Model-Based Detection on One Particular Information Poor Process Plant

Model-Based Detection on One Particular Information Poor Process Plant

Copyright @ IF AC Fault Detection. Supervision and Safety for Technical Processes. Espoo. Finland. 1994 MODEL-BASED DETECTION ON ONE PARTICULAR INFOR...

1MB Sizes 0 Downloads 4 Views

Copyright @ IF AC Fault Detection. Supervision and Safety for Technical Processes. Espoo. Finland. 1994

MODEL-BASED DETECTION ON ONE PARTICULAR INFORMATION POOR PROCESS PLANT J. HOWELL and S. J. SCOTHERN Department ofMechanical Engineering. University of Glasgow. Glasgow G12 8QQ. U K .

Abstract. By viewing a fault as any significant discrepancy between the perceiVed operation of a plant and reality. a method. developed specifically for the model-based detection of faults on information poor plants. is used to explain anomalies in plant data. This is demonstrated on one particular application. that of a liquor product storage area in a nuclear facility.

Key Words: Failure detection; nuclear plants; monitoring; inventory control; safeguards ; process models

assessment of the potential of this method to the typical liquor product storage area shown in Figure 1. As part of this assessment, an implementation has been developed which, although developed specifically for the IAEA should be equally of interest to plant operators in general.

1. INTRODUCTION Considerable effort is expended by the nuclear community to ensure the security of nuclear materials. One of the main ways that this can be achieved is by keeping an accurate and frequently updated account of the material contained in the plant Towards this end, the International Atomic Energy Agency (IAEA) are developing (King, 1993) an expert system (NMAX) to provide an in-field near-real time accountaocy system for regular use by inspectors. The system will contain a number of modules tackling specific problems and it has been proposed that at least one of these should be based on model-based reasoning. One possible approach which is currently under consideration is that of a method recommended by HoweD (1994). This paper describes an ongoing

The paper will first provide background information about the product storage area and discuss the detection/diagnostic problem. The approach to implementing the method will then be described by identifying 4 separate functional requirements. Although each function will be outlined. the paper will focus on the application of the method; the reader is referred to HoweD and Scothem (1994) for a more balanced description of the implementation.

Out of System -

To Pu Pr0C888

Product Storage Tanks

Fig. I. Plant Layout

159

2. THE PROBLEM A liquor product storage area is that part of the plant where plutonium nitrate is stored. Plutonium nitrate is input into the area by repeatedly filling then emptying the input tank and exits from the area through the port marlced. There is an extensive, valved, pipe network enabling, for instance,

----,.

1100

• the input tank to feed any storage tank (units 1-9), • the transfer of liquor between any 2 storage tanks or out,

llMO

• a sample to be taken from any tank, and 1020

• any tank to be recirculated; if samples taken from tanks are to be representative, the liquor needs to be thoroughly mixed to ensure it is homogeneous.

1~+-~~--r-'-~-'r-.--r-'r-.--r~

o

The availability of plant measurement data is a matter for negotiation between the plant operator and the inspectorate. The inspector might have access to the operator's instrumentation or he might install his own. The former is obviously politically sensitive and the latter, costly. The type, quality and frequency of data is therefore an issue: a typical event requiring explanation might only last 20 minutes during a run of many months. There might not even be any obligation for the operator to inform the inspector of the current mode of operation (i.e. the valve configuration and pump statuses). This means that the amounts of material transferred and the times the transfers start and stop (Le. the transfer times) might not be known. This might lead to considerable confusion; unlike the operator, the inspector is not given the time to 'mind' or 'look-over' the plant

1

.101112

Fig . 2 A Typical Level Measurement Record

made available to the inspector. Nothing is also known for a long period of time about the concentration of the liquor entering the area, until the analytical result becomes available.

3. MODEL-BASED REASONING The system that is currently proposed envisages that the inspector would trigger the diagnostic procedure by asking it either to explain what is going on at a particular time (and date), if something is thought to have happened relatively abruptly, or to explain what has been happening over some period of time. This explanation would include a description of the current mode of operation together with, where necessary, a description of the particular class of fault that has occurred. The trigger mechanism could either derive from the inspector's interpretation of graphical data or from a statistical detector (Bicking, 1989; Howell, 1993).

Of fundamental importance then is the need for the inspector to know what operations are proceeding. In addition he must be made aware of any anomalies that might have arisen from for instance, instrument malfunctions, data recording errors and so on. As an example of what the inspector might expect, here we assume that density, level and temperature measurements are available in the tanks and that although frequently measured, these measurements are only recorded when a change is observed. This might result in long periods when the measurements in certain units aren't recorded at all. A typical graph of a tank level measurement is shown in Figure 2 where each cross denotes a recorded measurement. In addition, by the very nature of the plant, tanks might be relatively empty, exposing certain sensors and rendering their outputs useless. Note that the amount of material temporarily stored in the connecting pipework would not be measured (this can be quite significant) and that there is assumed to be some form of 'level' sensor in the sampling pot enabling times when it is filled to be recorded. However the chemical anal.' ~-:s derived from these samples might not be

One of the fundamental aims in developing a diagnostic tool must be to off load the end-user, thus the problem must be solved as automatically as possible. However it is well-recognised (Rasmussen and Goodstein 1987 ; Frank, 1992) that such tools can only assess and display the data collected, it must be left to the user to make the fmal interpretation. The particular implementation of the proposed approach is outlined in Figure 3. There are 4 separate functions which • generate hypotheses, boundary conditions etc, • perform a computer simulation, • apply the diagnostic algorithms, • interpret the results as much as possible before involving the user.

160

EJ ,, ,

HYPOTHE8181 UTWATE GENERATOR

...

::u=r.

InIIIaJ

COMPUTER . .ULA11ON IlllUUrwnert

rHI8IrIIuIIon vart.bIeI

..arnu. DlAGN0811C

IIETlIOD

..

...

I INTERPRET I ~

Fig. 3 The Diagnostic Pro~dwe

3.1

H~tbesis

Generation • Analyse variations in the levels in the various tanks to estimate the quantities, and times at which, material could have been tranferred. Transfers can only occur along identifIable paths. Each path is identified by a unique variable (a path flow) where the variable itself denotes the time-averaged transfer and associated variables 'record' the transfer times. The path flows for the plant of Figure 1 are given in Table 1.

The lack of plant data poses considerable difficulty when trying to obtain sufficient information to perfonn a realistic simulation. This is compounded by the need for a high level of automation to ensure user acceptability. Our experience to date suggests that the inspector need only specify a period of time over which the simulation should be run, an indication of whether he thinks that the anomaly, he is concerned about, occurred relatively abruptly or gradually and his perception of the plant mode of operation. Thus for instance, referring again to Figure 2, the inspector might ask the question, 'what caused the spike ?'. He would enter a start time of say the start of day I, a fmish time aligned with the bottom of the spike, an abrupt anomaly, a mode of operation as defined, for instance, by stating which valves are open and which are closed and by specifying rough estimates for the feed into the area. For instance, the spike of Figure 2 would be ignored.

• Estimate a number of other boundary variables. A list of variables is then fonned to encompass all path flows and other boundary variables. This list is known as the list of re-distribution variables and is represented as a set 8 where each of its elements are assumed to be constant during any particular period of time, m. It can then be represented as a vector em. The entire scenario then fonns a hypothesis which can be assessed. It is important to note that the operational mode is needed purely to generate a hypothesis, the diagnostic method has no pre-conception of the state of a particular valve, i.e. material can flow through a valve that is hypothetically closed. This accommodates the possibility that material can pass from any unit to any other as a result of a normal mode of operation or a 'fault' or simply from a misconception.

The hypothesis generator would then. • Wherever possible, estimate initial conditions, "It-I; th · guess. It-I m measurements, Y 0 erwISe x"fro (Subscript k-l denotes the end ofthe period prior to the start of the period of interest).

161

Table I' Path Flows

TO TANK

T

1 2 3 4 5 6 7

A

8

N K

9

F R 0 M

1 1 2 3 4 5 6 7 8 9 10 11

pot ace

2 12 13 14 15 16 17 18 19 20 21 22

3 23 24

25 26 27 28 29 30 31 32 33

4

5 45 46 47 48 49 50 51 52 53 54 55

34

35 36 37 38 39 40

41 42 43 44

6 56 57 58 59

7 67 68 69 70

60

71

61 62 63 63

72

64 66

3.2 The Computer Simulation

E [9 ~

.....

_ "

A

Yk=Yk-l+f (Xk-l,\1k,k,k+n-l)

OUT

100 101 102 103 104 105 106 107 108 109 110

111 112 113 114 115 116 117 118 119 120 121

I (Yk - Yk )] =Ak+

rYk - yk]

(2)

where A~ is the particular vector of 1,2 or 3 re-distribution variables, Pk is their associated covariance, J is their reduced form of the Jacobian Ja and Rk is the measurement vector covariance. Certain anomalies do not manifest themselves as re-distributions at all but as what are known as non-path anomalies, errors or faults; these have only a local effect, for instaoce as measurement errors. If they are classed as single anomalies attached to appropriate measurements they can be treated in a similar way to path anomalies. It is important to stress that, although the technique is based on regression and is therefore quantitative, the results soould largely be viewed qualitatively. Thus although the estimates are likely to be approximately correct, it is more important to note that a particular combination could explain the discrepancies. This partly derives from the nature of the algorithm and partly because of difficulties in specifying 1\; very approximate values usually suffice.

A

hypothesISed, n=I, Yk=Yk and Yk-l=Yk-l). Then the simulation can be viewed as a black box of the form ... _ "

85 86 87 88

pot

Pk J' (Rk-l + Rk + JPkoJ')-l

"-

...........

77

84

9 89 90 91 92 93 94 95 96 98 98 99

necessary, 3 re-distribution variables are hypothesised as anomalous, one combination at a time, and their true values are estimated by performing a regression with all available measurements. Each set of estimates are then tested by re-running the simulation to determine whether its output now matches the measurements. The regression takes the form

The function of the simulation is to estimate the measurements recorded at specified times on the basis of a particular hypothesis. Thus the interfaces between the simulation and the other components are relatively straightforward: the initial/boundary conditions are input into the simulation and the measurement estimates are output. Measurements can be recorded at any ti me between the specified start and flnish times; ll.us the time period can be divided into n sub-periods k to k+n-1. Only a limited number of measurements might be recorded at anyone time: let yk denote an estimated (-), compound (*) output vector formed by appending measurement estimates obtained at the end of sub-period k to trose collected at the end of k+l and so on. Let Yk -1 denote the equivalent compound measurement vector at the start of the simulation. (If an abrupt anomaly were •

73 74 75 76

8 78 79 80 81 82 83

(1)

That is ,. is simply a mapping of a (compound) vector of measurements at the start of the simulation onto a (compound) vector of measurement estimates.

3.3 The Dia2DQs~:~."l~rithms The reader is referred to Howell (1994) for mathematical detail. The algorithms are based on a parsimonious search strategy which is justifled on the grounds that differences that result from a major anomaly are likely to be signiflcantly larger than those caused by model inaccuracies. All combinations of flrst I, then, if necessary, 2 and fmally, and again if

There are 3 points worth raising regarding the implementation. 1. The Jacobian matrix Ja is derived solely from global considerations; matrix J2 in Howell (1994) is

162

The score is the normalized inner product of deviations in the respective re-distribution variables. Thus lower scores are preferred and the most likely cause predicted here is that material was transferred simultaneously from tank 6 to both tank 5 and the sampling pot

neglected because of the abnonnally high number of re-distribution variables that are notionally zero. Thus A

nil

A

nlz

1

J G =[ [A &':]1 [A &.:h·········

(3)

There were no successful sets of 1 or 2 variables but 8 successful sets of 3 variables. Variable 996 denotes a non-path error on measurement 6. Only 2 out of 3 of the variables need to be taken seriously in each case. the third elements (in brackets) were statistically insignificant The third and founh results also point. indirectly. to variable 105 because these results suggest that material was passed through tank 5 (variable 50) to the sampling pot (variable 104). Howell and Scothem (1994) show how the rule-based interpreter can deduce this automatically. There were a number of other variables that could have given identical outcomes (point 3. in Section 3.3) but all were easily explained by the rule-based interpreter. Re-running the simulation with estimates obtained for the frrst row predicted the drop in level in tank 6 to within 1 mm.

where AYk_Ij

"'" + ( (x k-l. t% A + [A9k1j. e j. le. k+n-l}-Yk ~=Yk-l A

(4)

and

[Jk] i =[9k-l + ( (~k-l. ~ + [A9k]j' e j. le. k+n-l)] i (5)

2. Experience to date suggests that. in the context of

the application here. the performance of the method is relatively insensitive to 1\ . 3. The possibility of more than one re-distribution variable having the same effect is tackled by eliminating orthogonal columns of JG. If successful. the various possibilities are then assessed by the rule-based system.

5. CONCLUSIONS

By viewing a fault as any significant discrepancy between the perceived operation of a plant and reality. a method. developed specifically for the model-based detection of faults on information poor plants. is used to explain anomalies in plant data. To date. the method has only been tested on a limited number of cases and although proving successful. work is still in its infancy.

3 4 Rule-based IptelPretation

The results are interpreted, at least initially. by a forward chaining expert system where a set of productions (if then rules) are applied to the combined outputs of both the hypothesis/estimate generator and the diagnostic method. The reader is referred to Howell and Scothem (1994) for further information.

Acknow ledgements - This work was funded by the UK Department of Trade Illd Indusuy through the Safeguards R&D Programme in IUppOn of International Atomic &ergy Agency Safeguards. The resulta of this work will be used in Ihc formulation of Government

4. SOME RESULTS

policy. but views expressed in Ibis repon do not necessarily represent Government policy.

Table 2 gives results output from an analysis of a 'spike' in tank 6 level; this arose when a sample was taken by passing liquor to a sample pot (via re-distribution variable 105). No measurements were recorded for tank 5 during the period of time analysed. Table 2' SCORE 0.03521 0.03524 0.03932 0.03936 0.71331 0.71333 1.02048 1.02051

~ical

50 (50) 50 50 105 (55) 104 (55)

6. REFERENCES Bicking, U., W. Golly. and R. Seifert (1989). The New PROSA Version, an Advaoced Computer Program for Near-Real Time Accountancy. 11th ESARDA Symp on Safeguards and Nuclear Materials Management, Luxembourg. Frank, P.M. (1992). Principles of Model-Based Fault Detection. IFAC Symp on Artificial Intelligence in Real-Time Control, Delft. Holland, 363-370. Howell. J. (1993). The Interface Between Detection and Diagnosis in Near-Real Time Materials Accountancy. 15th ESARDA Symp on Safeguards and Nuclear Materials Management, Rome, 673-679.

Results

105 55 104 (55) (123) 105 (123) 104

(123) 105 (123) 104 996 996 996 996

163

King, J.L. (1993). NMAX: An NRTA System With Embedded Expert Systems. 15th ESARDA Symp on Safeguards and Nuclear Materials Management, Rome. 737-742. Rasmussen, J., and L. P. Goodstein (1987). Decision Support in Supervisory Control of High Risk Industrial Systems, Auromatica. 23(5), 663-671.

Howell, J. (1994). Model-Based Fault Diagnosis in Infonnation Poor Plants. Automatica, 30(6). Howell, J., and S. J. Scothem (1994). Model-based Diagnosis As An Aid To Safeguarding Nuclear Material In A Liquor Storage Area. Dept. of Mechanical Engineering Internal Report. University of Glasgow.

164