=Paper=
{{Paper
|id=Vol-2215/paper17
|storemode=property
|title=Self-Adaptive Reconfigurations of Shipboard Power Systems
|pdfUrl=https://ceur-ws.org/Vol-2215/paper_17.pdf
|volume=Vol-2215
|authors=Luca Sabatucci,Massimo Cossentino,Salvatore Lopes
|dblpUrl=https://dblp.org/rec/conf/woa/SabatucciCL18
}}
==Self-Adaptive Reconfigurations of Shipboard Power Systems==
https://ceur-ws.org/Vol-2215/paper_17.pdf
Self-Adaptive Reconfigurations of Shipboard Power Systems
Luca Sabatucci, Massimo Cossentino, and Salvatore Lopes
ICAR-CNR
Palermo, Italy
{luca.sabatucci,massimo.cossentino,salvatore.lopes}@icar.cnr.it
Abstract—The Shipboard Power System (SPS) is the element of a and mission-oriented hierarchical approach, and it employs an agent
ship that is responsible for supplying energy to vessel operations. This oriented middleware for engineering self-adaptive systems (MUSA).
component is critical to the survival and safety of the ship because many
MUSA agents are able of orchestrating a solution to the end of
accidents may occur during ship navigation are often due to electrical
failures. The SPS manages the electrical topology to successfully supply dynamically reconfiguring in case of failures or unexpected events.
energy to the several onboard components. The proposed reconfiguration Customizing MUSA for the maritime domain allows obtaining a run-
architecture uses a distributed and mission-oriented approach based on a time solution to the SPS problem that adequately considers ships
generic-purpose self-adaptive middleware (MUSA). This paper illustrates mission and current (fault) scenario thus including specific tasks,
how MUSA has been customized to dynamically reconfigure the electrical
circuit of a vessel. In case of failures or unexpected events, it generates at goals and non-functional requirements (e.g. quality aspects, QoS). We
run-time several possible solutions that properly considers ship’s mission also implemented an experimental setup including a Matlab/Simulink
and the current scenario. The solution also includes a Matlab/Simulink simulation of a case study from literature[5], to validate the solution
simulator to validate the solution. and to assess our approach.
Index Terms—Shipboard power system, SPS reconfiguration, self-
This paper is organized as follows: Section II introduces the SPS
adaptive system
domain and the reconfiguration problem; Section III illustrates the
proposed solution architecture and algorithms. Section IV introduces
I. I NTRODUCTION
a fault scenario that is used to demonstrate the adaptive ability of the
In recent years, the maritime sector is highlighting a high value of system. Finally, some conclusions are drawn in Section V.
innovative and technological content (ICT), especially when faced
with the need to respond to objectives such as safety, efficiency, II. S HIPBOARD P OWER S YSTEMS
and environmental impact. “EMSA’s annual overview of 2015 marine The SPS is the electrical and electronic hearth of a ship, it
casualties and incidents” reports that most of the accidents mentioned is composed of a set of components such as power generators,
are due to loss of control or damage to ships or equipment. The ship buses, circuit breakers, heterogeneous loads, and others electric sub-
power production and distribution failures play a relevant role in systems appointed to navigation, communication and so on. In the last
such incident scenarios. The Shipboard Power System (SPS) is the decades, some ships are equipped with direct-current (DC) because of
component responsible for granting energy to navigation, commu- the following advantages if compared to the alternate-current (AC):
nication, and operational systems. It is consists of various electric
1) smaller components and compact power converters;
and electronic equipment, such as generators, cables, switchboards,
2) easier connections;
circuit breakers, fuses, buses, and many kinds of loads.
3) no reactive power and harmonic issues;
Modern ICT technologies can nowadays automatically accomplish 4) faults reduction and easier reconfiguration procedures.
real-time data acquisition, classification, assimilation, and correlation
at a reasonable cost. Software-based reconfiguration systems consist The main disadvantage of DC systems is that voltage shifts are
of two different layers: the software layer encapsulates the logic more difficult to be realised than in AC systems where transformers
for the monitor and the control of the underlying electrical layer. do that with minimal losses.
In practice, the software system manages onboard switchboards and Loads often are distributed in zones and fed power from the
circuit-breakers, to direct the power flow where it is necessary for main electric buses. It is usual to classify loads according to their
restoring a fault situation. importance into vital and non-vital categories, where vital loads are
In [1] authors survey FDIR methodologies, focusing the attention non-sheddable loads that directly affect the survivability of the ship,
on reconfiguration techniques related to flight control systems. In while the non-vital ones may be shed in order to prevent a total loss
particular, they classify the reconfiguration methodologies into two of ship’s electrical power, or for protection purposes. Moreover, the
categories: multiple-model approach, and adaptive-control approach. loads can be categorised regarding QoS as un-interruptible, short-term
In [2], authors compare reconfiguration techniques applied to the interrupt, and long-term interrupt [6]:
terrestrial and maritime domains. They include an analysis of the 1) un-interruptible load: loads that can not tolerate power inter-
SPS characteristics, highlighting the need for integrated protection ruptions on the order of two seconds;
and power distribution. 2) short-term interrupt load: loads that can tolerate power inter-
In [3], authors surveyed several formulations of the reconfiguration ruption in the order of maximum one-five minutes;
problem and techniques used for the solution. They compare the SPS 3) long-term interrupt load: load that can tolerate service interrup-
reconfiguration problem to that of large-scale systems, exploring the tion longer than five minutes.
issue of optimal reconfiguration from a variety of perspectives. Reconfiguration in an electrical SPS is a critical operation re-
The present paper focuses on SPS reconfiguration in case of single quested in unexpected situations such as in the case of severe or
or multiple failures. This work starts from a detailed analysis [4] major faults. The reconfiguration procedure is driven by the ship
of some the most recent software-based reconfiguration methodo- power and energy management control, that communicates with all
logies. The proposed reconfiguration procedure uses a distributed the generators and loads to keep the continuity of service during
103
� MISSION 1: NAVIGATION goal is a desired state an actor wants to achieve. In MUSA, a goal
Goal A [priority: normal]
Goal B [priority: low] is provided to the system at run-time, exploiting the ability of the
Goal C [priority: normal]
Goal D [priority: normal]
MISSION 2: IN HARBOUR
agent of being autonomous and proactive i.e. being able to explore a
Goal E [priority: normal]
Goal F [priority: high] Goal A [priority: high] solution space, even when this space dynamically changes or contains
Goal B [priority: low]
Goal C [priority: normal] uncertainty. For the specific context of the vessel, four goals represent
Goal D [priority: normal]
Goal E [priority: high] the main system operations such as propulsion, rudder and stability,
Goal F [priority: normal]
MISSION N: IN COMBACT communication and ICT, and hotel. These are further decomposed in
Goal A [priority: low] other sub-goals. For instance, propulsion is decomposed into main
Goal B [priority: low]
Goal C [priority: high]
Goal D [priority: normal]
motors and maneuver gears. The hotel function is decomposed into
Goal E [priority: high]
Goal F [priority: low] air conditioning, lights, and other services.
MUSA tries to address the goals by finding suitable solutions
Figure 1: An example of vessel’s Missions using the concept of Capabilities as first-class entities for agent
deliberation [9]. The concept of capability comes from planning
actions [10] and it implements a service-oriented architecture. A
reconfiguration operations. In this way, the reconfiguration of the capability describes a concrete operation the system may execute
electrical layer can isolate faults, restore/transfer power to vital loads, to change the current state of the world. Every agent knows its
but also, more generally, it can optimise the management of electrical capabilities, their effects and the way these can be employed. In
and electronic equipment to improve energy efficiency. the specific context, capabilities coincide with the electrical actions
During normal navigation or after a specific event such as a weapon (switchers) that allow to dynamically change the flow of power.
hit or a collision, there can be a series of multiple equipment damages. Consequently, self-adaptation is defined as a space search problem.
These can affect electrical layer and/or other systems such as the The algorithm used in [9] is a symbolic planning algorithm, in which
navigation one. a set of distributed agents incrementally build a computational graph
The strategy that enables restoration of the electrical power system model by exploring different combinations of capabilities. The result
is called reconfiguration. The number of steps and the adopted is a set (possibly not empty) of solutions, in which each solution
strategies (that can also involve humans) may vary. In particular, represents a sequence of actions to be executed to address the goal
in a recent work [4], authors observed in literature exists several finally.
software-based reconfiguration techniques enabling smart and timely The agent-based, hierarchical and distributed nature of MUSA
reconfiguration of the electrical layer due to a fault (or multiple allows for managing multi-layer services as a single service, thus
faults). These systems need a specific environment perception and hiding the complexity of service composition. Moreover, agents are
they enact reconfiguration strategies basing on several different levels suitable for granting adaptation because they may change without
of “smartness”, allowing a sophisticated real-time perception of the affecting the whole structure.
situation and a ready management in case of emergencies.
Smart reconfiguration methodologies need complex coordination B. A Mission-Oriented Solution
between electrical power and protective functions, and must deal SPS reconfiguration problem embraces a series of possible scen-
with several electrical architectures (radial, ring, zonal, . . . ). Very arios, goals, and decisions based on functional and non-functional
frequently applied, zonal architectures are electrical configurations of requirements. Functional requirements include prescriptive goals –
the SPS where loads are ideally divided into zones. Such architectures related to onboard operations that must be granted without any degree
are frequently used because they enable an easy sectioning of the ship of freedom – and soft goals which also can be satisfied partially, thus
electric level thus preventing that a single minor fault may spread in a granting a minimal degree of functionality. The adoption of goals
systemic failure [4] or, conversely, that a damaged part of the system allows a seamless description of the expected behavior in terms of
may be left apart from the functionality restoration procedure. loads that must be powered.
Moreover, requirements in a vessel are not static: they change
III. T HE P ROPOSED S OLUTION
according to the operative context. Indeed, the operating scenario may
This section illustrates the proposed solution, based on MUSA, change, and a series of reconfiguration sub-goals may be necessary
a middleware for building self-adaptive systems, and on Mat- to comply with specific requirements of the electrical layer. Some
lab/Simulink for simulating the circuit. particular constraints are, for instance: providing energy to vital loads,
protecting loads with different priorities, shedding non-damaged loads
A. MUSA: A Middleware for User-driven Service Adaptation that may not be powered (possibles causes: insufficient electric power,
The Middleware for User-driven Self-Adaptation (MUSA) has no energy transportation route to that load). These sub-goals may
arisen from a couple of pressing objectives in the research agenda strongly vary according to the kind of vessel (a warship vs. a cargo),
of dynamic workflow execution: managing run-time business process the type of mission (approaching the harbor, offshore navigation,
evolution and adaptivity [7]. combat actions), and the current amount of power produced by
The key aspect is a clear separation of two points: ‘what the generators and energy storage devices. The system must be flexible
system has to address’ and ‘how it will operate for addressing it’. enough to switch its goals at run-time, for example when the ship’s
The enablers of this vision are i) representing what and how as mission change.
run-time artifacts the system may reason on (respectively goals and To this aim, we introduce the concept of Mission. A mission is
capabilities); ii) a reasoning system for connecting capabilities to a description of the relation between the operating context and the
goals; iii) finally a common grounding semantic, represented with degree of priority to be assigned to the system goals.
some formalism. The solution we propose is based on a dynamic description of
The first aspect of MUSA is the ability to work with run-time the vessel’s missions. An example is shown in Figure 1. When the
requirements as a set of goals to be injected into the system [8]. A system power is under the value required for feeding all the vessel’s
104
� selected
MATLAB
design of this module incorporates human factor to enable specialized
solution
Captain feasible operators (mainly the captain) to maintain situational awareness and
MISSION solutions
take appropriate measures during normal and emergency conditions.
Control
MUSA Execute. The main operations of the SPS reconfiguration are
configurations
heuristics
connection/disconnection of the loads and the generators. These
generator
failure(s)
actions are performed by controlling the automatic switches placed
conceptual
solutions on electrical buses. Controller distribution and autonomy are funda-
Monitoring STATE WTS
mental features to allow each block may act independently from the
rest of the system.
Figure 2: Architecture of the adaptive solution The whole adaptation cycle is summarized in Figure 2. The
ship captain selects the current mission of the vessel. The mission
classifies the loads according to a typology (vital, semi-vital and non-
loads, the SPS reconfiguration must consider not all the goals are vital) and finally, each of the loads is associated with a priority.
equally important to be pursued. Indeed, some loads are mandatory A monitoring module supervises the vessel’s status and raises a
for the vessel survivability [vital loads] while other ones are also new adaptation need when it discovers a failure scenario. In this case,
important but not necessary [semi-vital loads]. Finally, other loads MUSA receives the current state of the vessel, and it explores a space
may be switched off without affecting ship mission accomplishing of solution driven by the mission’s goals and it produces a list of
[non-vital loads]. Consequently, goals may be classified by different conceptual solutions. These are ‘conceptual’ because the main MUSA
priority depending on the specific context. Thus, the reconfiguration algorithm works on a conceptual description of the electrical topology
system will always prefer to address a higher priority goal. where some implementation aspects are missing. It is up to the Matlab
The architecture of the solution is based on the integration of simulation to validate these solutions by verifying their feasibility in
MUSA and Matlab, as shown in Figure 2. MUSA provides a high- terms of physical aspects. Therefore, only feasible solutions will be
level reasoning infrastructure that is triggered when the monitoring presented to the vessel’s captain.
sub-system discovers the standard electrical configuration is affected The cycle concludes when the captain selects and makes operative
by a set of failures. the solution he prefers thus enabling the control sub-system to enact
In this process, MUSA makes a very limited use of physical values the solution in the real electrical circuit concretely.
to elaborate the solutions. It calculates the available amount of power, The next section explains a reconfiguration scenario due to a set
and it penalizes configurations in which loads use more power than of failures. It illustrates, in details, how the architecture takes care of
the available one. The role of Matlab becomes fundamental because it the failure conditions and it is able of generating a reconfiguration
allows grounding the conceptual solution by employing Simulink to plan to lead the general state of the vessel toward a safe condition.
simulate physical parameters such as the effective current measured at
IV. C ASE S TUDY
the generators poles, identifying extra-voltage or unstable situations
that a symbolic reasoning is not able to evaluate. The outcome of In this section, we propose a case study inspired by [5] to which
Matlab is to discard unfeasible solutions and to sort the remaining we apply the proposed approach for reconfiguring the system when
ones according to their quality. multiple failures occur. The formulation presented in [5] considers
a new balanced hybrid (AC and DC) shipboard power system based
C. The Adaptation Cycle on a high-performance medium-voltage DC-current (MVDC) ship
Most of the modern approach to self-adaptation puts the feedback power system. To allow an evaluation of the proposed approach, in
loop as the core of the architecture. The proposed solution adopts this section we suppose the whole system is DC powered, and it is
one of the most common models for realizing the feedback loop: the configured as reported in Figure 3.
MAPE-K [11] structure, composed of data collection, data analysis, The proposed electrical model comprises seven DC load zones
planning and acting. Figure 2 shows the architecture of the solution. that are powered by two primary generators (MG) and two auxiliary
generators (AUXG). Each MG provides up to 6 MW while each
The Monitor Module. The vessel is instrumented with a set of AUXG provides up to 2 MW. It is assumed that nonvital loads can
sensors for monitoring some physical variables. The monitor module be shed to grant the power to the vital and semi-vital loads in case
shall control these sensors to collect raw data with the aim of of emergencies.
detecting possible failures. To demonstrate the results provided by the proposed system, we
The Analysis Module. The system should be able of reasoning on will study a multiple-failures scenario inspired by [5] involving three
raw data to estimate all the relevant vessel conditions (e.g., steady simultaneous faults.
state, electrical failure, etc.) thus obtaining the necessary information The fault scenario (failures FS1+FS2+FS3 in Figure 4) occurs
to characterize and assess system performance fully. For instance, the when multiple interruptions happen on the starboard bus. As a
analysis should infer the kind and the position of possible electrical consequence of these multiple failures, loads L1, L5, L9 are no more
failures when they occur. powered. This has a serious impact on mission accomplishing since
The Planning. component is responsible for deciding the kind load L9 is a vital one. Loads L15, L18, L21, L24 are still unpowered
of recovery to enact. The Proactive Means-end Reasoning Module because of the initial mission configuration.
elaborates a configuration for maximizing the continuity-of-service of The reconfiguration procedure performed by MUSA proposes sev-
vital loads during the reconfiguration operations, avoiding instability eral solutions. They respect the constraint coming from the maximum
or even system collapse. According to the current mission and the amount of available power (also considering auxiliary generators if
kind of maneuver, loads are dynamically dealt according to the three switched on during the procedure). However, the MUSA module is
categories (vital, semi-vital and non-vital). The contribution of Mat- not aware of the real behavior of the system at the most detailed
lab/Simulink allows selecting feasible solutions via simulation. The level, including currents in each node, currents delivered to loads and
105
� F1 F2 F3 Port Bus
1 2 3 4 5 6 7 8 9
MG2
SW1 SW5 SW11 SW15 SW21
L1 L5 SW P3 L11 L15 SW P6 L21
SW P1 SW P2 SW P4 SW P5 SW P7
SW2 SW6 SW12 SW16 SW22
F4
L2 L6 L12 L16 L22
Aux Aux
SW G1 G2
SW7 SW9 SW13 SW SW17 SW19 SW23
SW3 AUXG1 AUXG2
L3 L7 L9 L13 L17 L19 L23
SW S2 SW S3 SW S4 SW S5 SW S6
SW S1 L4 L8 L14 L18 SW S7 L24
MG1
SW3 SW8 SW14 SW18 SW18
14 16 21 25 30 32 37 41 46
Starboard Bus
Figure 3: The adopted shipboard power system model.
Table I: Load classification and priority for the reference mission.
MISSION
Type vital semi-vital non-vital
Priority 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Load 24 21 19 18 15 14 11 22 16 12 7 6 3 2 9 23 17 13 8 5 4 1
Table II: Scenario 1. Results of the reconfiguration process (MUSA side).
config c1 c2 c3 c4 c5 c6 c7 c8 gen state load state score
initial state 1100 1111111111111111110000 4194288
fault cond 1100 1001111111110101110000 2620784
1 x x x x x x x 1111 1111111111111101111111 4194175
2 x x x x x x x 1110 1111111111111101111111 4194175
3 x x x x x x 1110 1111111111111101111111 4194175
4 x x x x x 1110 1111111111111101111110 4194174
5 x x x x 1110 1111111111111101111100 4194172
6 x x x 1110 1111111111111101111000 4194168
7 x x 1110 1111111111111101110000 4194160
8 x 1100 1111111111110101110000 4193648
Legend: config is the number of solution discovered by MUSA; c1-c8 are the subset of all the capabilities used in this example
(c1=switch ON aux1 generator cap, c2= switch ON aux2 generator cap, c3=open switch swp3 close switch sws3 cap, c4=open switch sw 5 cap,
c5=close switch sw 15 cap, c6=close switch sw 18 cap, c7=close switch sw 21 cap, c8=close switch sw 24 cap); gen state is the state of the four
generators (main1, main2, aux1, aux2); load state is the state of the loads according priorities (see Table I); score is the result of the score heuristic.
Table III: Scenario 1. Results of the simulation process (Matlab/Simulink side).
config overloads non-powered loads wrongly non-powered underused gen redundant cap solution size feasible
1 MG1 L5 7 NO
2 MG1 L5 c4-open SW5 7 NO
3 MG1 L5 6 NO
4 L5-L24 5 YES
5 L5-L21-L24 4 YES
6 L5-L18-L21-L24 3 YES
7 L5-L15-L18-L21-L24 2 YES
8 L1-L5-L15-L18-L21-L24 1 YES
Legend: config is the number of solution discovered by MUSA; overloads are situations which the current at the ports of a generator is higher than a
threshold; not powered loads are loads that are not supplied; wrongly non-powered are loads that could be supplied with energy but the configuration misses
to do; underused gen are generators that are used below their possibility; redundant cap indicates the solution contains capabilities that could be removed
because their effect is null; solution size is the number of capabilities that are used in the solution.
106
� Port Bus
F1 F2 F3
1 2 3 4 5 6 7 8 9
MG2
SW1 n L1 SW5 n SW11 n L11 SW15 n L15 SW21 n L21
L5 SW P3 SW P6
SW P1 SW P2 SW P4 SW P5 SW P7
SW2 SW6 SW12 SW16 SW22
v v v v v
L2 L6 L12 L16 L22
Aux Aux
G1 G2
SW3 SW SW7 SW9 SW13 SW SW17 SW19 SW23
s AUXG1 s v s AUXG2 s v s
L3 L7 L9 L13 L17 L19 L23
SW S2 SW S3 SW S5 SW S6
SW S1 n L8 SW S4 n L14 SW S7
n L4 n L18 n L24
MG1
SW3 SW8 SW14 SW18 SW24
14 16 21 25 30 32 37 41 46
Starboard Bus Powered Loads Not Powered Generators
Loads
v Vital Load v Vital Load G Working
Keys Semi-Vital
s s Semi-Vital Not Working/
Load G
Load Switched off
n Non Vital Load n Non Vital Load
Figure 4: First scenario (3 faults): initial configuration of the system, and faults.
currents dispatched by generators (that being real have a maximum two configurations. The first one (configuration n.1 from Table II)
amount of power they can provide). Indeed, the MUSA module prescribes the following operations:
operates at a symbolic level of abstraction. It computes which paths
are enabled for current passing once a specific configuration of cap: switch_ON_aux1_generator_cap
switches is selected and what total amount of current is demanded to cap: close_switch_sw_15_cap
generators by the current-reachable loads. By using Matlab/Simulink, cap: close_switch_sw_18_cap
our system simulates all the provided reconfiguration procedures and cap: close_switch_sw_21_cap
it removes those who violate physical specifications of the real system cap: close_switch_sw_24_cap
(for instance maximum amount of power for each generator). Results cap: switch_ON_aux2_generator_cap
are reported in Table II. The first two rows of the table report the cap: open_switch_swp3_close_switch_sws3_cap
initial operating conditions selected by the captain according to the The first step consists in switching on the generator AUXG1, then
mission profile (see also I). It is worth to note that, although no loads L15, L18, L21, and L24 are powered, the generator AUXG2
faults are active, some loads are not powered (L15-L18-L21-L24). is switched on, and, finally, the transversal bus 3 configuration
This descends from the limited power of the two main generators is changed (by opening switch SWP3 and closing SWS3). The
(not sufficient to power all the loads of the vessel) and the non- reader will note that the prescribed operations do not follow a
vital role of some loads for the mission. The quality of service precise or logical order (for instance the two auxiliary generators
(score) for this configuration is 4’194’288. After the three faults are not switched on together). This is an obvious consequence of
(Figure 4), the quality of service drops down to 2’620’784. This the configurations generator algorithm for solution space (WTS, see
happens because loads L1-L5-L6-L9-L15-L18-L21-L24 are no more Figure 1) exploration and of the simplification implied by not study-
powered as a consequence of the faults. This is the initial condition ing transitory intermediate configuration states. The reconfiguration
the proposed reconfiguration approach has to cope with. The con- solution is supposed to be entirely applied at the same time (not a
figurations generator proposes 8 different solutions to the problem big issue when working in DC although some aspects will be further
as reported in Table II. Each configuration employs a different set studied in the future).
of capabilities. As we can see looking at the score column, the first The second reconfiguration solution we will study configuration n.
three proposed configurations achieve the same score result but they 4 from Table II) prescribes the following operations:
use a different set (and number) of capabilities to do that. Oddly,
configuration 1 activates the auxiliary generator AUX2 without any cap: switch_ON_aux1_generator_cap
evident advantage with regards to the following two configurations. cap: close_switch_sw_15_cap
Configuration 2 proposes to open switch sw5 (controlling load L5) cap: close_switch_sw_18_cap
but since this is not reachable anyway, the action has no effect on cap: close_switch_sw_21_cap
the result. From configuration 4 to 8, a growing number of loads cap: open_switch_swp3_close_switch_sws3_cap
is disconnected from power, this causes a decrease in the quality of
The procedure switches on auxiliary generator 1, together with
service coming with a diminishing need for power (configuration 8
loads L15,L18,L21. The configuration of transversal bus 3 is reversed
does not even need auxiliary generator AUX1) and the number of
as in the previous configuration.
employed capabilities.
Differences between these two configurations become evident after
In order to better illustrate the proposed approach, we will study their simulation with the Matlab module. The overall results of the
107
�Matlab simulations are reported in Table III). This summarizes the vessel. The solution adopts MUSA as the base for the reconfiguration
most relevant problems that can be found by using a physical-level system and Matlab for enriching the system of a physical simulator.
simulation of the circuit. The first column reports the number of We have extended the main concepts of MUSA by introducing the
configurations, the second column reports the overloaded generators new concept of Mission, a dynamic container of goals, associated
(if any). The first three configurations overload the generator MG1 with their priorities. We finally proposed a case study in which we
thus becoming unacceptable (see the last column of the table, column discuss a failure scenario, and we illustrated how the system behaves
’feasible’). This condition may not be discovered at the symbolic in critical circumstances.
level, since it only performs a global balance of power (demanded
R EFERENCES
power vs available power). In reality, it may happen that power
required to the available generators is not equally distributed and [1] I. Hwang, S. Kim, Y. Kim, C. E. Seah, A survey of fault detection,
one of them may overload while the other remains well under its isolation, and reconfiguration methods, IEEE Transactions on Control
Systems Technology 18 (3) (2010) 636–653. doi:10.1109/TCST.
working limits. The third column lists loads that are not powered in 2009.2026285.
the proposed configuration. This is directly linked to the quality of [2] W. M. Dahalan, H. Mokhlis, Techniques of network reconfiguration
service score (from the previous table). Solutions with better scores for service restoration in shipboard power system: A review, Australian
are to be preferred if they satisfy the goal requirements (all vital Journal of Basic Applied Science 4 (11) (2010) 55565563.
[3] K. C. Nagaraj, J. Carroll, T. Rosenwinkel, A. Arapostathis, M. Grady,
loads are powered). The fourth column reports the list of loads that E. J. Powers, Perspectives on power system reconfiguration for shipboard
could be powered according to the circuit configuration, but they are applications, in: 2007 IEEE Electric Ship Technologies Symposium,
switched off by the wrong use of a capability. IEEE, 2007, pp. 188–195.
Column ’underused gen’ lists the generators that are switched [4] L. Agnello, M. Cossentino, G. De Simone, L. Sabatucci, Shipboard
power systems reconfiguration: a compared analysis of state-of-the-art
on by the proposed configuration but their power is not effectively
approaches, in: Smart Ships Technology 2017, Royal Institution of Naval
used according to the Matlab simulation (in other words they do Architects (RINA), 2017, pp. 1–9.
not really provide any power). Again, this happens in scenario 2. [5] S. Bose, S. Pal, B. Natarajan, C. M. Scoglio, S. Das, N. N. Schulz,
Column ’redundant cap’ lists the capabilities (better their scope) that Analysis of optimal reconfiguration of shipboard power systems, IEEE
are employed in the configuration but do not provide any effect (for Transactions on Power Systems 27 (1) (2012) 189–197.
[6] IEEE, Recommended practice for shipboard electrical installations –
instance the already discussed use of c4 in configuration 2). Column systems engineering, IEEE Std 45.3-2015 (2015) 1–74doi:10.1109/
’solution size’ reports the number of employed capabilities. This is IEEESTD.2015.7172975.
a sensitive metrics since we prefer shorter (and therefore intuitively [7] L. Sabatucci, C. Lodato, S. Lopes, M. Cossentino, Towards self-
simpler) solutions when they achieve the same score. Finally, column adaptation and evolution in business process., in: AIBP@ AI* IA,
Citeseer, 2013, pp. 1–10.
’feasible’ summarizes the previous results and it marks as acceptable [8] L. Sabatucci, P. Ribino, C. Lodato, S. Lopes, M. Cossentino, Goalspec:
solutions that do not violate physical limits of the circuit behavior A goal specification language supporting adaptivity and evolution, in:
(such as generator overloads). International Workshop on Engineering Multi-Agent Systems, Springer,
Going back to the previously studied configurations n.1 and n.4, 2013, pp. 235–254.
we can see that the Matlab simulation of the proposed solution n.1 [9] L. Sabatucci, M. Cossentino, From Means-End Analysis to Proactive
Means-End Reasoning, in: Proceedings of 10th International Symposium
reports that one generator (MG1) is overloaded and one load (L5) is on Software Engineering for Adaptive and Self-Managing Systems,
not powered. This solution is therefore not feasible. Conversely, the Florence, Italy, 2015.
simulation of configuration n.4 proves it abides the limits imposed [10] M. Gelfond, V. Lifschitz, Action languages, Computer and Information
by the electrical components, and it is therefore feasible. In this Science 3 (16).
[11] P. Vromant, D. Weyns, S. Malek, J. Andersson, On interacting control
configuration, loads L5 and L24 are not powered but they are listed loops in self-adaptive systems, in: Proceedings of the 6th International
as non-vital in this mission; therefore this is not a problem. The two Symposium on Software Engineering for Adaptive and Self-Managing
cases show the importance to clean the solutions provided by the Systems, ACM, 2011, pp. 202–207.
configurations generator with the simulations done by a module that
is well aware of the behavior of the physical layer of the system
(Matlab in our case). Considering the results proposed in Table III,
we can see that the best solution is configuration n.4 that achieves a
score of 4’194’174 and requires five capabilities. Following solutions
(n.5-6-7-8), although feasible, achieve a lower score (in fact fewer
loads are powered by these solutions) but also use a smaller number
of capabilities, therefore may be useful in a real scenario when
something could go wrong in applying the preferred solution n. 4.
This example shows the ability of responding to unexpected
situations by proposing more than one reconfiguration solutions. It
is worth to note that the proposed system could easily automatically
identify and enact the best solution but we decided not to implement
that because in real scenarios, the final responsibility for the adoption
of a reconfiguration strategy should always be on the person in
charge.
V. C ONCLUSIONS
This paper presented an adaptive architecture for dealing with
the reconfiguration of Shipboard Power Systems (SPSs) that is the
component responsible for supplying energy to various services of a
108
�