CASE STUDIES IN MODEL-BASED DIAGNOSIS AND FAULT ANALYSIS OF CAR-SUBSYSTEMS P. Struss, A. Malik, M. Sachenbacher Technical University of Munich, Orleansstr. 34, 81667 München, Germany {struss, malik, sachenba}@informatik.tu-muenchen.de http: //wwwradig.informatik.tu-muenchen.de/forschung/qreason/ Abstract: The paper presents objectives and results of a series of case studies in computer support for diagnosis, failure mode and effects analysis, and the creation of repair manuals in the domain of automotive systems. Model-based prediction and diagnosis reflect the requirements of these tasks. More specifically, qualitative models of system components are necessary for both capturing the available knowledge and achieving the desired coverage and granularity of the analysis results. We describe models for parts of the anti-lock braking system (ABS) the electronic diesel control (EDC), and a controlled electric motor. The sum- marized results of the case study demonstrate the necessity and utility of qualitative models for the successful application of automated diagnosis to industrial problems. 1 INTRODUCTION Cars are a classical example for a class of technical systems that comprises a large set of variants assem- bled from a repository of basic components. Know- ledge-based systems that support tasks such as design, analysis, and diagnosis in this domain are worthless if they cannot solve this “variants’ dilemma”. In order to cover all variants of a certain subsystem, such systems have to be model-based. More specifically, they have to be based on • a compositional model. This means that a device model is obtained by assembling independent, context-free behavior mod- els of components just like the device itself is assem- bled from a set of components. Furthermore, safety requirements demand for high standards in coverage and completeness of any automated analysis of causes and effects of faults, thus ruling out the application of traditional expert systems which are based on purely empirical knowledge. Failure mode and effects analysis (FMEA) aims at assessing the potential impact and origin of malfunc- tions for a designed artifact. Completeness and reli- ability of this step (which is often mandatory by law or a customer’s requirement) is obviously crucial under the aspects of safety, environment, and cost. Diagnosis as it happens in a garage or on-board is dealing with similar problems and requirements, but related to an existing physical artifact. In collaboration with a major German supplier of car subsystems, we carried out a series of case studies to explore the feasibility of model-based support for the tasks of FMEA, generation of diagnosis guidelines and automated diagnosis. As subjects of the first two case studies, the anti-lock braking system (ABS) and the electronic diesel control system (EDC), respec- tively subsets of them, were chosen. The clear-cut success criteria for the feasibility study were • the automated model-based generation of signifi- cant parts of • an FMEA protocol for an EDC subsystem and • the diagnosis guideline for an ABS subsystem and • their comparison with the existing respective documents. As a side-effect, the case study was expected to shed a light on the relation between the kinds of knowledge underlying the two tasks. Their very nature imposes additional requirements on the kind of models. This is because they have to make statements about classes of faults and symptoms rather than specific, individual ones. A study of respective documents confirms this principled consideration. Rather than starting diagno- sis of a particular instance from a set of precisely mea- sured variables (“signal for rotational speed of left front wheel equals 12.5 s -1 ”), a diagnosis guideline for an ABS may list potential causes for “signal for rota- tional speed of left front wheel is too high” (repre- sented by an errorcode stored in the control unit) or an even more qualitative symptom observed by the driver such as “vehicle drifts to the left when brakes are in operation”. Similarly, an FMEA for the EDC would link failure modes such as “pedal position sen- sor voltage too large, idle detection switch o.k.” with failure causes like “potentiometer detuned towards upper bound” (without necessarily specifying the exact pedal position sensor voltage). As a result, numerical models and methods are use- less, and we had to develop • qualitative models in order to capture the available knowledge and to generate appropriate results. Theories and techniques for qualitative modeling have been developed in a subfield of Artificial Intelligence (see [Faltings-