Active Diagnosability of Discrete Event Systems and its Application to

1892

IEEE TRANSACTIONS ON CONTROL SYSTEMS TECHNOLOGY, VOL. 22, NO. 5, SEPTEMBER 2014

Active Diagnosability of Discrete Event Systems and its Application to Battery Fault Diagnosis Ziqiang Chen, Feng Lin, Caisheng Wang, Le Yi Wang, and Min Xu

Abstract— A battery system may consist of many batteries; each battery can have a normal operating mode and several faulty modes. This makes the fault status of a battery system very complex. To diagnose such a complex system, passive diagnosis is often insufficient. We may need to actively control the system to complete the diagnosis task. In this brief, we investigate the active diagnosis in the framework of discrete event systems. We model the system to be diagnosed by an automaton (finite state machine) with state outputs in which some events are controllable in the sense that they can be enforced, and some events are not. We say that the system is actively diagnosable if we can find a control under which the faults can be diagnosed. We derive a necessary and sufficient condition for a system to be actively diagnosable. Algorithms are devised for checking active diagnosability and finding controls that achieve it. The theoretical results are then applied to fault diagnosis of battery systems. We illustrate the approach using a simplified battery system consisting of four batteries. We find a control that diagnoses the faults based on the measurements of two temperature sensors. Index Terms— Battery management system, detectability, diagnosability, discrete event systems (DESs), fault diagnosis.

I. I NTRODUCTION

T

HE RAPID progress and technological advances in batteries have led to a wide usage of battery systems for electric vehicles and other applications. As battery systems become increasingly complex, issues of safety and reliability of operation are of great importance. Many researchers from the control and artificial-intelligence communities have devoted to fault detection study and diagnosis for battery systems in [3] and [6], taking both qualitative and quantitative approaches. Different strategies are adopted to achieve the diagnosis goals. For example, modified floating search algorithms for repeated feature selection are presented in [11] for fault detection. Signal processing techniques, such as particle-filtering, have been applied to fault detection of batteries in [1]. In addition, considerable efforts have been devoted to bridging the

Manuscript received June 13, 2013; revised September 10, 2013; accepted November 9, 2013. Manuscript received in final form November 12, 2013. Date of publication November 28, 2013; date of current version July 24, 2014. This work was supported in part by the National Science Foundation of USA under Grant ECS-0823865 and Grant ECS-1202133, and in part by the National Natural Science Foundation of China under Grant 51347002, Grant 60904019, Grant 61143006, and Grant 71071116. Recommended by Associate Editor F. Basile. Z. Chen and M. Xu are with the School of Mechanics and Power Engineering, Shanghai Jiao Tong University, Shanghai 200240, China (e-mail: [email protected]; [email protected]). F. Lin is with the Department of Electrical and Computer Engineering, Wayne State University, Detroit, MI 48202 USA, and also with the School of Electronics and Information Engineering, Tongji University, Shanghai 200092, China (e-mail: [email protected]). C. Wang and L. Y. Wang are with the Department of Electrical and Computer Engineering, Wayne State University, Detroit, MI 48202 USA (e-mail: [email protected]; [email protected]). Digital Object Identifier 10.1109/TCST.2013.2291069

methodologies of the control and artificial-intelligence communities [7]. Failure diagnosis addresses the problem of identifying and isolating deviations of the actual behavior of a dynamic system from its desired behavior. However, a large-scale battery system consists of many batteries, which have different characteristics even when they are new. Moreover, their characteristics and dynamics change with time and operating conditions due to aging, environments, and chemical property variations. Therefore, more advanced approaches must be used to meet the demands of diagnosis of battery systems with dynamic variation of characteristics. In recent years, various approaches that are based on a discrete event systems (DESs) modeling formalism have been proposed. DESs are characterized by asynchronous occurrences of discrete events. The behavior of DESs can be observed as possible transitions between different states following the occurrence of events. DESs are interesting as they are omnipresent around us: computer and communication systems, automated manufacturing systems, traffic systems, intelligent transportation systems, database systems, software systems, and so on. The DES framework has been used to investigate many important issues such as controllability and observability [5]. DESs are often used to model complex systems and faults are more likely to occur in complex systems. Therefore, we need more advanced diagnostic tools for DES. It is essential for fault diagnosis that each fault can be uniquely identified based on partial observations of the system behavior. Diagnosis of DES has been investigated extensively. In [13], a fault is modeled as an event. It is assumed that some events are observable and some other events are not observable. Naturally, faulty events are assumed to be unobservable. A DES is said to be diagnosable if the occurrences of faulty events can be determined after some finite observations of observable events. Since then, much work has been done for diagnosis and diagnosability of DES [14], [18], including the approaches using Petri nets [2], [4]. We start our investigation of diagnosability of DES in [8], where faults are described by states (rather than events, as in [13] and subsequent publications). To diagnose a DES is to determine, which state or set of states the system is currently in. The diagnosis is based on state outputs rather than event observations. Both off-line and on-line diagnoses are discussed in [8]. We also investigate issues related to diagnosis, namely, detectability [15]–[17] and opacity [9] in the DES framework. In this brief, we investigate active diagnosis for DESs. We assume that faults are described by states as in [8], that is, we specify a faulty status of a system by partitioning the state set into different cells. One cell represents the normal mode

1063-6536 © 2013 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

CHEN et al.: ACTIVE DIAGNOSABILITY OF DESs

of the system. The other cells represent the faulty modes. The goal of diagnosis is to determine, which cell the system is in. The diagnosis is based on the state output, which is a mapping from the state set to an output set. The output mapping is many to one, so the current state of the system cannot be determined from the current output observations alone. Therefore, we need to control the system along certain trajectories so that the fault can be diagnosed. The control is achieved by enforcing some controllable events (not all events are controllable). We say a system is actively diagnosable if there exists a control such that after the execution of the control, the faulty status of the system, as represented by the partition, can be determined. We derive a necessary and sufficient condition for a DES to be actively diagnosable. The condition is based on the state estimates after a sequence of control actions and observations. Given a DES and a specification of faulty status, the condition can be checked by manipulation on the automata. We develop an algorithm that can be used to check the necessary and sufficient condition for active diagnosability and to find a control that achieves it if the necessary and sufficient condition is satisfied. Note that while checking whether a system is actively diagnosable is done off-line, the actual diagnosis is performed on-line. The theoretical results are applied to battery system diagnosis. We consider a simplified but representative battery system consisting of four batteries. They are combined in both parallel and series connections. Two types of faults are considered: aged cell and increased internal resistance. These two faults are similar and difficult to diagnose. Two temperature sensors are installed that provide the outputs. We construct a DES model for this battery system and show that the system is actively diagnosable. In addition, we construct a control strategy that diagnoses the battery system using the algorithm we proposed. The diagnosis is an important problem in battery systems. Our approach provides a systematic way to solve this difficult but important problem. Active diagnosis using control has been investigated in DESs. The first work on active diagnosis appears in [14], where faults are modeled as events. However, to the best of our knowledge, the active diagnosability of DESs as defined in this brief has never been proposed before. II. ACTIVE D IAGNOSABILITY OF DES S We model a DES to be diagnosed as G = (Q, , δ, Y, h) where Q is the set of states, is the set of events, Y is the output space, δ : Q × → Q is the state transition function, q = δ(q, σ ) is the next state if event σ occurs at state q, h : Q → Y is the output function, y = h(q) is the observed output when the system is at state q. δ : Q × → Q is extended to δ : Q × ∗ → Q in the usual way. We assume that all states in G are legal and accessible. If there are illegal states in the system, we assume that a supervisor has already been designed to control the system to stay within the legal states and G represents the controlled system. States of the system describe its conditions. To diagnose a fault is to identify, which state or set of states the system

1893

G is in. Depending on the requirements on diagnostics, we partition the state space Q into disjoint subsets (cells) and denote the resulting partition by T . The states in the same cell are viewed as equivalent as far as faults under consideration are concerned. We use q = T q to denote that q and q are in the same cell. Our model is rather general since we do not impose any restrictions on T . We use active control to diagnose the system. Therefore, we designate a set of controllable events c ⊆ , where the controllability of events is interpreted in a strong sense: a controllable event can be made to occur if it is allowed in the system G. Not all events are controllable for diagnosis. Only events in c can be controlled (or enforced). We denote by c∗ the set of all strings of events over c including the empty string ε. A string u ∈ c∗ is called a control. The goal of diagnostics is to find which cell of T the system G belongs to by issuing a control u ∈ c∗ and observing the output. To know what output is expected from G, we need to know what is the behavior of G. The behavior is described by all possible strings of events that can occur in G. Note that after control u is issued, the behavior of G is restricted, because G must execute the events in u and execute them in the order given by u. Simultaneously, some uncontrollable events in \c may also occur. Therefore, the behavior of G under control u is described by B(u) = P −1 (u) where P : ∗ → c∗ is the inverse projection of the natural projection P : ∗ → c∗ defined in the usual way. The set of possible states Q ⊆ Q that the system G may be in currently is called the (current) state estimate. Suppose that the current state estimate is Q i , and the current output (observation) is yi . Let us find the state estimate after the execution of a controllable event σi+1 or the observation of a new output yi+1 , or both. To unify the notation, we use (σi+1 , yi+1 ) to denote a new control execution, or a new output observation, or both as follows. If a new output is observed without new control execution, then σi+1 = ε (the empty string), that is, (σi+1 , yi+1 ) = (ε, yi+1 ). If a new control is executed but no change in the output, then yi+1 = yi , that is, (σi+1 , yi+1 ) = (σi+1 , yi ). If a new control is executed and a new output is observed, then σi+1 = ε and yi+1 = yi . Using this notation, a trajectory of G can be described by a sequence w = (σ1 , y1 )(σ2 , y2 )...(σn , yn ). We can calculate the state estimates along a trajectory recursively as follows. The initial state estimate Q 0 is given, depending on our knowledge of initial state. In the worst case, when no knowledge on the initial state is available, we let Q 0 = Q. The initial output y0 is also known. Clearly, Q 0 ⊆ h −1 (y0 ), that is, the initial state estimate must be consistent with the initial output (observation), otherwise, the initial state estimate can be updated. The state estimate immediately after (σ1 , y1 ) is given by NOR ((Q 0 , y0 ), (σ1 , y1 ))

= {q ∈ Q : (∃q ∈ Q 0 )q = δ(q , σ1 ) ∧ h(q) = y1 }.

1894


NOR ((Q 0 , y0 ), (σ1 , y1 )) is called the next observation reach after (σ1 , y1 ). Note that from Q 1 = NOR((Q 0 , y0 ), (σ1 , y1 )), the system can move to other states without being controlled. We can calculate the state estimate before the next transition (σ2 , y2 ) as follows:

SOR(Q 1 , y1 ) = {q ∈ Q : (∃q ∈ Q 1 )(∃s ∈ ( − c )∗ )q = δ(q , s) ∧ (∀t ≤ s)h(δ(q , t)) = y1 }

where t ≤ s means that t is a prefix of s. SOR(Q 1 , y1 ) is called the same observation reach. Q 1 = SOR(Q 1 , y1 ) is the state estimate before the next transition (σ2 , y2 ). To find state estimates after all possible trajectories of the system, we define a new automaton as follows: ˜ ξ, x o ) = Ac(2 Q × Y, (c ∪ {ε}) × Y, ξ, (Q 0 , y0 )) G˜ = (X, , where Ac(.) denotes the accessible part. The event set of G˜ ˜ = (c ∪ {ε}) × Y , the set of all possible (σi , yi ). The is state of G˜ is X = 2 Q × Y , the set of possible states estimates and observations. The initial state of G˜ is x o = (Q 0 , y0 ), the initial state estimate and initial observation. The state transition ˜ → X is defined as follows. For x i = function ξ : X × (Q i , yi ) and σ˜ i+1 = (σi+1 , yi+1 ) ξ(x i , σ˜ i+1 ) = (SOR(NOR ((Q i ,yi ), (σi+1 ,yi+1 )), yi+1 ),yi+1 ). ˜ → X is extended to ξ : X × ˜ ∗ → X in the usual ξ : X × ˜ way. The automaton G tells us state estimate after any trajectory s shown in the following theorem. Theorem 1 : Let the initial state estimate and initial observation be x o = (Q 0 , y0 ). Let the trajectory of the system be w = (σ1 , y1 )(σ2 , y2 )...(σn , yn ). Denote x n = (Q n , yn ) = ξ(x o , w). Then, the state estimate after w is given by Q n . Proof: We prove the result by induction on the length of w, denoted by |w|, as follows. Base: Since the initial state is x o = (Q 0 , y0 ), the result is obviously true for |w| = 0 (that is, w = ε). Induction Hypothesis: Assume that the result is true for |w| ≤ k. Induction Step: We show that the result is true for |w| = k + 1. Denote w = w (σk+1 , yk+1 ), x k = (Q k , yk ) = ξ(x o , w ), x k+1 = (Q k+1 , yk+1 ) = ξ(x o , w) = ξ(x k , (σk+1 , yk+1 )). By induction hypothesis, Q k is the state estimate after w . By the definition of the next observation reach, the state estimate immediately after σ˜ i+1 = (σi+1 , yi+1 ) is given by NOR((Q k , yk ), (σk+1 , yk+1 )).

By the definition of same observation reach, the state estimate before the next transition is given by SOR(NOR((Q k , yk ), (σk+1 , yk+1 )), yk+1 ). On the other hand, since ξ(x i , σ˜ i+1 ) = (SOR(NOR ((Q i , yi ), (σi+1 , yi+1 )), yi+1 ), yi+1 ) = (Q k+1 , yk+1 ) SOR(NOR((Q i , yi ), (σi+1 , yi+1 )), yi+1 ) = Q k+1 . That is, Q k+1 is the state estimate after w. This proves the result. Automaton G˜ gives the state estimate after the control and observation described by w. We denote the state estimate

after w by ψ(w), that is, for w = (σ1 , y1 )(σ2 , y2 )...(σn , yn ) and x n = (Q n , yn ) = ξ(x o , w), the state estimate is denoted by ψ(w) = Q n . For some w, we can determine system’s fault status as described by T after w, while for some other w, we cannot. In the first case, we say w is diagnosable and in the second case, we say w is not diagnosable. Formally, we say that w is diagnosable if (∀q, q ∈ ψ(w))q = T q . ˜ ξ, x o ) as Define the set of marked states in G˜ = (X, , follows: X m = {x = (Q, y) ∈ X : (∀q, q ∈ Q)q = T q }. In other words, X m is the set of states at which system’s fault status can be determined. The following proposition gives a necessary and sufficient condition for wto be diagnosable. Proposition 1: For any w, w is diagnosable if and only if w leads from the initial state x o to a marked state in X m , that is, x = ξ(x o , w) ∈ X m . Proof: It follows from the definition of X m . Clearly, the above discussions are still valid if we start not at the initial state x o but some current state x c . We will consider the current state x c from now on. To this end, denote the ˜ x c ). language generated by G˜ from state x c by L(G, The goal of active diagnosis is to use a control u from the current state x c so that the resulting w is diagnosable. The problem is not simple because w is not unique for a given control u. To solve the problem, let us find the relation between w and u. For w = (σ1 , y1 )(σ2 , y2 )...(σn , yn ), let us define θ (w) = σ1 σ2 ...σn . Note that some σi may be ε. In other words ˜ ∗ → c∗ . θ : Obviously, the control corresponding to w is given by u = θ (w). Denote the inverse mapping of θ by θ −1 . Then clearly, for a control u ∈ c∗ from the current state x c , the set of all ˜ x c ). We say that a control possible w is given by θ −1 (u)∩L(G, ˜ x c ) are u diagnoses the system G if all w in θ −1 (u) ∩ L(G, diagnosable, that is ˜ x c )) ξ(x c , w) ∈ X m . (∀w ∈ θ −1 (u) ∩ L(G, We say that a control u ∈ c∗ is feasible if all events in u are defined in G in all circumstances, that is ˜ x c ) ⊆ θ −1 (u) ∩ L(G, ˜ xc ) (∀u ≤ u)θ −1 (u ) ∩ L(G, ˜ x c ) denotes the prefix closure of where θ −1 (u) ∩ L(G, −1 ˜ θ (u) ∩ L(G, x c ). The above expression says that any string ˜ x c ) can be continued to a string in θ −1 (u) ∩ in θ −1 (u ) ∩ L(G, ˜ L(G, x c ). In other words, there are no blocking in executing u. To ensure that a control works, we must make sure that it is feasible. In summary, we define active diagnosability as follows. Definition 1: A system G is actively diagnosable with respect to T if from any state, there exists a feasible control u ∈ c∗ that diagnoses G, that is ˜ x c ))ξ(x, w) ∈ X m (∀x c ∈ X)(∃u ∈ c∗ )(∀w ∈ θ −1 (u) ∩ L(G, ˜ x c ) ⊆ θ −1 (u) ∩ L(G, ˜ x c ). ∧(∀u ≤ u)θ −1 (u ) ∩ L(G,


Given a system G and a partition T representing the fault status, we want to determine if G is actively diagnosable with respect to T . If it is, then we want to find a control u that diagnoses G. To do this, we start with the automaton ˜ ξ, x o ). We replace the labels for all transitions as G˜ = (X, , follows: every σ˜ = (σ, y) is replaced by σ . The resulting new automaton is a nondeterministic automaton with ε-transitions (note that some σ are ε). We can convert this nondeterministic automaton with ε-transitions into a deterministic automaton in the usual way [5] and denote the deterministic automaton by

1895

Algorithm 1 (Active Diagnosis)

G˜ obs = (Z , c , υ, z o ) = Ac(2 X , c , υ, z o ). ˜ that Note that a state z ∈ Z in G˜ obs is a subset of states in G, is, z = {x 1 , x 2 , ...} ⊆ X. Define the marked states in G˜ obs as Z m = {z ∈ Z : z ⊆ X m }. In other words, a state z = {x 1 , x 2 , ...} is marked if all ˜ When G˜ obs is in a marked its elements are marked in G. state, the system’s fault status can be determined. If from any state z, there exists a string u that reaches a marked state in Z m , then that string u has potential to be used as a control. One thing that needs to be ensured is that u is feasible. To ensure feasibility, let us distinguish these transitions in G˜ obs that can never be blocked from those transitions that may be blocked as follows. Denote the set of all transitions as υ = {(z, σ, υ(z, σ )) : υ(z, σ ) is defined} (as common in DES, υ is used to denote both the transition function and the set of transitions). Define the set of marked transitions as υm = {(z, σ, z ) : (∀(x i = (Q i , yi ) ∈ z)(∀q ∈ Q i ) (∃t ∈ ( − c )∗ )δ(q, tσ ) is defined}. In other words, a transition (z, σ, z ) ∈ υm is marked if and only if σ is feasible from any relevant state. Hence, a string from z whose transitions are all marked is a feasible control. In summary, the following theorem gives a necessary and sufficient condition for a system to be actively diagnosable. Theorem 2: A system G is actively diagnosable with respect to T if and only if in the observer G˜ obs , all states are coaccessible to a marked state via some marked transitions, that is (∀z ∈ Z )(∃u ∈ c∗ )υm (z, u) ∈ Z m . Proof: By the property of the observer G˜ obs υ(z, u) = {x ∈ X : (∃x c ∈ z)(∃w ∈ θ −1 (u))x = ξ(x c , w)}. Therefore (∀z ∈ Z )(∃u ∈ c∗ )υ(z, u) ∈ Z m

⇔ (∀z ∈ Z )(∃u ∈ c∗ )υ(z, u) ⊆ X m ⇔ (∀z ∈ Z )(∃u ∈ c∗ ){x ∈ X : (∃x c ∈ z)(∃w ∈ θ −1 (u))x = ξ(x c , w)} ⊆ X m ⇔ (∀z ∈ Z )(∃u ∈ c∗ )(∀x ∈ X)(∃x c ∈ z)(∃w ∈ θ −1 (u))x = ξ(x c , w) ⇒ x ∈ X m ˜ x c ))ξ(x, w)∈X m ⇔ (∀x c ∈ X)(∃u ∈ c∗ )(∀w ∈ θ −1 (u) ∩ L(G,

Furthermore, from the definition of marked transitions, we know that u is feasible if and only if all its transitions are marked. Based on the above results, we can check whether a system is actively diagnosable and if it is, find a control that diagnoses the faults as summarized in Algorithm 1. The computational complexity of Algorithm 1 is rather high. Since the number of states in G˜ is up-bounded by |X| = 2|Q| ·|Y |, the number of states in G˜ obs is up-bounded by |Q| 2|X | = 22 ·|Y | . In other words, the computational complexity is double exponential. Let us now apply the theoretical results to fault diagnosis in battery management systems. III. FAULT D IAGNOSIS IN BATTERY S YSTEMS In this section, we consider the diagnosis problem for networked battery systems. There are many possible topologies to construct such a networked battery system, each with different system costs and diagnosability. The goal here is to illustrate diagnosability analysis for some typical network topologies so that the method can be applied to large scale systems. Different measurements (sensors) can be used for diagnosis. For example, we can use voltmeters and ammeters to measure voltages and currents. If a battery’s terminal current and voltage can be measured and its load can be managed to provide sufficiently rich excitation, then its internal parameters, such as internal resistance, maximum capacity, state of charge, and polarization coefficients, can be estimated and used to monitor and diagnose the battery [10]. These methods are very useful at the continuous variable level. This brief focuses on active diagnosis at the discrete event level, which is more abstract and more suitable for large scale battery systems. For such a large battery system, switches are used in the system to control charging and discharging of different parts of the system. For example, in electric vehicles or

1896

Fig. 1.


Structure of a battery management system for diagnosis.

hybrid vehicles, the battery pack can be reconfigured through electronic switches, wherein a selectable number of battery modules may be connected either in a serial configuration or in a parallel configuration [21], and each pack can be flexibly controlled for charging or discharging [22]. For diagnosis, the commands of charging and discharging of batteries are issued by a battery management system. The signals and data measured by sensors are collected and processed by the data acquisition module; then these commands and data are fed into the diagnosis module for diagnostics. The structure of a battery management system for diagnosis is shown in Fig. 1. To illustrate the battery management system for diagnosis, let us consider a battery system that consists of four batteries. We list in Fig. 2 some of the possible topologies and measurement/switch configurations. We note that the list is far from being exhaustive and other configurations are possible. The main question is how to check diagnosability for a given topologies and measurement/switch configuration. We note that for simple topologies and configurations, we may intuitively evaluate diagnosability. However, to evaluate many possible network topologies and measurement/switch configurations, the systematic approach of this brief becomes a significant advantage in providing an automated and comprehensive tool for battery system design. We also note that the measurement devices and switches introduce costs and reliability issues themselves. Therefore, it is desirable that we use as few such components as possible while maintaining diagnosability. The common faults in batteries are open circuit, short circuit, high internal resistance, aging, capacity loss, high selfdischarge, overheating, and so on. Among them, high internal resistance and aging are more difficult to diagnose and hence are investigated in this brief. They are described as follows. Internal resistance increasing is usually caused by chemical changes in materials, gas generation, poor solid–electrolyte interface inside the battery, poor contacts, etc. This fault will cause temperature to increase when the battery is charging or discharging and aging: over-heating, poor environment temperature and operating condition, and so on, can all cause battery aging, resulting in increased temperature during battery charging/discharging but not as much as the one caused by increased internal resistance. Aging will result in loss of

Fig. 2. Some potential network topologies and measurement/switch configurations i = 1, 2, 3, 4 for Bi and Ti; i = 1, 2 for SWi.

battery capacity. This degradation of battery capacity is a major reason for a battery to retire from its normal operation. We use temperature sensors for diagnosis in this brief. In practice, other sensors can be used as well. We assume that thermal dynamics of the battery system has been investigated at the continuous variable level and it has been summarized and abstracted to the discrete event level as to be described shortly. Although both internal resistance increasing and aging will cause temperature to increase in charging and discharging, the temperature increasing due to increased internal resistance is faster than that caused by aging [12]. We can use the active diagnosability theory developed in the previous section for battery diagnosis. We illustrate our solution using the battery system shown in Fig. 2(c). The system has four batteries. Batteries 1 and 2 are connected in serial and must be charged or discharged together, and similarly for batteries 3 and 4. There are two switches; one controls the charging and discharging of batteries 1 and 2, and the other for batteries 3 and 4. There are two temperature sensors in the system, one at the middle of batteries 1 and 3 that can measure the temperature of batteries 1 and/or 3, the other at the middle of batteries 2 and 4. For battery i, i = 1, 2, 3, 4 we define the following events. αi : aging; βi : internal resistance increasing; λi : start charging; μi : stop charging; ηi : start discharging; and σi : stop discharging. The events λi , μi , ηi , and σi are controllable, because we can issue commands to force these events. While the events αi and βi are uncontrollable, because we cannot prevent these abnormities and faults from occurring. Besides the normal mode, we consider two faulty modes: one for aging and one for internal resistance increasing. Therefore, the DES model for battery i, i = 1, 2, 3, 4, denoted by G i , is shown in Fig. 3.


1897

TABLE I O UTPUT M APPINGS OF S ENSORS 1 AND 2

Fig. 3.

DES model for G i Battery i. Fig. 4.

A state of G i consists of two parts. The first part describes the charging status of the battery: charging, discharging, and idle (neither charging nor discharging). The second part describes the fault status of the battery: normal, aging, and internal resistance increasing. Therefore, the meaning of states is as follows. Ai : (charge, aging); Bi : (charge, normal); Ci : (charge, internal resistance increasing); Di : (idle, aging); Ni : (idle, normal); Fi : (idle, internal resistance increasing); E i : (discharge, aging); Hi : (discharge, normal); and Ji : (discharge, internal resistance increasing). The initial state is Ni . The states of G i are partitioned into three cells, one for normal, one for aging, and one for internal resistance increasing. In other words, the partition specifying fault is given by Ti = {{Bi , Ni , Hi }, {Ai , Di , E i }, {Ci , Fi , Ji }}. When the system is in the cell {Bi , Ni , Hi }, its fault status is normal. When the system is in the cell {Ai , Di , E i }, its fault status is aging. When the system is in the cell {Ci , Fi , Ji }, its fault status is internal resistance increasing. When the battery is in states Bi , Di , Ni , Fi , and Hi , its temperature will not increase. When the battery is in states Ai and E i , its temperature will increase slowly. When the battery is in states Ci and Ji , its temperature will increase fast. The temperature changes will be sensed by the temperature sensor closest to the battery (Sensor 1 is closest to batteries 1 and 3), but not by the other temperature sensor. To define the output mapping, let us denote the set of outputs from Sensor 1 by Y1 = {1, 2, 3}, where the symbols (numbers) are to be interpreted as follows: 1) no temperature increase; 2) slow temperature increase; and 3) fast temperature increase.

Part of the overall system G = G 1 ||G 2 ||G 3 ||G 4 .

Similarly, denote the set of outputs from Sensor 2 by Y2 = {1, 2, 3}. The output mappings of Sensor 1 due to Battery 1, denoted by h 11 , and Sensor 2 due to Battery 1, denoted by h 21 , are given in the Table I. The other output mappings h ki , k = 1, 2, i = 1, 2, 3, 4, are defined similarly. With G i , Ti , and h ki , k = 1, 2, i = 1, 2, 3, 4 defined for each battery, we can combine them to obtain the DES model for the entire battery system as follows. Since batteries 1 and 2 are in serial, they must be charged and discharged at the same time. Therefore, λ1 = λ2 , μ2 = μ2 , η1 = η2 , σ1 = σ2 . Similarly, λ3 = λ4 , μ4 = μ3 , η3 = η4 , σ3 = σ4 . The entire battery system with four batteries is modeled by the well-defined parallel composition [5] G = G 1 ||G 2 ||G 3 ||G 4 . Since parallel composition is well defined, G can be calculated automatically using available software such as TCT [19] or UMDES [20]. G has 6561 states. Part of G is shown in Fig. 4. The state of G is denoted by q = (q1 , q2 , q3 , q4 ). For example, q = (C1 , B2 , N3 , N4 ) means that battery 1 is in state C1 , battery 2 is in state B2 , and so on. The partition specifying fault is the conjunction of all Ti T = T1 ∧ T2 ∧ T3 ∧ T4 . In other words, for q = (q1 , q2 , q3 , q4 ) and q = (q1 , q2 , q3 , q4 ) q = T q ⇔ q1 = T1 q1 ∧ q2 = T2 q2 ∧ q3 = T3 q3 ∧ q4 = T4 q4 .

1898


The output mapping of sensors is given by h = h 1 × h 2 = (max{h 11 , h 12 , h 13 , h 14 }) ×(max{h 21 , h 22 , h 23 , h 24 }). In other words, for q = (q1 , q2 , q3 , q4 ) h(q) = (max{h 11 (q1 ), h 12 (q2 ), h 13 (q3 ), h 14 (q4 )}, max{h 21 (q1 ), h 22 (q2 ), h 23 (q3 ), h 24 (q4 )}). The reason for max is that the temperature reading of a sensor will increase if the temperature of one of the two batteries it measures increases. With G, T , and h given above, we can use Algorithm 1. We find that the battery system is actively diagnosable and one control to diagnose the system is given by u = λ1 μ1 η3 σ3 . It describes the following diagnosis process. Step 1) Start charging batteries 1 and 2 (λ1 = λ2 ) and observe the output. There are 3 × 3 = 9 possible outputs. Some of them are listed below. If h(q) = (1, 1), then both batteries 1 and 2 are normal. If h(q) = (2, 1), then battery 1 is aging and battery 2 is normal. If h(q) = (1, 2), then battery 1 is normal and battery 2 is aging. If h(q) = (2, 2), then both battery 1 and battery 2 are aging. Step 2) Stop charging batteries 1 and 2 (μ1 = μ2 ). No output needs to be observed. Step 3) Start discharging batteries 3 and 4 (η3 = η4 ) and observe the output. There are 3 × 3 = 9 possible outputs. Some of them are listed below. If h(q) = (3, 3), then both batteries 3 and 4’s internal resistances are increasing. If h(q) = (3, 2), then battery 3’s internal resistance is increasing and battery 4 is aging. If h(q) = (2, 3), then battery 3 is aging and battery 4’s internal resistance is increasing. Step 4) Stop charging batteries 3 and 4 (σ3 = σ4 ). The above is only one possible control. There are other controls that can diagnose the battery system. Our approach provides a systematic way to determine the active diagnosability and find the appropriate control. The method can be automated using Algorithm 1. IV. C ONCLUSION This brief investigates active diagnosis of DESs and applies the results to the important problem of fault diagnosis of battery systems. The main contributions of this brief are as follows: 1) a new DES model is proposed for studying active diagnosability of DESs, where diagnosis is achieved by actively controlling the system; 2) a new definition of active diagnosability is introduced, which captures the ability

to diagnose a system using control; 3) a necessary and sufficient condition is obtained for a system to be actively diagnosable; 4) an algorithm is devised to check active diagnosability and to find a control if the system is actively diagnosable; and 5) the results are used to study fault diagnosis of complex battery systems. R EFERENCES [1] M. Abbas, A. A. Ferri, M. E. Orchard, and G. J. Vachtsevanos, “An intelligent diagnostic/prognostic framework for automotive electrical systems,” in Proc. IEEE Intell. Veh. Symp., Istanbul, Turkey, Jun. 2007, pp. 352–357. [2] F. Basile, P. Chiacchio, and G. De Tommasi, “An efficient approach for online diagnosis of discrete event systems,” IEEE Trans. Autom. Control, vol. 54, no. 4, pp. 748–759, Apr. 2009. [3] M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki, Diagnosis and Fault-Tolerant Control, 2nd ed. New York, NY, USA: Springer-Verlag, 2006. [4] M. P. Cabasino, A. Giua, and C. Seatzu, “Fault detection for discrete event systems using Petri nets with unobservable transitions,” Automatica, vol. 46, no. 9, pp. 1531–1539, Sep. 2010. [5] C. G. Cassandras and S. Lafortune, Introduction to Discrete Event Systems, 2nd ed. New York, NY, USA: Springer-Verlag, 2008. [6] J. Korbicz, J. M. Koscielny, Z. Kowalczuk, and W. Cholewa, Fault Diagnosis. New York, NY, USA: Springer-Verlag, 2003. [7] G. Lamperti and M. Zanella, “A bridged diagnostic method for the monitoring of polymorphic discrete-event systems,” IEEE Trans. Syst., Man, Cyber. B, Cyber., vol. 34, no. 5, pp. 2222–2244, Oct. 2004. [8] F. Lin, “Diagnosability of discrete event systems and its applications,” Discrete Event Dyn. Syst., Theory Appl., vol. 4, no. 1, pp. 197–212, 1994. [9] F. Lin, “Opacity of discrete event systems and its applications,” Automatica, vol. 47, no. 3, pp. 496–503, 2011. [10] L. Liu, L. Y. Wang, Z. Chen, C. Wang, F. Lin, and H. Wang, “Integrated system identification and state-of-charge estimation of battery systems,” IEEE Trans. Energy Convers., vol. 28, no. 1, pp. 12–23, Mar. 2013. [11] J. I. Park, S. H. Baek, M. K. Jeong, and S. J. Bae, “Dual features functional support vector machines for fault detection of rechargeable batteries,” IEEE Trans. Syst., Man, Cybern. C, Appl. Rev., vol. 39, no. 4, pp. 480–485, Jul. 2009. [12] S. B. Peterson, J. Apta, and J. F. Whitacre, “Lithium-ion battery cell degradation resulting from realistic vehicle and vehicle-to-grid utilization,” J. Power Sour., vol. 195, no. 8, pp. 2385–2392, Apr. 2010. [13] M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, and D. Teneketzis, “Diagnosability of discrete-event systems,” IEEE Trans. Autom. Control, vol. 40, no. 9, pp. 1555–1575, Sep. 1995. [14] M. Sampath, S. Lafortune, and D. Teneketzis, “Active diagnosis of discrete-event systems,” IEEE Trans. Autom. Control, vol. 43, no. 7, pp. 908–929, Jul. 1998. [15] S. Shu, F. Lin, and H. Ying, “Detectability of discrete event systems,” IEEE Trans. Autom. Control, vol. 52, no. 12, pp. 2356–2359, Dec. 2007. [16] S. Shu and F. Lin, “I-detectability of discrete-event systems,” IEEE Trans. Autom. Sci. Eng., vol. 10, no. 1, pp. 187–196, Jan. 2013. [17] S. Shu and F. Lin, “Delayed detectability of discrete event systems,” IEEE Trans. Autom. Control, vol. 58, no. 4, pp. 862–875, Apr. 2013. [18] S. Tripakis, “Fault diagnosis for timed automata,” in Formal Techniques in Real Time and Fault Tolerant Systems (LNCS), vol. 2469. New York, NY, USA: Springer-Verlag, 2002, pp. 205–221. [19] W. M. Wonham. (2013). TCT Software [Online]. Available: http://www.control.toronto.edu/people/profs/wonham/wonham.html [20] S. Lafortune. (2013). UMDES Software [Online]. Available: http://www.eecs.umich.edu/umdes/toolboxes.html [21] “Modular electronically reconfigurable battery system,” U.S. Patent 7 893 561 B2, 2011. [22] “Device and methods for management of power sources for electric vehicle,” CN Patent 1 027 693 07A, 2012.