Academia.eduAcademia.edu

Computing Energy-Optimal Tests using DNNF Graphs

2010, Annual Conference of the PHM Society

The goal of testing is to discriminate between multiple hypotheses about a system-for example, different fault diagnoses of an HVAC system-by applying input patterns and verifying or falsifying the hypotheses from the observed outputs. Definitely discriminating tests (DDTs) are those input patterns that are guaranteed to discriminate between different hypotheses of nondeterministic systems. Finding DDTs is important in practice, but can be very expensive (p 2complete). Even more challenging is the problem of finding a DDT that minimizes the energy consumption of the testing process, i.e., an input pattern that can be enforced with minimal energy consumption and that is a DDT. This paper addresses both problems. We show how we can transform a given problem into a Boolean structure in decomposable negation normal form (DNNF), and extract from it a Boolean formula whose models correspond to DDTs. This allows us to harness recent advances in both knowledge compilation and satisfiability for efficient and scalable DDT computation in practice. Furthermore, we show how we can generate a DNNF structure compactly encoding all DDTs of the problem and use it to obtain an energy-optimal DDT in time linear in the size of the structure.

Computing Energy-Optimal Tests using DNNF Graphs Anika Schumann 1 , and Martin Sachenbacher 2 1 2 Cork Constraint Computation Centre, University College Cork, Cork, Ireland [email protected] Institut für Informatik, Technische Universität München, 85748 Garching, Germany [email protected] ABSTRACT The goal of testing is to discriminate between multiple hypotheses about a system – for example, different fault diagnoses of an HVAC system – by applying input patterns and verifying or falsifying the hypotheses from the observed outputs. Definitely discriminating tests (DDTs) are those input patterns that are guaranteed to discriminate between different hypotheses of nondeterministic systems. Finding DDTs is imporP tant in practice, but can be very expensive ( p2 complete). Even more challenging is the problem of finding a DDT that minimizes the energy consumption of the testing process, i.e., an input pattern that can be enforced with minimal energy consumption and that is a DDT. This paper addresses both problems. We show how we can transform a given problem into a Boolean structure in decomposable negation normal form (DNNF), and extract from it a Boolean formula whose models correspond to DDTs. This allows us to harness recent advances in both knowledge compilation and satisfiability for efficient and scalable DDT computation in practice. Furthermore, we show how we can generate a DNNF structure compactly encoding all DDTs of the problem and use it to obtain an energy-optimal DDT in time linear in the size of the structure. 1 INTRODUCTION There is a great need to reduce energy consumption whenever possible. This holds in particular for the operation of buildings through electricity, heating, ventilation, and hot water. In industrialized countries the latter constitutes 32% of the total energy use. This percentage is even higher if some of the HVAC components are faulty. It is therefore desirable to identify these faulty components as soon as possible in order to restore the normal operation of the HVAC system. Furthermore it is desirable to minimize the energy consumption of the fault identification process. This implies that energy use should be taken into account dur- ing the testing process. Testing involves applying input patterns to a system such that different fault hypotheses about the system can be verified or falsified from the observed outputs. In many real-world applications of testing, like the testing of HVAC components, the underlying models are non-deterministic, which means that applying an input can lead to several possible outputs. One major source of non-determinism is model abstraction that aggregates the domains of (continuous) system variables into sets of values such as “low”, “med”, and “high”. In such cases the resulting models can no longer be assumed to be deterministic functions, even if the underlying system behavior is deterministic. Another source of non-determinism is the testing situation itself: Even in a rigid environment such as an automotive test-bed, there are inevitably variables or parameters that cannot be completely controlled while the device is being tested. In the area of diagnosis, Struss (1994) introduced definitely discriminating tests (DDTs) for nondeterministic systems modeled as constraints. For a DDT, the sets of possible outputs are disjoint and thus it will necessarily distinguish among hypotheses. Finding DDTs is important in practice because it helps to reduce the number of input patterns that need to be applied and thus allows to quickly identify the faulty component. However, the problem Pp of computing DDTs is in general very expensive ( 2 -complete). Heinz and Sachenbacher (2009) introduced optimal distinguishing tests (ODTs), which generalize DDTs by maximizing the ratio of distinguishing over non-distinguishing outcomes. An efficient method for computing ODTs was presented in (Schumann et al., 2009), based on encoding the ODT problem into a Boolean formula, and compiling the formula into a graph in decomposable negation normal form (DNNF) (Darwiche, 2001; Darwiche and Marquis, 2002). The DNNF allows efficient derivation of good upper bounds on ratios of model counts, which are then used to prune a systematic search for ODTs. This method is able to compute DDTs as a special case, and in that role exhibits much better per- 1 21st International Workshop on Principles of Diagnosis formance than an earlier algorithm by Sachenbacher and Schwoon (2008) specialized for DDTs, as shown in (Schumann et al., 2009). Hence it represents the state of the art in DDT computation. As also shown in (Schumann et al., 2009), however, it can still run out of memory on instances of moderate size, which can be explained by the fact that the final DNNF graph is computed based on a number of auxiliary DNNF graphs, and the compilation can require a multitude of auxiliary variables to be introduced, which leads to slower computation and higher memory requirements. In this paper, we present a DNNF-based method that is adapted specifically to the problem of computing DDTs, and requires computation of just a single DNNF graph defined over the system variables. This representation is used to transform a quantified Boolean formula defining the DDT problem into a SAT problem that can be solved using an existing SAT solver. This leads to a significantly more efficient method for computing DDTs compared to that of (Schumann et al., 2009). Furthermore, we present a generalization of DNNFbased test generation that takes into account the energy consumption of enforcing a given input pattern. More specifically, we show how we can compute the values of input variables that can be enforced at minimal energy consumption and that constitute a DDT. Using the algorithm in (Schumann et al., 2010) we achieve this by constructing a DNNF graph, in two steps, that represents all DDTs and allows for the retrieval of an energy-optimal DDT in time linear in the size of the graph. Note, in contrast to the work in (Schumann et al., 2010) we now apply the algorithm to different problems, like HVAC systems, where the aim is to minimize energy consumption during the testing process. Experimental results from a real-world application show that our method can compute DDTs for instances that were previously intractable, and energy-optimal DDTs where previous approaches could not even compute an arbitrary DDT. The remainder of the paper is organized as follows. We start with an example of the testing problem, before formally defining DDTs. We then review the notion of DNNF and a generic procedure for energy minimization with DNNF, in the context of our testing problem. Sections 6-8 present our new methods for computing both DDTs and energy-optimal DDTs and Section 9 describes their experimental evaluation. Finally, we conclude with some words on related and future work. 2 EXAMPLE We start with a small example that motivates and illustrates the problems we are tackling and to which we will refer in the paper. Consider the simplified model of an HVAC system shown in Figure 1. It consists of two components: a pipe and a radiator. The latter is connected via the pipe to the hot water supply of the building and distributes the thermal energy to the ambient air. In this example we also assume that the radiator contains a fan. The fan power determines how quickly its heat supply water flow tempe- heat convection radiator rature sensor water temperature fan volume fan speed setting pipe f L L H H H w L H L L H radiator h L H L H H h L L H H H s L H L L H t L L L H H broken-pipe f L L H H H w L H L L H h L L L L L Figure 1: Model of an HVAC system with a possibly faulty pipe component. leads to a temperature increase and hence to a change in sensor values. In total, there are three controllable input variables (water flow f , water temperature w, fan speed setting s), one internal variable (heat convection h ), and one observable output variable (temperature t). As a simplification, we abstract from the actual values for these variables and distinguish only the values high (H) and low (L) for each variable. The models of the two components are given at the bottom of Figure 1: • the higher the water flow and water temperature, the more heat convection will be transmitted by the pipe; • the higher the heat convection in the pipe, and the higher the fan speed setting of the radiator the higher the temperature increase in the room; However, in case of a broken-pipe, no water, i.e. no heat convection is transmitted to the radiator and thus no temperature increase can be observed. The energy-optimal testing problem for this example is to find a test that can be enforced at minimal energy consumption and that will determine with certainty whether the pipe is broken, i.e., which of the following two hypotheses holds: M1 = {pipe, radiator}, M2 = {broken-pipe, radiator}. For this example, it can be assumed that enforcing a value L requires always less energy than enforcing a value H. Hence the test requiring the lowest energy consumption is f = L, w = L, and s = L. However, this is not a DDT because when stimulating the system with these input values we will certainly observe no temperature increase for both of the hypotheses and thus will not be able to distinguish them. Indeed, there are only two DDTs in this case: (L,H,H) and (H,H,H) (where we will observe a temperature increase iff the pipe is not broken). Hence, (L,H,H) is the energy-optimal DDT for this example. 3 ENERGY-OPTIMAL DEFINITELY DISCRIMINATING TESTS (DDTS) Following the framework in (Heinz and Sachenbacher, 2009; Schumann et al., 2009), we assume that the sys- 2 21st International Workshop on Principles of Diagnosis tem can be modeled as a constraint satisfaction problem (CSP), which is a triple M = (V, D, C), where D = D(v1 ) × . . . × D(vn ) are the finite domains of finitely many variables vj ∈ V, j = 1, . . . , n, and C = {C1 , . . . , Cm } is a finite set of constraints with Ci ⊆ D, i = 1, . . . , m. We denote by X the set of all solutions, that is, assignments ~x ∈ D to the variables such that all constraints are satisfied. More formally, X = {~x | ~x ∈ D, C(~x)}, where C(~x) denotes ∀i ~x ∈ Ci . In addition, the system under investigation defines a set of controllable (input) variables I and a set of observable (output) variables O. Formally, a hypothesis M for a system is then a CSP whose variables are partitioned into V = I ∪ O ∪ L, such that I and O are the input and output variables of the system, and for all assignments to I, the CSP is satisfiable. The remaining variables L = V \ (I ∪ O) are called internal state variables. We denote by D(I) and D(O) the cross product of the domains of the input and output variables, respectively: D(I) = ×v∈I D(v) and D(O) = ×v∈O D(v). The goal of testing is then to find assignments of the input variables I that will cause different assignments of output variables O for different hypotheses. In the general case of non-deterministic systems, an input assignment can yield more than one possible output assignments. In order to capture sets of outputs, for a given hypothesis M and an assignment ~t ∈ D(I) to the input variables, we define the output function X : D(I) → 2D(O) with ~t 7→ {~y | ~y ∈ D(O), ∃ ~x ∈ X : ~x[I] = ~t ∧ ~x[O] = ~y }, where 2D(O) denotes the power set of D(O), and ~x[I] and ~x[O] denote the restriction of the vector ~x to the input variables I and output variables O, respectively. Note that since M will always yield an output, X (~t) is always non-empty. A DDT is an assignment to the input variables such that the sets of observable possible outputs for the different hypotheses are disjoint: Definition 1 (Definitely Discriminating Test) Consider n ∈ N hypotheses M1 , . . . , Mn with input variables I and output variables O. Let Xi be the output function of hypothesis Mi . An assignment ~t ∈ D(I) is a definitely discriminating test (DDT) if ∀i ∀j 6= i Xi (~t) ∩ Xj (~t) = ∅. For testing with non-deterministic automaton models instead of logical theories or CSPs, there exists the analogous notion of strong distinguishing sequences (Alur et al., 1995; Boroday et al., 2007). These are input sequences for a non-deterministic finite state machine, such that based on the generated outputs, one can determine the internal state either for some or all feasible runs of the machine. Finding such sequences with a length bounded by some k ∈ N can be reduced to the problem of finding DDTs, by unrolling the automaton into a constraint network using k copies of the automaton’s transition and observation relation (Esser and Struss, 2007). Hence in this paper we restrict ourselves to models given as (static) networks of finitedomain constraints. In this paper we do not only consider the problem of finding arbitrary DDTs but also the problem of find- ing DDTs that can be enforced with minimal energy consumption: Definition 2 (Energy-Optimal Definitely Discriminating Test) Let T be the set of all DDTs discriminating the hypotheses M1 , . . . , Mk and let e(c, v) denote the energy consumption for enforcing value c ∈ D(v) Pl on variable v. Further let E(~t) = h=1 e(ch , vh ) denote the energy consumption of a test vector ~t = (v1 = c1 , v2 = c2 , . . . , vl = cl ). A test vector ~t ∈ T is called energy-optimal DDT iff E(~t) = mini {E(~ti ) | ~ti ∈ T }. 4 DECOMPOSABLE NEGATION NORMAL FORM (DNNF) We briefly review graph-based representations of propositional theories (Darwiche and Marquis, 2002). A propositional theory is in negation normal form (NNF) if it only uses conjunction (and, ∧), disjunction (or, ∨), and negation (not, ¬), and negation only appears next to variables. An NNF is decomposable if the conjuncts of every AND-node share no variables. A DNNF (decomposable NNF) is smooth if the disjuncts of every OR-node mention the same set of variables. Such a graph G represents each of its models by a subgraph Gs that satisfies the properties: • every OR-node in Gs has exactly one child, • every AND-node in Gs has the same children as it has in G, and • Gs has the same root as G. Henceforth the term subgraph always denotes a graph satisfying all of the above properties. DNNF graphs can be generated for propositional theories in conjunctive normal form (CNF) using the publicly available C2D compiler (Darwiche, 2005), and smoothness can be ensured with negligible overhead. The complexity of this compilation is polynomial in the number of variables and exponential only in the treewidth of the system in the worst case. Figure 2 illustrates a smooth DNNF graph representing the set of DDTs for the example shown in Figure 1.1 This DNNF is composed of two subgraphs consisting of the nodes A1, O2, A3, -f, w, s and A1, O2, A4, f, w, s respectively. 5 ENERGY MINIMIZATION WITH DNNF Given a smooth DNNF representation of a propositional theory it is possible to obtain an energy-optimal model in time linear in the size of the DNNF as shown in Algorithm 1.2 It takes as inputs a smooth DNNF graph and the energy consumption values e(l) for each of its literals. ThePenergy-optimal model, i.e., the subgraph for which i e(li ) is the lowest, is obtained by 1 Note that this graph is also deterministic, i.e., the disjuncts of every OR-node are pairwise logically inconsistent. Although not required in this work, this property is always enforced by C2D. 2 This is a variation of the minimization procedure described in (Darwiche, 2001), which labels leaves with 0 and 1 only. 3 21st International Workshop on Principles of Diagnosis A1 s A1 O2 A3 -f 15 A4 w f Figure 2: DNNF representing set of DDTs for the example in Figure 1. “A" and “O" indicate AND- and OR-node, respectively. Numbers in non-leaf nodes are their identifiers. s 40 O2 25 A3 -f 5 A1 25 A4 w 20 s 30 O2 A3 f 10 -f w Figure 3: Propagation of energy consumption values for the DNNF graph shown in Figure 2 on the left and an energy-optimal subgraph on the right. enforced values to the label of the root of the subgraph. a bottom-up propagation of energy values where each OR-node is labeled by the lowest value of its children and each AND-node is labeled by the sum of the values of its children. For example, let us assume the following energy consumptions for enforcing values of the input variables in the example of Figure 1: e(-f) = 5 e(f) = 10 e(-w) = 10 e(w) = 20 e(-s)=7 e(s)=15 where e(−x) (resp. e(x)) denotes the energy consumption for enforcing the value L (resp. H) on variable x. An energy-optimal model for this example can then be found by propagating these energy consumption values using Algorithm 1 as shown in Figure 3 (left). This model is given by the leaves of an energy-optimal subgraph. The latter graph is retrieved by traversing the DNNF top-down such that for each OR-node a child with the lowest value is kept and for each AND-node all children are kept. Figure 3 (right) illustrates the energy-optimal subgraph. Hence an energy-optimal model for this example is (−f, w, s). Its energy consumption is retrieved from the label of the root, 40 in this case. Note that an energy-optimal subgraph may only give a partial instantiation of the inputs, for example: A1 15 s 35 w 20 In that case an energy-optimal DDT is obtained by simply enforcing the lowest value on each remaining variable, and its energy consumption is obtained by adding the energy consumptions of these Algorithm 1 DNNF           e(N ) =          Energy Minimization with Smooth e(l) if N is a leaf node representing literal l _ Ni mini e(Ni ) if N = i X i e(Ni ) if N = ^ i Ni 6 BOOLEAN FORMULATION OF DDTS In order to exploit the above efficient minimization procedure for retrieving an energy-optimal DDT, we aim to compile the DDT problem into smooth DNNF. Intuitively, this requires a proposition theory that encodes input vectors such that it is not possible for the corresponding outputs based on the different hypotheses to overlap. Such a theory in DNNF can be obtained in a number of steps, described next. Since each hypothesis Mi is a CSP, we may assume that each Mi is given as a logical theory in conjunctive normal form (CNF) via any known translation of CSP to SAT (Walsh, 2000). Let M1 and M2 be the two hypotheses we wish to distinguish about a system with (I, O, L) as input, output, and internal variables. As pointed out in (Sachenbacher and Schwoon, 2008), the existence of a DDT is characterized by the following quantified Boolean formula: ∃I ∀O ∀L ¬(M1 ∧ M2 ), or equivalently, ∃I ¬(∃O ∃L (M1 ∧ M2 )), which states that there is an input vector such that the system cannot behave in a way consistent with both hypotheses. Removing the quantifiers and enlisting the projection operation, we obtain the following propositional theory (denoted F ) over the input variables I only: F = ¬(ΠI (M1 ∧ M2 )), where ΠI (X) is the projection of theory X on variables I. The models of theory F are precisely the set of all DDTs. 7 COMPUTING DDTS VIA SAT We are now ready to tackle the two tasks described earlier: computing DDTs, and computing energy-optimal DDTs. The first requires one call to a DNNF compiler followed by one call to a SAT solver. Since projection can be performed in linear time on DNNF (Darwiche, 2001), we already make use of DNNF compilation for computing ΠI (M1 ∧ M2 ) (i.e., ¬F ). A single call to a DNNF compiler then suffices to 4 21st International Workshop on Principles of Diagnosis SAT solver DDT CNF of hypothesis M1 of system behavior DNNF compiler DNNF graph of negated DDT problem Tseitin translation CNF of DDT problem DNNF compiler DNNF of DDT problem DNNF traversal energy-optimal DDT CNF of hypothesis M2 of system behavior Figure 4: Overview of methods for DDTs and energy-optimal DDTs. O1 put ¬F in DNNF. This leverages the power of DNNF compilation to obtain a compact representation of a theory over the input variables I only. Figure 5 (left) depicts a result of this compilation, a DNNF graph GF̄ ,3 for the example in Figure 1. Note that this graph does not need to be smooth, while the one described in the next section does. What we actually need to pass on to a SAT solver is the negation of this graph, in CNF. This can be obtained using the well-known Tseitin translation (Tseitin, 1968) coupled with DeMorgan’s laws, where the resulting CNF will contain auxiliary variables but have a size polynomial in the DNNF size. Tseitin’s translation consists of three steps: • introduction of one auxiliary variable for each non-leaf node of the DNNF, • generation of clauses associated with each new variable, • collection of all clauses into a single CNF with an additional constraint that forces the root to be true. With our example graph GF̄ , we will introduce three new variables: O1, A2, O3. Now if we impose negation at the root, apply DeMorgan’s laws to push negations down to leaves, and finally apply Tseitin’s translation, we obtain: O3 A2 O1 O1 ↔ ↔ ↔ ↔ (f ∧ ¬f) (w ∨ ¬O3) (s ∧ ¬A2) true The corresponding clauses are shown in Figure 5 (right) and serve as a CNF encoding of the DDT problem, ready to be passed to a SAT solver. 8 COMPUTING ENERGY-OPTIMAL DDTS Models of the CNF encoding described in the previous section correspond to the set of DDTs, and given sufficient computational resources a SAT solver will be able to find one if it exists. To enable efficient energy minimization, we now invoke once more the DNNF compiler to turn this CNF into smooth DNNF. This graph then represents exactly the set of all DDTs. Thus Algorithm 1 can be applied 3 We have kept the trivial OR-node (¬f ∨ f) in the graph for illustration purposes. A2 -s O3 -w -f f {¬O3} {¬A2, w, ¬O3} {A2, ¬w} {A2, O3} {O1, ¬s, A2} {¬O1, s} {¬O1, ¬A2} {O1} Figure 5: DNNF representing the non-DDTs from which the clauses on the right are derived, which encode the DDTs. to efficiently obtain an energy-optimal DDT (or the set of all energy-optimal DDTs if desired). See Figure 3 for an example run of this algorithm. Note, that by relabeling the nodes of GF̄ according to DeMorgan’s laws as described in (Darwiche and Marquis, 2002) we can straight forwardly obtain a graphical representation of the DDT problem in linear time. However, since this graph is not guaranteed to be decomposable it cannot be used to find an energyoptimal test in linear time. Figure 4 summarizes and illustrates the overall highlevel procedures for the two new DDT computation methods. In a nutshell, we are able to solve the energy-optimal DDT problem with two DNNF compilations and two linear-time procedures (one to generate a CNF for the negation of GF̄ and one to retrieve an energy-optimal DDT). Recall that the complexity of the DNNF compilation is polynomial in the number of variables and exponential only in the treewidth of the system in the worst case. Hence the applicability of our approach in practice does not so much depend on the size of the problem but on the structure of the system under test. 9 EXPERIMENTAL EVALUATION We evaluated our new testing methods on a model of an automotive engine test-bed (Luo et al., 2007), which consists of a throttle, a pipe, and an engine component. The model was originally given in the form of a mixed discrete-continuous model. It has been turned into a set of 40 discrete problem instances of varying sizes (i.e. variable domains) by applying domain abstractions of different granularity to the continuous variables in the model, using the method described in (Lunze and Nixdorf, 2001), and a direct encoding from 5 21st International Workshop on Principles of Diagnosis CSP to SAT (Walsh, 2000). The goal is then, for each of the instances, to find leaks in the pipe component by assigning three to four controllable variables, and observing three to four measurable variables. inst. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ODT 0.06 0.07 0.10 17.7 396 1566 - eoDDT 0.03 0.03 0.04 0.42 1.7 7.4 19.8 35.1 154 213 250 502 880 1292 1969 - DDT 0.01 0.01 0.02 0.05 0.17 0.44 0.82 1.31 2.42 3.78 5.94 8.18 11.7 16.8 24.6 35.4 33.0 42.1 58.0 65.8 inst. 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 DDT 84.5 110 146 167 191 246 286 345 432 518 615 670 792 914 1056 1139 1329 1492 1724 1894 Table 1: Computation times in sec applying the ODT, energy-optimal DDT (eoDDT), and DDT approach to different instances of the example application. The experiments were performed on a Linux DualCore PC with 1GB of RAM using the DNNF compiler C2D (Darwiche, 2005) and the SAT solver Tinisat (Huang, 2007). Table 1 shows the computation times for finding a DDT using the previous ODT method (Schumann et al., 2009), an energy-optimal DDT using our new method (two compilations), and a DDT using our new method (compilation+SAT). Blank entries signify failure due to memory exhaustion. The results indicate improvements of several orders of magnitude over the previous state of the art. For example, the largest instance solved by ODT (# 6) took it 1566 seconds, but took our new DDT method only 0.44 seconds, and we were able to find an energyoptimal DDT in 7.4 seconds. The improvement allowed much larger instances to be solved with both our new methods, and particularly with the compilation+SAT method for DDTs. As we briefly discussed in the introduction, the poorer performance of the ODT method appears to be partly due to the more complex DNNF compilations required. Figure 6 illustrates this issue in more concrete terms, where the number of nodes in the largest DNNF graph generated is shown for each instance, for the ODT method and our new DDT method. For example, for instance 6 the DNNF has already over 100,000 nodes for the ODT method, but less than 3,000 nodes for the new method. Figure 6 does not Nr. of DNNF nodes 180000 ODT 160000 DDT 140000 120000 100000 80000 60000 40000 20000 0 1 4 7 10 13 16 19 22 25 28 31 34 37 40 inst. Figure 6: Number of nodes of the largest DNNF generated for each of the instances in Table 1. show DNNF sizes for the second compilation required by our method for energy-optimal DDTs, but they are always smaller than in the first compilation except in the case involving instance 1. Finally, that our method for DDTs scales much better than for energy-optimal DDTs is consistent with the difference in complexity between SAT and compilation. For an illustration of this difference, consider the fact that compilations produced by the C2D compiler are known to permit model counting in linear time (Darwiche and Marquis, 2002)—model counting is known to be #P-complete while SAT is NPcomplete. 10 RELATION TO PREVIOUS WORK The problem of computing definitely discriminating tests in the area of diagnosis was first introduced in (Struss, 1994). Struss (2007) then shows how to optimize the testing process by reducing the number of tests that need to be carried out to discriminate a set of fault hypotheses. In contrast to that work our approach seeks to directly compute optimized individual tests that discriminate a set of hypotheses. This motivation is similar to that of the works on computing optimal distinguishing tests (Heinz and Sachenbacher, 2009; Schumann et al., 2009). However, while the latter methods aim at computing tests that will discriminate hypotheses most likely our approach targets problems for which there exist tests that definitely discriminate hypotheses. As the experimental results have shown this specialized problem can be solved much faster, even when we optimize the tests with respect to energy consumption. In automata theory, Alur et al. (1995) studied the analogous problem of generating strong distinguishing sequences for non-deterministic finite state machines, which for sequences of bounded length can be reduced to that of finding DDTs (Esser and Struss, 2007). The work of Torta and D. Theseider Dupré (2008) then also considers the cost for testing such systems. Here the 6 21st International Workshop on Principles of Diagnosis authors aim at discriminating a set of hypotheses and assume that the available actions will necessarily distinguish between them. In contrast to that work we have considered the testing of static nondeterministic systems where different actions will not necessarily discriminate between hypotheses. From a conceptual point of view the work in (Darwiche, 1998) is the closest to ours. It exploits the benefits of DNNF compilation for the fault diagnosis of systems. First it computes the DNNF graph representing the set of all diagnosis and then it uses a minimization procedure to extract all minimal ones. Thus the aim of this method is to identify all minimal diagnoses that are consistent with a set of observations. However, in practice, the resulting set of diagnoses, i.e. of fault hypotheses, can be very large. Our approach complements this work. It aims at tackling this problem by providing a procedure for discriminating between different hypotheses, like these fault hypotheses. It thus needs to consider not only the observable and faulty variables of a system but also the controllable ones. We have shown how to exploit the distinct properties of the DDT problem by solving it based on DNNF graphs that are defined over input variables only. Using a variation of the minimization procedure in (Darwiche, 1998) we were also able to identify the actions, i.e. the assignments to controllable input variables that can perform the discrimination of fault hypotheses and that can be carried out with minimal energy consumption. 11 CONCLUSION AND FUTURE WORK We have presented a new algorithm for computing DDTs that exhibits much better efficiency and scalability than previous approaches on a realistic benchmark. This was achieved by constructing a Boolean Pp formula that encodes the complex DDT problem ( 2 complete) and that can be transformed into a SAT problem via DNNF compilation, which is often very efficient for real-world problems that have structure. In addition we have studied the problem of computing DDTs that can be enforced at minimal energy consumption, a problem which is very relevant in practice but has not been considered before. We proposed an algorithm for this problem that involves one additional step of DNNF compilation such that energy-optimal DDTs can be retrieved from the final DNNF in time linear in the size of the DNNF. With this algorithm we were able to compute energy-optimal DDTs for instances where previous methods could not even find an arbitrary DDT. The success of our new methods can be partly ascribed to the fact that they are better able to exploit structural properties of the system (compared with Sachenbacher and Schwoon 2008), or that they require less complex DNNF compilations (compared with Schumann et al. 2009). Topics for future work include extending our approach to systems that admit possibly discriminating tests but not DDTs, and to systems whose nondeterminism is quantified by a probabilistic model. It would also be interesting to analyze to what extent incremental DNNF compilation techniques like (Ven- turini and Provan, 2008) could be used for the test generation of even larger systems. ACKNOWLEDGMENTS This work was supported by the Science Foundation Ireland under the ITOBO Grant No. 05/IN/I886, and the Deutsche Forschungsgemeinschaft under grant SA 1000/2-1. REFERENCES (Alur et al., 1995) R. Alur, C. Courcoubetis, and M. Yannakakis. Distinguishing tests for nondeterministic and probabilistic machines. In Proceedings of the ACM Symposium on Theory of Computing, pages 363–372, 1995. (Boroday et al., 2007) S. Boroday, A. Petrenko, and R. Groz. Can a model checker generate tests for non-deterministic systems? Electronic Notes in Theoretical Computer Science, 190:3–19, 2007. (Darwiche and Marquis, 2002) A. Darwiche and P. Marquis. A knowledge compilation map. Journal of Artificial Intelligence Research, 17:229–264, 2002. (Darwiche, 1998) Adnan Darwiche. Model-based diagnosis using structured system descriptions. Journal of Artificial Intelligence Research, 8:165–222, 1998. (Darwiche, 2001) A. Darwiche. Decomposable negation normal form. Journal of the ACM, 48(4):608– 647, 2001. (Darwiche, 2005) A. Darwiche. The C2D compiler user manual. Technical report, Comp. Sci. UCLA, 2005. (Esser and Struss, 2007) M. Esser and P. Struss. Fault-model-based test generation for embedded software. In Proceedings of the 20th International Joint Conference on Artificial Intelligence (IJCAI), pages 342–347, 2007. (Heinz and Sachenbacher, 2009) S. Heinz and M. Sachenbacher. Using model counting to find optimal distinguishing tests. In Proceedings of the Sixth International Conference on Integration of AI and OR Techniques in Constraint Programming for Combinatorial Optimization Problems (CPAIOR), pages 117–131, 2009. (Huang, 2007) J. Huang. A case for simple SAT solvers. In Proceedings of the 13th International Conference on Principles and Practice of Constraint Programming (CP), pages 839–846, 2007. (Lunze and Nixdorf, 2001) J. Lunze and B. Nixdorf. Representation of hybrid systems by means of stochastic automata. Mathematical and Computer Modeling of Dynamical Systems , 4:383–422, 2001. (Luo et al., 2007) J. Luo, K. Pattipati, L. Qiao, and S. Chigusa. An integrated diagnostic development process for automotive engine control systems. IEEE Trans. on Systems, Man, and Cybernetics, 37(6):1163–1173, 2007. 7 21st International Workshop on Principles of Diagnosis (Sachenbacher and Schwoon, 2008) M. Sachenbacher and S. Schwoon. Model-based testing using quantified CSPs. In ECAI-08 Workshop on Model-based Systems, 2008. (Schumann et al., 2009) A. Schumann, M. Sachenbacher, and J. Huang. Constraint-based optimal testing using DNNF graphs. In Proceedings of the 15th International Conference on Principles and Practice of Constraint Programming (CP), pages 731–745, 2009. (Schumann et al., 2010) A. Schumann, J. Huang, and M. Sachenbacher. Computing cost-optimal definitely discriminating tests. In Proceedings of the 24th National Conference on Artificial Intelligence (AAAI), 2010. (Struss, 1994) P. Struss. Testing physical systems. In Proceedings of the 12th National Conference on Artificial Intelligence (AAAI-94), pages 251–256, 1994. (Struss, 2007) P. Struss. Model-based optimization of testing through reduction of stimuli. In Proceedings of the 20th International Joint Conference on Artificial Intelligence (IJCAI), pages 593–598, 2007. (Torta and D. Theseider Dupré, 2008) G. Torta and L. Anselma D. Theseider Dupré. Hypothesis discrimination with abstractions based on observation and action costs. In Proceedings of the 19th International Workshop on Principles of Diagnosis (DX08), pages 189–196, 2008. (Tseitin, 1968) G. Tseitin. On the complexity of derivation in propositional calculus. Studies in Constructive Mathematics and Mathematical Logic, pages 115–125, 1968. (Venturini and Provan, 2008) A. Venturini and G. Provan. Incremental algorithms for approximate compilation. In Proceedings of the 23rd National Conference on Artificial Intelligence (AAAI-08), 2008. (Walsh, 2000) T. Walsh. SAT vs. CSP. In Proceedings of the Sixth International Conference on Principles and Practice of Constraint Programming (CP), pages 441–456, 2000. 8