IMPROVING THE CONTROL AND SENSING RESILIENCY OF A DIESEL ENGINE USING MODEL-BASED METHODS

Shubham Ashok Konda (17551746)

05 December 2023

<p dir="ltr">Resilient engine operation hugely depends on proper functioning of the engine’s sensors, enabling efficient feedback control of the engine systems operation. When the sensors on the engine measure a physical quantity incorrectly, it leads the engine control system to determine that the sensor measuring the physical quantity has failed. This failure may be attributed to a sensor stick failure, bias failure, drift failure, or failure occurring due to physical wear and tear of the sensor. Failure of crucial engine sensors may have adverse effects on engine operation, and in most cases leading into a limp home mode or a torque limitation mode. This affects the engine performance and efficiency. The engine under study in this work is a medium duty marine engine with diesel fuel. Sensor failures in the middle of a marine operation can hugely impact its mission. Therefore, fault tolerant control systems are essential to counter these challenges occurring due to sensor failures. In this thesis, an advanced nonlinear fault detection and state estimation algorithm is developed and implemented on a GT-Power engine model, employing a sophisticated co-simulation approach. The focus is on a 6.7L Cummins diesel engine, for which a detailed nonlinear state space model is constructed. This model accurately replicates critical engine parameters, such as pressures, temperatures, and engine speed, by integrating various submodels. These sub-models estimate key parameters like cylinder inlet charge flow, valve flow, cylinder outlet temperature, turbocharger turbine flow, and charge air cooler flow. To assess the model’s accuracy and reliability, it is rigorously validated against a truth reference GT-Power engine model. The results demonstrate exceptional performance, with the nonlinear model exhibiting a minimal percentage performance error of less than 5% under steady-state conditions and less than 15% during transient conditions. The core of the Fault Detection and State Estimation (FDSE) modules consists of a bank of Extended Kalman Filters (EKF). These filters are meticulously designed to estimate vital engine states, generate residuals, and assess these residuals even in the presence of process and measurement noise. This approach enables the detection of sensor faults and facilitates controller reconfiguration, ensuring the engine’s robustness in the face of unexpected sensor failures. Crucially, the nonlinear physics-based model serves as the foundation for the state transition functions utilized in the design of the observer bank. Residuals generated by the EKFs are evaluated using both fixed and adaptive thresholding techniques masking the sensor faults at the time step at which it is detected, ensuring robust performance not only in steady-state conditions but also during varying transient load conditions. To comprehensively evaluate the system’s resilience in practical scenarios, multiple sensor stuck failures are introduced into the GT-Power model. A software-in-the-loop co-simulation strategy is meticulously established, employing both the GT-Power truth reference engine model and the nonlinear Fault Detection and State Estimation (FDSE) model within the Simulink environment. This unique co-simulation approach provides a platform to assess the FDSE performance and its effect on engine performance in simulated sensor fault scenarios. The FDSE module is able to detect sensor failures which deviate at least 5% from their actual values. The percentage estimation error is less than 10% under steady state conditions and less than 20% under transient load conditions. Ultimately, this process creates analytical redundancy, not only forming the basis of state estimation but also empowering the engine to maintain its performance in the presence of sensor faults.</p>

Engine Resiliency

state estimation algorithms

sensor failures

controller reconfiguration

On Safe Usage of Shared Data in Safety-Critical Control Systems

Jäger, Georg

16 September 2022

Prognostiziert durch Konzepte der Industrie 4.0 und den Cyber-Physischen-Systemen, können autonome Systeme zukünftig dynamisch auf Datenquellen in ihrer Umgebung zugreifen. Während die gemeinsame Nutzung solcher Datenquellen ein enormes Performanzpotenzial bietet, stellt die benötigte Systemarchitektur vorherrschende Sicherheitsprozesse vor neue Herausforderungen. Die vorliegende Arbeit motiviert zunächst, dass diese nur zur Laufzeit des Systems adressiert werden könne, bevor sie daraus zwei zentrale Ziele ableitet und verfolgt. Zum einen wird ein Beschreibungsmodel für die Darstellung von Fehlercharakteristika gemeinsam genutzter Daten vorgestellt. Dieses generische Fehlermodell erlaubt es zum anderen eine Sicherheitsanalyse zu definieren, die eine spezifische, dynamische Systemkomposition zur Laufzeit mit Hinblick auf die zu erwartenden Unsicherheiten bewerten kann. Die als Region of Safety betitelte Analysestrategie erlaubt, in Kombination mit dem generischen Fehlermodell, die Sicherheit der auf gemeinsam genutzten Daten basierenden Kollisionsvermeidungsstrategie zweier Roboter noch zur Designzeit zu garantieren, obwohl die spezifischen Fehlercharakteristika der Daten erst zur Laufzeit bekannt werden.:List of Acronyms List of Theorems List of Definitions List of Figures List of Tables 1. Introduction – Safety in Future Smart Industries 1.1. The Example of Smart Warehouses 1.2. Functional Safety Standards 1.2.1. Overview of Functional Safety Standards 1.2.2. IEC 61508 1.3. Scope of this Thesis 1.3.1. Objectives 1.3.2. Contributions 1.3.3. Outline 1.4. Related Publications by the Author 1.5. Mathematical Notation 2. State of the Art 2.1. State of the Art in Run-Time Safety Assessment 2.1.1. Approaches at the Functional Level 2.1.2. Approaches at the Technical Level 2.1.3. Conclusions 2.2. State of the Art in Failure Modeling 2.2.1. The Definition of (Sensor) Failure Model 2.2.2. Interval-Based Failure Modeling 2.2.3. Distribution-Based Failure Modeling 2.2.4. Failure-Type-Based Failure Modeling 2.2.5. Conclusions 2.3. Conclusions from the State of the Art 3. Generic Failure Model 3.1. Defining the Generic Failure Model 3.1.1. Time- and Value-Correlated Random Distribution 3.1.2. A Failure Type’s Failure Amplitudes 3.1.3. A Failure Type’s State Function 3.1.4. Polynomial Representation of a Failure Type 3.1.5. Discussion on the Fulfillment of the Predefined Criteria 3.2. Converting a Generic Failure Model to an Interval 3.2.1. Converting a Time- and Value-Correlated Random Distribution 3.2.2. A Failure Type’s Interval 3.3. Processing Chain for Generating Generic Failure Models 3.3.1. Identifying Failure Types 3.3.2. Parameterizing Failure Types 3.3.3. Confidence Calculation 3.4. Exemplary Application to Artificial Failure Characteristics 3.4.1. Generating the Artificial Data Set – Manually Designing GFMs 3.4.2. Identifying Failure Types 3.4.3. Parameterizing Failure Types 3.4.4. Confidence Calculation 3.4.5. Comparison to State-of-the-Art Models 3.5. Summary 4. Region of Safety 4.1. Explicitly Modeling Uncertainties for Dynamically Composed Systems 4.2. Regions of Safety for Dynamically Composed Systems 4.2.1. Estimating Regions of Attraction in Presence of Uncertainty 4.2.2. Introducing the Concept of Region of Safety 4.2.3. Discussion on the Fulfillment of the Predefined Criteria 4.3. Evaluating the Concept of Region of Safety 4.3.1. Defining the Scenario and Considered Uncertainties 4.3.2. Designing a Control Lyapunov Function 4.3.3. Determining an Appropriate Value for λc 4.3.4. The Effect of Varying Sensor Failures on Regions of Safety 4.4. Summary 5. Evaluation and Integration 5.1. Multi-Robot Collision Avoidance 5.1.1. Assumptions 5.1.2. Design of the Circle and Navigation Scenarios 5.1.3. Kinematics 5.1.4. Control Policy 5.1.5. Intention Modeling by Model Uncertainty 5.1.6. Fusing Regions of Safety of Multiple Stability Points 5.2. Failure Modeling for Shared Data – A Marker Detection Failure Model 5.2.1. Data Acquisition 5.2.2. Failure Model Generation 5.2.3. Evaluating the Quality of the Failure Model 5.3. Safe Handling of Shared Data in a Collision Avoidance Strategy 5.3.1. Configuration for Region of Safety Estimation 5.3.2. Estimating Regions of Safety 5.3.3. Evaluation Using the Circle Scenario 5.3.4. Evaluation Using the Navigation Scenario 5.4. Summary 6. Conclusions and Future Work 6.1. Summary 6.2. Limitations and Future Work 6.2.1. Limitations and Future Work on the Generic Failure Model 6.2.2. Limitations and Future Work on Region of Safety 6.2.3. Future Work on Safety in Dynamically Composed Systems Appendices A. Defining Factors of Risk According to IEC 61508 B. Evaluation Results for the Identification Stage C. Overview of Failure Amplitudes of Marker Detection Results Bibliography / The concepts of Cyber-Physical-Systems and Industry 4.0 prognosticate autonomous systems to integrate sources of shared data dynamically at their run-time. While this promises substantial increases in their performance, the openness of the required system architecture poses new challenges to processes guaranteeing their safety. This thesis firstly motivates that these can be addressed only at their run-time, before it derives and pursues two corresponding goals. Firstly, a model for describing failure characteristics of shared data is presented. Secondly, this Generic Failure Model is built upon to define a run-time safety assessment methodology that enables analyzing dynamic system compositions integrating shared data with respect to the expected uncertainties at run-time. This analysis strategy, entitled Region of Safety, allows in combination with the generic failure model to guarantee the safety of robots sharing position data for collision avoidance already at design-time, although specific failure characteristics become available only at run-time.:List of Acronyms List of Theorems List of Definitions List of Figures List of Tables 1. Introduction – Safety in Future Smart Industries 1.1. The Example of Smart Warehouses 1.2. Functional Safety Standards 1.2.1. Overview of Functional Safety Standards 1.2.2. IEC 61508 1.3. Scope of this Thesis 1.3.1. Objectives 1.3.2. Contributions 1.3.3. Outline 1.4. Related Publications by the Author 1.5. Mathematical Notation 2. State of the Art 2.1. State of the Art in Run-Time Safety Assessment 2.1.1. Approaches at the Functional Level 2.1.2. Approaches at the Technical Level 2.1.3. Conclusions 2.2. State of the Art in Failure Modeling 2.2.1. The Definition of (Sensor) Failure Model 2.2.2. Interval-Based Failure Modeling 2.2.3. Distribution-Based Failure Modeling 2.2.4. Failure-Type-Based Failure Modeling 2.2.5. Conclusions 2.3. Conclusions from the State of the Art 3. Generic Failure Model 3.1. Defining the Generic Failure Model 3.1.1. Time- and Value-Correlated Random Distribution 3.1.2. A Failure Type’s Failure Amplitudes 3.1.3. A Failure Type’s State Function 3.1.4. Polynomial Representation of a Failure Type 3.1.5. Discussion on the Fulfillment of the Predefined Criteria 3.2. Converting a Generic Failure Model to an Interval 3.2.1. Converting a Time- and Value-Correlated Random Distribution 3.2.2. A Failure Type’s Interval 3.3. Processing Chain for Generating Generic Failure Models 3.3.1. Identifying Failure Types 3.3.2. Parameterizing Failure Types 3.3.3. Confidence Calculation 3.4. Exemplary Application to Artificial Failure Characteristics 3.4.1. Generating the Artificial Data Set – Manually Designing GFMs 3.4.2. Identifying Failure Types 3.4.3. Parameterizing Failure Types 3.4.4. Confidence Calculation 3.4.5. Comparison to State-of-the-Art Models 3.5. Summary 4. Region of Safety 4.1. Explicitly Modeling Uncertainties for Dynamically Composed Systems 4.2. Regions of Safety for Dynamically Composed Systems 4.2.1. Estimating Regions of Attraction in Presence of Uncertainty 4.2.2. Introducing the Concept of Region of Safety 4.2.3. Discussion on the Fulfillment of the Predefined Criteria 4.3. Evaluating the Concept of Region of Safety 4.3.1. Defining the Scenario and Considered Uncertainties 4.3.2. Designing a Control Lyapunov Function 4.3.3. Determining an Appropriate Value for λc 4.3.4. The Effect of Varying Sensor Failures on Regions of Safety 4.4. Summary 5. Evaluation and Integration 5.1. Multi-Robot Collision Avoidance 5.1.1. Assumptions 5.1.2. Design of the Circle and Navigation Scenarios 5.1.3. Kinematics 5.1.4. Control Policy 5.1.5. Intention Modeling by Model Uncertainty 5.1.6. Fusing Regions of Safety of Multiple Stability Points 5.2. Failure Modeling for Shared Data – A Marker Detection Failure Model 5.2.1. Data Acquisition 5.2.2. Failure Model Generation 5.2.3. Evaluating the Quality of the Failure Model 5.3. Safe Handling of Shared Data in a Collision Avoidance Strategy 5.3.1. Configuration for Region of Safety Estimation 5.3.2. Estimating Regions of Safety 5.3.3. Evaluation Using the Circle Scenario 5.3.4. Evaluation Using the Navigation Scenario 5.4. Summary 6. Conclusions and Future Work 6.1. Summary 6.2. Limitations and Future Work 6.2.1. Limitations and Future Work on the Generic Failure Model 6.2.2. Limitations and Future Work on Region of Safety 6.2.3. Future Work on Safety in Dynamically Composed Systems Appendices A. Defining Factors of Risk According to IEC 61508 B. Evaluation Results for the Identification Stage C. Overview of Failure Amplitudes of Marker Detection Results Bibliography

info:eu-repo/classification/ddc/004

ddc:004

Autonomes System

Sensor

Daten

Gemeinschaftliche Nutzung

Fehlermodell

Computersicherheit