- Email: [email protected]
Fault Tolerant Sensor Network Design using Redundancy Degrees
Copyright @ IFAC Intelligent Components and Instruments for Control Applications, Buenos Aires, Argentina, 2000
FAULT TOLERANT SENSOR NETWORK DESIGN USING REDUNDANCY DEGREES G. Hoblosl,l, M. S~.. A. Ailoucht?
Laboratoire d'Auromatique et d1nfonnatique Industrielle de lille, UPRESA CNRS 8021 EUDlL, Universite des Sciences et Technologies de lille 59655 Villeneuve d'Ascq cedex, France TeL (+33) (3) 20337190 - Fax: (+33)(3) 20337189 EmaiL' (ghaleb.hoblos, marceLstaroswiecki)@univ-lille1.fr 2. Hautes Etudes lndustrielles 13, rue de Tou~ 59046lille cedex, France Tel: (+33) (3) 28 38 48 58 -Fax: (+33) (3) 20 28 38 48 04 Email:[email protected] I.
Abstract: This paper is concerned with the design of sensor networks which keep the system
observable in the presence of sensor failures. Pseudo-minimal and minimal sensor sets are organized into an oriented graph which contains all the possible reconfiguration paths for which the system remains observable. A bottom-up analysis of this graph allows to compute redundancy degrees which evaluate the robustness of the observability property with respect to sensor failures . The design of sensor networks thus resumes to finding pseudo-minimal sensor sets with given redundancy degrees. Copyright © 2000 IFAC. Keywords: Sensor network, Pseudo-observability, Fault tolerance.
1. INfRODUcnON
linear algebra have been developed by Krestovalis and Mah (1987) to design a sensor network for maximum estimation accuracy, and by Maquin et al. (1987), and Madron and Veverka (1992) for obtaining a minimum cost sensor network. Graph theory, which exploits the structure of the process and sensor network in the design strategy, has been used by many authors (Vaclavek and Loucka, 1976; Ali and Narasirnhan, 1993, 1995, 1996; Bansal et al., 1994; Meyer et al., 1994; Sujoy et aL, 1998).
The control and monitoring of industrial processes, like chemical or power plants, rests on the knowledge of the real time evolution of numerous variables and parameters. However, the direct measure of every variable for which a value is required is not necessary, since many can be estimated using analytical redundancy or observers. The possibility of variables estimation depends on the topology of the process and the location of sensors. The problem of defining the variables to be measured, which are optimal w.r.t. some specified criteria such as cost, reliability, observability robustness, is called the . sensor network design problem.
The problem of sensor location to ensure observability of dynamic systems has been addressed for linear time invariant systems (Omatu and Seinfeld, 1989), and extended to bilinear systems (Ragot et al., 1992). Optimal sensor location for parameters estimation has been considered in (Firdaus and Udwadia, 1994), (Bagajewicz and Sanchez, 1999) while Basseville et al., (1987),
The sensor network problem for steady state processes has been tackled in the past using different approaches, and a survey of the state of the art can be found in (Bagajewicz, 1997). Methods based on
77
Carpentier et al.. (1997). have addressed the design of Fault Detection and Identification systems.
Observability indices w.r.t. H. Let A. be some integer. The vector:
Reliability or fault tolerance issues in sensor network design have been considered only recently. Turbatte et al. (1991) have proposed a concept of system reliability that gives the probability for all variables to be observable when sensors are likely to fail, and have introduced redundancy degrees as robustness measures for the observability property. These concepts have been applied by Maquin et al.• (1995) in the case of sensor placement for steady state systems, and have been generalized in (Staroswiecki et al.. 1999) and applied to the fault tolerance analysis of sensor systems.
nH(
i=l
is a vector of observability indices w.r.t. H iff the first A. linearly independents rows of OBS =
=1. .... , p; j
and the satisfies:
matrix
observability
= 1•.... ,n;)]
OBS(l,n H (A»
1] =
H OBS( l.nH( A))
rank[OBS(J.nH (A))] (3)
,uH (A) = (ul,.....,uph S,ui S A- p+L Di =A
(4)
i=1
is a vector of pseudo-observability indices w.r.t. H. This vector is called admissible iff: l . 1 1 . 1, .... ',ui a ) theArows c iAi- ,1= , .... ,p;j= matrix OBS are linearly independent.
of the
b) the matrix OBS(I,,uH(A» satisfies:
ran{
+ 1) = Ax( k ) + Bu( k )
y(k)=Cx(k)
CT
Pseudo-observability indices w.r.t. H. Any vector J.IH such that:
Consider the discrete deterministic LTI system:
z( k)
TAT
OBS(I,nH(A.»=[c; Ai-I . (i
rank[
2. GRAPH STRUCTIJRE OF PMSS AND MSS
{
re
are given by:
In this paper, we are concerned with the design of sensor networks for L TI dynamic systems in order to obtain some given fault tolerance properties. In section 2, we recall the definitions of pseudominimal (PMSS) and minimal sensor sets (MSS) and we present their organisation using a graph theoretic representation. The definition of strong and weak redundancy degrees (Staroswiecki et al.. 1999) is also recalled and their computation is presented. In section 3, the properties of the PMSS and MSS graph are analysed and used in order to build an algorithm which uses redundancy degrees for sensor location and guarantees (up to some given degree) the observability property in the case of sensor failures. An illustrative example is provided in section 4.
X( k
A.)=~I'''''lZp) lSTIj SA.- p+ I.1sfTlj =A.Sn (2)
(1)
H
1] =
OBS( 1.,uH( A))
rank[OBS( 1.,uH( A))]
(5)
Pseudo-Minimal Sensor Set w.r.t. H. A set of sensors J is said to be PMSS w.r.t. H, iff there exists an
= Hx( k)
integer A and a vector of admissible pseudoobservability indices n H ( A ) = (,ui i E J).
where x E R" is the state vector, u E ](" is the control input, y E R! is the measurement vector, and z E J(l is the vector which is to be estimated. A. B. C and H are matrices of suitable dimensions.
Minimal Sensor Set w.r.t. H. A set of sensors J is said to be MSS w.r.t. H, iff: 1)
This section briefly recalls what are PMSS w.r.t. H and MSS w.r.t. H as well as the graph structure of these sensors subsets (Staroswiecki et al., 1999). Since PMSS and MSS are based on pseudo-observability indices, it is necessary to recall also their basic definitions.
2)
J is a PMSS w.r.t. H 'v' Kc J , K is not a PMSS w.r.t. H.
2.2. Graph representation of PMSS and MSS
PMSS, MSS and non-PMSS can be organized in a subset lattice, using the following representation:
2.1. Definitions
a node is a subset of I , a level contains all the nodes with the same cardinality
Let 1= {I. 2 • ... p} be the set of the sensors which are installed on the process, and let J be a subset of I (J cl).
78
an edge is an oriented link between a node at level i (subsets containing p - i sensors) and a node at level i+l. an edge represents the set-inclusion relation. It is labeled with the sensor which was present at level i and is no more present at level i+l.
Weak Redundancy Degree. We define the weak redundancy degree DP, z) associated with the pair (i. z) as the maximal number of sensors of J which may be lost while continuing to estimate z. Strong Redundancy Degree. We define the strong redundancy degree D FI,J. z) associated with the pair (J. z) as the maximal number of indifferentiate sensors of i that may be lost while continuing to estimate z.
Figure 1 illustrates two levels of a lattice: lMi
--
Comparison between weak and strong redundancy can be illustrated as follows. For any sensor subset J with redundancy degrees DJ (i. z) and DFI,J, z) one has:
lMi+1
Fig. 1. the lattice of sensors subsets
I I
3 K e i such that K =DJ (i. z) and J \ K is a MSS "t K e J such that IKI= DF (i. z) then J \ K is a PMSS
Now. consider only those subsets of 1 which keep z observable. i.e. the PMSS w.r.t. H. and let F be the corresponding sub-graph (illustrated with grey nodes and dotted edges on figure 2).
Consider the graph F: the weak redundancy degree associated with (i. z) is the length of the longest path between i and any of its MSS successors. the strong redundancy degree associated with (i. z) is the length of the shortest path between J and any of its non-PMSS successors minus one.
lMi+1
Obviously one has: Fig. 2. Example of a PMSS sub-graph
"tiel
It is clear that F is not a sub-lattice. Indeed. it is possible that two subsets SI and S2 are PMSS included in F but their intersection does not keep z observable.
DFI,i.z) 5 Dp.z)
=
and DF (i*. z) D/i*. z)= 0 for any terminal node i* (remember that terminal nodes in Fare MSS).
3. FAULT TOLERANT SENSOR NEIWORK DESIGN
Notice also that terminal nodes in F represent MSS. and that all paths in F start with the initial node (the set 1 of all the sensors) and end on a terminal node. The length of a path represents the number of lost sensors between the high level initial node and the low level final one. while the path's label represents the list of the lost sensors.
Let us now consider that the matrix C defines all those sensors which could be installed on the process. Among these sensors. we wish to select one PMSS which guarantees the observability of the vector Z even in the case of sensor failures. The robustness of the observability property can be measured using the previously defined redundancy degrees. The idea of the proposed algorithm is to build the graph F and to compute the redundancy degrees associated with any node untiJI nodes with the required redundancy degrees are found. Since the redundancy degrees of each node can easily be related to those of its successors. a bottom-up approach is used in order to minimize the computation time and avoid combinatorial explosion.
2.3. Redundancy degrees Redundancy degrees associated with one variable have been introduced in (Turbatte et al.. 1991). and further contributions have been given in (Luong et al.. 1994). Two notions have been defined. namely the "principal redundancy of degree k" and the "weak redundancy degree". In this section. we generalize these definitions associating them with the observability of a vector z. and giving them a sound graph-theoretical basis.
This section first presents several properties of the F graph. These properties are then used for the design of an algorithm which produces fault tolerant sensor subsets.
Let I be the set of the system sensors. i be any subset of I and z the variables to estimate.
79
3.1. Remarks, symbols and notations
4. The weak redundancy degree of a grey node N( k, j' ) is given by:
For a level k,
Df(k-l,j' )=Max(k-l,j' )+1
The cardinal of any subset is p-k. The number of corresponding n~es nA: is given by nk =
p) pI (p - k = ( p - k )1 kl .
3.4. Algorithm
(8)
The proposed algorithm is based on two principal steps. The first one, 1Nl, performs the graph initialisation, which consists of marking the bottom level. The second, Marking k -He-I, consists of marking a level k-1 when the marking of level k is known. The Stopping Condition is k = 0 if one wishes to explore all the levels of the F graph. From a more practical point of view, the exploration would stop on reaching a level in which one (or several) sensor subsets with the desired redundancy degree exist.
Each node receives k edges from level k-1. To a given node N( k, j) (k is the level and j is the position in level k : j
€
(1, "
nJ we associate,
A subset of sensors J( k, j ), F(k,j), the set of its grey predecessors at level k+1, F(k,j) is the number of edges issued from grey nodes at level k+ 1, Min( k, j ), the minimal strong redundancy
I
(11)
I
1. 1Nl, Compute the individual observability index of each possible sensor i E {I, ... , p}. Two cases may arise:
degree on F(k,j), Max( k,j), the maximal weak redundancy degree on F(k,j), D F ( k, j) and D f ( k, j ), are the strong and
a) v(i)= n.
V z, z is observable and node {i} is grey. b) v(i) < n.
weak redundancy degrees, OBS( J( k, j», the observability matrix.
If ran{
~.
OBS(z,v(z»
]=rank[OBS(i,V(i»] node
{i} is grey, else it is white.
3.2. Lemma
2. Marking k-Hc-l Several cases can be distinguished in this step:
Let VMSS be the cardinal of the first MSS found by analyzing the graph from bottom to top. Then, it can be proven that:
- When a level k node is grey, then all its predecessors in level k-1 are also grey (property 3). - When a level k node is white, apply property 4. - Compute strong and weak redundancy degrees of each node by applying properties 5 and 6.
'v' N(k,j)
3.3. Properties
The main flowchart of the algorithm is shown on fig.3.
Different properties are related to the marking between levels and the computation of redundancy degrees. 1. All the predecessors of a grey node are grey nodes. 2. The predecessor N( k -1, j') of a white node N( k, j), is grey iff: rank [
H OBS( J( k -1,j'
»] =rank [OBS( J( k -1,/))]
(9)
3. The strong redundancy degree of a grey node N( k. j' ) S.t. I F( k,j' ) I = p - k is given by:
I
D F (k-l,j' )=Min(k-l,j' )+1
(to)
Fig. 3. Aowchart of the proposed algorithm
I
If F( k, j' ) < p-k, then the strong redundancy degree is zero.
80
3. Stopping condition
Level 3
From a practical point of view, a natural stopping condition is that the algorithm has reached a level in which at least one sensor subset with given strong redundancy degree A exists, where .A is the design parameter. This means that this subset allows to estimate the vector z in any faulty situation characterized by 8 < A failed sensors.
Level 4
Strong and weak redundancy degrees are . equal to zero for raj and equal to -1 for {bJ. {cJ and {dJ . Marking 3-+2. Node {aJ is grey, thus all its level k-l predecessors are grey (property 3).
Using weak redundancy degrees does not provide such a nice interpretation, since it only indicates that some situation exists in which the estimation of z will be possible but no guarantee is given about the actual occurrence of such a situation.
Nodes {bJ, {cJ and {dJ being white, property 4 allows to mark {a, bJ, {a. cJ. {a, dJ and {c, dJ grey while {b, cJ and {b, dJ remain white. By applying propenies 5 and 6, the strong redundancy degrees of {a. bJ. {a. cJ. {a, dJ. {b, cJ, {b, dJ and (c. dJ are respectively 0, O. O. -1. -1 and 0 while the weak redundancy degrees are respectively 1. 1, 1, -1, -1 and O.
Finally, if several sensor subsets with desired strong redundancy degree exist at the stopping level, some extra criterion can be used in order to select the best one (cost, reliability, estimation performances, etc.).
The marking of the current sub-graph is given by :
4. APPUCATION EXAMPLE
LcveJ2
The same example as in (Staroswiecki et al., 1999) is used to illustrate the proposed fault tolerant sensor network design algorithm. Consider a LT! system with 7 states and 4 possible sensors a, b. c and d. The Jordan form in given by : 1
o
0 0 0 0 0.5 0 0 0
o
0 0
1
0
o
I
o 0 000
o [ o
0 0
1 0 0 0 0 o 1 000
o
0
0
~yel4
o
003000 o A= 0 0 0 4 0 0 o 0000 2 0 o o 0 0 0 0 1.5 0 o 0 0 0 0 0 25
H=
Level)
0
0]
The stopping condition being not satisfied (no subset has a strong redundancy degree equal to I), one more iteration is undertaken.
c=[j
Marking 2-+1. The nodes {a, bJ, {a, cJ. {a, dJ and {c, dJ being grey, it follows from property 3 that their predecessors {a, b. cJ, {a, b. dJ, {a, c, dJ and {b. c, dJ are grey. Finally, the predecessors of white nodes {b, cJ and {b. dJ are grey. The strong redundancy degrees of {a, b, cJ. {a, b, dJ. {a, C. dJ and (b, c, dJ are respectively 0, 0, I, owhile the weak redundancy degrees are 2, 2, 2 and 1.
(12)
From the definition of the matrix Ht only a part of the states, namely z=[x" x2, X3, X4] has to be estimated. The problem is to place sensors S.t. strong redundancy degree is equal to 1.
The marking of the current sub-graph is given by : Luel I
Let us detail the execution of the proposed algorithm. 1Nl. The individual observability indices of sensors a. b. c and dare 4. 3. 3 and 5 respectively. All indices are less than 7. The observability condition of z is satisfied only by raj. Thus raj is a MSS and the corresponding node is grey, all the others being white. The marking of the bottom level (labelled level 3) is given by:
Leull
Lenl)
81
Detecting Changes in Dynamical Behavior. IEEE Trans. Automat. Contr.• AC·32, n012, 1067-1075. Carpentier. T., R. Litwak and J. Ph. Cassar (1997). Criteria for the Evaluation of F.D.l Systems. Application to Sensors Location. In: IFAC Sajeprocess'97, Kingston Upon Hull, United
Obviously the stopping condition is satisfied. The subset {a, c, d} is a PMSS whose strong redundancy degree is I but which could still allow the estimation of z under the failures of the two sensors c and d (the weak redundancy degree is 2).
Kingdom. Firdaus, E. and E. Udwadia (1994). Methodology for Optimum Sensor Location for Parameter Identification in Dynamic Systems. Journal of Engineering Mechanics, 120, n"2, 368 - 390. Kretsovalis, A., R. S. H. Mah (1987). Effect of Redundancy on Estimation Accuracy in Process Data Reconciliation. Chem. Eng. Sci., 42, 2115. Luong, M., D. Maquin, C.T. Huynh and J. Ragot (1994). Observability, Redundancy, Reliability and Integrated Design of Measurement Systems, In: IFAC SICICA '94. Budapest, Hungry. Maquin, D.• M. Darouach, M., Fayolle. and J. Ragot (1987). Localizations of Sensors in Large Scale Industrial Systems, In Applied Modelling and Simulation of Technological Systems (Edited by Borne and Tzafests). Elsevier, Netherlands. Maquin, D.• M. Luong and J. Ragot (1995). Some Ideas about the Design of Measurement Systems, ECC'95 European Control Conference, 4,3178-3183. Mardon, E, and V. Veverka (1992). Optimal Selection of Measuring Points in Complex Plants by Linear Models.
5. CONCLUSION An algorithm for the design of fault tolerant sensor networks has been developed in this paper. The objective is to improve the robustness of the observability property in the case of sensor losses. The PMSS graph considered in (Staroswiecki et al., 1999), is constructed from bottom to top to compute the redundancy degrees of its nodes. The computational efficiency of the proposed algorithm results from the bottom-up approach which allows to stop the search as soon as the level at which solutions exist is reached. The strong redundancy degree (which is a structural property) is used as a stopping criterion. However, a probabilistic approach could be defined through weights associated with the edges of the sensor subsets graph. Since each edge represents the loss of a given sensor, its labelling with the probability of such an event allows to compute easily the probability of the composite situation associated with the loss of several sensors (if the failures are independent events). The proposed algorithm can very easily be extended to problem settings in which redundancy degrees would be expressed in probabilistic terms, or more generally to problems with general quality measures on the sensor subsets.
AlChEJ.,38,227-236.
Meyer, M., J M. Le Lann, B. Koehert and M. Enjalbert (1994). Optimal Selection of Sensor Location on a Complex Plant, using a Graph Oriented Approach. Supplement to Comp. Chem. Eng. 18, S535-S540. Omatu, S., and J. H. Seinfeld (1989). Distributed Parameter Systems. Theory and Applications, Oxford University Press, Oxford. Ragot, J., D. Maquin and G. Bloch (1992). Sensor Positioning for Processes Described by Linear Processes. Diagn. Sureti Fonct.• 2,115. Staroswiecki, M., G. Hoblos and A. Aitouche (1999). Fault Tolerance Analysis of Sensor Systems. In: 3gJ' Con! on Dec. and Cont., Phoenix, Arizona, USA. Sujoy, S., S. Narasimhan and K Deb (1998). Sensor Network Design of Linear Processes using Genetic Algorithms. Computer Chem. Engng. 22,385-390. Turbatte, H. c.. D. Maquin, B. Cordier and C. T. Huynh (1991). Analytical Redundancy and Reliability of Measurement Systems. In: IFAC Sajeprocess'9J, Baden-Baden, Germany. Vac1avek, V., and M. Loucka (1976). Selection of Measurements Necessary to Achieve Multicomponent Mass Balances in Chemical Plants. Chem. Eng. Sci., 31. 1I99-1205.
REFERENCES Ali, Y. and S. Narasimhan (1993). Sensor Network Design for Maximizing Reliability of Linear Processes. AlChE JournaL, 39,820-828. Ali, Y. and S. Narasimhan (1995). Sensor Network Design for Maximizing Reliability of Linear Processes. AlChE JournaL, 41,2237-2249. Ali. Y. and S. Narasimhan (1996). Sensor Network Design for Maximizing Reliability of Bilinear Processes. AlChE JournaL. 42, 2563-2575. Bagajewicz, M. (1997). Design and Retrofit of Sensor Networks. AlChe Journal., 43, 2300-2306. Bagajewicz, M. and M. Sanchez (1999). Sensor Network Design and Upgrade for Plant Parameter Estimation. SuppLement to Comp. & Chem. Eng., 23, S593-S596. Bansal, P., Y. Ali and S. Narasimhan (1994). Sensor Network Design for Linear Processes. In Proceedings of IFAC Workshop on Integration of Process Design and ControL Maryland, -USA.
Basseville, M., A. Benveniste, V. Moustakides and A. Rougee ( 1987). Optimal Sensor Location for
82
FAULT TOLERANT SENSOR NETWORK DESIGN USING REDUNDANCY DEGREES G. Hoblosl,l, M. S~.. A. Ailoucht?
Laboratoire d'Auromatique et d1nfonnatique Industrielle de lille, UPRESA CNRS 8021 EUDlL, Universite des Sciences et Technologies de lille 59655 Villeneuve d'Ascq cedex, France TeL (+33) (3) 20337190 - Fax: (+33)(3) 20337189 EmaiL' (ghaleb.hoblos, marceLstaroswiecki)@univ-lille1.fr 2. Hautes Etudes lndustrielles 13, rue de Tou~ 59046lille cedex, France Tel: (+33) (3) 28 38 48 58 -Fax: (+33) (3) 20 28 38 48 04 Email:[email protected] I.
Abstract: This paper is concerned with the design of sensor networks which keep the system
observable in the presence of sensor failures. Pseudo-minimal and minimal sensor sets are organized into an oriented graph which contains all the possible reconfiguration paths for which the system remains observable. A bottom-up analysis of this graph allows to compute redundancy degrees which evaluate the robustness of the observability property with respect to sensor failures . The design of sensor networks thus resumes to finding pseudo-minimal sensor sets with given redundancy degrees. Copyright © 2000 IFAC. Keywords: Sensor network, Pseudo-observability, Fault tolerance.
1. INfRODUcnON
linear algebra have been developed by Krestovalis and Mah (1987) to design a sensor network for maximum estimation accuracy, and by Maquin et al. (1987), and Madron and Veverka (1992) for obtaining a minimum cost sensor network. Graph theory, which exploits the structure of the process and sensor network in the design strategy, has been used by many authors (Vaclavek and Loucka, 1976; Ali and Narasirnhan, 1993, 1995, 1996; Bansal et al., 1994; Meyer et al., 1994; Sujoy et aL, 1998).
The control and monitoring of industrial processes, like chemical or power plants, rests on the knowledge of the real time evolution of numerous variables and parameters. However, the direct measure of every variable for which a value is required is not necessary, since many can be estimated using analytical redundancy or observers. The possibility of variables estimation depends on the topology of the process and the location of sensors. The problem of defining the variables to be measured, which are optimal w.r.t. some specified criteria such as cost, reliability, observability robustness, is called the . sensor network design problem.
The problem of sensor location to ensure observability of dynamic systems has been addressed for linear time invariant systems (Omatu and Seinfeld, 1989), and extended to bilinear systems (Ragot et al., 1992). Optimal sensor location for parameters estimation has been considered in (Firdaus and Udwadia, 1994), (Bagajewicz and Sanchez, 1999) while Basseville et al., (1987),
The sensor network problem for steady state processes has been tackled in the past using different approaches, and a survey of the state of the art can be found in (Bagajewicz, 1997). Methods based on
77
Carpentier et al.. (1997). have addressed the design of Fault Detection and Identification systems.
Observability indices w.r.t. H. Let A. be some integer. The vector:
Reliability or fault tolerance issues in sensor network design have been considered only recently. Turbatte et al. (1991) have proposed a concept of system reliability that gives the probability for all variables to be observable when sensors are likely to fail, and have introduced redundancy degrees as robustness measures for the observability property. These concepts have been applied by Maquin et al.• (1995) in the case of sensor placement for steady state systems, and have been generalized in (Staroswiecki et al.. 1999) and applied to the fault tolerance analysis of sensor systems.
nH(
i=l
is a vector of observability indices w.r.t. H iff the first A. linearly independents rows of OBS =
=1. .... , p; j
and the satisfies:
matrix
observability
= 1•.... ,n;)]
OBS(l,n H (A»
1] =
H OBS( l.nH( A))
rank[OBS(J.nH (A))] (3)
,uH (A) = (ul,.....,uph S,ui S A- p+L Di =A
(4)
i=1
is a vector of pseudo-observability indices w.r.t. H. This vector is called admissible iff: l . 1 1 . 1, .... ',ui a ) theArows c iAi- ,1= , .... ,p;j= matrix OBS are linearly independent.
of the
b) the matrix OBS(I,,uH(A» satisfies:
ran{
+ 1) = Ax( k ) + Bu( k )
y(k)=Cx(k)
CT
Pseudo-observability indices w.r.t. H. Any vector J.IH such that:
Consider the discrete deterministic LTI system:
z( k)
TAT
OBS(I,nH(A.»=[c; Ai-I . (i
rank[
2. GRAPH STRUCTIJRE OF PMSS AND MSS
{
re
are given by:
In this paper, we are concerned with the design of sensor networks for L TI dynamic systems in order to obtain some given fault tolerance properties. In section 2, we recall the definitions of pseudominimal (PMSS) and minimal sensor sets (MSS) and we present their organisation using a graph theoretic representation. The definition of strong and weak redundancy degrees (Staroswiecki et al.. 1999) is also recalled and their computation is presented. In section 3, the properties of the PMSS and MSS graph are analysed and used in order to build an algorithm which uses redundancy degrees for sensor location and guarantees (up to some given degree) the observability property in the case of sensor failures. An illustrative example is provided in section 4.
X( k
A.)=~I'''''lZp) lSTIj SA.- p+ I.1sfTlj =A.Sn (2)
(1)
H
1] =
OBS( 1.,uH( A))
rank[OBS( 1.,uH( A))]
(5)
Pseudo-Minimal Sensor Set w.r.t. H. A set of sensors J is said to be PMSS w.r.t. H, iff there exists an
= Hx( k)
integer A and a vector of admissible pseudoobservability indices n H ( A ) = (,ui i E J).
where x E R" is the state vector, u E ](" is the control input, y E R! is the measurement vector, and z E J(l is the vector which is to be estimated. A. B. C and H are matrices of suitable dimensions.
Minimal Sensor Set w.r.t. H. A set of sensors J is said to be MSS w.r.t. H, iff: 1)
This section briefly recalls what are PMSS w.r.t. H and MSS w.r.t. H as well as the graph structure of these sensors subsets (Staroswiecki et al., 1999). Since PMSS and MSS are based on pseudo-observability indices, it is necessary to recall also their basic definitions.
2)
J is a PMSS w.r.t. H 'v' Kc J , K is not a PMSS w.r.t. H.
2.2. Graph representation of PMSS and MSS
PMSS, MSS and non-PMSS can be organized in a subset lattice, using the following representation:
2.1. Definitions
a node is a subset of I , a level contains all the nodes with the same cardinality
Let 1= {I. 2 • ... p} be the set of the sensors which are installed on the process, and let J be a subset of I (J cl).
78
an edge is an oriented link between a node at level i (subsets containing p - i sensors) and a node at level i+l. an edge represents the set-inclusion relation. It is labeled with the sensor which was present at level i and is no more present at level i+l.
Weak Redundancy Degree. We define the weak redundancy degree DP, z) associated with the pair (i. z) as the maximal number of sensors of J which may be lost while continuing to estimate z. Strong Redundancy Degree. We define the strong redundancy degree D FI,J. z) associated with the pair (J. z) as the maximal number of indifferentiate sensors of i that may be lost while continuing to estimate z.
Figure 1 illustrates two levels of a lattice: lMi
--
Comparison between weak and strong redundancy can be illustrated as follows. For any sensor subset J with redundancy degrees DJ (i. z) and DFI,J, z) one has:
lMi+1
Fig. 1. the lattice of sensors subsets
I I
3 K e i such that K =DJ (i. z) and J \ K is a MSS "t K e J such that IKI= DF (i. z) then J \ K is a PMSS
Now. consider only those subsets of 1 which keep z observable. i.e. the PMSS w.r.t. H. and let F be the corresponding sub-graph (illustrated with grey nodes and dotted edges on figure 2).
Consider the graph F: the weak redundancy degree associated with (i. z) is the length of the longest path between i and any of its MSS successors. the strong redundancy degree associated with (i. z) is the length of the shortest path between J and any of its non-PMSS successors minus one.
lMi+1
Obviously one has: Fig. 2. Example of a PMSS sub-graph
"tiel
It is clear that F is not a sub-lattice. Indeed. it is possible that two subsets SI and S2 are PMSS included in F but their intersection does not keep z observable.
DFI,i.z) 5 Dp.z)
=
and DF (i*. z) D/i*. z)= 0 for any terminal node i* (remember that terminal nodes in Fare MSS).
3. FAULT TOLERANT SENSOR NEIWORK DESIGN
Notice also that terminal nodes in F represent MSS. and that all paths in F start with the initial node (the set 1 of all the sensors) and end on a terminal node. The length of a path represents the number of lost sensors between the high level initial node and the low level final one. while the path's label represents the list of the lost sensors.
Let us now consider that the matrix C defines all those sensors which could be installed on the process. Among these sensors. we wish to select one PMSS which guarantees the observability of the vector Z even in the case of sensor failures. The robustness of the observability property can be measured using the previously defined redundancy degrees. The idea of the proposed algorithm is to build the graph F and to compute the redundancy degrees associated with any node untiJI nodes with the required redundancy degrees are found. Since the redundancy degrees of each node can easily be related to those of its successors. a bottom-up approach is used in order to minimize the computation time and avoid combinatorial explosion.
2.3. Redundancy degrees Redundancy degrees associated with one variable have been introduced in (Turbatte et al.. 1991). and further contributions have been given in (Luong et al.. 1994). Two notions have been defined. namely the "principal redundancy of degree k" and the "weak redundancy degree". In this section. we generalize these definitions associating them with the observability of a vector z. and giving them a sound graph-theoretical basis.
This section first presents several properties of the F graph. These properties are then used for the design of an algorithm which produces fault tolerant sensor subsets.
Let I be the set of the system sensors. i be any subset of I and z the variables to estimate.
79
3.1. Remarks, symbols and notations
4. The weak redundancy degree of a grey node N( k, j' ) is given by:
For a level k,
Df(k-l,j' )=Max(k-l,j' )+1
The cardinal of any subset is p-k. The number of corresponding n~es nA: is given by nk =
p) pI (p - k = ( p - k )1 kl .
3.4. Algorithm
(8)
The proposed algorithm is based on two principal steps. The first one, 1Nl, performs the graph initialisation, which consists of marking the bottom level. The second, Marking k -He-I, consists of marking a level k-1 when the marking of level k is known. The Stopping Condition is k = 0 if one wishes to explore all the levels of the F graph. From a more practical point of view, the exploration would stop on reaching a level in which one (or several) sensor subsets with the desired redundancy degree exist.
Each node receives k edges from level k-1. To a given node N( k, j) (k is the level and j is the position in level k : j
€
(1, "
nJ we associate,
A subset of sensors J( k, j ), F(k,j), the set of its grey predecessors at level k+1, F(k,j) is the number of edges issued from grey nodes at level k+ 1, Min( k, j ), the minimal strong redundancy
I
(11)
I
1. 1Nl, Compute the individual observability index of each possible sensor i E {I, ... , p}. Two cases may arise:
degree on F(k,j), Max( k,j), the maximal weak redundancy degree on F(k,j), D F ( k, j) and D f ( k, j ), are the strong and
a) v(i)= n.
V z, z is observable and node {i} is grey. b) v(i) < n.
weak redundancy degrees, OBS( J( k, j», the observability matrix.
If ran{
~.
OBS(z,v(z»
]=rank[OBS(i,V(i»] node
{i} is grey, else it is white.
3.2. Lemma
2. Marking k-Hc-l Several cases can be distinguished in this step:
Let VMSS be the cardinal of the first MSS found by analyzing the graph from bottom to top. Then, it can be proven that:
- When a level k node is grey, then all its predecessors in level k-1 are also grey (property 3). - When a level k node is white, apply property 4. - Compute strong and weak redundancy degrees of each node by applying properties 5 and 6.
'v' N(k,j)
3.3. Properties
The main flowchart of the algorithm is shown on fig.3.
Different properties are related to the marking between levels and the computation of redundancy degrees. 1. All the predecessors of a grey node are grey nodes. 2. The predecessor N( k -1, j') of a white node N( k, j), is grey iff: rank [
H OBS( J( k -1,j'
»] =rank [OBS( J( k -1,/))]
(9)
3. The strong redundancy degree of a grey node N( k. j' ) S.t. I F( k,j' ) I = p - k is given by:
I
D F (k-l,j' )=Min(k-l,j' )+1
(to)
Fig. 3. Aowchart of the proposed algorithm
I
If F( k, j' ) < p-k, then the strong redundancy degree is zero.
80
3. Stopping condition
Level 3
From a practical point of view, a natural stopping condition is that the algorithm has reached a level in which at least one sensor subset with given strong redundancy degree A exists, where .A is the design parameter. This means that this subset allows to estimate the vector z in any faulty situation characterized by 8 < A failed sensors.
Level 4
Strong and weak redundancy degrees are . equal to zero for raj and equal to -1 for {bJ. {cJ and {dJ . Marking 3-+2. Node {aJ is grey, thus all its level k-l predecessors are grey (property 3).
Using weak redundancy degrees does not provide such a nice interpretation, since it only indicates that some situation exists in which the estimation of z will be possible but no guarantee is given about the actual occurrence of such a situation.
Nodes {bJ, {cJ and {dJ being white, property 4 allows to mark {a, bJ, {a. cJ. {a, dJ and {c, dJ grey while {b, cJ and {b, dJ remain white. By applying propenies 5 and 6, the strong redundancy degrees of {a. bJ. {a. cJ. {a, dJ. {b, cJ, {b, dJ and (c. dJ are respectively 0, O. O. -1. -1 and 0 while the weak redundancy degrees are respectively 1. 1, 1, -1, -1 and O.
Finally, if several sensor subsets with desired strong redundancy degree exist at the stopping level, some extra criterion can be used in order to select the best one (cost, reliability, estimation performances, etc.).
The marking of the current sub-graph is given by :
4. APPUCATION EXAMPLE
LcveJ2
The same example as in (Staroswiecki et al., 1999) is used to illustrate the proposed fault tolerant sensor network design algorithm. Consider a LT! system with 7 states and 4 possible sensors a, b. c and d. The Jordan form in given by : 1
o
0 0 0 0 0.5 0 0 0
o
0 0
1
0
o
I
o 0 000
o [ o
0 0
1 0 0 0 0 o 1 000
o
0
0
~yel4
o
003000 o A= 0 0 0 4 0 0 o 0000 2 0 o o 0 0 0 0 1.5 0 o 0 0 0 0 0 25
H=
Level)
0
0]
The stopping condition being not satisfied (no subset has a strong redundancy degree equal to I), one more iteration is undertaken.
c=[j
Marking 2-+1. The nodes {a, bJ, {a, cJ. {a, dJ and {c, dJ being grey, it follows from property 3 that their predecessors {a, b. cJ, {a, b. dJ, {a, c, dJ and {b. c, dJ are grey. Finally, the predecessors of white nodes {b, cJ and {b. dJ are grey. The strong redundancy degrees of {a, b, cJ. {a, b, dJ. {a, C. dJ and (b, c, dJ are respectively 0, 0, I, owhile the weak redundancy degrees are 2, 2, 2 and 1.
(12)
From the definition of the matrix Ht only a part of the states, namely z=[x" x2, X3, X4] has to be estimated. The problem is to place sensors S.t. strong redundancy degree is equal to 1.
The marking of the current sub-graph is given by : Luel I
Let us detail the execution of the proposed algorithm. 1Nl. The individual observability indices of sensors a. b. c and dare 4. 3. 3 and 5 respectively. All indices are less than 7. The observability condition of z is satisfied only by raj. Thus raj is a MSS and the corresponding node is grey, all the others being white. The marking of the bottom level (labelled level 3) is given by:
Leull
Lenl)
81
Detecting Changes in Dynamical Behavior. IEEE Trans. Automat. Contr.• AC·32, n012, 1067-1075. Carpentier. T., R. Litwak and J. Ph. Cassar (1997). Criteria for the Evaluation of F.D.l Systems. Application to Sensors Location. In: IFAC Sajeprocess'97, Kingston Upon Hull, United
Obviously the stopping condition is satisfied. The subset {a, c, d} is a PMSS whose strong redundancy degree is I but which could still allow the estimation of z under the failures of the two sensors c and d (the weak redundancy degree is 2).
Kingdom. Firdaus, E. and E. Udwadia (1994). Methodology for Optimum Sensor Location for Parameter Identification in Dynamic Systems. Journal of Engineering Mechanics, 120, n"2, 368 - 390. Kretsovalis, A., R. S. H. Mah (1987). Effect of Redundancy on Estimation Accuracy in Process Data Reconciliation. Chem. Eng. Sci., 42, 2115. Luong, M., D. Maquin, C.T. Huynh and J. Ragot (1994). Observability, Redundancy, Reliability and Integrated Design of Measurement Systems, In: IFAC SICICA '94. Budapest, Hungry. Maquin, D.• M. Darouach, M., Fayolle. and J. Ragot (1987). Localizations of Sensors in Large Scale Industrial Systems, In Applied Modelling and Simulation of Technological Systems (Edited by Borne and Tzafests). Elsevier, Netherlands. Maquin, D.• M. Luong and J. Ragot (1995). Some Ideas about the Design of Measurement Systems, ECC'95 European Control Conference, 4,3178-3183. Mardon, E, and V. Veverka (1992). Optimal Selection of Measuring Points in Complex Plants by Linear Models.
5. CONCLUSION An algorithm for the design of fault tolerant sensor networks has been developed in this paper. The objective is to improve the robustness of the observability property in the case of sensor losses. The PMSS graph considered in (Staroswiecki et al., 1999), is constructed from bottom to top to compute the redundancy degrees of its nodes. The computational efficiency of the proposed algorithm results from the bottom-up approach which allows to stop the search as soon as the level at which solutions exist is reached. The strong redundancy degree (which is a structural property) is used as a stopping criterion. However, a probabilistic approach could be defined through weights associated with the edges of the sensor subsets graph. Since each edge represents the loss of a given sensor, its labelling with the probability of such an event allows to compute easily the probability of the composite situation associated with the loss of several sensors (if the failures are independent events). The proposed algorithm can very easily be extended to problem settings in which redundancy degrees would be expressed in probabilistic terms, or more generally to problems with general quality measures on the sensor subsets.
AlChEJ.,38,227-236.
Meyer, M., J M. Le Lann, B. Koehert and M. Enjalbert (1994). Optimal Selection of Sensor Location on a Complex Plant, using a Graph Oriented Approach. Supplement to Comp. Chem. Eng. 18, S535-S540. Omatu, S., and J. H. Seinfeld (1989). Distributed Parameter Systems. Theory and Applications, Oxford University Press, Oxford. Ragot, J., D. Maquin and G. Bloch (1992). Sensor Positioning for Processes Described by Linear Processes. Diagn. Sureti Fonct.• 2,115. Staroswiecki, M., G. Hoblos and A. Aitouche (1999). Fault Tolerance Analysis of Sensor Systems. In: 3gJ' Con! on Dec. and Cont., Phoenix, Arizona, USA. Sujoy, S., S. Narasimhan and K Deb (1998). Sensor Network Design of Linear Processes using Genetic Algorithms. Computer Chem. Engng. 22,385-390. Turbatte, H. c.. D. Maquin, B. Cordier and C. T. Huynh (1991). Analytical Redundancy and Reliability of Measurement Systems. In: IFAC Sajeprocess'9J, Baden-Baden, Germany. Vac1avek, V., and M. Loucka (1976). Selection of Measurements Necessary to Achieve Multicomponent Mass Balances in Chemical Plants. Chem. Eng. Sci., 31. 1I99-1205.
REFERENCES Ali, Y. and S. Narasimhan (1993). Sensor Network Design for Maximizing Reliability of Linear Processes. AlChE JournaL, 39,820-828. Ali, Y. and S. Narasimhan (1995). Sensor Network Design for Maximizing Reliability of Linear Processes. AlChE JournaL, 41,2237-2249. Ali. Y. and S. Narasimhan (1996). Sensor Network Design for Maximizing Reliability of Bilinear Processes. AlChE JournaL. 42, 2563-2575. Bagajewicz, M. (1997). Design and Retrofit of Sensor Networks. AlChe Journal., 43, 2300-2306. Bagajewicz, M. and M. Sanchez (1999). Sensor Network Design and Upgrade for Plant Parameter Estimation. SuppLement to Comp. & Chem. Eng., 23, S593-S596. Bansal, P., Y. Ali and S. Narasimhan (1994). Sensor Network Design for Linear Processes. In Proceedings of IFAC Workshop on Integration of Process Design and ControL Maryland, -USA.
Basseville, M., A. Benveniste, V. Moustakides and A. Rougee ( 1987). Optimal Sensor Location for
82