Guaranteed Active Fault Diagnosis for Uncertain Nonlinear Systems

Joel A. Paulson2, Davide M. Raimondo3, Rolf Findeisen1, Richard D. Braatz2, and Stefan Streif1

Abstract— An input design method is presented to activelyisolate faults for polynomial or rational systems in the presenceof unknown-but-bounded uncertainties. For active fault isola-tion, the input is required to lead to outputs consistent with atmost one fault model despite disturbances, measurement noise,and parametric uncertainty. This task is posed in terms of abilevel optimization problem where the inner program verifies,for a given input, that the outputs are consistent with at mostone model, while the outer program determines the minimallyharmful input. Because of the nonlinear dynamics, we proposeto replace the inner program with a convex relaxation thatcan be efficiently solved while still guaranteeing fault detectionand isolation. The approach is numerically demonstrated on atwo-tank system with three fault models.

I. INTRODUCTION

Fault detection and isolation (FDI) has become increas-ingly important in maintaining stable, reliable, and prof-itable operations in the presence of component malfunc-tions, drifting parameters, and other abnormal events. Pro-cess disturbances, measurement noise, model nonlinearities,and other sources of uncertainty make fault diagnosis achallenging task that is further complicated by the steadilyincreasing complexity of industrial systems. By now, manymethods have been proposed to address these challenges,such as residual- and observer-based methods [1]–[4], set-based approaches [5], [6], and data-based methods [1]. Themajority of these methods are passive, meaning that theinputs are not actively changed and that the fault status ofthe system is deduced only on the basis of measurementsobtained during standard operation, compared with modelpredictions or historical data. However, faults may not bedetectable or isolable at the current operating conditions,or when faults are obscured by the corrective action of thecontrol system itself. Then it is necessary to inject a signalinto the system to improve fault detectability and isolability,which is an approach known as active fault diagnosis [7].Although active fault diagnosis can significantly improvefault isolation, the required excitations can have adverseeffects on the process that must be minimized.

The active input design problem has been addressed usingdeterministic [8]–[13], stochastic [7], [14]–[16], and hybrid

Financial support is acknowledged from the Research Center DynamicSystems, Saxony-Anhalt, Germany and the NSF Graduate Research Fellow-ship.

1Otto-von-Guericke-University Magdeburg, Laboratory for Systems The-ory and Automatic Control, Institute of Automation Engineering, Germany{stefan.streif,rolf.findeisen} at ovgu.de.

2Massachusetts Institute of Technology, Department of ChemicalEngineering, Cambridge, MA, USA {jpaulson,braatz} atmit.edu.

3University of Pavia, Identification and Control of Dynamic SystemsLaboratory, Italy davide.raimondo at unipv.it.

stochastic-deterministic [17] approaches. With few excep-tions, the work is restricted to linear systems whereas, inreality, almost all systems exhibit nonlinear dynamics.

This paper presents a deterministic model-based approachfor active fault diagnosis of nonlinear systems with polyno-mial or rational dynamics subject to unknown-but-boundeduncertainties and disturbances. This work builds on a frame-work for set-based analysis of nonlinear systems (cf. [18])and allows for a deterministic formulation of the faultdiagnosis problems. To decide whether a fault has occurredwith certainty, the measured outputs are compared with theset of outputs from the nominal and faulty models [19].

The main contribution in this work is a method to de-termine optimal inputs for guaranteed active fault diagnosisdespite process nonlinearities and uncertainties. To achievethis, the input design problem is formulated as a bileveloptimization problem in which the outer program minimizesthe two-norm input, while the inner program guarantees thatonly inputs that separate the output sets are selected (i.e.,inputs that guarantee the output measurements are consistentwith at most one model). In order to solve this nonconvexbilevel problem, we propose a method that takes advantageof the fact that the relaxed inner program is convex at afixed input (cf., [19]). As suboptimality of this input isdirectly related to the tightness of the convex relaxation (i.e.,how close the relaxation approximates the true set), differentways to tighten the relaxation are presented and discussed.Moreover, to provide a measure of output set separation,the inner convex program is reformulated in terms of anoptimization-based consistency measure (cf. [18]).

II. PROBLEM STATEMENT

Given a process subject to nf possible faults, considerdiscrete-time models of the form

f [i] :

{xk+1 = g(xk, uk, wk, p)yk = h(xk, uk, vk, p)

(1)

representing the nominal and all the possible faulty dynam-ics. The superscript i ∈ J := {0, 1, . . . , nf}, denotes thevarious fault scenarios F := {f [0], f [1] . . . , f [nf ]} consid-ered, with f [0] corresponding to the nominal model.

In (1), xk ∈ Rnx , yk ∈ Rny , uk ∈ Rnu , wk ∈ Rnw ,vk ∈ Rnv denote the system states, outputs, inputs, processnoise, and measurement noise at time-point k, respectively.The possibly uncertain model parameters are denoted by p ∈Rnp . The functions g and h are assumed to be polynomialor rational. In general, each fault model f [i] has its own setof variables x[i]

k , w[i]k , v

[i]k , y

[i]k , p

[i] and functions g[i] and h[i]

with possibly different dimensions. However, to shorten and

2014 European Control Conference (ECC)June 24-27, 2014. Strasbourg, France

978-3-9524269-2-0 © EUCA 926

simplify the notation, the superscript [i] is omitted for allvariables and functions appearing in (1).

The model parameters are assumed to be unknown-but-bounded. Furthermore, the states as well as the process andmeasurement noise are assumed bounded, leading to theoverall uncertainty description:

p ∈ P, xk ∈ Xk, wk ∈ Wk, vk ∈ Vk, ∀k ∈ T (2)

where T = {0, 1 . . . , nt} is the collection of time instancesconsidered. To simplify the presentation, only one model isassumed to be active during T . The framework can easilybe extended to include fault sequences.

A. Set-based Fault Diagnosis

This work employs the notion of consistency for the designof separating inputs. The core idea is to check consistencyby means of a feasibility problem that takes into accountthe model and the uncertainty description. The feasibilityproblem is derived next.

Denote sequences on T by σ := [σ0, σ1, . . . , σnt ]>. Then,

given a sequence of inputs and outputs, (u, y), combining (1)with the uncertainty description in (2) into a single feasibilityproblem (FP) for each model i ∈ J gives

FP[i](u) :

find ξFPs.t. xk+1=g(xk, uk, wk, p), ∀k ∈ T \nt

yk=h(xk, uk, vk, p), ∀k ∈ Txk ∈ Xk, wk ∈ Wk, vk ∈ Vk , ∀k ∈ Tp ∈ P

where ξFP = [x0, . . . , xnt , w0, . . . , wnt , y0, . . . , ynt , v0, . . . ,vnt , p]

> lumps all the variables except the input into a singlevector. The superscript [i] on the variables in FP[i](u) hasbeen omitted to simplify notation.Definition 1 (Consistency). Input and output sequences(u, y) are said to be consistent with a fault candidate f [i]

if FP[i](u) admits a solution. Otherwise, the sequence (u, y)is called inconsistent.

B. Optimal Input Design for Active Fault Diagnosis

Passive set-based fault detection and isolation based onFP[i](u) has been proposed in [6] considering fixed orunknown-but-bounded inputs. The main focus of this work isthe design of separating inputs for active fault detection andisolation in the presence of uncertainties, which is formallystated below.Definition 2 (Robust Separating Input). An input u separatesmodels f [i] and f [j] at time tnt , if @y such that (u, y)is consistent with both f [i] and f [j]. If u separates allmodel output sets subject to output, process, and parametricuncertainties, then u is a robust separating input.

The following combined feasibility problem (cf. [19]) isdefined as

FP[i,j](u) :

find ξ

[i]FP, ξ

[j]FP

s.t. constraints in FP[i](u)

constraints in FP[j](u)

y[i]nt = y

[j]nt

which checks if there exists(ξ

[i]FP, ξ

[j]FP

)such that the measured

outputs of models f [i], f [j] ∈ F intersect at time step nt.Both models have their own distinct set of states, processand measurement noise, parameters, and outputs that appearas free variables in the program. This problem providesa robustness certificate when the problem is shown to beinfeasible for all possible model combinations [19]. The setof all robust separating inputs is defined as U∗ := {u :FP[i,j](u) is infeasible, ∀(i, j) ∈ J , i > j}.

Note that FP[i,j](u) is defined using only the output atthe final time meaning any u ∈ U∗ applied to the systemguarantees that the output sets at the final time do notintersect. This can be replaced with requirements in whichthe output sets either do not intersect either at all, or atleast at one time instance of T . The first requirement canbe straightforwardly obtained by replacing the conditiony

[i]nt = y

[j]nt with y

[i]k = y

[j]k , ∀k ∈ T , and the second

requirement is considered in [19].Note that for unique fault diagnosis, every possible pair-

wise comparison of the models of interest must have sep-arated output sets [19], which requires a check of

(nf+1

2

)distinct combinations. This number can be reduced by ap-plying a hierarchical approach that first selects inputs thatseparate a number of the models and then refines the inputto improve separability for closely related models.

In this work, we not only want to separate the models, wealso want to derive an input that is optimal with respect to acertain performance index. The overall problem consideredin this paper is stated as:Problem 1. (Optimal Separating Input u). Find a separatinginput u that solves

inf u>Rus.t. u ∈ U ∩ U∗ (3)

where R is a positive-semidefinite weighting matrix and Uis a convex set that represents the input constraints.

The solution u, assuming that it exists, is guaranteed toprovide robust fault diagnosis within nt time steps. However,due to the nonlinearities and uncertainties, the FP[i,j](u) isgenerally nonconvex, making U∗ very difficult to character-ize. Next we efficiently tackle these problems using convexrelaxations (Sec. III) and bilevel optimization (Sec. IV).

III. CONVEX RELAXATIONS

Providing a robustness certificate is not a trivial task fornonlinear and uncertain systems due to the general noncon-vexity of FP[i,j](u). Although difficult, this is a necessarytask for characterizing the set of robust separating inputs U∗that appears in the optimization (3).

For polynomial systems, we can convexly relax the singlefeasibility problems, FP[i](u), into a semidefinite or linearprogram that provides provable inconsistency certificates forthe existence of solutions [6], [19]. These convex outerapproximations of the original, generally nonconvex, feasiblesets can be used in FP[i,j](u) so that solutions can efficientlybe computed [19]. The drawback of such an approach isthat the outer approximations introduce conservatism into

927

the problem, so they only characterize a subset of U∗.Nevertheless, robustness certificates derived from these con-vex relaxations allow the computation of an optimal androbust separating input (Sec. IV), where the tightness of therelaxation controls the degree of conservatism in the solution.

A. Relaxation Method

The first step is to transform the FP[i](u) into a quadrat-ically constrained program (QCP) by expressing all thedynamic and output equations as ξ>Aξ, where ξ ∈ Rnξis a minimal basis of monomials for the equations of modelf [i] and A ∈ Rnξ×nξ is a symmetric matrix. The vector ξcontains the elements of ξFP, the constant term 1, and anyadditional monomials greater than degree two necessary torepresent all equations. Such a quadratic decomposition canalways be found; however, it is in general not convex. Byintroducing a symmetric matrix X = ξξ> and replacing theresulting trace(X) ≥ 1 and rank(X) = 1 constraints with theweaker positive-semidefinite constraint X � 0, the FP[i](u)is relaxed into a semidefinite program (SDP) denoted bySDP[i](u). It is important to note that this relaxation onlyincreases the solution set. See [18] for further details andreferences regarding this relaxation method.

Using the index set L = {1, . . . , neq} where neq representsthe total number of equality constraints in model f [i] andassuming that (2) can be written as nineq linear inequalityconstraints in terms of the uncertain variables (i.e., Bξ ≤ 0where B ∈ Rnineq×nξ ) results in

SDP[i](u) :

find X

s.t. trace (Al(u)X) = 0, ∀l ∈ Ltrace(ee>X) = 1

B(u)Xe ≤ 0

X � 0

where e = [1, 0, . . . , 0]> ∈ Rnξ . Note that the matrices B(u)and A(u) depend on the input u; however, at this level, theinput is treated as a constant (the input is minimized in anouter loop optimization explained in Sec. IV).

To deal with larger problems that involve many constraintsand variables, the SDP[i](u) can be relaxed to a linearprogram (LP) denoted by LP[i](u), which is done by simplydropping the constraint X � 0.

Solving SDP[i](u) instead of the original FP[i](u) usuallyleads to the inclusion of false solutions. As a result, theinput set U∗ for which separation is guaranteed gets overlyrestricted. To alleviate this effect, constraints can be addedthat are redundant in the ξFP basis, but are not necessarilyredundant in the higher dimensional basis X . Such redundantconstraints can be constructed by [18]:

trace(B(u)>i B(u)jX) ≥ 0, ∀ (i, j) ∈ {1, . . . , nineq}, i ≥ j(4)

where B(u)i ∈ R1×nξ represents the ith row of B(u).Eq. (4) includes the McCormick relaxations for bilinearmonomials. Including these redundant constraints in theSDP[i](u) adds nineq(nineq − 1)/2 constraints that make the

solution more demanding to compute but can significantlytighten the solution set [18]. The tradeoff between speedand conservatism is discussed in Sec. V in the context ofa numerical example.

B. Robustness Certificates Using Convex Relaxations

This section shows how to efficiently determine robustnesscertificates, i.e., guaranteed output set separation, using theconvexly relaxed feasibility problems.

Define the problems SDP[i,j](u) and LP[i,j](u) similarlyas FP[i,j](u) (see Sec. II). Since the convexly relaxed prob-lems must contain the original output sets (i.e., provideinfeasibility certificates for FP[i](u)), they can also be usedto check if a given u is a robust separating input (see[19]). We can now similarly define the sets U∗SDP := {u :SDP[i,j](u) is infeasible, ∀(i, j) ∈ J , i > j} and U∗LP :={u : LP[i,j](u) is infeasible, ∀(i, j) ∈ J , i > j}. Since therelaxed output sets must contain the actual set, but not viceversa, it directly follows that U∗LP ⊆ U∗SDP ⊆ U∗. Note thatU∗LP ⊆ U∗SDP holds only when the same set of constraints areincluded in both relaxations.

IV. OPTIMAL ROBUST SEPARATING INPUT

In this section, Problem 1 is tackled by employing robust-ness certificates and bilevel optimization. The inner programof the bilevel optimization certifies, for a given input, thatthe output sets do not overlap and are therefore consistentwith at most one model, while the outer program determinesthe minimally harmful input. FP[i,j](u) could be directlysolved to determine if the sets overlap at a given input.However, the result from the feasibility test (i.e., infeasibilityor feasibility) provides no suitable measure for the outerprogram to determine a direction that will improve theobjective function value. This situation can be avoided byreformulating the FP[i,j](u) in terms of an optimization-based consistency measure δ whose value provides a directmeasure of output set separation for a fixed input. Thismeasure provides useful information for the outer solver toguide the input toward a minimum, as discussed below.

Section IV-A formally presents the measure for output setseparation. Section IV-B elaborates on the bilevel optimiza-tion strategy. The presented approach to determine outputset separation does not require the explicit computation ofreachable sets as, for example, done in [20]. Also note that asimilar consistency measure has been used within the contextof outlier detection in [18].

A. Measure of Output Set Separation

The determination of the output set separation requires areformulation of FP[i,j](u) in terms of a scaling parameter δ.Depending on δ, the bounds will be either inflated (δ > 0)or shrank (δ < 0) until the output sets intersect. Intersectionof the output sets is checked by solving FP[i,j](u) for agiven δ and input u. Since many δ values will satisfythis relationship, δ is minimized under the constraints thatthe output sets still overlap. δ then provides a measure ofseparation in the sense that the larger the distance between

928

the output sets, the larger the minimum value of δ. If aninflation of the bounds, i.e. δ > 0, was required for outputset separation, then the provided input separates the outputsets despite all bounded uncertainties.

The inflated bounds (i.e., inequality constraints) can bewritten as BinξFP ≤ bin(u) + δ, where Bin is a sparse matrixthat relates each of the variables in ξFP to their lower andupper bounds in the vector bin(u), which might depend on theinput. Using this definition, FP[i,j](u) can be reformulated interms of the minimum inflation parameter δ:

δ[i,j](u) := minδ,ξ

[i]FP ,ξ

[j]FP

δ

s.t. equality constraints in FP[i](u)

equality constraints in FP[j](u)

B[i]in ξ

[i]FP ≤ b

[i]in (u) + δ

B[j]in ξ

[j]FP ≤ b

[j]in (u) + δ

y[i]nt = y

[j]nt .

(5)

Theorem 1: FP[i,j](u) is infeasible iff δ[i,j](u) > 0.Proof : Choose any i, j ∈ J and any u ∈ U . If δ[i,j](u) >0, then (5) does not have a feasible point with δ ≤ 0.Therefore, @(ξ

[i]FP, ξ

[j]FP ) such that the constraints stated in

FP[i,j](u) hold. Thus, FP[i,j](u) is infeasible. Conversely,assume that FP[i,j](u) is infeasible. Then @(ξ

[i]FP, ξ

[j]FP ) such

that the constraints in FP[i,j](u) hold, which implies that(5) does not have a feasible solution with δ ≤ 0. Thus,δ[i,j](u) > 0. �

From Theorem 1, we can express the set of separatinginputs as U∗ = {u : δ[i,j](u) > 0, ∀(i, j) ∈ J , i > j}. Itdirectly follows from Sec. III-B that:

U∗SDP = {u : δ[i,j]SDP (u) > 0, ∀(i, j) ∈ J , i > j}

U∗LP = {u : δ[i,j]LP (u) > 0, ∀(i, j) ∈ J , i > j}

(6)

and δ[i,j]LP (u) ≤ δ

[i,j]SDP (u) ≤ δ[i,j](u) at a fixed u where

δ[i,j]SDP (u) and δ[i,j]

LP (u) are defined in the same manner as (5)with the convexly relaxed constraints used in place of theactual constraints.

B. Determining the Optimal Input

The previous section derived a method for characterizingthe set of separating inputs with the measure of outputset separation δ[i,j](u). Using this framework, (3) can beredefined as:

infu∈U

u>Ru

s.t. δ[i,j](u) > 0, ∀(i, j) ∈ J , i > j.(7)

δ[i,j](u) is defined as the solution to a nonconvex opti-mization which clearly makes (7) a nonlinear nonconvexbilevel program (BLP). Only very few results for BLPs withnonconvex inner programs exist [21]. The computationalcomplexity can be reduced by convexly relaxing the δ[i,j](u)constraint in (7), using the relaxations in Sec. III for example,to form a convex BLP that can be solved using existingalgorithms [22]. However, we solve this problem differentlyas explained below.

The resulting convexly relaxed problem is

minu∈U

u>Ru

s.t. δ[i,j]CR (u) ≥ ε, ∀(i, j) ∈ J , i > j

(8)

where the subscript CR stands for convex relaxation (e.g.,SDP or LP). In (8), a minimum separation threshold ε > 0is introduced to ensure that there exists a u∗ that attainsthe minimum. The program for δ[i,j]

CR has the same structureas (5) with the constraints defined in terms of the particularrelaxation. Note that δ[i,j]

CR (u) (i.e., the inner program) is nowconvex for a fixed u.

Replacing δ[i,j]CR (u) with its equivalent Karush-Kuhn-

Tucker (KKT) conditions leads to a single program with,first, a large number of nonconvex complementary con-straints equal to the number of inequalities in δ[i,j]

CR (u) and,second, variable bounds that are generally complicated andhighly nonlinear functions of the input due to its propa-gation through the system dynamics. As this procedure isused by many of the aforementioned algorithms to solveBLPs, computing the solution can be very computationallyexpensive, which is compounded by a combinatorial growthin the number of inner programs with the number of modelsto be separated and a polynomial growth in the size of eachinner program with the number of time points.

Although standard algorithms can be used to solve (8), wepropose a simple alternative that is easy to implement regard-less of model complexity. The idea is to use a deterministiclocal nonlinear solver to supply input values to the convexinner program, δ[i,j]

CR (u), that can be efficiently solved usinga variety of solvers, such as CPLEX [23] or SeDuMi [24].Because δ

[i,j]CR (u) provides a measure of distance between

the set of outputs, the outer solver can easily compute agradient of this constraint with respect to the input usingfinite differencing. Combined with the gradient/subgradientsof the outer objective function, a feasible descent directioncan be estimated to update u. This process can be repeateduntil optimality is achieved. This approach is used for theexample of a two-tank system in the next section.

V. EXAMPLE

Consider the two-tank system in Fig. 1.

Fig. 1. Sequential two-tank system.

A. System Description

Both tanks have the same cross-sectional area A and areconnected in series by a valve V12 with inflow q01 andoutflow q23. The inflow to the first tank q01 represents the

929

system input and can vary with time. The states (outputs)of the system are the true (measured) heights of the tanks,which are denoted by x1 (y1) and x2 (y2) for tanks 1 and 2,respectively. This example considers operating conditions inwhich the system satisfies x1 ≥ x2 under all fault scenarios.

Three fault scenarios are considered. First (f [1]), a leakagein tank 1 represented by the flow qL1 . Second (f [2]), the valveV12 becomes clogged and its throughput is reduced by 50%.Third (f [3]), a large leak occurs in tank 2 that increases theoutflow to 5 times its nominal value. These scenarios can allbe represented with the same model structure. Therefore, wewill first derive a general description of the system and thenpresent the different sets of parameters in the nominal andfaulty models.

Under the aforementioned assumptions, the nonlineardiscrete-time model is given by

x1,k+1 = x1,k + ∆tA

(q01,k − qL1,k − q12,k

)x2,k+1 = x2,k + ∆t

A

(q12,k − q23,k

) (9)

where ∆t is the sampling time and the flowrates are

q01,k = uk, qL1,k = cL1√x1,k

q12,k = c12

√x1,k − x2,k (10)

q23,k = c23√x2,k.

The parameters cL1 , c12, and c23 are valve coefficients. Themeasured heights are corrupted with measurement noise:

y1,k = x1,k + v1,k

y2,k = x2,k + v2,k.(11)

The non-polynomial parts of (9) can be reformulated byintroducing additional variables and constraints [6]:(

dw12,k

)2= x1,k − x2,k(

Sqh1,k

)2= x1,k (12)(

Sqh2,k

)2= x2,k.

Placing dw12,k, Sqh1,k, and Sqh2,k in (9) instead of theappropriate square root terms results in a polynomial model.Defining the parameter vector p = [A, cL1 , c12, c23]>, thefault models can be classified as

f [0]:={

(9)–(12), p[0] = [A, 0, c12, c23]>}

f [1]:={

(9)–(12), p[1] = [A, cL1 , c12, c23]>}

f [2]:={

(9)–(12), p[2] = [A, 0, 0.5c12, c23]>}

f [3]:={

(9)–(12), p[3] = [A, 0, c12, 5c23]>}.

(13)

B. Simulation

Eq. (8) was solved to compute the optimal separating inputu∗ for the nominal and three fault models summarized in(13) using the method in Sec. IV. The convex relaxationsin Sec. III were used. The implementation was done inMatlab using fmincon as the outer solver and CPLEX[23] (respectively, CVX [25] with SeDuMi [24]) as the innersolver for the linear (respectively, semidefinite) relaxations.

All simulations used the parameter values ∆t = 5 s, A =1.54×10−2 m2, c1L = c12 = c23 = 1.2×10−4 m5/2/s, R =

Inu×nu , and nt = 4. The uncertain initial tank levels werechosen to be x1,0 ∈ [0.95, 1.05] and x2,0 ∈ [0.475, 0.525]with bounded measurement noise v1,k, v2,k ∈ [−0.05, 0.05],∀k ∈ T all in units of meters. Bounds on the remainingstates and outputs were calculated using the model equations,the uncertain initial condition interval, and the boundedmeasurement noise using the Matlab Intlab toolbox [26]. Theinitial guess for u in the outer program was chosen to be0.1 for all time points in all simulations. Different initialguess values resulted in the exact same optimal solution forthis example. Note that our proposed method easily handlesprocess noise and parametric uncertainty; however, they wereexcluded from this particular example for simplicity.

C. Results

Table I compares our method for different levels of convexrelaxations. The linear (respectively, semidefinite) relaxationwithout (4) is denoted as LP (respectively, SDP). The letter“t” stands for “tight” and precedes the abbreviation when theadditional constraints in (4) are included in the relaxation.The LP relaxation is the fastest method by far, but is also themost conservative (i.e., requires a larger input to separate thefault models). The LP relaxation found a separating input 40to 50 times faster than the t-LP relaxation, but with a normthat is 35 to 50% larger.

Another interesting observation is that the SDP relaxationwas more conservative than the t-LP case. This examplehighlights the importance of the additional constraints (4),which include the McCormick relaxations, in directly affect-ing the tightness of the relaxation. Furthermore, optimizationtime for the t-LP relaxation scaled much more favorablywith the number of models in the simulation than for theSDP relaxation. Note that, in order to reduce the onlinecomputational burden, it is always possible to compute anapproximate explicit solution to the input separation problemin the same way as described in [27].

Fig. 2 shows Monte Carlo samples of the outputs foreach of the four models when the optimal separating inputu∗, computed using the t-LP relaxation, is injected. In thelower right panel, we can clearly see that all output setsare completely separated at the chosen final time pointk = nt = 4, which indicates that any sequence of thesemeasurements taken on the interval T are consistent withat most one model. Thus, a complete fault diagnosis of thesystem has been achieved.

VI. CONCLUSIONS

A deterministic method is proposed for computing aguaranteed separating input for fault isolation of nonlinearpolynomial and rational uncertain systems based on convexrelaxations and bilevel optimization. The derived bilevelprogram has a convex inner program and could be solved toglobal optimality using standard methods, e.g., branch andbound. We propose an alternative solution method that usesa nonlinear outer solver to supply inputs to the convex innerprogram and iteratively step towards a minimum. Althoughglobal optimality is not guaranteed a priori, the proposed

930

TABLE ICOMPARISON OF THE PROPOSED METHOD AT DIFFERENT LEVELS OF

CONVEX RELAXATION. BY INCLUDING THE ADDITIONAL CONSTRAINTS

IN (4), T-LP IS A TIGHTER RELAXATION THAN LP. COMPUTATIONS

PERFORMED ON A DESKTOP PC (INTEL I7, 2.7GHZ, 8 GB RAM)RUNNING WINDOWS 7 (64-BIT) USING A SINGLE CORE.

Models, f [i] Relaxation ‖u∗‖ × 104 CPU time [s]

i = {0, 1} LP 39 8t-LP 26 468SDP 34 270

i = {0, 1, 2} LP 166 16t-LP 123 882SDP 147 834

i = {0, 1, 2, 3} LP 166 25t-LP 123 1014SDP 147 1710

Fig. 2. 1000 sampled outputs are shown by circles from the nominal andfaulty models when the optimal separating input, calculated from the t-LPrelaxation, is injected. f [0], f [1], f [2], and f [3] are represented by theblue, red, green, and yellow circles, respectively. The convex hulls (blacklines) in the lower-right panel were drawn for clearer illustration.

method is much more computationally efficient and showedpromising results when applied to an example problem.Furthermore, the general formulation is flexible with respectto the solution method and choice of objective, constraints,and number of possible fault models.

Further work in analyzing the degree of conservatismadded to the solution from the convex relaxation methods isrecommended. Of particular interest would be an adaptiveapproach that heuristically adds constraints that are mostlikely to tighten the relaxation while warm starting thealgorithm with the previously computed solution.

REFERENCES

[1] L. H. Chiang, E. L. Russell, and R. D. Braatz, Fault Detection andDiagnosis in Industrial Systems. London: Springer, 2001.

[2] R. Patton and J. Chen, “Observer-based fault detection and isolation:Robustness and applications,” Control Engineering Practice, vol. 5,no. 5, pp. 671–682, 1997.

[3] S. X. Ding, Model-based Fault Diagnosis Techniques – DesignSchemes, Algorithms and Tools. Berlin, Heidelberg: Springer, 2008.

[4] M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki, Diagnosisand Fault-Tolerant Control. Heidelberg, Berlin: Springer, 2006.

[5] R. Nikoukhah, “Guaranteed active failure detection and isolation forlinear dynamical systems,” Automatica, vol. 34, no. 11, pp. 1345–1358,1998.

[6] A. Savchenko, P. Rumschinski, and R. Findeisen, “Fault diagnosisfor polynomial hybrid systems,” in Proc. of the 18th IFAC WorldCongress, 2011, pp. 2755–2760.

[7] X. J. Zhang, Auxiliary Signal Design in Fault Detection and Diagnosis,ser. Lecture Notes in Control and Information Sciences. Heidelberg,Berlin: Springer, 1989.

[8] R. Nikoukhah, S. L. Campbell, and F. Delebecque, “Detection signaldesign for failure detection: A robust approach,” International Journalof Adaptive Control and Signal Processing, vol. 14, pp. 701–724, 2000.

[9] R. Nikoukhah and S. L. Campbell, “Auxiliary signal design for activefailure detection in uncertain linear systems with a priori information,”Automatica, vol. 42, no. 2, pp. 219–228, 2006.

[10] S. Campbell and R. Nikoukhah, Auxilary Signal Design for FailureDetection. New Jersey: Princeton University Press, 2004.

[11] J. K. Scott, R. Findeisen, R. D. Braatz, and D. M. Raimondo, “Designof active inputs for set based fault diagnosis,” in Proc. of the AmericanControl Conference, 2013, pp. 3567–3572.

[12] M. Du and P. Mhaskar, “Active fault isolation of nonlinear processsystems,” AIChE Journal, vol. 59, no. 7, pp. 2435–2453, 2013.

[13] I. Andjelkovic, K. Sweetingham, and S. L. Campbell, “Active faultdetection in nonlinear systems using auxiliary signals,” in Proc. of theAmerican Control Conference, 2008, pp. 2142–2147.

[14] A. Mesbah, S. Streif, R. Findeisen, and R. D. Braatz, “Active faultdiagnosis for nonlinear systems with probabilistic uncertainties,” inProc. of the 19th IFAC World Congress, Cape Town, South Africa,2014, in press.

[15] M. Simandl, I. Puncochar, and J. Kralovec, “Rolling horizon for activefault detection,” in Proc. of the 44th IEEE Conference on Decision andControl and the European Control Conference, 2005, pp. 3789–3794.

[16] N. Poulsen and H. Niemann, “Active fault diagnosis based on stochas-tic tests,” International Journal of Applied Mathematics and ComputerScience, vol. 18, no. 4, pp. 487–496, 2008.

[17] J. K. Scott, G. R. Marseglia, L. Magni, R. D. Braatz, and D. M.Raimondo, “A hybrid stochastic-deterministic input design methodfor active fault diagnosis,” in Proc. of the 52nd IEEE Conference onDecision and Control, Firenze, Italy, 2013, pp. 5656 – 5661.

[18] S. Streif, M. Karl, and R. Findeisen, “Outlier analysis in set-basedestimation for nonlinear systems using convex relaxations,” in Proc.of the European Control Conference (ECC), July 2013, pp. 2921–2926.

[19] S. Streif, D. Hast, R. D. Braatz, and R. Findeisen, “Certifyingrobustness of separating inputs and outputs in active fault diagnosis foruncertain nonlinear systems,” in Proc. of the 10th IFAC InternationalSymposium on Dynamics and Control of Process Systems (DyCoPS),Mumbai, India, Dec. 2013, pp. 837–842.

[20] A. Savchenko, P. Rumschinski, S. Streif, and R. Findeisen, “Completediagnosability of abrupt faults using set-based sensitivities,” in Proc.of the 8th IFAC Symposium on Fault Detection, Supervision and Safetyof Technical Processes, 2012, pp. 860–865.

[21] A. Mitsos, P. Lemonidis, and P. I. Barton, “Global solution ofbilevel programs with a nonconvex inner program,” Journal of GlobalOptimization, vol. 42, pp. 475–513, 2008.

[22] J. F. Bard, Practical Bilevel Optimization: Algorithms and Applica-tions. Boston, London, Dordrecht: Kluwer Academic Publisher, 1998,vol. 30.

[23] ILOG CPLEX 11.0 User’s Manual. Gentilly, France: ILOG SA, 2007.[24] J. F. Sturm, “Using SeDuMi 1.02, a MATLAB toolbox for optimization

over symmetric cones,” Optimization Methods and Software, vol. 11,no. 1-4, pp. 625–653, 1999.

[25] M. Grant, S. Boyd, and Y. Ye, “CVX: Matlab Software for DisciplinedConvex Programming,” 2008, http://cvxr.com/cvx.

[26] S. M. Rump, “INTLAB - INTerval LABoratory,” in Developments inReliable Computing, T. Csendes, Ed. Dordrecht: Kluwer AcademicPublishers, 1999, pp. 77–104, http://www.ti3.tuhh.de/rump/.

[27] D. M. Raimondo, R. D. Braatz, and J. K. Scott, “Active fault diagnosisusing moving horizon input design,” in Proc. of the European ControlConference, 2013, pp. 3131–3136.

931