A Knowledge-Based System for the Automatic Generation of Plant Shutdown and Startup Schedules

A Knowledge-Based System for the Automatic Generation of Plant Shutdown and Startup Schedules

Copyright © IFAC Industrial Process Control Systems. Bruges. Belgium. 1988 A KNOWLEDGE-BASED SYSTEM FOR THE AUTOMATIC GENERATION OF PLANT SHUTDOWN AN...

1MB Sizes 0 Downloads 12 Views

Copyright © IFAC Industrial Process Control Systems. Bruges. Belgium. 1988

A KNOWLEDGE-BASED SYSTEM FOR THE AUTOMATIC GENERATION OF PLANT SHUTDOWN AND STARTUP SCHEDULES M. Galluzzo Dipartimento di Ingegneria Chimica dei Processi e dei Materiali Universita di Palermo, Viale delle Scienze , Palermo, Italy ,

Abstract. When the shutdown of a plant, or part of it, has been decided as consequence of a major fault, the generation of a saf~ shutdown schedule may be, for large and complex plants, 1 very difficult and delicate task. The same problem may be found when the plant must be restarted after the fault has been repaired, for the generation of a start-up schedule. The use of a knowledge-based system appears to be a suitable answer to this problem, allowing a high level of safety and a very fast generation process. The paper examines the process knowledge that needs to be included in such a knowledge-based system and proposes some knowledge representation forms that appear suitable for the task to be performed. Keywords. Knowledge-based systems; process control; artificial intelligence; alarm systems; control engineering computer applications; plant operation procedures.

on a knowe1edge-based system that in the presence of a malfunction will propose, together with a diagnosis, a safe procedure to shutdown the plant or will execute the procedure automatically.

INTRODUCTION Over the past decade there has been an increasing attention to the transfer of many Artificial Intelligence research results to industrial fields. Many interesting potential applications have been also reported in the field of process control but the real breakthrough among industrial users has not taken place. This is mainly due to the fact that many of the proposed systems would require large and specialized computer systems to solve real practical problems.

A knowledge-based system might put together the experience of many experts and the processing speed of modern computers in order to promptly produce safe procedures taking account of the real state of all components of the plant. Integration with the process control system would provide the knowledge-based system with on-line process information, while continuous monitoring and plausibility checks would assure early detection of malfunctions and prompt action .

It is likely that the increasing availability of cheaper computers and memories along with the increasing theoretical background among industrial users will contribute to the spreading of AI techniques in the process control area. One main consequence could be the integration in a more general control system of several different activities still considered separately such as process control, fault detection and diagnosis, scheduling and planning, etc.

PROBLEM DEFINITION The first attempt to set-up a computer based method to synthesize operating procedures for chemical plants was done by Rivas, Rudd and Ke11y (1986) and by Rivas and Rudd (1986). They considered a plant as a network of connectors where the position of valves determines the routes through which material flows. A Boo1ean method was used to search for operating procedures not leading to hazardous conditions. A similar approach was used by O'Shima (1978). More recently a knowledge based system has been suggested as an aid in the planning of complex pump and valve sequence operations by Fou1kes and others (1988). Common to all the previous methods is the assumption, in many cases quite acceptable, that the synthesis of an operating procedure coincides with the determination of a sequence of valve operations. Ivanov and co-workers (1980) addressed a

This paper mainly concerns the application of AI techniques to the problem of synthesizing safe operating procedures for the start-up and shutdown of a chemical plant and the occurrence of other deviations from normal operating conditions. The generation of operating procedures is generally carried out off-line by experienced operators and engineers and the proposed knowledge-based system is thought of as an off-line aid. Nevertheless it may be useful, especially in emergency situations, when operators are in high stress conditions, to rely

75

76

~1.

different problem proposing a method for determining an optimal startup sequence in a set of previously defined alternatives, using graphs as a representation means of startup process. Some attempts to pose the synthesis problem at a different level have been made. Kinoshita, Umeda and O'Shima (1981) adopted a decomposition strategy, dividing the plant in units, that in a first phase are considered by ignoring their interrelationships. The coordination is achieved in a second stage in which consistency checking is carried out. A rule-based system using a Prolog-like logical programming language and a digraph representation of the plant has been proposed by Tomita and others (1986). In this method digraph nodes represent equipment items, while arcs represent pipelines. Valves are assigned to the relevant arcs. Considering that formal methods for the synthesis of operating procedures are not yet available Fusillo and Powers (1987) try "to lay the foundation" for a general methodology, by proposing a complete strategy, based on system decomposition, modelling, planning and searching techniques. A method similar to the add and delete lists used in S7RIPS of Fikes and Nilsson (1971) is used to model units while planning is based on means-ends analysis. This paper describes the development of a methodology for the automatic synthesis of operating procedures in which some problems that arising in applying traditional Artificial Intelligence and Operations Research techniques are overcome by the use of a deep decomposition and multi level modeling strategy.

Galluzzo nothing happens unless determined directly by an action; only a primitive task can be carried out at a time. None of the previous assu~ptions is generally valid in planning plant operation procedures. Evolution of a plant or a unit after a primitive action might la~t for a long time. In many cases it is not even required that a stationary state be reached before another action be carried out. In an emergency shut-down procedure a planner should be able to cope with a plant that is going out of control and this should be done often even not knowing the causes but hopefully knowing the effects of corrective actions. The third assumption is perhaps the only one that can be accepted in order to simplify the problem, but relaxation of the assumption should be allowed in some cases. Therefore a general and formalized method for the automatic generation of operating procedures should contain effective solutions to the above problems.

SYNTHESIS

or

AN OPERATION PROCEDURE

The description of steps usually performed in building an operating procedure can help in understanding the structural and modeling requirements for a knowledge based system. For reference purposes let us consider the case of a start-up procedure synthesis for a continuous process.

Plant Description Planning systems capable of automatically producing plans of action have been a main topic of AI research. r~any research areas of AI are involved in planning systems: knowledge representation, search, choice making, learning. Apart from some general features in common with many AI applications planning systems present specific problems: - reasoning about time and events - multiple agents - phisical constraints. Furthermore planning cannot be simply considered as a systematic generation of plans because some experience is alawys included in our plans; so some form of opportunism should be included in a planning system (Hayes-Roth,1979). Any transition of a system from a state to another, can be described as a task to be performed, usually made up of by several subtasks. The structure of subtasks, not necessarily sequential, gives the plan of the task execution. A hierarchy of sub tasks can be devised; the lowest level of the hierarchy is constituted by primitive tasks, that do not require further planning in order to be executed. Most of traditional planning methods, for game playing or robot actions, are based on some simplifying assumptions: the effects of an action are instantaneous;

The starting point would be the plant scheme together with a functional description of it. The required description may be very differently detailed. Flow-sheet and instrumentation diagrams are usually available when a procedure is being prepared. It is also necessary to know: - the production goals of the whole process along with those of units in which the plant can be decomposed; - the normal operation conditions of each unit.

Decomposition The second step would probably be the decomposition of the plant in units, that can be considered individually from the point of view of start-up, i.e. that can be or need to be started separately. Decomposition leads to the individuation in the flow-sheet of tears in which contiguous units share output and input variables. Constraints will have to be considered in these points for a safe connection of units (same value of common variables, absence of incompatible species, etc.). The partitioning of the plant is usually the same used for shutdown or for limiting the volume of spills in the case of a pipe rupture.

:\utomatic Generation of Plant Shutdown and Startup Consider the flowsheet in Fig. 1. It refers to the first part of a plant for the hydrodealkylation of toluene to produce benzene, that is being used as case study in the development of our system. It is quite straightforward to consider three units: heat exchanger, furnace, reactor. In decomposing a plant particular attention should be given to the presence of recycle streams. In some cases this could lead to consider larger units. After decomposition the synthesis problem can be seen as the determination of the start-up procedures for the single units. The individuation of temporal sequences for the separate start-up and the connection of units, that do not violate any constraint coming from safety or operability considerations, must also be considered but they involve problems that, except for the size, are already present in the synthesis of procedures fqr the single units.

Modeling of Units A unit is generally individuated by its main function (e.g. exchanger, furnace, distillation column, etc.). Several items will be necessary in order to characterize a particular unit. - A functional description given by means of some sort of model. Several models are used to represent unit behaviour depending on the final objective of the representation. In the synthesis of operating procedures causal models, with different levels of detail, are required. Causal links between variables are explicitly expressed. The possibility of searching which actions to apply in order to obtain a given goal (e.g. a given variable value or, more generally, a particular unit state) depends on the presence in the models of the causal chain(s) producing the goal. Qualitative causal-temporal models, with an indication, even approximate, of the time needed for the development of unit processes (or actions) are often used. A complete library of unit nodels, if necessary with a different level of detail, should therefore be available. - A list of main significant variables with their operating values and low and high limits determined by considerations on safety (e.g. maximum design pressure for a vessel), economy (e.g. furnace temperature) or operability (maximum reflux flow rate in a distillation column) • - A list of all species present in the unit with associated costraints determined by their presence (incompatibility with other species, admissible states, etc. ) . - A list of unit components including all measuring and control instruments (valves, transmitters, etc.). - A list of all connections among components (in particular all connections with the environment, i.e. safety valves, manholes, etc.). - A list of unit and instrumentation utilities.

77

Task Definition A main task is usually defined as a transition from a state to another that respects some costraints. System states are described by sets of values for all significant system variables. Intermediate states can be usually individuated, so that several subtasks can be defined. This may help in hierarchically structuring the problem and in l~miting the size of search spaces. Constraints are also used to limit the search space. The transition betwee n two successive states corresponds to an "even t ". Events can be classified in two types: - events corresponding to operator actions and immediately producing a different plant condition (e.g. the start-up of a pump); - events produced by the functioning of the unit in particular conditions for an adequate time; actually these events need to be monitored and verified before passing to another step (e.g. the obtainment of a given temperature in a reactor), while in a procedure synthesis they need to be simulated in some way. The start-up procedure should consider all steps leading from the initial state, defined by a set of significant variables values and by a set of particular conditions of some unit components and utilities ( valves open or closed, pumps running or not, etc.) to the final state, characterized by the required operating conditions, through intermediate states without violating any constraint.

Plan Generation The generation of a plan (or plans) to perform a task is the core part of a planning system. Strictly connected with the generation of a plan is the evaluation of the effects that each action of the plan will produce. Each stage of the operational procedure must be accompanied by the expected results at that stage. Checks and validation of expected results of the previous stage are required before the execution of any proced ure stage. Restarting or replanning (i f on-line) could be necessary if a departure from expected results is detected. The consideration of time, events and their interrelationships is essential in plan-formation and in the choice of a plan generator. The temporal constraints and time dependent behaviour of processes need a formalized reasoning method in order to deduce the actions to be performed. States and events are usually used to reason about things that change with time. We would need to represent our system at different times and to maintain these representations in the database for some time in order to be able to infer what will happen if an action is carried out. The maintenance of these inferences and their retrieval from the database is also necessary. Situation calculus (McCarthy, 1958 and 1969) has been used to represent states and events, but it

78

M. Galluzzo

is not capable to manage continuous and autonomous changes. In fact there is occasionally a need for representing continuous evolutions of processes. In most cases transitions take place between discrete states (e.g. a pump is usually considered as on or off), but in some cases transitions are realized smoothly, or depend on autonomous evolution of components and units, or are conditioned by contemporary actions. Different notations should be used. Transitions between discrete states can be described by associating to an action the list of facts that become true (addlist) and a list of facts that become false (deletelist), as used in the implementations of situation calculus. A different method must be used to deal with continuously changing processes. A practical discrete qualitative simulation method developed by Galluzzo and Andow (1987,1988), based on a digraph represen t ation of units can be applied.

Planning Decisions The selection among alternative plans and the coordination of alternative sequences for a particular task have to be done at various levels. Domain-specific rules for each unit or component based on euristics, safety or operability considerations are used in order to eliminate some candidate plans or sequences.

AUTOMATIC SYNTHESIS OF OPERATION PROCEDURES The above mentioned considerations led to devise a structured system that uses several different ideas. In any case it is implicite in the previous description that the planning problem has to be considered as a deductive-retrieval problem, that needs a database with multi level representation forms. The system is formed by three main components: a database, a plan generator, a projection system. Database. The database includes : - Descriptions of components with significant variables and links among them: a list of discrete values and the events (actions) that can determine the passage from a state value to another are associated to each significant variable of a component; preconditions that must be true if actions are to be applied are associated with actions. The resulting knowledge scheme is expressed in terms of a multilevel associative network in which each variable is represented by a discrete number of nodes each corresponding to a state. The arc between two nodes can represent an event or a causal relationship. Time intervals are associated to arcs. One component state is represented by the set of nodes corresponding to the state values of significant variables. - A set of initial and final conditions for all components that specifies the task to be performed. - All constraints (relative to components states, variables, actions,species,etc.) to which the

plant (or unit) is subjected. Plan generator. The plan generator includes an algorithm for finding differences between states and a method of relating these differences to actions able to reduce them. The algorithm starts by inferring from database and from final and initial conditions the first event (action); this is usually a check for the position of some valves or the start-up of a utility. All events classified as checks, when found, are added to the procedure if no action has been carried out on the component being checked, unless the same check has been previously considered in the procedure being built, in which case it is not considered again. A method to select the most significant state differences in different situations is also :mplemented by encoding heurist i c rules, so that the most effective action can be applied. One criterion is to choose t he action that allows the maximum number of variables to change towards the final state values. The action is applied (see next paragraph), a new state is determined, and the algorithm is applied again. If no action is found that can change at least a variable in the right direction backtracking starts and a different action is considered in the previous step. Projection system. The central part of the proposed system, being implemented, has a structure similar to the one of the projection system suggested by Charniak and McDermott (1985). It is basically constituted by a temporal system analyzer (TSA) and a time map manager (TW.~). The temporal system analyzer is the part of the system in charge of determining, given an event (action), all the things that might happen. The TSA uses two different methods to evaluate the effects of an action. The addlist/deletelist method is used for instanteneous actions, while a discrete qualitative simulation, based on a digraph model and an interval based time reasoning method (Allen,1984), is carried out when events cause continuous evolution of components or units.Instead the task of the time map manager is to maintain and update the time map, i.e. the database of state and event tokens, by using information contained in the associative network. To reduce the problem size a hierarchical time map (Kolodner, 1983) is used.A solution checker analyses situations generated by TSA using constraints and heuristic rules to assess feasibility. Then Tt·n·' updates the time map once a solution has been chosen among the generated ones. The system is being implemented in Prolog using an IBM PC AT.

EXA1~PLE

Let's consider the task of the start-up of the hydrodealkilation unit shown in Fig. 1. The task network (Fig. 2) will contain as a subtask at unit level" furnace ignition ". The sequence produced by the system is the

Automatic Generation of Plant Shutdown and Stanup

79

FURNACE IGNITION PROCEDURE CONCLUDING RnlARKS & CHECK $ CHECK

"drain line valves feed line" "drain line valves in feed line "damper"

CLOSED

CLOSED NOT BLOCKED "maintenance blanks" REr·10VED "burner valves" CLOSED (damping steam pressure) NORIML (value) (fuel gas pressure) NORMAL (value) (pilot burners gas pressure) NORrML (value) $ CHECK «hydrocarbons in c.c.» ABSENT & OPEN IIdamper" APPROPRIATELY & OPEN "damping steam valve" % 10 minutes % $ CHECK ":fuel line sol. valve" ACTIVE $ CHECK (fuel line PLCO set) NORr·1AL (value) $ CHECK (pilot burners PLCO set) NORMAL (value) $ CHECK "TRC" r~ANUAL & REDUCE (damping steam f.r.) LOW (value) & IGNITE "pi lot burners I, && ASSURE (feed flow rate) NOR~lAL (value) & OPEN "fuel valves" SLOWLY, NORMAL (value) & LOOP % 15 minutes % $ REGULATE "main air valve" $ REGULATE "secondary air valve" $ REGULATE "damper" $ CHECK (feed temperature) INCREASING $ CHECK (flame colour) NORHAL &&&END $ $ $ $ $ $

CHECK CHECK CHECK CHECK CHECK CHECK

(Actions and qualitative values of actions and variables are in CAPITAL, " " indicates components, ( ) indicates a variable, « » indicates a species, && indicates a subtask, $ indicates an action that can be performed during the last action, & indicates an action that can be started only after the completion of the previous action.) Note that the first part of the sequence concerns checks to be performed before actually starting the ignition procedure. All these checks correspond to preconditions of some subsequent actions. Since they do not interfere with previous actions they are put at the same level at the beginning. Some imprecise expressions like "open appropriately" or "flame colour normal" are used that require operator understanding. The same can be said for the qualitative rates of change IIs1owly,lncreasl.ng,etc.". A subtask (&& assure ••• ) is generated that is not developed in the sequence. The subtask requires coordination with the start-up of the exchanger unit. During the time interval in which the damping steam valve is open some non interfering actions can be carried out. The final part of the procedure, when the combustion process is activated, might require a simulation, not used in this case, to produce a more detailed schedule of actions. These are simply listed while their coordination is left to the operator. Loop is therefore a sort of meta-action involving all subsequent actions in a feedback loop coordination.

The proposed approach to the automatic synthesis of operating procedures provides a basic frame in which different representation models and search and planning algorithms can be incorporated. The benefits of using a hierarchical decomposition are evident both in reducing search spaces ana in limiting the time interval during which a search for a correct action has to be carried out. The system needs to be improved in several aspects, some of which have not been intentionally developed at this stage. They include: - user interface; - on-line implementation; - execution monitoring aspects. I~oreover further work is necessary to improve the qualitative simulation part of the temporal system analyser. The effects of contemporary events or actions are calculated by the use of composition rules that in so~c cases appear to be arbitrary and inconsistent. Finally the system still needs thorough testing of temporal sub tasks coordination on more complex and larger units.

REFERENCES Allen, J. (1984). TOI
80

M. Galluzzo

Kinoshita, A., T. Umeda and E. O'Shima (1981). An Algorithm for Synthesis of Operational Sequences of Chemical Processing Plants. Computerized Control and Operation of Chemical Plants. Osterrreichisher Chemiker, Vienna, Austria. Kolodner, J. (1983). Reconstructive Memory: A Computer Model. Cognitive SCience, 2, 281-328. McCarthy, J. (1958). Programs with Common Sense. In Proceedings of the Symposium on the !~echanization of Thought Processes. National Physical Laboratory, Teddington, U.K. McCarthy, J. and P. J. Hayes (1969). Some Philosophical Problems from the Standpoint of Artificial Intelligence. In B. Mel tzer and D. Michie (Eds.). Machine Intelligence ~. Edinburgh University Press. Edinburgh, U.K. O'Shima, E. (1978). Safety Supervision of Valve Operations. J.Chem.Eng. Japan , !!, 390-395. Rivas, J. R., D. F. Rudd and L. R. Kelly (1974). Computer-aided Safety Interlock Systems. ~., 20, 311-319. Rivas, J. R. and D. F. Rudd (1974). Synthesis of Failure-Safe Operations. AIChE J., 20, 320-325. Tomita, S., M. Nagata, E. O'Shima and C. McGreavy (1986). On the Development of an Automatic Synthesizer of Operating Procedure for Chemical Plants. Preprints of IFAC \'Jorkshop, Kyoto, Japan, 66-70.

81

Automatic Ge neration o f Pla nt Shutdown a nd Sta rtup

/~,

\ I

~-- - '

U R N A

- -'"- '"_.....

C

<

'1

F

'" '" "> ...

\,

E

I

\

,

,

I

/)

1

/

f

I

Fuel G . .

Fig, 1 .

Plant decomposit i on

PLANT START - UP

Fig , 2 , T.ak

network

RV

BLOWDOWN



I I

' - - - -____....-----" I

--, FEED

I

I

+-AIR

~

STEAM PI LOT

PLCO

-

GAS

FUEL GAS

Fig.

3.

Furnace

unit

I ~

t

REACTOR