (1b). With the chosen approach, the fault is instead modeled as an
additive signal in (1c) for i = 1, i.e., β 1 = x β 11 + ∆β 1 .
Note that the adopted fault modeling approach is general and no assumptions are
made regarding for example the time-behavior of faults. Thus, the approach is able to
handle for example multiplicative faults even though the fault signal is assumed to be
additive. Consider for example a multiplicative fault in β 1 given by β 1 = δ ⋅ x β 11 where
δ ≠ 1, which can be equivalently described by β 1 = x β 11 + ∆β 1 , where ∆β 1 = x β 11 (δ − 1).
The main argument for using this, more general, approach is that we consider it
hard, or even impossible, to know exactly how a faulty component behaves in reality.
Furthermore, data from all fault-cases for evaluation and validation of a more detailed
model are seldom available. Modeling faults in this way also results in a minimum of
2. The Wind Turbine Model 213

fault modes. This is beneficial since it gives a smaller model which simplifies several steps
in model-based diagnosis, e.g., residual generation and isolation. In addition, regarding
how diagnosis information is utilized, e.g., for Fault Tolerant Control, it is unnecessary
to distinguish between different fault modes if they are associated with the same action
or consequence. Indeed, this applies to all sensor faults in the wind turbine, since the
system should be reconfigured regardless of the type of sensor fault, i.e., fixed value or
gain factor, see Table 2 in Fogh Odgaard et al. (2009). Last, but not least, an additional
important motivator is simplicity, since extending the nominal model with additive fault
signals in this way is straightforward and easy.

2.3 Model Extensions

According to Fogh Odgaard et al. (2009), the same pitch angle reference signal β r is
fed to all three pitch systems (1), i.e., β i ,r = β r for i = 1, 2, 3. However, according to the
provided Simulink© model, see Fogh Odgaard (2011), the individual reference signals
are instead calculated in a control loop outside the pitch system as

β i ,m1 + β i ,m2
β i ,r = β r + β i − ( ), i = 1, 2, 3 (3)
2
where β i is given by (1), and β i ,m1 and β i ,m2 are sensor measurements. To incorporate
this information in the design of the FDI system, the original wind turbine model is
extended with the relations between β i ,r and β r given by (3).

2.4 The Model with Faults

The complete model of the wind turbine model, with fault signals denoted by ∆, used in
this work for design of an FDI-system is given below.
3 ρπR 3 C q (λ, β i ) vw2
e1 ∶ τr = ∑
i=1 6
ωr R
e2 ∶ λ=
vw
e3 , e5 , e7 ∶ ẋ β i1 = −2ζω n x β i1 + x β i2 , i = 1, 2, 3
e4 , e6 , e8 ∶ ẋ β i2 = −ω 2n x β i1 + ω 2n β i ,r , i = 1, 2, 3
e 9 , e 10 , e 11 ∶ β i = x β i1 + ∆β i , i = 1, 2, 3
ηd t Bd t
ηd t Bd t ⎛− N g2
− Bg ⎞ η K 1
e 12 ∶ ω̇ g = ( ) ωr + ⎜ ⎟ ω g + ( d t d t ) θ ∆ − ( ) τ g + ∆ω g
Ng Jg ⎝ Jg ⎠ N J
g g J g

Bd t − Br Bd t Kd t 1
e 13 ∶ ω̇ r = − ( ) ωr + ( ) ωg − ( ) θ ∆ + ( ) τr
Jr N g Jr Jr Jr
1
e 14 ∶ θ̇ ∆ = ω r − ( ) ωg
Ng
214 Paper E. Automated Design of an FDI-System . . .

Residual Fault
Fault Detection
Generation Isolation

Measurements Residuals Detection Results Isolation Results

Figure 2: Schematic overview of the FDI-system.

e 15 ∶ ẋ τ g = −α gc x τ g + α gc τ g,r
e 16 ∶ τ g = x τ g + ∆τ g
e 17 ∶ Pg = η gc ω g τ g
e 18 , e 20 , e 22 ∶ β i ,m1 = β i + ∆β i ,m1 , i = 1, 2, 3
e 19 , e 21 , e 23 ∶ β i ,m2 = β i + ∆β i ,m2 , i = 1, 2, 3
e 24 , e 25 ∶ ω r,m j = ω r + ∆ω r,m j , j = 1, 2
e 26 , e 27 ∶ ω g,m j = ω g + ∆ω g,m j , j = 1, 2
e 28 ∶ vw ,m = vw
e 29 ∶ τ g,m = τ g
e 30 ∶ Pg,m = Pg
β i ,m1 + β i ,m2
e 31 , e 32 , e 33 ∶ β i ,r = β r + β i − ( ) , i = 1, 2, 3
2

3 Overview of Design Method

The proposed FDI-system for the wind turbine is comprised of three sub-systems: residual
generation, fault detection and fault isolation, see Figure 2.
Measurements, i.e., sensor readings, from the wind turbine are fed to a bank of
residual generators whose output is a set of residuals. The residuals are used as input to
the fault detection block, which contains diagnostic tests based on the residuals. The
output from this block, one signal for each residual, indicates if a fault has been detected
in the part of the system monitored by the corresponding residual. The result from the
fault detection is fed to the fault isolation block in which the detected fault(s) are isolated.
The proposed method supports design of the residual generation and fault detection
blocks. Design of the fault isolation block is briefly discussed in Section 6.2. The method
contains three essential steps:

1. Generate candidate residual generators,

2. Select and realize residual generators,

3. Construct diagnostic tests,

see Figure 3. In the first step, a large set of candidate residual generators are generated.
In the second step, the residual generators most suitable to be included in the final FDI-
4. Residual Generation 215

Generate Candidate Select and Realize Construct

Residual Generators Residual Generators Diagnostic Tests

Figure 3: Overview of the design method.

system are selected and realized. In the third and final step, we design diagnostic tests
based on the residuals obtained as output from the selected set of residual generators.
In the subsequent sections, we describe in detail the different steps of the design
method used to create the proposed FDI-system for the wind turbine benchmark system.
As input to the design method, or prerequisites, we assume a model of the system and
no-fault training data. The data is assumed to be expressed as measurements, either
real or simulated, of the inputs and outputs of the model in realistic and representative
no-fault operating conditions.

4 Residual Generation
The set of residual generators used in the FDI-system are based upon the ideas originally
described in Staroswiecki and Declerck (1989), where unknown variables in a model
are computed by solving equation sets one at a time in a sequence and a residual is
obtained by evaluating a redundant equation. Similar approaches are described and
exploited in for example Cassar and Staroswiecki (1997); Staroswiecki (2002); Pulido and
Alonso-González (2004); Ploix et al. (2005); Travé-Massuyès et al. (2006); Blanke et al.
(2006); Svärd and Nyberg (2010). This class of residual generation methods, referred
to as sequential residual generation, has shown to be successful for real applications and
also has the potential to be automated to a high extent.

4.1 Sequential Residual Generation

Some concepts and results of sequential residual generation given in Svärd and Nyberg
(2010), to which we also refer for technical details, will now be briefly recapitulated.
We consider a model (E, X, D, Y) to be a set of differential and algebraic equations
E = {e 1 , e 2 , . . . , e nE } containing unknown variables X = {x 1 , x 2 , . . . , x nX }, differential
variables D = {ẋ 1 , ẋ 2 , . . . , ẋ nX }, and known variables Y = {y 1 , y 2 , . . . , y nY }. The equa-
tions in E are, without loss of generality, assumed to be on the form
ei ∶ f i (ẋ, x, y) = 0, i = 1, 2, . . . , nE , (4)
where ẋ, x and y are vectors of the variables in D, X, and Y respectively. Note that the
model of the wind turbine presented in Section 2.4 can trivially be cast into this form.

Computation Sequence
As said above, the main idea in sequential residual generation is to compute unknown
variables in the model by solving equation sets one at a time in a sequence, and then
216 Paper E. Automated Design of an FDI-System . . .

evaluate a redundant equation to obtain a residual. An essential component in the design

of a residual generator is therefore a computation sequence, which describes the order in
which the variables should be computed. In Svärd and Nyberg (2010), a computation
sequence is defined as an ordered set of variable and equation pairs

C = ((V1 , E1 ) , (V2 , E2 ) , . . . , (V k , E k )) , (5)

where V i ⊆ X ⋃ D and E i ⊆ E. The computation sequence C implies that first the

variables in V1 are computed from equations E1 , then the variables in V2 from equations
E2 , possibly using the already computed variables in V1 , and so forth.
For an example, consider the computation sequence

C = (({τ g } , {e 29 }) , ({ω r } , {e 24 }) , ({θ̇ ∆ } , {e 14 }) , ({ω̇ g } , {e 12 })) (6)

for computation of a subset of the unknown variables in wind turbine model presented
in Section 2.4. According to the computation sequence (6), the series of computations
begins with computation of variable τ g using equation e 29 , then variable ω r is computed
using equation e 24 , and so on, ending with computation of variable ω̇ g , or in fact ω g
from equation e 12 .
By construction, see Svärd and Nyberg (2010), it is guaranteed that no variable is
needed before it has been computed. Hence, the series of computations described by
the computation sequence exhibit an upper triangular structure. For the computation
sequence (6), this series of computations is given by

τ g = τ g,m (7a)
ω r = ω r,m1 (7b)
1
θ̇ ∆ = ω r − ( ) ωg (7c)
Ng
ηd t Bd t
ηd t Bd t ⎛− N g2
− Bg ⎞ η K 1
ω̇ g = ( ) ωr + ⎜ ⎟ ωg + ( dt dt ) θ∆ − ( ) τg (7d)
Ng Jg ⎝ Jg ⎠ N g J g J g

Whether it is possible or not to compute the specified variables from the corresponding
equations depends naturally on the properties of the equations. Equally important are
however prerequisites in terms of causality assumption, i.e., regarding integral and/or
derivative causality, and the properties of the computational tools, that are available
for use, for a detailed discussion see, e.g., Svärd and Nyberg (2010). The computation
sequence (6) makes use of solely integral causality when the variables θ ∆ and ω g are
computed using equations e 14 and e 12 , respectively.

Sequential Residual Generator

Having computed the unknown variables in V1 ⋃ V2 ⋃ . . . ⋃ Vk according to the compu-
tation sequence C in (5), a residual can be obtained by evaluating a redundant equation e,
i.e., e ∈ E ∖ E 1 ⋃ E 2 . . . ⋃ E k with var X (e) ⊆ var X (E 1 ⋃ E 2 . . . ⋃ E k ), where the operator
4. Residual Generation 217

var X (⋅) returns the unknown variables that are contained in an equation set. A residual
generator based on a computation sequence C and redundant equation e is referred to as
a sequential residual generator.
The computation sequence (6), together with equation e 26 constitute a sequential
residual generator for the wind turbine model. When all variables in the computation
sequence (6) have been computed according to (7), the residual is computed as r =
ω g,m1 − ω g .

Finding Sequential Residual Generators

Regarding implementation aspects, e.g., complexity and computational load, it is un-

necessary to compute variables that are not contained in the residual equation, or not
used to compute any of the variables contained in the residual equation. Furthermore, it
is also desirable that computation of variables in each step is performed from as small
equation sets as possible. It can be shown, see Svärd and Nyberg (2010), that the equations
in a computation sequence fulfilling the above properties, together with a redundant
residual equation, in fact correspond to a Minimal Structurally Overdetermined (MSO)
set, see Krysander et al. (2008). In other words, a necessary condition for the existence
of a sequential residual generator for a model is that the model, or a sub-model, is an
MSO set.

4.2 Candidate Residual Generators

As indicated above, a first step when searching for a sequential residual generator for a
model may be to find an MSO set in the model. Thus, an MSO set can be regarded as a
candidate residual generator. There are efficient algorithms for finding all MSO sets in
large equation sets, see, e.g., Krysander et al. (2008).
Consider now the model of the wind turbine described in Section 2.4, with equations
E = {e 1 , e 2 , . . . , e 33 }, unknown variables

X = {τ r , β 1 , λ, vw , β 2 , β 3 , ω r , x β 11 , x β 12 , β 1,r , x β 21 , x β 22 ,
β 2,r , x β 31 , x β 32 , β 3,r , ω g , θ ∆ , τ g , x τ g , Pg } ,

and known, i.e., measured, variables

Y = {β r , τ g,r , β 1,m1 , β 1,m2 , β 2,m1 , β 2,m2 , β 3,m1 ,

β 3,m2 , ω r,m1 , ω r,m2 , ω g,m1 , ω g,m2 , vw ,m , τ g,m , Pg,m } .

In summary, the model contains 33 equations, 21 unknown variables, and 15 known

variables. By utilizing the structure, i.e., which unknown variables are contained in which
equation, see, e.g., Blanke et al. (2006), and a Matlab© implementation of the algorithm
presented in Krysander et al. (2008), 1058 MSO sets were found in total.
218 Paper E. Automated Design of an FDI-System . . .

5 Selecting Residual Generators

It is not feasible to implement and use all 1058 candidate residual generators, i.e., MSO
sets, in the final FDI-system. A more attractive approach is instead to pick, from the
set of all candidate residual generators, a smaller set of residual generators with desired
properties.

5.1 Desired Properties of Residual Generators

The desired properties of the sought set of residual generators are:

1. the set of residual generators should enable us to isolate all single faults from each
other;

2. a set of residual generators of smaller cardinality is preferred before a larger one,

given that the two sets have equal isolability properties;

3. a residual generator based on an MSO set of smaller cardinality is preferred before

a residual generator based on an MSO set of larger cardinality, given that the two
sets have equal detectability and isolability properties.

Properties 2 and 3 are mainly motivated by implementation aspects such as complexity,

computational load, and numerical issues.
We will base the selection of residual generators on quantitative, structural, proper-
ties of the MSO sets instead of more qualitative or analytical properties on the actual
residual generators. The latter may result in better isolation performance but is consid-
ered intractable since it require that residual generators are implemented, executed and
evaluated, and also access to representative measurement data for all fault cases.

5.2 Fault Detectability and Isolability

To be able to formally state the selection problem, the notions of detectability and
isolability are needed. Assuming that each fault occurs in only one equation, let e f i
denote the equation in an equation set E containing fault f i , for example e ∆β 1,m1 = e 18 ,
see Section 2. Note that if a fault f j occurs in more than one equation, the fault f j can be
replaced with a new variable x f j in these equations, and the equation x f j = f j added to
the equation set. This added equation will then be the only equation where f j occurs.
+
To proceed, let (⋅) denote an operator extracting the overdetermined part of a set of
equations. According to Krysander and Frisk (2008), a fault f i is structurally detectable
+
in the equation set E if e f i ∈ (E) and structurally isolable from fault f j in the equation
+ +
set E if e f i ∈ (E) and e f j ∈/ (E) .
For an example, consider the equation set M = {e 26 , e 29 , e 24 , e 14 , e 12 } containing
the residual equation and equations from the computation sequence (5), studied in
Section 4.1. First we note that the equation set M is an MSO set due to the property of
sequential residual generators mentioned in Section 4.1. Further, since M is an MSO
+
set, it holds that (M) = M, see for example Krysander et al. (2008). Thus, it can for
5. Selecting Residual Generators 219

instance be deduced that fault ∆ω g is structurally isolable from fault ∆β 1,m1 in M, since
e ∆ω g = e 12 , e ∆β 1,m1 = e 18 , and it holds that e 12 ∈ M and e 18 ∈/ M, see Section 2.4.
By again utilizing the structure of the wind turbine model, the structural isolability
properties of the model were calculated. All considered faults, see Section 2.2, can be
(structurally) isolated from each other in the wind turbine model.

5.3 Selection Problem Formulation

We will now formulate the selection problem in terms of properties on a set of MSO
sets. To this end, let M denote the set of all MSO sets in the model, and F the set of
considered faults. Let f i , f j ∈ F and define the isolation class for ( f i , f j ) as
+ +
I f i f j = {S ∈ M ∶ e f i ∈ (S) ∧ e f j ∈/ (S) } , (8)
that is, I f i f j contains the MSO sets in M in which fault f i is structurally isolable from
fault f j . Further, let
I = {I f i f j ∶ ∀ ( f i , f j ) ∈ F × F, f i ≠ f j } (9)
denote the set of all isolation classes needed for full isolation of all faults in F. For the
wind turbine benchmark model and the set of 15 faults considered in Section 2.2, the set
I contains in total 15 × 15 − 15 = 210 isolation classes for single fault isolation of all 15
faults, i.e., ∣I∣ = 210, where the operator ∣⋅∣ returns the cardinality of a set.
To be able to satisfy the isolability property 1 stated above, we want to find a set
S ⊆ M with a non-empty intersection with all isolation classes, that is,
∀I f i f j ∈ I S ∩ I f i f j ≠ ∅. (10)
The property (10) on S implies that we should find a so called hitting set for I. To satisfy
the property 2 we want to find an S so that ∣S∣ is minimized. Thus, the sought hitting set
for I should be of minimal cardinality and we should find a so called minimal cardinality
hitting set (MHS) for I.
There are several possibilities for a metric that helps us find an S that satisfies prop-
erty 3. We opt for simplicity and have therefore chosen to minimize ∑S∈S ∣S∣. As an
additional requirement, on top of 1, 2, and 3 in Section 5.1 we require that at least one
residual generator can be constructed from every S ∈ S.

5.4 Solving the Selection Problem

The problem of finding a minimal cardinality hitting set is known to be NP-hard, see,
e.g., Garey and Johnson (1979). To overcome the complexity issues, we have chosen to
compute an approximate solution to the problem in an iterative manner with a greedy
selection approach as elaborated in Svärd et al. (2011).
To accomplish this, we need to specify a utility function, i.e., a function that evaluates
the usefulness of a given MSO set, and also state the properties of a complete solution to
the selection problem. Following the greedy selection approach, we add to the solution
the MSO set with the largest utility until the solution is complete. Furthermore, we only
add MSO sets from which at least one residual generator can be constructed.
220 Paper E. Automated Design of an FDI-System . . .

Characterization of a Solution
We will now characterize a complete solution to the selection problem for use in the
selection algorithm. First, we define the isolation class coverage of a set of MSO sets
S ⊆ M as
σI (S) = {I f i f j ∈ I ∶ ∃S ∈ S, S ∈ I f i f j } , (11)
which states which of the isolation classes in I that are covered by the MSO sets in S. The
property 1 in Section 5.1, i.e., the isolation or hitting set property, can with the isolation
class coverage notion be formulated as σI (S) = I. This characterizes a complete solution
of the selection problem.

Utility Function
To evaluate a specific MSO set, we want to take into account the properties 1, 2, and 3,
above. For a given MSO set S, we will use the utility function

∣σI ({S}) ∣ ∣S∣

µI (S) = γ ( ) + (1 − γ) (1 − ) , (12)
∣I∣ ∣Ŝ∣

where Ŝ is the MSO set in M with largest cardinality, and γ, 0 ≤ γ ≤ 1, a weighting factor.
The term ∣σI ({S})∣
∣I∣
in (12) tells how many of the isolation classes in I that are covered by
the MSO set S. Since we aim at covering all isolation classes with a minimum of MSO
sets, property 2, we want to pick an MSO set that maximizes this term. The term 1 − ∣S∣ ∣ Ŝ∣
relates the cardinality of S to the cardinality of all other sets in M. Picking an MSO set
that maximizes this term in (12) hence corresponds to picking the MSO set with smallest
cardinality in M. This will help us satisfy property 3. The weighting factor γ is used to
trade between the two properties reflected by these two terms.
Note that an MSO set maximizing one term in (12) may minimize the other since
an MSO set of larger cardinality likely cover more isolation classes than an MSO set of
smaller cardinality.

5.5 The Selection Algorithm

The function selectResidualGenerators used for selecting residual generators by
means of greedy selection is given in Algorithm 4. Input to the function is a set of MSO
sets M, i.e., a set of candidate residual generators, and a set of isolation classes I. The
output is a set of MSO sets S ⊆ M and a set of residual generators R based on S. The
function findComputationSequence, described in Svärd and Nyberg (2010), is used to
find a computation sequence in accordance with Section 4.1, given a just-determined set
of equations. The function findComputationSequence can be found in Algorithm 5
in Appendix A.
For a formal discussion regarding the qualification of using a greedy heuristic for
solving the residual generation selection problem, as well as the complexity properties of
such algorithms, please refer to Svärd et al. (2011) and references therein.
5. Selecting Residual Generators 221

Algorithm 4 Greedy Selection of Residual Generators

function selectResidualGenerators(M, I)
S ∶= ∅
R ∶= ∅
while I ≠ ∅ do
S ∶= arg max S∈M µI (S)
x ∶= var X (S)
R ∶= ∅
for all e ∈ S do
S ′ ∶= S ∖ {e}
C ∶= findComputationSequence(S ′ , x)
if C ≠ ∅ then
R ∶= R ∪ {(C, e)}
end if
end for
if R ≠ ∅ then
S ∶= S ∪ {S}
R ∶= R ∪ {R}
end if
M ∶= M ∖ {S}
I ∶= I ∖ σI ({S})
end while
return (S, R)
end function
222 Paper E. Automated Design of an FDI-System . . .

Selecting Residual Equation

Note that the total number of sequential residual generators that potentially can be
constructed from an MSO set equals the number of equations in the set. All residual
generators created from the same MSO set however have equal fault detectability and
isolability properties according to Section 5.2. Nevertheless, their actual fault detectability
and isolability may differ due for example different sensitivity for noise, etc. To make the
final selection of which of the residual generators created from an MSO set that should
be included in the final diagnosis system, evaluation by means on execution using real
measurements from different fault cases is needed. Since we in this work only assume
that no-fault data is available, see Section 3, this is not possible.
In this work, the selection of which residual generator to create from a given MSO
set is done so that the final deployment of the FDI-system becomes as simple as possible.
First of all, findComputationSequence was configured to prefer algebraic equations
as residuals before differential equations, if possible. Second, in order to avoid imple-
mentation issues related to numerical differentiation, findComputationSequence was
configured to prefer computation sequences using integral causality. Using this two-step
heuristic, the selection of which residual generator to create from an MSO set, in practice,
is more or less unambiguous. In those few cases where more than one candidate remains,
we make an arbitrary selection.

5.6 Selected Residual Generators

Both functions selectResidualGenerators and findComputationSequence were
implemented in Matlab© . As computational tool, see Svärd and Nyberg (2010), the
algebraic equation solver Maple© was utilized, which allows symbolic solving of algebraic
loops. The input to the algorithm was the set of all 1058 MSO sets for the wind-turbine
benchmark model, see Section 4.2, and the set of all 210 isolation classes for single fault
isolation of all considered faults, see Sections 2.2 and 5.3.
To investigate the sensitivity of selectResidualGenerators to the parameter γ,
i.e., the trade-off between properties 2 and 3 stated in Section 5.3 and reflected by ∣S∣ and
∑S∈S ∣S∣, the algorithm was run with the wind turbine model and 0 ≤ γ ≤ 1. The result is
shown in Table 2, where S denotes the set returned by selectResidualGenerators.
When γ = 1 the aim is to fulfill the isolation property with as few MSO sets as possible,
no matter the size of the MSO sets. As seen in Table 2 this results in few, but large, MSO
sets. The smaller the γ, the more attention is paid to the size of the MSO sets. It turns out
that 0.1 ≤ γ ≤ 0.6 gives a decent trade-off between ∣S∣ and ∑S∈S ∣S∣ for the wind turbine
model.
With γ = 0.5, the algorithm selected 16 MSO sets, i.e., ∣S∣ = 16, and ∑S∈S ∣S∣ = 61.
Of the 16 selected MSO sets, 7 contain algebraic equations only. The other 9 MSO sets
contain both algebraic and differential equations. Thus, 7 of the 16 residual generators
used in the final FDI-system are static and the remaining 9 are dynamic. All 9 dynamic
residual generators, due to the configuration of the algorithm, use integral causality. The
total number of found residual generators is 34, that is, ∣R∣ = 34, see Section 5.5. Of these
34 residual generators, 18 are static and the remaining 16 are dynamic.
6. Fault Detection and Isolation 223

Table 2: selectResidualGenerators sensitivity to parameter γ.

γ ∣S∣ ∑S∈S ∣S∣

0.0 20 82
0.1 16 61
0.2 16 61
0.3 16 61
0.4 16 61
0.5 16 61
0.6 16 61
0.7 16 65
0.8 17 72
0.9 16 87
1.0 8 108

Fault Signature Matrix

Given an MSO set S its fault signature F (S), with respect to the faults in F, is defined as

F (S) = { f i ∈ F ∶ e f i ∈ S} .

For instance, the fault signature of the MSO set S 1 = {e 26 , e 27 } ⊆ M is F (S 1 ) =

{∆ω g,m1 , ∆ω g,m2 }. A convenient representation of the fault signature of a set of MSO
sets S = {S 1 , S 2 , . . . , S k } with respect to F is the fault signature matrix (FSM) S with
elements defined by
⎧
⎪
⎪x, if f j ∈ F(S i ), S i ∈ M
Si j = ⎨
⎪
⎪0, else.
⎩
The FSM for the 16 MSO sets on which the selected residual generators are based, is
given in Table 3.

6 Fault Detection and Isolation

For fault detection and isolation, diagnostic tests based on the output from each of the
16 residual generators are constructed. Since no assumptions are made regarding the
nature of the faults that should be detected, see Section 2.2, nothing is known about the
fault’s temporal properties, size, rate of occurrence, etc. Hence, we may not be able to
fully exploit the potential of some general method for change detection as for example
the CUSUM-test, see, e.g., Gustafsson (2000).
As said in Section 3 we however assume that no-fault training data is available. To
take advantage of this fact, and also handle uncertainties in terms of modeling errors
and measurement noise, we base our diagnostic tests on a comparison of the estimated
probability distributions of no-fault and current residuals. The former probability dis-
tributions are estimated offline using the available no-fault training data and the latter
224 Paper E. Automated Design of an FDI-System . . .

Table 3: Fault Signature Matrix

∆ω g,m2
∆ω r,m2
∆ω g,m1
∆β 2,m2

∆β 3,m2
∆ω r,m1
∆β 1,m2
∆β 2,m1

∆β 3,m1
∆β 1,m1
∆ω g
∆β 2
∆β 3

∆τ g
∆β 1
R 1 (S 1 ) x x
R 2 (S 2 ) x x
R 3 (S 3 ) x x
R 4 (S 4 ) x x
R 5 (S 5 ) x x
R 6 (S 8 ) x
R 7 (S 11 ) x x x
R 8 (S 27 ) x x
R 9 (S 29 ) x x
R 10 (S 31 ) x x
R 11 (S 7 ) x
R 12 (S 6 ) x
R 13 (S 14 ) x x x
R 14 (S 28 ) x x
R 15 (S 30 ) x x
R 16 (S 32 ) x x

online using current data. A clear advantage with this approach is that changes in mean
and variance are handled in a unified way, since we consider the complete distribution
of the residual.

6.1 Diagnostic Test Design

Let P N F be a discrete estimate of the probability distribution of a residual from no-fault
data, and P a discrete estimate of the distribution of the same residual from present data,
both having n bins. Then the Kullback-Leibler (K-L) divergence, (Kullback and Leibler,
1951), between P and P N F is given by
n
P ( j)
D (P∥P N F ) = ∑ P ( j) log , (13)
j=1 P N F ( j)

where P ( j) denotes the j:th bin of the discrete distribution P.

To apply the K-L divergence for construction of a diagnostic test, we proceed as
follows. Given a representative batch of no-fault data Z N F , i.e., in our case measurements
of the variables in the set Z which contains the inputs and outputs to the model, we run
the set of residual generators and obtain a set of residuals. For each residual r i , we then
estimate its probability distribution and obtain PiN F , i.e., actually PiN F ≈ P (R i ∣Z N F )
where R i is a stochastic variable, discretized in n bins, representing residual r i . As said,
this procedure can be done off-line. To estimate a probability distribution, we create a
7. Implementation Details 225

normalized histogram with n bins for the data from which the distribution should be
estimated.
On-line, we continuously estimate the distribution of the current residual r i using a
sliding window containing N samples of r i . If we by Pit denote the estimated distribution
of r i calculated at time t, i.e., Pit ≈ P (R i ∣Z t ), where Z t denotes the batch of data in the
sliding window at time t, the diagnostic test is designed as
⎧
⎪
⎪1, if D (Pit ∥PiN F ) ≥ J i ,
Ti (t) = ⎨ (14)
⎪
⎪0, else,
⎩
where J i is the threshold for alarm. The K-L divergence D (Pit ∥PiN F ) is referred to as the
test quantity of the diagnostic test Ti .

6.2 Fault Isolation Strategy

Due to uncertainties not captured by the given model nor present in the no-fault training
data, the power of diagnostic tests are not ideal for all faults. That is, the probability of
detection given a certain fault is not always 1. To take this into account, the isolation
scheme will interpret an “x” in a certain row in Table 3 as if the test may respond if the
corresponding fault occurs and consequently no conclusions are drawn if a test does not
respond, see Nyberg (1999).
To obtain the total diagnosis statement from a set of alarming diagnostic tests, we
simply match their fault signatures with the FSM given in Table 3. For example, if only
test T10 alarms, we look at the row corresponding to R 10 and conclude that either fault
∆β 1 or ∆β 1,m2 are present. If then also T16 alarms, we combine the row corresponding to
R 16 with the row corresponding to R 10 and conclude that fault ∆β 1 must be present.
To handle also multiple faults, we use the fault signatures in the original FSM in
Table 3 to create an extended FSM with fault signatures also for multiple faults. This is
done by column-wise OR-operations in the original FSM. For instance, the column in
the FSM for the double fault ∆ω g,m1 ∧ ∆ω g,m2 will get “x” in rows corresponding to R 1 ,
R 7 , R 11 , R 12 , and R 13 and zeros elsewhere. In the fault isolation scheme, we first attempt
to isolate all single faults using the original FSM in Table 3. If this does not succeed, we
try to isolate double faults, and so forth.

7 Implementation Details
The final FDI-system was implemented in Simulink© according to the structure in
Figure 2. The 16 residual generators were implemented as Embedded Matlab Functions
(EMF) in which the code was automatically generated from the structures obtained
from the functions findComputationSequence and findResidualGenerators. The
initial conditions for the states in the dynamic residual generators were derived from
the corresponding sensor measurements, if available, otherwise set to zero. For instance,
β (t )+β (t ) ω (t )+ω (t )
θ ∆ (t 0 ) = 0, x β i1 (t 0 ) = i ,m1 0 2 i ,m2 0 , and ω g (t 0 ) = g,m1 0 2 g,m2 0 . This may cause
transients in the residuals, but this is not considered a problem.
226 Paper E. Automated Design of an FDI-System . . .

7.1 Parameter Discussion

Although the aim is to keep the number of parameters in the automated design method
at a minimum, there are nevertheless some parameters that must be set. This section
lists the needed parameters and discusses their influence on the performance of the
FDI-system.

Number of Histogram Bins and Size of Sliding Window

The number of bins n in the histograms used as distribution estimates, is a trade-off
between detection time, noise sensitivity, and complexity, in terms of computational
power and memory. A large n results in fast detection, but on the other hand also in
increased sensitivity for noise. Also, a large n requires more memory and involves more
computations, in comparison with a smaller n.
The size N of the sliding window used to batch data for creation of the histograms is
a trade-off between detection performance, noise sensitivity, and complexity. A large N
will give the K-L test quantity low-pass characteristics, resulting in a smoothed K-L test
quantity. This makes it possible to detect small changes in the estimated distributions.
On the other hand, a large N requires more memory. The choice of N is also related to
the number of bins n in the histograms and vice versa, since a small N together with a
large n, will result in a sparse histogram. Hence, the choices of N and n must match.
For the wind turbine benchmark model, investigations however indicate that the
method is quite insensitive to the values of n and N if 15 ≤ n ≤ 50 and 2000 ≤ N ≤ 6000.
A decent trade-off, taking this into account, but also the complexity issues discussed
above, is n = 20 and N = 3000, which are the values used in the final FDI-system.

Alarm Thresholds
The choice of alarm thresholds J i , i = 1, 2, . . . , 16, is a trade-off between detection time
and the number of false detections. The higher the thresholds, the longer the detection
time and the lower the rate of false alarms. The choice of alarm thresholds is related to the
choices of n and N since both affect how sensitive a K-L test quantity is to noise, which in
turn affects the rate of false detections. We aim at choosing the alarm thresholds so that
the number of false detections is minimized, implying that the choice of J i must match
the choices of n and N. For the wind turbine benchmark model, the alarm thresholds
were computed as a safety factor α = 1.1 times the maximum value of the corresponding
K-L test quantities from 100 simulations with no-fault data.

Isolation Validation Time

The only parameter involved in the fault isolation is the isolation validation time t vI al .
This parameter is used to compensate for the fact that the power of diagnostic tests not
is ideal, see Section 6.2. This may for example result in that the detection times, for the
same fault, are different for different diagnostic tests. To handle this, we demand that the
output from the isolation has been equal for t vI al samples before reporting the isolation
result. By choosing a large t vI al , we decrease the probability of false isolation, but on
8. Evaluation and Results 227

Table 4: Fault Sequence

Fault Time (s) Description

∆ω r,m2 1000 - 1100 ω r,m2 = 1.1ω r,m2
∆ω g,m2 1000 - 1100 ω g,m2 = 0.9ω g,m2
∆ω r,m1 1500 - 1600 ω r,m1 = 1.4 rad/s
∆β 1,m1 2000 - 2100 β 1,m1 = 5○
∆β 2,m2 2300 - 2400 β 2,m2 = 1.2β 2,m2
∆β 3,m1 2600 - 2700 β 3,m1 = 10○
∆β 2 2900 - 3000 ω n = ω n2 , ζ = ζ 2
∆β 3 3400 - 3500 ω n = ω n3 , ζ = ζ 3
∆τ g 3800 - 3900 τ g = τ g + 2000 Nm

the other hand increase the isolation time. For the wind turbine benchmark model, the
isolation validation time t vI al was set to 4 samples.

8 Evaluation and Results

To evaluate the performance of the proposed FDI-system, we use the test cases described
in Fogh Odgaard et al. (2009). The test cases are based on measured wind data and
a sequence of injected faults. The set of injected faults, their time of occurrence and
description, is specified in Table 4. The sequence contains 5 sensor faults and 3 actuator
faults. Note that two faults are injected at 1000-1100 s, i.e., at this time we have the double
fault ∆ω r,m2 ∧ ∆ω g,m2 .
The no-fault distributions used in the evaluation were estimated from residual data
stemming from 100 Monte Carlo simulations with no-fault data, i.e., inputs, correspond-
ing to the measured variables in Z. Each set of no-fault data was generated with the
provided wind turbine model with different noise realizations according to the model.

8.1 Results and Analysis

By means of Monte Carlo simulations, the FDI-system was simulated 100 times with
data from the provided wind turbine model set-up according to the above described test
sequence.
Based on the results from the 100 runs, the mean time of detection T D , maximum
time of detection TDmax , minimum time of detection TDmin , mean time of isolation T I ,
minimum time of isolation TImin , the total number of missed detections MD, and the
total number of false detections FD, for each of the faults in the test sequence, were
computed. The results along with the specified detection requirements (Fogh Odgaard
et al., 2009), given in the row Req., are shown in Table 5, where all time values are given
in seconds. Note that the specified requirements concern detection, and not isolation.
228 Paper E. Automated Design of an FDI-System . . .

Table 5: FDI Results. Time values in seconds.

∆ω g,m2
∆ω r,m2

∆β 2,m2
∆ω r,m1

∆β 3,m1
∆β 1,m1

∆β 2

∆β 3

∆τ g
Req. 0.1 0.1 0.1 0.1 0.1 0.08 6 0.05
TD 0.040 0.16 0.058 4.30 0.069 51.57 18.1 7.94
TDmax 0.04 0.27 0.07 6.10 0.07 51.88 19.05 7.98
TDmin 0.03 0.06 0.05 0.40 0.06 50.57 16.37 7.90
TI - 2.53 0.12 88.85 0.13 56.95 31.84 7.99
TImax - 3.13 0.12 114.26 0.13 120.73 111.96 8.03
TImin - 1.89 0.11 13.17 0.12 51.62 17.91 7.95
MD 0 0 0 0 0 0 0 0
FD 0 0 0 0 0 0 0 0

According to the row corresponding to TDmax in Table 5, all faults in the test sequence
could be detected. For faults ∆ω g,m2 ∧ ∆ω r,m2 , ∆β 1,m1 , ∆β 3,m1 detection requirements
are met, by means of both T D and TDmax .
All faults, except the double fault ∆ω g,m2 ∧ ∆ω r,m2 could also be isolated. However,
the mean time of isolation, T I , for some faults, e.g., ∆β 2,m2 , is substantially longer than
the corresponding mean time of detection. The main reason for this is that some tests
respond slower to faults than other. As said, fault ∆ω g,m2 ∧ ∆ω r,m2 could not be isolated.
In fact, this fault is not uniquely isolable with the isolation strategy described in Section 6.2
since the test response of fault ∆ω g,m2 ∧ ∆ω r,m2 is a subset of the test response of fault
∆ω g,m2 ∧ ∆ω r,m1 , see Table 3. Both faults ∆ω g,m2 and ∆ω r,m2 are however contained in
the diagnosis statement computed after the faults have been detected.
It seems like sensor faults, e.g., ∆β 3,m1 tend to be easier to detect than actuator faults
as for example ∆τ g and ∆β 2 . One possible explanation may be that actuator faults in
general cause changes in dynamics, whose effects are attenuated by modeling errors,
noise, etc.
As can be seen in the last two rows of Table 5, there are no missed or false detections
in any of the 100 test runs.

8.2 Case Study of Fault ∆ωr,m1

To study in more detail how the FDI-system handles faults, we consider the sensor fault
∆ω r,m1 . The fault corresponds to a fixed value of 1.4 rad/s being measured by sensor ω r,m1
and occurs at time t = 1500 s. According to the FSM in Table 3, the residuals sensitive
to fault ∆ω r,m1 are r 2 and r 13 , obtained as output from the residual generators R 2 and
R 13 , respectively. These residuals along with the corresponding K-L test quantities are
shown in Figure 4. As can be seen, both the residuals and the test quantities respond
distinctively to the fault.
To also illustrate the isolation procedure, we show in Figure 5 the result of the
diagnostic tests T2 and T13 (top), the isolation result associated to faults ∆ω r,m1 (middle)
9. Conclusions 229

1 5

0.5

r13
0
r2 0

−0.5 −5

1450 1500 1550 1450 1500 1550

1000 100

)
D(P2 ||P2N F )

NF
D(P13||P13
500 50

0 0
1450 1500 1550 1450 1500 1550
Time [s] Time [s]

Figure 4: Affected residuals r 2 (top-left) and r 13 (top-right), and the corresponding K-L
test quantities D (P2t ∥P2N F ) (bottom-left) and D (P13t ∥P13N F ) (bottom-right) at the time of
occurrence of fault ∆ω r,m1 .

and ∆ω r,m2 (bottom), and also the signal that indicates when the isolation procedure
is done (middle and bottom). As can be seen in Figure 5, the first test that reacts to the
fault is T2 . This occurs at t = 1500.23 s. Since T2 is sensitive to both fault ∆ω r,m1 and
∆ω r,m2 and no other test has alarmed, the diagnosis statement is that either ∆ω r,m1 or
∆ω r,m2 may be present, and no fault can be isolated. At t = 1502.55 s, test T13 alarms.
Test T13 is sensitive to faults ∆ω g , ∆ω r,m1 , and ∆ω r,m2 , and the updated total diagnosis
statement based on that both T2 and T13 have alarmed thus becomes ∆ω r,m1 , see Table 3.
This occurs at time t = 1502.59 s.

9 Conclusions
We have proposed an FDI-system for the wind turbine benchmark designed by applica-
tion of a generic automated design method, in which the number of required human
decisions and assumptions are minimized. No specific adaptation of the method for
the wind turbine benchmark was needed. The method contains in essence three steps:
generation of candidate residual generators; residual generator selection; and diagnostic
test construction. The second step is done by means of greedy selection, and the third
step is based on a novel method utilizing the K-L divergence.
The performance of the proposed FDI-system has been evaluated using the pre-
defined test sequence for the wind turbine benchmark. The FDI-system performs well;
all faults in the test sequence were detected within feasible time and all faults, except a
230 Paper E. Automated Design of an FDI-System . . .

T2 , T13
0.5
T2
T13
0
1500 1501 1502 1503 1504 1505 1506

1
∆ωr,m1

0.5
isolationResult
isolationDone
0
1500 1501 1502 1503 1504 1505 1506

1
∆ωr,m2

0.5
isolationResult
isolationDone
0
1500 1501 1502 1503 1504 1505 1506
Time [s]

Figure 5: Isolation procedure for fault ∆ω r,m1 . Top figure shows diagnostic tests T2 and
T13 . Middle and bottom figures show the isolation result corresponding to faults ∆ω r,m1
and ∆ω r,m2 , respectively, and when the isolation procedure is done.

double fault, could be isolated shortly thereafter. In addition, there are no false or missed
detections. A tailor-made, finely tuned, FDI-system for the benchmark would probably
perform better. However, in relation to the required design effort, and that no specific
adaptation or tuning of the method to the benchmark was done, the performance is
satisfactory.

Acknowledgment
This work was supported by Scania CV AB, Södertälje, Sweden.

A Algorithm for Finding a Computation Sequence

To make the paper more self-contained, the function findComputationSequence
described in Svärd and Nyberg (2010) is given below as Algorithm 5. The function takes
a just-determined equation set E′ ⊆ E and a set of unknown variables X′ ⊆ X, and returns
an ordered set C as output. The algorithm assumes availability of a computational tool in
the form of a algebraic equation (AE) solver such as for example Maple, see Svärd and
Nyberg (2010) for a thorough discussion regarding this. The function findAllSCCs
is assumed to return an ordered set of equation and variable pairs, where each pair
corresponds to a strongly connected component (SCC) of the structure of the equation
set with respect to the variable set. There are efficient algorithms for finding SCCs in
directed graphs, for example the DM-decomposition (Dulmage and Mendelsohn, 1958).
A. Algorithm for Finding a Computation Sequence 231

In Matlab, the DM-decomposition is implemented in the function dmperm. Other

functions used in findComputationSequence are:
• Diff and unDiff, takes a variable set as input and returns its differentiated and
undifferentiated correspondence.
• isInitCondKnown determines if the initial conditions of the given variables are
known and consistent, and the function isDifferentiable determines if the given
variables can be differentiated with the available differentiation tool.
• isJustDetermined is used to determine if the structure of the given equation set,
with respect to the given variable set, is just-determined. This is essential, since
otherwise the computation of SCCs makes no sense.

• getDifferentialEquations takes a set of equations and a set of differentiated

variables as input, and returns the differential equations in which the given differ-
entiated variables are contained.
• isToolSolvable determines if the available algebraic equation solver can solve
the given equations for the given set of variables.

• Append, takes an ordered set and an element as input and simply appends the
element to the end of the set.
• The operator ∣ ⋅ ∣, taking a set as input, is assumed to return the number of elements
in the set and the notion A (i) is used to refer to the i:th element of the ordered
set A.
232 Paper E. Automated Design of an FDI-System . . .

Algorithm 5 Find a Computation Sequence

1: function findComputationSequence(E′ , X′ )
2: C ∶= ∅
3: S ∶= findAllSCCs(E′ , X′ )
4: for i = 1, 2, . . . , ∣S∣ do
5: (E i , X i ) ∶= S (i)
6: D i ∶= Diff(X i )
7: Z i ∶= varD (E i ) ∩ D i
8: W i ∶= X i ∖ unDiff(Z i )
9: if not isInitCondKnown(Z i ) then
10: return ∅
11: end if
12: EZ i ∶= getDifferentialEquations(E i , Z i )
13: EW i ∶= E i ∖ EZ i
14: SZ i ∶= findAllSCCs(EZ i , Z i )
15: for j = 1, 2, . . . , ∣SZ i ∣ do
j j
16: (EZ i , Z i ) ∶= SZ i ( j)
if isToolSolvable(Z i , EZ i ) then
j j
17:
j j
18: Append(C, (Z i , EZ i ))
19: else
20: return ∅
21: end if
22: end for
23: if isJustDetermined(EW i , W i ) then
24: SW i ∶= findAllSCCs(EW i , W i )
25: for j = 1, 2, . . . , ∣SW i ∣ do
j j
26: (EW i , W i ) ∶= SW i ( j)
if isToolSolvable(W i ,EW i ) then
j j
27:
j j
28: Append(C, (W i , EW i ))
29: else
30: return ∅
31: end if
32: end for
33: else
34: return ∅
35: end if
36: end for
37: return C
38: end function
References 233

References
M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki. Diagnosis and Fault-Tolerant
Control. Springer, second edition, 2006.
J. P. Cassar and M. Staroswiecki. A structural approach for the design of failure detection
and identification systems. In Proceedings of IFAC Control Ind. Syst., pages 841–846,
Belfort, France, 1997.
A. L. Dulmage and N. S. Mendelsohn. Coverings of bi-partite graphs. Canadian Journal
of Mathematics, 10:517–534, 1958.
P. Fogh Odgaard. Wind turbine benchmark model, 2011. http://www.kk-
electronic.com/Default.aspx?ID=9385.
P. Fogh Odgaard, J. Stoustrup, and M. Kinnaert. Fault tolerant control of wind turbines
– a benchmark model. In Proceedings of the 7th IFAC Symposium on Fault Detection,
Supervision and Safety of Technical Processes, pages 155–160, Barcelona, Spain, 2009.
M. R. Garey and D. S. Johnson. Computers and Intractability – A Guide to the Theory of
NP-Completeness. W.H. Freeman and Company, 1979.
F. Gustafsson. Adaptive Filtering and Change Detection. Wiley, 2000.
M. Krysander and E. Frisk. Sensor placement for fault diagnosis. IEEE Transactions on
Systems, Man and Cybernetics, Part A: Systems and Humans, 38(6):1398–1410, 2008.
M. Krysander, J. Åslund, and M. Nyberg. An efficient algorithm for finding minimal
over-constrained sub-systems for model-based diagnosis. IEEE Trans. on Systems, Man,
and Cybernetics – Part A: Systems and Humans, 38(1):197–206, 2008.
S. Kullback and R. A. Leibler. On information and sufficiency. Annals of Mathematical
Statistics, 22(1):79–86, 1951.
M. Nyberg. Automatic design of diagnosis systems with application to an automotive
engine. Control Engineering Practice, 87(8):993–1005, 1999.
S. Ploix, M. Desinde, and S. Touaf. Automatic design of detection tests in complex
dynamic systems. In Proceedings of 16th IFAC World Congress, Prague, Czech Republic,
2005.
B. Pulido and C. Alonso-González. Possible conflicts: a compilation technique for
consistency-based diagnosis. IEEE Trans. on Systems, Man, and Cybernetics. Part B:
Cybernetics, Special Issue on Diagnosis of Complex Systems, 34(5):2192–2206, 2004.
W. J. Rugh. Linear System Theory, chapter 13. Prentice Hall Information and System
Sciences, 1996.
M. Staroswiecki. Fault Diagnosis and Fault Tolerant Control, chapter Structural Analysis
for Fault Detection and Isolation and for Fault Tolerant Control. Encyclopedia of Life
Support Systems, Eolss Publishers, Oxford, UK, 2002.
234 Paper E. Automated Design of an FDI-System . . .

M. Staroswiecki and P. Declerck. Analytical redundancy in non-linear interconnected

systems by means of structural analysis. In Proceedings of IFAC AIPAC’89, pages 51–55,
Nancy, France, 1989.
C. Svärd and M. Nyberg. Residual generators for fault diagnosis using computation
sequences with mixed causality applied to automotive systems. IEEE Transactions on
Systems, Man and Cybernetics, Part A: Systems and Humans, 40(6):1310–1328, 2010.

C. Svärd, M. Nyberg, and E. Frisk. A greedy approach for selection of residual generators.
In Proceedings of the 22nd International Workshop on Principles of Diagnosis (DX-11),
Murnau, Germany, 2011.
L. Travé-Massuyès, T. Escobet, and X. Olive. Diagnosability analysis based on
component-supported analytical redundancy. IEEE Trans. on Systems, Man, and Cyber-
netics – Part A: Systems and Humans, 36(6):1146–1160, 2006.
Notes 235
236 Notes
 Linköping studies in science and technology, Dissertations
Division of Vehicular Systems
Department of Electrical Engineering
Linköping University

No 1 Magnus Pettersson, Driveline Modeling and Control, 1997.

No 2 Lars Eriksson, Spark Advance Modeling and Control, 1999.

No 3 Mattias Nyberg, Model Based Fault Diagnosis: Methods, Theory, and Automotive
Engine Applications, 1999.

No 4 Erik Frisk, Residual Generation for Fault Diagnosis, 2001.

No 5 Per Andersson, Air Charge Estimation in Turbocharged Spark Ignition Engines,

2005.

No 6 Mattias Krysander, Design and Analysis of Diagnosis Systems Using Structural

Methods, 2006.

No 7 Jonas Biteus, Fault Isolation in Distributed Embedded Systems, 2007.

No 8 Ylva Nilsson, Modelling for Fuel Optimal Control of a Variable Compression

Engine, 2007.

No 9 Markus Klein, Single-Zone Cylinder Pressure Modeling and Estimation for Heat
Release Analysis of SI Engines, 2007.

No 10 Anders Fröberg, Efficient Simulation and Optimal Control for Vehicle Propulsion,
2008.

No 11 Per Öberg, A DAE Formulation for Multi-Zone Thermodynamic Models and its
Application to CVCP Engines, 2009.

No 12 Johan Wahlström, Control of EGR and VGT for Emission Control and Pumping
Work Minimization in Diesel Engines, 2009.

No 13 Anna Pernestål, Probabilistic Fault Diagnosis with Automotive Applications,

2009.

No 14 Erik Hellström, Look-ahead Control of Heavy Vehicles, 2010.

No 15 Erik Höckerdal, Model Error Compensation in ODE and DAE Estimators with
Automotive Engine Applications, 2011.
No 16 Carl Svärd, Methods for Automated Design of Fault Detection and Isolation
Systems with Automotive Applications, 2012.