Bicausal bond graphs for supervision: From fault detection and isolation to fault accommodation

Bicausal bond graphs for supervision: From fault detection and isolation to fault accommodation

ARTICLE IN PRESS Journal of the Franklin Institute 345 (2008) 1–28 www.elsevier.com/locate/jfranklin Bicausal bond graphs for supervision: From faul...

942KB Sizes 0 Downloads 19 Views

ARTICLE IN PRESS

Journal of the Franklin Institute 345 (2008) 1–28 www.elsevier.com/locate/jfranklin

Bicausal bond graphs for supervision: From fault detection and isolation to fault accommodation A.K. Samantaray, S.K. Ghoshal Department of Mechanical Engineering, Indian Institute of Technology, 721302 Kharagpur, India Received 30 May 2006; accepted 31 May 2007

Abstract Model-based fault detection and isolation (FDI) requires an analytical system model from which fault indicators can be derived by assigning proper computational causalities. Many bond graph (BG) model-based techniques for FDI have been developed in recent past. Furthermore, many other advances have been made in the field of control engineering applications of BG modelling. Supervision systems not only perform FDI, but also take the necessary steps for fault accommodation. Fault accommodation is done either through system reconfiguration or through fault tolerant control (FTC). In this paper, it is shown that bicausal BG modelling proves to be a unified approach for sensor placement from the FDI and FTC viewpoint, identification of hardware redundancies for system reconfiguration, generation of fault indicators, estimation of fault parameters for fault accommodation, inversion of systems and actuator sizing for FTC, etc. It is shown that the use of bicausalled BG helps to integrate many of the recently developed advances made in the field of control engineering into development of complex supervision systems. r 2007 The Franklin Institute. Published by Elsevier Ltd. All rights reserved. Keywords: Bond graphs; Bicausality; Analytical redundancy; Fault signature; Fault detection and isolation; Fault tolerant control

1. Introduction At the 5th international conference on bond graph (BG) modelling, an algorithmic way to derive analytical redundancy relations (ARRs) [1–3] or the so-called constraint structures Corresponding author. Tel.: +91 3222 282998/282999; fax: +91 3222 282278.

E-mail addresses: [email protected] (A.K. Samantaray), [email protected] (S.K. Ghoshal). 0016-0032/$32.00 r 2007 The Franklin Institute. Published by Elsevier Ltd. All rights reserved. doi:10.1016/j.jfranklin.2007.05.009

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

2

Nomenclature Symbol description T tank V valve A cross-sectional area of tank m mass of fluid in tank P measured fluid pressure F measured fluid flow g acceleration due to gravity r density of fluid Q mass flow rate of fluid F( ) and C( ) characteristic functions of actuators and controllers f( ) characteristics of valve, e.g., quick opening, equal percentage, etc. sign( ) function to correct the direction of flow through a valve Cd coefficient of discharge of fluid through a valve C¯ d estimated coefficient of discharge of fluid through a valve L measured fluid level in a tank u controller command (output) Subscripts P PI 1,2

pump (actuator) proportional-integration controller tank and valve numbers

expressed in terms of known system variables, from BG models, was presented [4]. Evaluation of ARRs by using measured data generates the residuals or measures of discrepancies between the actual and the reference system behaviour, which are then used for fault detection. Prof. Peter J. Gawthrop, who was the session chair and champions the use of the concept of bicausality notations [5] in BG models, then remarked and explained that the existing algorithms for ARR derivation could be well represented by using bicausality notations. Nearly 4 years after his observations, we present in this paper a unified approach to fault detection and isolation (FDI) and fault tolerant control (FTC) by using bi-causalled BG models. Supervision systems mainly perform two tasks: FDI and decision making to recover from the fault. Supervision systems utilize a set of tools and methods to operate a process in normal situation as well as in the presence of failures or undesired disturbances. The presence of a fault is detected at the monitoring level, which determines whether the process is in normal operation or not and the tools associated with diagnosis are executed after detection of abnormal process state. Fault accommodation is performed in situations where parameters or constraint structures change due to a fault [1]. Fault accommodation is performed through FTC and/or system reconfiguration. In FTC, the objective is to control the system under actual constraints. In system reconfiguration, part of the actual faulty system is replaced by another one, e.g. selection

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

3

of alternative input and output for a controller [2]. FTC approaches can be further classified into two categories: passive approach (e.g. robust control) and active approach (e.g. adaptive control). In this paper, we have used active FTC, in which plant faults are diagnosed (FDI and parameter estimation) and subsequently the controller is redesigned for fault accommodation. A detailed survey of different approaches for FDI is given in three parts in [6]. In this paper, a model-based FDI procedure is followed, for which a definite and accurate mathematical model of the considered system is needed. We have used BG modelling because it is well-established as a unified multi-energy domain modelling method [7–9] and it has been successfully applied to model various engineering systems, including process engineering systems [10]. Furthermore, the principles for studying the structural control properties (controllability, observability, etc.) of systems by analysing the causalities on BG models have been developed in [11,12]. A methodology to optimize sensor placements and also to determine hardware redundancies by exploiting the structural control properties obtained from BG models is described in [13]. Various developments by using BG modelling in the field of control engineering, e.g. system inversion [5,14–17], I/O decoupling, system identification, parameter estimation [18,19] and actuator sizing [20], have been reported in literature. It will be shown in this paper that these recent developments in the field of control engineering, achieved through BG-based physical system modelling, can be readily used to develop FDI and fault accommodation algorithms. 2. BGs in quantitative model-based FDI In a scalar BG model, each junction has a strong law which represents a number of equality constraints and a weak law which describes an algebraic constraint. Furthermore, each two-port element has two scaling constraints, each source has an input constraint and each passive element (storage element or resistance) has a scalar or vector (field) constitutive relation. In all, the number of unknowns (effort and flow variables) is equal to the number of constraint relations [21] and in most cases (except causal loops and some specific forms of algebraic loops), it is possible to derive the equations for each power variable in terms of state vectors and inputs. In the sense of FDI, some outputs from the model (where sensors are installed) are assumed to be known. Therefore, these output relations, when added to the model, produce more number of equations than the unknown variables in the model. This results in some redundancy in the equations, which lead to formation of the ARRs. The number of ARRs is equal to the number of sensors used in the model. In BG terms, an ARR is represented as a constraint among various known system parameters and measurements: ARRi ¼ fi(De, Df, Se, Sf, Mse, MSf, u, y) ¼ 0, where u is the controller output vector, y is the vector of parameters and other variables are various measured sources and sensors represented by using their bond graphic nomenclature. Constraints (fi) are formed by the junction structure and constitutive relations of the elements. A residual, r, is an error in holding a system constraint, i.e., ri ¼ Eval(ARRi). ARRs can be obtained from a BG model through an algorithmic procedure developed in [4]; wherein, a number of sensors have to be installed in the plant to satisfy the structural properties and all the storage elements are to be brought under preferred differential causality by allowing for inversion of detector causalities. Note that state vectors do not

ARTICLE IN PRESS 4

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

appear in ARRs, because they are assumed to be unknown. State vectors are decoupled from ARRs by assigning derivative causalities to storage elements, whereas the measurements are treated as sources, i.e. the sensor causalities are inverted [22]. A decision procedure treats the residuals and generates the alarm states, which are needed to detect the faults. Robust decision procedures minimize misdetection and false alarms by treating the residual noises. In active FDI, e.g. through use of unknown input observers (UIOs) and extended Kalman filters, perfect decoupling of residuals from modeling and measurement uncertainties is limited by the number of measurement signals and their locations. It is possible to perform a perfect decoupling if there are few disturbances or if the modeling errors concern a restricted number of parameters. On the contrary, optimization techniques are used to find a partial decoupling. An alternative approach to achieve robustness in FDI, called as passive approach, tries to accomplish robustness in the decision-making stage. In a passive approach, the effect of the parameter and measurement uncertainties are propagated to the residuals and then an adaptive threshold is used to envelop these residuals to achieve robustness. In passive FDI, a decision procedure Y(r1,r2, y, rn) tests each residual, ri, against a fixed or adaptive threshold, di, to generate a coherence vector, C. The adaptive threshold may be a function of time, inputs and other parameters. The elements of coherence vector C, ci(i ¼ 1yn), are determined from  0 if ri is bounded by di ; ci ¼ 1 otherwise: A fault is detected, when C6¼[0,0,y, 0], i.e. at least at least one residual violates its threshold. A fault signature matrix (FSM), which describes the participation of various components (physical devices, sensors, actuators and controllers) in each residual, is used to define the structure of residual sensitivities to various faults. Assuming time-invariance of this structure, it is used to isolate faulty components. The elements of the FSM, say S, are determined as  1 if the ith ARR contains variables of the jth component; S ji ¼ 0 otherwise: Note that the FSM can be determined from analysis of the causal paths on a BG model. Structured residuals are designed in such a way that each residual is sensitive to a subset of faults and insensitive to other faults. A set of residuals in which every residual is sensitive to one and only one fault is called structured and directional (also called diagonal). Diagonal residuals allow isolation of multiple faults. Different forms of ARRs are equivalent to assignment of different causalities on a BG model. 3. Symbolic ARR derivation by using bipartite graph A bipartite graph representation provides a structured approach for derivation of ARRs. The structure of a system can be represented by a bipartite graph [2] with the two sets of vertices: the constraints and the variables, and edges between the constraints and the variables. A bipartite graph is a non-oriented (acausal) graph, which shows all the variables and parameters connected with a given constraint vertex have to satisfy the corresponding condition, namely differential equations and measurement equations.

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

5

To demonstrate the approach, we have considered an example of a two-tank process shown in Fig. 1. It consists of two tanks, T1 and T2, connected by a pipe with a valve, V1. Two level sensors, L1 and L2, are installed in the tanks, T1 and T2, respectively. The fluid level in tank T1 is controlled by a PI level controller, which acts on a pump to maintain the water level in tank T1 (i.e. L1) at some constant predefined set point, Spt. Outputs from the pump and PI controller are measured as QP and uP, respectively. The quantity of water outflow to the consumer, QO, is manually controlled by a valve, V2. The purpose of the system is to provide a continuous fluid flow, QO, to the consumer. The atmospheric pressure is taken as reference and the fluid is considered to be under-saturated and incompressible. The behavioural equations, i.e., various constraints, for this system are given in Table 1. For bipartite graph representation, shown in Fig. 2, we add two more constraints: d ðm1 ðtÞÞ, dt d _ 2 ðtÞ ¼ ðm2 ðtÞÞ. :m dt

_ 1 ðtÞ ¼ c9 : m c10

In the bipartite graph, the set of constraints C ¼ [c1, c2, c3, c4, c5, c7, c8, c9, c10] link the _ 1 ðtÞ; m2 ðtÞ; m _ 2 ðtÞ; Q1 ðtÞ; Q2 ðtÞ; uP ðtÞ; QP ðtÞ; L1 ðtÞ; L2 ðtÞ . variables Z ¼ m1 ðtÞ; m The structural analysis, i.e. the analysis of the constraints, is performed through matching on a bipartite graph. A matching is a causal assignment, which associates some

Fig. 1. Process and instrument diagram (P&ID) of a two-tank process. Table 1 Behavioural constraints in the two-tank process model Component

Constraint

Model (equations)

Pump Tank T1 Tank T2 Valve V1 Valve V2 Level sensor L1 Level sensor L2 PI controller

c1 c2 c3 c4 c5 c6 c7 c8

QP(t) ¼ FP(uP(t)) ¼ CP(m1(t)) _ 1 ðtÞ ¼ QP ðtÞ  Q1 ðtÞ ¼ CP ðm1 ðtÞÞ  Q1 ðtÞ m _ 2 ðtÞ ¼ Q1 ðtÞ  Q2 ðtÞ m pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi Q1 ðtÞ ¼ C d1 ððm1 ðtÞ=A1 Þ  ðm2 ðtÞ=A2 ÞÞg pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi Q2 ðtÞ ¼ C d2 ððm2 ðtÞgÞ=A2 Þ L1(t) ¼ m1(t)/rA1 L2(t) ¼ m2(t)/rA2 uP(t) ¼ FPI(L1(t)) ¼ CPI(m1(t))

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

6

Fig. 2. Constraints and process variables linked in a bipartite graph.

Table 2 Incidence matrix of the two-tank system model

c1 c2 c3 c4 c5 c6 c7 c8 c9 c10

m1(t)

_ 1 ðtÞ m

 1

1

m2(t)

_ 2 ðtÞ m

Q1(t)

1

1 1 1

Q2(t)

uP(t)

L1(t)

L2(t)

1

1

1 1

1 1

1

1 1

 

QP(t)

1 1

1 

1

system variables with the constraints from which they can be calculated. Variables which cannot be matched, cannot be calculated. Variables, which can be matched in several ways, can be calculated by different (redundant) means, thus providing a means for system reconfiguration. Any finite-dimensional bipartite graph can be canonically decomposed into three sub-graphs with specific properties: an over-constrained subsystem in which lesser number (say, n) of the variables have to satisfy more number (4n) of constraints; a just-constrained subsystem (number of unknown variables is equal to the number of constraints); and an under-constrained subsystem which has more unknown variables than constraints. ARR are obtained from the over-constrained subsystem by two different ways: direct redundancy and deduced redundancy. Direct redundancy is any constraint, which involves only known variables; whereas, deduced redundancy is any constraint, which contains both known and unknown variables. If the unknown variables are observable then they can be calculated from the known ones and putting the results in the constraint leads to an ARR. To eliminate unknown variables, we first construct an incidence matrix [2] shown in Table 2, which depicts involvement of variables in constraints. Items marked ‘1’ in the incidence matrix indicate that the variable in corresponding column is involved in the constraint in the corresponding row; whereas, items marked ‘x’ mean the same thing with the additional information that the corresponding variable cannot be calculated from the _ 1 ðtÞ corresponding constraint. For example, by using constraint c9, one may calculate m

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

7

from m1(t), but not vice versa, because it is assumed that the initial condition m1(0) is unknown. Similarly, from constraint c8, one cannot calculate the mass stored in the tank T1 from known variable uP, because the PI controller function is not invertible. In the next step, causality is assigned to eliminate the unknown variables. The outer vertices of the structure are the known variables: uP(t), QP(t), L1(t), and L2(t). A causal matching starting from L1(t) and L2(t) is shown in Table 3 and its corresponding graphical representation is shown in Fig. 3. The steps in causal assignment propagation are numbered sequentially in Table 3. In 1st (and 3rd) column of Table 3 the mark ‘O’ means using c6 (and c7), m1(t) (and m2(t)) can be calculated from L1(t) (and L2(t)) in step 1. Then these expressions for m1(t)(and m2(t)) are _ 1 ðtÞ (and m _ 2 ðtÞ) in step 2. Finally, these are used with constraints c4 used to calculate m and c5 to calculate Q1(t) and Q2(t), respectively, in step 3. Note that each unknown variable is determined only once (only one ‘O’ in each column corresponding to unknown variables). Finally, there are some constraints, namely c1, c2, c3 and c8, which have all variables determined (characterized by no ‘O’ in those rows). This corresponds to

Table 3 Causal matching for elimination of unknown variables

Fig. 3. Graphical representation of causal matching.

ARTICLE IN PRESS 8

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

the over-constrained subspace and these four constraints lead to formation of four ARRs: ARR1 ðc1 Þ : QP ðtÞ  FP ðuP ðtÞÞ ¼ 0, ARR2 ðc8 Þ : uP ðtÞ  FPI ðL1 ðtÞÞ ¼ 0, pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi d ARR3 ðc2 Þ : QP ðtÞ  r:A1 : ðL1 ðtÞÞ  C d1 : r:g:ðL1 ðtÞ  L2 ðtÞÞ ¼ 0, dt pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi d ð1Þ ARR4 ðc3 Þ : C d1 : r:g:ðL1 ðtÞ  L2 ðtÞÞ  r:A2 : ðL2 ðtÞÞ  C d2 : r:g:L2 ðtÞ. dt Note that corresponding to four measured variables, there are four ARRs. Further note that ARR1 and ARR2, which do not involve parameters of the system, i.e. A1, A2, Cd1, and Cd2 (r and g are considered exogenous or medium parameters, which are never faulty), correspond to functional redundancies, i.e. outputs of two sensors can be obtained directly from other sensors. One may assign different ways of matching on the incidence matrix to eliminate the unknown variables. These lead to different forms of ARRs. Note that linear combinations of ARRs are also ARRs and thus ARRs obtained from different ways of matching can be always brought to another form. 4. Matching limits in classical BG modelling Unlike BG models used for simulation, in FDI, measurements from sensors are known variables and hence sensors De and Df become inputs to the model. An effort detector becomes an effort source (Se) and a flow detector becomes a flow source (Sf). For derivation of ARRs, the negative of each measured quantity is imposed on the system as a pseudo-source, preferred differential causality is used in storage elements and the reactive factors of power from the pseudo-sources are equated to zero. These reactive factors are the ARRs if they are written in symbolic form [4]. In the algorithm proposed in [4], sensors are not converted into sources, but retained as they are and instead, the causalities of the sensors are inverted. Some forms of causalities are preferred over others, e.g., those forms, which have singularities or multi-valued solution are avoided. For example, consider the force vs. velocity characteristics for dry-friction as shown in Fig. 4. This can be modelled as an R-element in a BG, but that R-element must be assigned resistive causality. The reason is that a unique force fv can be obtained for any given velocity v, whereas the reverse is not

Fig. 4. Schematic force-velocity characteristics for dry friction.

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

9

true. Such restrictions in causality assignment and the requirement of derivative causalities on storage elements correspond to the crossed entries in the incidence matrix. The rules of BG modelling are developed from physical viewpoint and therefore they do not allow indiscriminate causality assignment. This restrains BG-based software from applying efficient causalities to eliminate unknown variables in desired ways so that specific form of ARRs can be obtained. As an example, consider the BG model of a controlled valve given in Fig. 5(a). In the BG model, the R-element represents the dissipation offered by the valve, which is modulated by a control signal u. The dotted lines represent possible instrumentations, sensor Df:F to measure flow through the valve and De:DP to measure differential pressure across the valve. The R-element has to be assigned conductive causality when De element causality is inverted, i.e. DP is taken as the starting node (Fig. 5b), whereas the R-element has to be assigned resistive causality when Df element causality is inverted, i.e. F is taken as the starting node (Fig. 5c). Assuming that u and DP are known, as shown in BG and block diagram representations in Fig. 6(a), the flow through the valve can be determined from pffiffiffiffiffiffiffiffiffiffi F ¼ C d jDPjsignðDPÞfðuÞ. In the other case, supposing that the flow through the valve (F ) and u are known, as shown in BG and block diagram representations in Fig. 6(b), the pressure drop across the valve can be determined from  2 F DP ¼ signðF Þ, C d fðuÞ under the condition that f(u)6¼0. Therefore, the causal form of R-element given in Fig. 6(a) is preferred. However, consider that we have the values for the flow, F, and pressure drop, DP, across the valve. If the flow is non-zero, then we can always uniquely find u, if the function f( ) is

Fig. 5. Bond graph model of a controlled valve with different sensor causalities.

ARTICLE IN PRESS 10

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

Fig. 6. (a) Bond graph causality assignment and corresponding block diagram representation of the controlled valve for determination of flow. (b) Bond graph causality assignment and corresponding block diagram representation of the controlled valve for determination of pressure differential. (c) Determination of control command from known flow and pressure differential across the controlled valve.

single valued and its inverse f1( ) can be defined, i.e.   F 1 pffiffiffiffiffiffiffiffiffiffi u¼f . C d jDPjsignðDPÞ This is represented in block diagram form in Fig. 6(c), but there exists no corresponding valid causality assignment in classical BG representation! We cannot assign causality to the R-element to receive both effort and flow information simultaneously; whereas in an incidence matrix, we can simultaneously consider two nodes, F and DP, as the starting nodes. This implies that BGs can only represent a subset of all possible matching to eliminate unknown variables. As a solution to such matching problems, bicausality notation is used in this paper. It allows a more relaxed way of computational causality assignment to eliminate unknown variables from the given set of constraints portrayed in a system model. 5. Notion of bicausality The notion of bicausality [5,14–17,20] was primarily introduced to study inverse system dynamics with BG models. It introduces some additional BG elements, among which source-sensor (SS), amplifier of effort (AE) and amplifier of flow (AF) are relevant in the present context. A sequential causality assignment procedure for inversion (SCAPI) is applied on regular BG models to arrive at a bi-causalled model. Bicausality notation splits the causality assignment for the two factors of power, namely effort and flow. By separating the causal strokes, it allows to impose two complimentary information at one

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

11

Fig. 7. Information exchange in bi-causalled bonds.

end of a bond. The different ways of information exchange in bicausalled bonds are shown in Fig. 7. In Fig. 7, each bond has two half causal strokes, one for effort and the other for flow. The causal stroke for the flow variable is shown on the side, where the half arrow for power direction is present. On the other side of the power direction, the causality for effort variable is portrayed. When the effort and flow information paths are counter-oriented, as in Figs. 7(a) and (b), the bond is called to be uni-causalled. Uni-causality corresponds to normal causality in BG modelling. The cases shown in Fig. 7(c) and (d) correspond to cases, when effort and flow information paths are co-oriented. The rule for bicausal 0 (1)junction is that only one bond can bring effort (flow) information and other bonds can bring the flow (effort) information. This means that at a bicausal junction, only two bonds can be in bicausality, not more, not less. In other words, at a bicausal junction, there must be one bond bringing in both effort and flow information while there must be another bond taking out both effort and flow information. Tables 4 and 5, respectively, summarize bicausal configurations for SSs, and bicausalled BG elements and junctions. In this paper, bicausal notation in BG modelling has been used for designing supervision systems, i.e., from sensor placement, residual evaluation and FDI to system reconfiguration and FTC. Bicausal-BG (BBG) model-based algorithms for sensor placement and fault quantification (or parameter estimation), by considering single fault hypothesis, are developed in this paper. 5.1. Algorithm for construction of FSM





 

Each bond connected to a sensor is assigned bicausality so that the direction of both power variables is towards the junction, i.e., it imposes both effort and flow information (one of them is zero) on the junction. Obviously, the bond connecting the sensor to the junction becomes the strong bond at that junction. Note that if a bond connected to a sensor cannot be bicausalled, then the corresponding sensor is a direct redundancy. The causality from each bicausalled junction is propagated to other elements. Any passive element (I, C and R) which receives information of both the power variables is called a terminating node. Usually non-linear elements, elements with multi-valued relations and storage elements are preferred terminating nodes, because this allows us to write down the ARRs in a flexible way. All elements and sensors, which have a causal path to a particular terminating node, are identified. All the elements thus identified and the particular terminating node element give the fault signature associated with an ARR, which can be derived from the constitutive law of the terminating node.

ARTICLE IN PRESS 12

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

Table 4 Source-sensor causality assignment [15]

Table 5 Bicausal configuration and assignment statements for bond graph elements [14]

5.2. Algorithm for parameter estimation considering single fault hypothesis by using the notion of bicausality Parameters can be estimated if the calculability property is satisfied. Let us assume a constraint relation f(x1y,xn) ¼ 0, where (x1, y, xn) ¼ XARn and we would like to solve the relation explicitly for xi in terms of xj, j ¼ 1, y, n, j6¼i. In analytical mathematical

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

13

analysis, the condition for local solution is provided by the implicit function theorem [23]. The theorem states that for a given function f: Rn-R and a local point x0 (a possible  @f  operating point), where f(x0) ¼ 0 and for which @x a0; 1  i  n, then there exists a  i x function h, defined on R, such that xi ¼ h(x1,x2,y,xi10 ,xi+1,y, xn), i.e. the variable xi is calculable. In the following, we present an algorithm for parameter estimation by assuming that the calculability property is satisfied for the system under consideration:

  



After isolation of fault, the corresponding element must be assigned bicausality such that both effort and flow variables in its bond are known. If it is a field element, then effort and flow variables in all the connected bonds must be known. Then the parameter associated with the element can be estimated by using its constitutive relation, which relates the power variables with the parameter. From that element, bicausality is propagated to sensors. In the bicausality propagation, those storage elements which appear in causal paths linking the selected terminating node and the sensors are to be assigned preferred derivative causality (by bicausaling necessary sensors) to avoid dependence on unknown initial conditions. The derivatives of measurements are calculated by using the stored temporal information. Those elements, whose constitutive relations are multi-valued functions or noninvertible functions, must be assigned appropriate causalities.

6. Bench mark problem: the two-tank process The two-tank process, shown in Fig. 1 and discussed earlier, is considered here. The _ and the gage fluid pressure (P) are taken as the power variables to mass flow rate (m) develop a pseudo-BG model of the system. 6.1. Sensor placement by using bicausal BGs For the two-tank process, ARR1 and ARR2 (corresponding residuals being r1 and r2) can be directly written from the constitutive relation of the pump and the control law for the PI controller, respectively; and then they can be used for construction of part of the FSM. The bicausal BG, shown in Fig. 8, is used to analyse the open-loop physical process (i.e. without the feedback control part). In Fig. 8, MSf:QP represents the pump, the R-elements represent the valves, C-elements represent the fluid storage in tanks and Se:0 represents atmospheric plenum. The constitutive relation for the R-elements representing the valves has been given earlier in Section 4. The hydraulic capacities are given by CTi ¼ Ai/g,R for i ¼ 1,2; such that pressure _ dt. at the bottom of ith tank is given by Pi ¼ mi g=Ai ¼ g=Ai m In Fig. 8, the causal paths to the terminating node (C:CT1) are as follows: L1 ! e1 ! e2 ! e3 ; RV 1 ! f 5 ! f 4 ! f 3 ; L2 ! e9 ! e8 ! e6 ! e5 ! RV 1 ! f 5 ! f 4 ! f 3 ; QP ! f 12 ! f 3 . From these causal paths, the components involved in r3 (corresponding to terminating node, C:CT1) are: K3 ¼ [T1 L1 V1 L2 QP]. The causal paths to the other terminating node

ARTICLE IN PRESS 14

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

Fig. 8. Bicausal bond graph model of the two-tank process.

Table 6 FSM obtained by using the first approach

Pump PI T1 T2 V1 V2

r1

r2

r3

r4

Ib

1 0 0 0 0 0

0 1 0 0 0 0

0 0 1 0 1 0

0 0 0 1 1 1

1 1 1 0 1 0

(C:CT2) give the components involved in the residual r4: K4 ¼ [T2 L2 V1 V2 L1]. The resulting FSM (considering no sensor faults) is shown in Table 6. In the FSM shown in Table 6, the last column indicates fault isolability (Ib). A component’s fault is structurally isolable (Ib ¼ 1), when its fault signature is unique. In Table 6, faults in components T2 and V2 are structurally non-isolable (Ib ¼ 0) because they have identical fault signatures, i.e. a fault in any of these two components would generate the same coherence vector (C ¼ [0 0 0 1]) and when this coherence vector is matched in the FSM, there would be two matches; thereby resulting in two equally probable fault candidates. The FSM can be constructed in many different ways depending upon the choice of bicausality propagation to different terminating elements; nevertheless the same fault isolability results. For example, one may chose R:RV1 as a terminating node instead of C:CT2 (as in Fig. 8), as shown in Fig. 9. The causal paths to the terminating node (C:CT1) are: L1 ! e1 ! e2 ! e3 ; C T2 ! f 7 ! f 6 ! f 4 ! f 3 ; L2 ! f 9 ! f 8 ! f 6 ! f 4 ! f 3 RV 2 ! f 11 ! f 10 ! f 6 ! f 4 ! f 3 ; QP ! f 12 ! f 3 . Then the components involved in residual r3 are: K3 ¼ [T1 L1 T2 L2 V2 QP].

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

15

Fig. 9. Alternative bicausal bond graph model of the two-tank process.

Table 7 FSM obtained by using the second approach

Pump PI T1 T2 V1 V2

r1

r2

r3

r4

Ib

1 0 0 0 0 0

0 1 0 0 0 0

0 0 1 1 0 1

0 0 0 1 1 1

1 1 1 0 1 0

Similarly, the causal paths to the terminating node (R:RV1) are: L1 ! e1 ! e2 ! e4 ! e5 ; C T2 ! f 7 ! f 6 ! f 5 ; RV 2 ! f 11 ! f 10 ! f 6 ! f 5 ; L2 ! e9 ! e8 ! e6 ! e5 . Then the components involved in the residual r4 are: K4 ¼ [V1 L1 T2 V2 L2]. The FSM corresponding to the selected causal structure is given in Table 7. Comparing the two matrices (Table 6 and Table 7), one can observe that although the fields under residual columns are different, identical isolability indices are obtained. The non-isolability of faults in T2 and V2 (due to same signature) is quite obvious from physical point of view, as any type of faults (say leakage) in those two components are equivalent, i.e., discharging of fluid to the environment. But, an additional flow sensor measuring flow through the valve V2 is sufficient to make all the faults isolable. This is verified by using the bicausalled BG model shown in Fig. 10. The causal paths to the element C:CT1 are identical to those in Fig. 8. So, the components involved in r3 are: K3 ¼ [T1 L1 V1 L2 QP]. The causal paths to the element C:CT2: L2 ! e9 ! e8 ! e7 ; RV 1 ! f 5 ! f 6 ! f 7 ; F 2 ! f 14 ! f 13 ! f 10 ! f 7 . Then the components involved in r4 are:K4 ¼ [T2 L2 V1 F2]. The causal paths to the element R:RV2: F2-f14-f13-f11. Then the components involved in the residual r5 are: K5 ¼ [V2 F2].

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

16

Fig. 10. Bicausal bond graph model to verify complete fault isolability.

Table 8 FSM corresponding to Fig. 10

Pump PI T1 T2 V1 V2

r1

r2

r3

r4

r5

Ib

1 0 0 0 0 0

0 1 0 0 0 0

0 0 1 0 1 0

0 0 0 1 1 0

0 0 0 0 0 1

1 1 1 1 1 1

Note that, now, there are five residuals corresponding to five sensors. The FSM, shown in Table 8, is derived on the basis of the above causal paths and it is found that all component faults are isolable with the selected instrumentation architecture. 6.2. Residual generation: symbolic method A symbolic ARR derivation method, by using bicausal notation, is developed in this section. For symbolic derivation of the ARRs, we have considered the bicausal BG model in Fig. 10. Since information of both power variables, f3 and e3, are available to the element C:CT1, pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi pffiffiffiffiffi e3 ¼ rgL1 ; f 3 ¼ f 12  f 4 ¼ Qp  f 5 ¼ Qp  C d1 e5 ¼ Qp  C d1 rgðL1  L2 Þ: The constitutive relation for the element, C:CT1, in derivative form is given by pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi A1 d 1 d A1 d ðe3 Þ ¼ ðrgL1 Þ ) Qp  C d1 rgðL1  L2 Þ  ðrgL1 Þ ¼ 0. f3 ¼ C T1 dt g dt g dt Hence, ARR3 : Qp  ðA1 =gÞðdðrgL1 Þ=dtÞ  C d1

pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi rgðL1  L2 Þ ¼ 0.

(2)

Similarly, ARR4 can be derived from constitutive relation of the element, C:CT2: f 7 ¼ ð1=C T2 Þðdðe7 Þ=dtÞ ¼ ðA2 =gÞðdðrgL2 Þ=dtÞ; pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi pffiffiffiffiffiffiffiffiffiffiffi f 7 ¼ f 6  f 10 ¼ C d1 rgðL1  L2 Þ  C d2 rgL2 .

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

17

So, ARR4 : C d1

pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi A2 d pffiffiffiffiffiffiffiffiffiffiffi ðrgL2 Þ  C d2 rgL2 ¼ 0. rgðL1  L2 Þ  g dt

ARR5 is derived from nonlinear constitutive relation for the element R:RV2: pffiffiffiffiffiffi f 11 ¼ C d2 e11 ; f 11 ¼ F 2 and e11 ¼ e10  e15 ¼ rgL2 . pffiffiffiffiffiffiffiffiffiffiffi So; ARR5 : F 2  C d2 rgL2 ¼ 0.

(3)

ð4Þ

Note that if the last ARR, which represents a deduced redundancy, is not considered, then the ARRs obtained are exactly the same as the ARRs obtained in Eq. (1) from the bipartite graph. 6.3. Fault scenario simulation and fault detection Simulation of the process behaviour can be used to produce a rich database for the offline tests as well as for testing residual sensitivity. The coupled model for the two-tank process is given in Fig. 11, in which the Coupling section provides the interface between the behavioural and the diagnostic sub-model [22]; and it also includes the provision to introduce sensor faults. The modified behavioural model contains the sources needed to introduce additive process, actuator and controller faults. These faults are triggered by the user by using a triggering mechanism represented in the Events section of the model. The residuals are evaluated in the diagnostic model by using the constitutive relations of the terminating elements. The two-tank system is simulated in normal mode with the parameter values given in Table 9 and then a partial blockage (a fault) of V1 is triggered at time 505 s by changing the value of Cd1 from its nominal value 1.8  103 (kg m)1/2 to 1.2  103 (kg m)1/2. As shown in Fig. 12, residuals r3 and r4 deviate from their nominal response; whereas r5 does not (except for a temporary deviation at the inception of the fault). Note that response of residuals r1 and r2, which remain within their thresholds for this fault scenario, are not shown because they are known to be insensitive to process deviations. Hence, the obtained coherence vector is C ¼ [0,0,1,1,0], which has a unique match with the fault signature of component V1 in the FSM given in Table 9; thus isolating the valve V1 as the faulty component and validating the fault event test simulation model. 6.4. Fault quantification 6.4.1. Single fault hypothesis For partial blockage of valve V1 (considered in the current test case), let the discharge ¯ d1 , which has to be estimated. Many different coefficient of the valve after the fault be C ways of bicausality propagation are possible from the corresponding BG element R:RV1; one of which is shown in Fig. 13. Therefore, the discharge coefficient of valve V1 can be estimated in different ways and considering two of them, it will be shown that they lead to the identical result. Theoretically, it needs bicausalling of a single suitable sensor to estimate a single parameter. However, we have tried to use the information available from other sensors (because they are available and useful) by converting some of the sensors to sources, such

ARTICLE IN PRESS 18

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

Fig. 11. Coupling of behavioural and bicausalled diagnostic bond graph model. Table 9 Parameters of two-tank system Symbol

Description

Value

Unit

Cd1 Cd2 Ai(i ¼ 1,2) QPmax KP Ki

Hydraulic flow coefficient of valve V1 Hydraulic flow coefficient of valve V2 Cross-sectional area of Tanki (i ¼ 1,2) Maximum mass flow rate from pump Proportional gain of PI level controller Integral gain of PI level controller

1.8  103 1.5964  103 1.54  102 1 104 106

(kg m)1/2 (kg m)1/2 m2 kg s1 Pa1 Pa1 s1

that there are no algebraic loops in the solution and the order of derivatives of measurements needed for parameter estimation is kept to a minimum. Note that higher order measurement derivatives lead to noisy parameter estimation. In Fig. 13, bicausality

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

19

Fig. 12. Residual response for two-tank process: (a) residual-3; (b) residual-4; (c) residual-5.

Fig. 13. Bicausality propagation to sensor L1.

is propagated to sensor L1 (i.e. it becomes a flow and effort source at the same time), sensor L2 is treated as a effort source and sensor F1 is retained as a flow sensor, although it could as well have been converted into a flow source. This leads to the following relations: e2 ¼ rgL1 ; e8 ¼ rgL2 ; f 2 ¼ 0, e5 ¼ e4  e6 ¼ e2  e8 ¼ rgðL1  L2 Þ, d A1 d ðrgL1 Þ. f 5 ¼ f 4 ¼ f 12  f 3  f 2 ¼ Qp  C T1 ðrgL1 Þ ¼ Qp  dt g dt

ARTICLE IN PRESS 20

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

Because the variables e5 and f5 are constrained by the constitutive law of the element RV1, pffiffiffiffiffi f 5 ¼ C¯ d1 e5 Qp  ðA1 =gÞ ðdðrgL1 Þ=dtÞ f5 pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi Or; C¯ d1 ¼ pffiffiffiffi . ð5Þ ffi¼ e5 rgðL1  L2 Þ Note that because sensor F1 was retained as a flow sensor, i.e. it was neither assigned bicausality nor made a source, it does not appear in Eq. (5). The recorded values of measurements for the current and the just previous sampling step are used in the estimation procedure. The simulation result obtained by using Eq. (5) is ¯ d1 tracks the actual value both given in Fig. 14, which shows that the estimated value of C before and after the fault. Note that the estimation gives the correct value immediately after the fault although the associated residuals are in the transient regime at that time (see Fig. 12). Alternatively, considering the computational causalities assigned to the model as given in Fig. 15, where the bicausality is propagated towards the sensor L2, one obtains f 5 ¼ f 6 ¼ f 7 þ f 8 þ f 10 ¼ C T2

pffiffiffiffiffiffiffiffiffiffiffi A2 d pffiffiffiffiffiffiffiffiffiffiffi d ðrgL2 Þ þ C d2 rgL2 ¼ ðrgL2 Þ þ C d2 rgL2 dt g dt

and e5 holds the same relation as before, i.e., e5 ¼ rg(L1L2). ¯ d1 may be alternatively estimated from Then, the value of C pffiffiffiffiffiffiffiffiffiffiffi f5 ðA2 =gÞðdðrgL2 Þ=dtÞ þ C d2 rgL2 pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi C¯ d1 ¼ pffiffiffiffi . ffi¼ e5 rgðL1  L2 Þ

(6)

Note that addition of ARRs is also an ARR (although it does not become structurally independent as long as one of the basis ARRs is eliminated, i.e. orthogonality principle holds in the binary sense by replacing dot products by binary AND operators). By adding

Fig. 14. Estimation of discharge coefficient of valve V1.

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

21

Fig. 15. Bicausal bond graph of two tank system: propagation towards sensor L2.

ARR3 (Eq. (2)) and ARR4 (Eq. (3)), one obtains pffiffiffiffiffiffiffiffiffiffiffi A2 d A1 d ðrgL1 Þ  C d2 rgL2  ðrgL2 Þ ¼ 0 g dt g dt pffiffiffiffiffiffiffiffiffiffiffi A2 d A1 d ðrgL1 Þ ¼ C d2 rgL2 þ ðrgL2 Þ. or; Qp  g dt g dt

Qp 

ð7Þ

Both Eqs. (5) and (6) have same denominator and Eq. (7) proves that their numerators are equal. Therefore, Eqs. (5) and (6) lead to the identical parameter estimation; only the algebraic forms differ due to the chosen computational causalities. Likewise, bicausality may be propagated to sensor F1 or any other combination of computational causalities (i.e. higher derivative orders) may be followed, and every such causal assignment leads to the same result. 6.4.2. Multiple fault hypotheses Faults in components are isolable even for multiple fault case when the corresponding fault signatures are linearly independent, i.e. the set of residuals sensitive to those faults is structured and diagonal. For example, consider that residuals r1, r2 and r5 are simultaneously abnormal, which leads to a coherence vector [1,1,0,0,1]. This coherence vector can only be obtained from a unique linear combination of fault signatures given in Table 6 and thus three components, i.e. pump, PI controller and V2 can be directly isolated as the faulty components. On the other hand, if the obtained fault signature is not structured then it is not possible to structurally or directly isolate the faulty components. Consider a case where r3 and r4 are abnormal leading to a coherence vector [0,0,1,1,0], from which a fault subspace or list of fault candidates, /T1, T2, V1S, can be generated. In this case, fault isolation (called fault disambiguation, because there is some ambiguity involved in determining the exact component) is not possible by using the foregoing structural approach because the coherence vector may be obtained through different combinations of the following fault signatures: fault in V1, fault in V1 and T1, fault in V1 and T2, fault in T1 and T2 or fault in V1, T1 and T2. This situation is characterized by the inability to assign bicausality to all the elements corresponding to the fault candidates, with any scheme of bicausalling of the available sensors. For example, elements C:CT1, C:CT2 and R:RV1 cannot be simultaneously bicausalled in the BG model given in Fig. 10; in fact such simultaneous bicausalling of them would require an additional flow sensor in V1 which in turn would result in a completely structured residual set and allow multiple fault isolation. Therefore, in this case, multiple parameters have to be simultaneously

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

22

estimated and thus the simple procedure-based on bicausality propagation cannot be applied. Indeed, one needs to use temporal information to determine more number of unknown variables than the known variables. The least-square optimization of a cost function (cumulative sum of the square of the output error between the actual plant and a model) is recommended for multiple parameter estimation, if the superimposed noise is not very large. A BG-based approach, called sensitivity BGs, was developed in [18,19] to estimate parameters of the system by using a recursive least squares algorithm. Following the standard gradient search principle, partial derivatives of the cost function with respect to the parameters were used to derive a set of equations, which were then represented in the sensitivity BG form. The sensitivity matrix [24,25] is then used to improve the performance of the estimation procedure, i.e. for quicker convergence. The standard recursive least squares optimization technique attempts to estimate the parameter values, which give minimum output error. If parameters of a system change without changing the structure of the system then the estimation procedure, when applied over a sufficient time window, identifies the new set of parameter values. However, the new parameter vector is assumed to be constant over the optimisation time window. Clearly, this approach is not appropriate to handle cases related to intermittent or progressive faults. In those cases, the time window should be small and least-square optimization should be made on a moving/sliding time window. Whether a standard gradient search principle, genetic algorithm or any other optimization technique is used, it is important to choose proper guess values at the startup. Note that for every set of parameter values selected during the optimization process, the model has to be simulated to give the outputs for comparison with the plant response and there will be several such time-consuming simulations needed to achieve acceptable convergence. Delayed parameter estimation delays the fault accommodation and can seriously undermine the efficacy of the supervision process. An ARR-based optimization technique has been developed in [26], which gives rough estimates of the susceptible fault parameters and these rough estimates serve as good guess values for rigorous parameter estimation. The cost function to be minimized is defined as F¼

m X n X k¼1

r2i ;

i

where m is the number of samples considered in a sliding window and n is the number of ARRs involving the fault parameters. The guiding principle is based on the fact that if there is no change to the structure of the system, then there should be a set of parameter values, which would make all residuals sufficiently close to zero. Note that in this optimization, only a few parameters (those which are the fault candidates) are estimated and there is no need for model simulation. Thus, this estimation procedure converges very quickly; but because of the use of derivatives of measurements (to evaluate residuals from ARRs), the estimated parameter values (over a sliding window) are noisy. A best-fit curve of each estimated parameter is useful in detecting whether the fault is abrupt, progressive or intermittent. In case of an abrupt fault, the average estimated value is to be used as the guess value in the rigorous simulation-based estimation procedure. Detailed discussions on multiple fault isolation and sensitivity BGs are out of the scope of this paper. Interested readers may refer to [26,27] for further details.

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

23

6.5. Fault accommodation through FTC Once the fault magnitude is estimated, then the next step concerns accommodation of the identified fault by suitably changing the control laws, if possible. When valve V1 of the two-tank system (see Fig. 1) is partially blocked, the level in the tank T1 reaches the set point and then the pump operates at a low load. Simultaneously, the level in the tank T2 decreases because there is less input flow through the inlet valve and the output to consumer is open. Overall, the output flow rate to the consumer decreases. If the objective is to maintain a constant flow rate to the consumer, then the level in T2 must be increased (to its steady state value during normal operation), which consequently requires more flow to be forced through the faulty valve, which in turn requires more level in the tank T1. This qualitative analysis means that the level set-point in T1 should be increased. The question now remains, by how much and at what rate? These two problems relate to the system inversion and actuator sizing problems [16,17,20], respectively. The process of finding an input sequence to satisfy a constraint given in the form of an output sequence is called system inversion. System inversion is elegantly performed by using bicausality notations. Inversion of a BG model for actuator sizing by using an SS element in the place of a prescribed output flow is shown in Fig. 16, whereby the power variables (ea, fa) for the actuator and the power modulator (em, fm) can be derived in terms of the state variables, the desired output and their derivatives. 6.5.1. System inversion The value of the desired level set point for T1, such that the steady state output of the system will match the output in the non-faulty case is determined from the bicausal BG model shown in Fig. 13. pffiffiffiffiffi From the constitutive relation of the valve, one can write f 5 ¼ C d1 e5 ¼ pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi C d1 rgjL1  L2 j. The steady-state flow through V1 in the non-faulty case, when the valve is fully open, is given by pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi f n ¼ C d1 rgjL1s  L2s j, (8) where, fn is the steady-state nominal flow rate, L1s is the nominal level set point for tank T1 and L2s is the steady-state level in tank T2 during non-faulty process operation. By using

Fig. 16. Actuator sizing and system inversion for two-tank system.

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

24

pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi steady-state approximation, i.e. C d1 rgjL1s  L2s j ¼ C d2 rgjL2s j, one obtains L2s ¼

C 2d1 L1s . C 2d1 þ C 2d2

(9)

If the same amount of flow as the normal process output has to be forced through the defective valve by changing the level set-point of the tank T1, then pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi (10) C¯ d1 rgjL1s  L2s j ¼ C d1 rgjL1s  L2s j; ¯ d1 is the estimated discharge coefficient and L1s is the new level set point for T1. where, C Use of Eqs. (9) and (10) gives L1s as !   C 2d1 C d1 2 C 2d1  L1s ¼ 2 L1s þ 1 2 (11) L1s . ¯ d1 C C d1 þ C 2d2 C d1 þ C 2d2 ¯ d1 a0), tank T1 is able The fault can be accommodated, if V1 is not completely blocked (C to accommodate the prescribed level without overflowing (geometrical constraint), and the pump is able to give enough flow, against the given pressure head. The last constraint is the actuator sizing problem. 6.5.2. Actuator sizing Consider that the actuating pump in this system, as usual in any such other system, has been selected to deliver a rated flow against a given pressure difference, i.e. the pump’s power rating is sufficient to achieve the normal level set-point as well as desired level as obtained through system inversion in Eq. (11). Further consider the word BG of an actuating system, along with its power modulator, given in Fig. 17 [20], in which different power variables are marked. Each of those power variables usually have a constraint as follows: |em(t)|pEm, |fm(t)|pFm, |em(t)fm(t)|pWm, |ea(t)|pEa, |fa(t)|pFa, |ea(t)fa(t)|pWa, 8tA[0,T], where T is the time required to reach the steady state. A representative plot of the time evolution of different variables, in the constraint space is shown in Fig. 18. The hyperbolic curves represent constraints on power and the nonshaded area in the middle of each plot is the admissible operating regime. The objective is to find out an output profile (e.g. maximum slew rate), and the corresponding input law, for which all the operating constraints are satisfied. The mass flow rate (f) through a pump is a nonlinear function of pressure difference (DP) and it can be expressed as f ¼ F(DP). We assume an impeller pump characteristic approximated by f ¼ aDP1, where a is a constant parameter corresponding to a fixed power rating of the pump (W). Normal operating mode for the plant is defined by the point, a, which is on the characteristic curve corresponding to 41.4% of maximum power output of the pump, Wmax (see Fig. 19). After the blockage fault in V1, the operating point shifts to point b (a transient point; the steady state point will be exactly below point a, but we cannot wait

Fig. 17. Word bond graph of a feedback actuated system.

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

25

Fig. 18. Trajectory of power variables in the constraint space.

Fig. 19. Validation of input command for FTC implementation.

till then and will accommodate the fault before that). Now the pump flow has to be increased to attain the pressure corresponding to the tank level L1s ð¼ 0:79 mÞ, which was calculated earlier by using Eq. (14). Without using any optimal control theory, in which selection of the gain matrices for the global and the transitional cost is subjective, we have chosen the path corresponding to maximum pump power output. Then the input pump flow is defined as: fmax ¼ amaxDP1, where amax ¼ 103. By using this input command and following the path c– d in Fig. 19, the pressure in tank T1 is increased to a level sufficiently close to the desired level (P1 ¼ rgL1s ¼ 7749:9 Nm2 ). Thereafter, the FTC control law is automatically switched over to the original PI control law (with the new set point) to take

ARTICLE IN PRESS 26

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

care of small deviations and the path followed is shown as e– g in Fig. 19, in which g is the final steady-state position. The desired pressure level can as well be achieved by altering the PI controller set point after the fault diagnosis, but the actuator constraints would not be satisfied in that case. The corresponding transition should hypothetically follow a path shown as bc0 g (dotted lines) in Fig. 19, which is not admissible under the given operating constraints. Furthermore, consider a case where the normal operating point is a0 instead of a, and the desired operating point to reach is g0 , instead of g. In this case, in order to increase the pressure, the pump has to deliver more flow than what the pump can deliver while operating at its maximum power rating (see the operating curve corresponding to Wmax in Fig. 19) and hence, FTC is not possible in this case. The power modulator constraints can be determined similarly (see Fig. 19). Note that one may solve an optimal control problem with a heavy cost on excessive input size, relaxed transitional cost on the outputs and relaxed global cost on the objective target, to determine an appropriate input sequence. However, determination of coefficients of the cost function is subjective and the solution does not guarantee that the pump will operate at its full efficiency. Furthermore, solution of the nonlinear optimal control problem in real-time FTC applications may be time consuming when compared to the simpler method of deriving the control laws through system inversion.

Fig. 20. Simulation results with FTC.

ARTICLE IN PRESS A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

27

The integrally causalled BG model of the two-tank system was simulated with the parameter values given in Table 5 to study the system behaviour, particularly with FTC implementation. The time responses of tank pressures are shown in Fig. 20. Blockage fault in V1 was introduced at 250 s (line L), and FTC was applied at 295 s (line M) after complete fault diagnosis including isolation, parameter estimation and required PI controller set point calculation was over. Thereafter, the FTC law was automatically switched over to the normal PI control (set point is changed) at 350 s (line N). The pressure responses resulting from direct modification of the set point of the PI controller while neglecting the actuator constraints, which is essentially a physically impossible and thus a hypothetical case, are also plotted for comparison. It is observed that with the later hypothetical strategy, the steady-state behaviour could be quickly attained. However, note that the pump would be unable to operate according to the controller commands (saturate) and thus the later approach has only academic value. The FTC for the two-tank system is finally implemented in three steps:

  

The PI controller is suspended; Pump is then operated at maximum power to bring the level in tank T1 sufficiently close to a new set-point, L1s, and Finally, the PI controller is reactivated with the new set point, which takes care of further small deviations.

7. Conclusions A systematic approach to model-based process supervision with FTC capabilities has been developed by using BG models. The issues of fault detection and isolation, parameter estimation, system inversion, actuator sizing, and finally the design of FTC law have been discussed. We have used bicausality principle and shown that it is indeed a unified approach to handle the aforementioned activities involved in a supervision system. A simple academic example has been used in this paper; however, the developed principles are equally applicable to more complex and general systems. References [1] K. A˚stro¨m, P. Albertos, M. Blanke, A. Isidori, et al. (Eds.), Control of Complex Systems, Springer, London, 2001. [2] M. Blanke, M. Kinnaert, J. Lunze, M. Staroswiecki (Eds.), Diagnosis and Fault-Tolerant Control. Springer, Berlin, 2003. [3] R. Patton, P. Frank, R. Clark, Fault Diagnosis in Dynamic Systems: Theory and Applications, PrenticeHall, Englewood Cliff, NJ, ISBN: 0133082636, 1989. [4] B. Ould Bouamama, A.K. Samantaray, Derivation of constraint relations from bond graph models for fault detection and isolation, in: J.J. Granda, F.E. Cellier, (Eds.), ICBGM’03, Simulation Series, vol. 35, ISBN: 1-56555-257-1, 2003, pp. 104–109. [5] Peter J. Gawthrop, Physical interpretation of inverse dynamics using bicausal bond graphs, J Franklin Inst 337 (6) (2000) 743–769. [6] V. Venkatasubramanian, R. Rengaswamy, K. Yin, S.N. Kavuri, A review of process fault detection and diagnosis, parts I–III, Comput. Chem. Eng. 27 (2003) 293–346. [7] D.C. Karnopp, D.C. Margolis, R. Rosenberg, System Dynamics: A Unified Approach, Wiley, New York, 1990.

ARTICLE IN PRESS 28

A.K. Samantaray, S.K. Ghoshal / Journal of the Franklin Institute 345 (2008) 1–28

[8] A. Mukherjee, R. Karmakar, Modelling and Simulation of Engineering Systems through Bond Graphs, Alpha Sciences International, 2000. [9] W. Borutzky, Bond Graphs-A Methodology for Modelling Multidisciplinary Dynamic Systems, SCS Publishing House, Erlangen, San Diego, 2004. [10] J.U. Thoma, B. Ould Bouamama, Modelling and Simulation in Thermal and Chemical Engineering: Bond Graph Approach, Springer, 2000. [11] C. Sueur, G. Dauphin-Tanguy, Bond graph approach for structural analysis of MIMO linear systems, J. Franklin Inst. 328 (1) (1991) 55–70. [12] G. Dauphin-Tanguy, A. Rahmani, C. Sueur, Bond graph aided design of controlled systems, Simul Pract Theory 7 (5–6) (1999) 493–513. [13] M. Tagina, J. P. Cassar, et al., Monitoring of systems modelled by bond graph, in: Proceedings of the ICBGM’95, Simulation Series vol. 27(1) 1995, pp. 275–280. [14] R.F. Ngwompo, S. Scavarda, D. Thomasset, Inversion of linear time-invariant SISO systems modelled by bond graph, J. Franklin Inst. 333 (2) (1996) 157–174. [15] R.F. Ngwompo, Peter J. Gawthrop, Bond graph-based simulation of non-linear inverse systems using physical performance specifications, J. Franklin Inst. 336 (8) (1999) 1225–1247. [16] R.F. Ngwompo, S. Scavarda, D. Thomasset, Physical model-based inversion in control systems design using bond graph representation—part 1: theory, Proc. ImechE part I, J. Systems Control Eng. 215 (2001) 95–103. [17] R.F. Ngwompo, S. Scavarda, D. Thomasset, Physical model-based inversion in control systems design using bond graph representation—part 2: applications, Proc IMechE Part I, J. Systems Control Eng. 215 (2001) 105–112. [18] P.J. Gawthrop, Sensitivity bond graphs, J. Franklin Inst. 337 (7) (2000) 907–922. [19] Peter J. Gawthrop, Eric Ronco, Estimation and control of mechatronic systems using sensitivity bond graphs, Control Eng. Pract. 8 (11) (2000) 1237–1248. [20] R.F. Ngwompo, S. Scavarda, Dimensioning problems in system design using bicausal bond graphs, Simul. Pract. Theory 7 (5–6) (1999) 577–587. [21] B. Ould Bouamama, K. Medjaher, M. Bayart, A.K. Samantaray, B. Conrard, Fault detection and isolation of smart actuators using bond graphs and external models, Control Eng Pract 13 (2) (2005) 159–175. [22] A.K. Samantaray, K. Medjaher, B. Ould Bouamama, M. Staroswiecki, G. Dauphin-Tanguy, Diagnostic bond graphs for online fault detection and isolation, Simul. Model Pract. Theory 14 (3) (2006) 237–262. [23] T.M. Apostol, Mathematical Analysis II, second ed., Addison-Wesley, 1974. [24] R. Tomovic´, M. Vukobratovic´, General Sensitvity Theory, Modern Analytic and Computational Methods in Science and Mathematics, 35, Elsevier, New York, 1972. [25] P.M. Frank, Introduction to System Sensitivity Theory, Academic Press, New York, 1978. [26] S.K. Ghoshal, Model-based fault diagnosis and accommodation using analytical redundancy: A bond graph approach, Ph.D. Thesis : Indian Institute of Technology-Kharagpur, May 2006. [27] A.K. Samantaray, S.K. Ghoshal, Sensitivity bond graph approach to multiple fault isolation through parameter estimation, Proc. ImechE part I, J. Systems Control Eng. (2007), doi:10.1243/09596518JSCE369.