- Email: [email protected]
The Software Architecture of FAST: An Agent-based FDI Tool★
9th IFAC Symposium on Fault Detection, Supervision and 9th IFAC Symposium on Fault Detection, Supervision and Safety of Symposium Technical Processes 9th IFAC IFAC on Fault Fault Detection, Detection, Supervision Supervision and and 9th on Safety of Symposium Technical Processes Available online at www.sciencedirect.com Safety of Processes September 2-4, 2015. Arts et Métiers ParisTech, Paris, France Safety of Technical Technical Processes September 2-4, 2015. Arts et Métiers ParisTech, Paris, France September September 2-4, 2-4, 2015. 2015. Arts Arts et et Métiers Métiers ParisTech, ParisTech, Paris, Paris, France France
ScienceDirect
The The The The
IFAC-PapersOnLine 48-21 (2015) 889–894
Software Architecture of FAST: Software Architecture of FAST: Software Architecture of Software Architecture of FAST: FAST: Agent-based FDI Tool Agent-based FDI Tool Agent-based Agent-based FDI FDI Tool Tool
An An An An
∗ ∗∗ ∗∗ ∗ ∗∗ ∗∗ Jordi Duatis c Puig ∗ Cecilio Angulo ∗∗ Vicen¸ ∗∗ Jordi Duatis Cecilio Angulo ∗∗ Vicen¸ c Puig ∗ ∗∗ ∗ Cecilio Angulo ∗∗ Jordi Duatis Vicen¸ c Puig Jordi Duatis Cecilio Angulo Vicen¸ c Puig ∗∗ ∗ ∗ ees, Spain (e-mail: [email protected]) ∗ SENER, Cerdanyola del Vall` SENER, Cerdanyola del Vall` Spain (e-mail: [email protected]) ∗ ∗∗ ∗∗ Automatic ∗ SENER, Cerdanyola del Vall` ees, s, Spain (e-mail: [email protected]) Control Department, Universitat Polit`ecnica de ∗∗ SENER, Cerdanyola del Vall` s, Spain (e-mail: [email protected]) Automatic Control Department, Universitat Polit` ecnica de ∗∗ ∗∗ Automatic Control Department, Universitat Polit` Catalunya, Barcelona, Spain (e-mail: {cecilio.angulo, Automatic Control Department, Universitat Polit`eecnica cnica de de Catalunya, Barcelona, Spain (e-mail: {cecilio.angulo, Catalunya, Barcelona, Barcelona, Spain (e-mail: (e-mail: {cecilio.angulo, {cecilio.angulo, vicenc.puig}@upc.edu) Catalunya, Spain vicenc.puig}@upc.edu) vicenc.puig}@upc.edu) vicenc.puig}@upc.edu) Abstract: This paper introduces the architecture of the Fault Analysis Software Tool (FAST ). Abstract: This paper introduces the architecture of the Fault Analysis Software Tool (FAST ). Abstract: This paper introduces the architecture of the Fault Analysis Software Tool (FAST ). The tool identifies analytical redundancies from a reduced process description and use them Abstract: This paper introduces the architecture of the Fault Analysis Software Tool (FAST ). The tool identifies analytical redundancies from a reduced process description and use them The tool identifies analytical redundancies from a reduced process description and use them to provide fault detection and isolation (FDI). In this form, the automated supervision of The tool identifies analytical redundancies from a reduced process description and use them to provide fault detection and isolation (FDI). In this form, the automated supervision of to provide fault and (FDI). In form, the automated supervision of industrial is simplified. FAST can operate either stand in simulation mode to provide processes fault detection detection and isolation isolation (FDI). In this this form, the alone automated supervision of industrial processes is simplified. FAST can operate either stand alone in simulation mode industrialby processes is simplified. FAST can operate either stand alone alone in simulation simulation mode (off-line) reading the measured values from data files, or on-line connected to the process industrial processes is simplified. FAST can operate either stand in mode (off-line) by reading the measured values from data files, or on-line connected to the process (off-line) by the measured values from data files, on-line connected to process plant through an OPC The OPC interface tool to be connected to almost (off-line) by reading reading theinterface. measured values from data allows files, or orthe on-line connected to the the process plant through an OPC interface. The OPC interface allows the tool to be connected to almost plant through an OPC interface. The OPC interface allows the tool to be connected to almost any process which features a SCADA system for supervisory control. When running in onplant through an OPC interface. The OPC interface allows the tool to be connected to almost any process which features a SCADA system for supervisory control. When running in onany process which features a SCADA system for supervisory control. When running in online mode, each process is monitored by a software agent. In case of a fault, FAST any process whichprocess features amonitored SCADA system for supervisory control. When running in will online mode, each is by a software agent. In case of a fault, FAST will line mode, mode, each process is the monitored by aa software software agent. In InThe case of aa fault, fault, FAST and will detect it and will indicate faulty device to the SCADA. SCADA can display line each process is monitored by agent. case of FAST will detect it and will indicate the faulty device to the SCADA. The SCADA can display and detect it will indicate the faulty to the SCADA. can display and record the fault allowing the implementation For some detect it and and will indicate the faulty device deviceof toearly the countermeasures. SCADA. The The SCADA SCADA canfaults, displayFAST and record the fault allowing the implementation of early countermeasures. For some faults, FAST record the fault allowing the implementation of early countermeasures. For some faults, FAST can also automatically reconfigure the process to temporarily avoid an emergency stop. This record the fault allowing the implementation of early countermeasures. For some faults, FAST can also automatically reconfigure the process to temporarily avoid an emergency stop. This can also reconfigure the to temporarily avoid stop. This functionality is specially useful in systems with level of autonomy, difficult access for can also automatically automatically reconfigure the process process tohigh temporarily avoid an an emergency emergency stop.or This functionality is specially useful in systems with high level of autonomy, difficult access or functionality is specially specially usefulcannot in systems systems with high high level level of autonomy, autonomy, difficult access or for for which maintenance operations be immediately implemented. The objective of FAST is functionality is useful in with of difficult access or for which maintenance operations cannot be immediately implemented. The objective of FAST is which maintenance operations cannot be immediately implemented. The objective of FAST is to provide to the industry a tool which can be used with a moderate level of complexity to which maintenance operations cannot be immediately implemented. The objective of FAST is to provide to the industry a tool which can be used with a moderate level of complexity to to provide to the industry a tool which can be used with a moderate level of complexity to apply FDI on top of the traditional process supervision. to provide to the industry a tool which can be used with a moderate level of complexity to apply FDI top of the traditional process supervision. apply FDI on on top process supervision. apply on(International top of of the the traditional traditional process supervision. © 2015,FDI IFAC Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Keywords: Fault detection and isolation, structural analysis, agents, supervision, maintenance Keywords: Fault detection and isolation, structural Keywords: Fault Fault detection detection and and isolation, isolation, structural structural analysis, analysis, agents, agents, supervision, supervision, maintenance maintenance Keywords: analysis, agents, supervision, maintenance 1. INTRODUCTION required to monitor the process objective. This complex 1. required to monitor the process objective. This complex 1. INTRODUCTION INTRODUCTION required to monitor the process objective. This complex model could be determined by using well known techniques 1. INTRODUCTION required to monitor the process objective. This complex model could be determined by using well known techniques model could be determined by using well known techniques (first principles, estimation, identification, etc.), especially model could be determined by using well known techniques In Blanke et al. (2003), the component-based FDI analysis (first principles, estimation, identification, etc.), especially In Blanke et the FDI analysis (first principles, estimation, identification, etc.), especially In Blanke et al. al. (2003), (2003), the component-based component-based FDIdefines analysisa if the system is already existing. In this example, the andBlanke architecture is introduced. This architecture (first principles, estimation, identification, etc.), especially In et al. (2003), the component-based FDI analysis if the system is already existing. In this example, the and architecture is introduced. This architecture defines a if the system is already existing. In this example, the and architecture is introduced. This architecture defines a model can define the BOD (Biological Oxygen Demand) if the system is already existing. In this example, the generic component model based on services and use modes. and architecture is introduced. This architecture defines a model can define the BOD (Biological Oxygen Demand) generic component model based on services and use modes. model can define the BOD (Biological Oxygen Demand) in the reactor in function of the time, the environment generic component model based on services and use modes. model can define the BOD (Biological Oxygen Demand) The use modes define which subset of services is available generic component model based on services and is use modes. in the reactor in function of the time, the environment The use define which of in the in the the environment variables (temperature, pH,of and chemical Theeach use modes modes define which subset subset of services services is available available in the reactor reactor in function function ofpressure) the time, time, thesome environment at mode. A component defines aa physical entity The use modes define which subset of services is available variables (temperature, pH, pressure) and some chemical at each mode. A component defines physical entity variables (temperature, pH, pressure) and some at each mode. A component defines a physical entity compounds concentration. with physical characteristics and a component model is variables (temperature, pH, pressure) and some chemical chemical at each mode.characteristics A componentand defines a physical entity compounds concentration. with physical a component model is compounds concentration. with physical physical characteristics and aa component component model is is compounds concentration. exactly modeling those characteristics. The components with characteristics and model Therefore, a process is described as the aggregation of comexactly modeling those characteristics. The components Therefore, aa process is as the of exactly modeling those those characteristics. The components can be aggregated and both, the analysis faults and exactly modeling characteristics. Theof components Therefore, process is described described as the aggregation aggregation of comcomponents with a global objective. From this definition it is can be aggregated and both, the analysis of faults and Therefore, a process is described as the aggregation of comwith aa global objective. From this definition it is can be be aggregatedare and both, the the analysis of faults faults and and ponents fault propagation extended to the aggregation. can aggregated and both, analysis of ponents with global objective. From this definition it is possible to study even the aggregation of processes, where fault propagation are extended to the aggregation. ponents with a global objective. From this definition it is possible to study even the aggregation of processes, where fault propagation are extended to the aggregation. fault propagation are extended to the aggregation. possible to study even the aggregation of processes, where higher level objectives are defined. The set of aggregated possible to study even the aggregation of processes, where However, sometimes the concept of component aggregahigher level objectives are defined. The set of aggregated However, sometimes the concept of component higher level objectives are defined. The of However, sometimes the concept ofaggregation componentofaggregaaggregaprocesses will represent aa process involving higher higher level objectives are defined. plant The set set of aggregated aggregated tion is not enough. In our work, an compoHowever, sometimes the concept of component aggregaprocesses will represent process plant involving higher tion is not enough. In our work, an aggregation of compoprocesses will represent represent arepresenting process plant plant involving higher tion is not enough. In our work, an aggregation of compolevel objectives and also a physical entity. nents will be a process, and the objectives of the process processes will a process involving higher tion is not enough. In our work, an aggregation of compolevel objectives and also representing a physical entity. nents will be aa process, and the objectives of the process level objectives and also representing aa physical entity. nents will be process, and the objectives of the process level objectives and also representing physical entity. and its constraints are not component properties but pronents will be a process, andcomponent the objectives of thebut process In Samantary and Ghoshal (2008) and Merzouki et al. and constraints are not properties In and (2008) and Merzouki al. and its its constraints aretwo notdifferent component properties but proprocess properties. This layers can enhance the and its constraints are not component properties but proIn Samantary Samantary and Ghoshal Ghoshal (2008) and introduced Merzouki et et al. (2013), model based FDI and FTC are using cess properties. This two different layers can enhance the In Samantary and Ghoshal (2008) and Merzouki et al. (2013), model based FDI and FTC are introduced using cess properties. This two different layers can enhance the FDI architecture since component (or component aggrecess properties. This two different layers can enhance the (2013), model based FDI and FTC are introduced using bond-graphs as a helpful modelling paradigm. Moreover, FDI architecture since component (or component aggre(2013), model based FDI and FTC are introduced using as a helpful modelling paradigm. Moreover, FDI architecture since component (or component component aggre- bond-graphs gation) objectivessince and process objectives are not always FDI architecture component (or aggrebond-graphs as Moreover, some tools (Blanke and modelling Lorentzen paradigm. (2006), Bouamama gation) objectives and process objectives are not always bond-graphs as aa helpful helpful modelling paradigm. Moreover, some tools (Blanke and Lorentzen (2006), Bouamama gation) objectives and process objectives are not always related. In a fermentation reactor, for instance, each comgation) objectives and process objectives are not always some tools (Blanke and Lorentzen (2006), Bouamama et al. (2005)) allow the generation of the process by related. In a fermentation reactor, for instance, each comsome tools (Blanke and Lorentzen (2006), Bouamama et al. (2005)) allow the generation of the process model by related.(tank, In aa fermentation fermentation reactor, for instance, instance, each comcom- et al. (2005)) allow the generation of the process model ponent valve, sensor, pump, heater, heat-exchanger, related. In reactor, for each model by connecting blocks and they can generate C code for the ponent (tank, valve, sensor, pump, heater, heat-exchanger, et al. (2005)) allow the generation of the process model by connecting blocks and they can generate C code for the ponent (tank, valve, sensor, pump, heater, heat-exchanger, etc.) has a very specific objective. However, the purpose ponent (tank, valve, sensor, pump, heater, heat-exchanger, connecting blocks can generate code for the model. These toolsand are they mainly oriented toC the modelling etc.) has a very specific objective. However, the purpose connecting blocks and they can generate C code for the These tools are mainly oriented to the modelling etc.) has very specific objective. However, the the variables purpose model. of thehas process is specific to maintain the environmental etc.) aa very objective. However, purpose model. These are oriented to the modelling of the process and some of them perform of the process is to maintain the environmental variables model. These tools tools are mainly mainly oriented to the the Structural modelling of the process and some of them perform the Structural of the process is to maintain the environmental variables at fixed set points in order to perform the fermentation of the process is to in maintain the environmental variables Analysis. of the process and some of them perform the Structural FAST is not a modelling tool but a tool to at fixed set points order to perform the fermentation of the process andis some ofmodelling them perform the Structural Analysis. FAST not a tool but a at fixed set points in order to perform the fermentation in optimal hence more complex model is at fixed set conditions, points in order toaaperform the fermentation Analysis. FAST FAST is not aathat modelling tool but but a tool tool to to implement a FDI system can be tested in simulation in optimal conditions, hence more complex model is Analysis. is not modelling tool a tool to implement a FDI system that can be tested in simulation in optimal conditions, hence a more complex model is in optimal conditions, hence a more complex model is and implement can be tested moved aatoFDI thesystem on-linethat implementation inin a simulation very userimplement FDI system that can be tested in simulation and moved to the on-line implementation in a very user This work has also been partially funded by the Spanish Ministry and moved to on-line implementation in very This work has also been partially funded by the Spanish Ministry friendly manner. models of the process and moved to the theThe on-line implementation in aacomponents very useruser friendly manner. The models of the process components work has also been partially funded by the Spanish Ministry of This Science and Technology through the Project ECOCIS (Ref. friendly manner. The of the components workand has also been partially funded the Spanish Ministry of This Science Technology through the by Project ECOCIS (Ref. must be already available. They be expressed in any friendly manner. The models models of can the process process components must be already available. They can be expressed in any DPI2013-48243-C2-1-R) and Project HARCRICS (Ref. DPI2014of Science and Technology through the Project ECOCIS (Ref. of Science and Technology the Project (Ref. ECOCIS (Ref. must be already available. They can be expressed in any DPI2013-48243-C2-1-R) and through Project HARCRICS DPI2014form (as e.g. expressed by means of analytical equations or must be already available. They can be expressed in any DPI2013-48243-C2-1-R) and Project HARCRICS (Ref. DPI2014form (as e.g. expressed by means of analytical equations or 58104-R), and by EFFINET grant FP7-ICT-2012-318556 of the DPI2013-48243-C2-1-R) and Project HARCRICS (Ref. DPI201458104-R), and by EFFINET grant FP7-ICT-2012-318556 of the form (as e.g. expressed by means of analytical equations or bond-graphs) being easily integrated in FAST. However, form (as e.g. expressed by means of analytical equations or European Commission. 58104-R), and by EFFINET grant FP7-ICT-2012-318556 of the bond-graphs) being easily integrated in FAST. However, 58104-R), and by EFFINET grant FP7-ICT-2012-318556 of the European Commission. bond-graphs) being easily integrated in FAST. However, bond-graphs) being easily integrated in FAST. However, European Commission. European Commission.
Copyright © 2015, 2015 IFAC 889 Hosting by Elsevier Ltd. All rights reserved. 2405-8963 © IFAC (International Federation of Automatic Control) Copyright © 2015 IFAC 889 Copyright © 2015 IFAC 889 Peer review under responsibility of International Federation of Automatic Copyright © 2015 IFAC 889Control. 10.1016/j.ifacol.2015.09.639
SAFEPROCESS 2015 890 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
one of the goals is to keep the tool utilisation as simple as possible: the process engineer does not need to deal with modelling, but only indicating the topology of the process (components and their relationships) it is possible to obtain valuable design information (by simulation) which can be feed-backward into the design to refine it. Finally, it is possible to connect the tool to the process and implement FDI in real-time without needing to add some extra modelling information. For this latter feature, the tool implements an OPC interface which allows the direct interaction with any commercial SCADA. The tag names which establish the relation between the process data and FAST are provided in the Process Definition File (PDL). The low level FDI analysis implemented in FAST related to process components has been introduced in Duatis et al. (2014), where the algorithms to perform the Structural Analysis from the process components point of view are explained and verified using the well-known two-tanks example. The main software architecture characteristics of FAST are the elements that will be introduced in detail in this paper: • Components are abstracted like software structures (Java classes). • Services belonging to each component are generalised by the definition of relations. Each component has a predefined set of relations. Each type of relation is represented also as a class. Several input process variables are implied in each relation and one output process variable is calculated. • Each process variable is also a class. • The software representation of the components does not implement behaviour since it is only an abstraction of the real component. • Behaviour is provided by a software BDI agent which encapsulates a process. Software agents are developed in the Jadex platform (Pokahr et al., 2005). • The aggregation of components is the world representation of this agent. • Processes can be distributed. • It is possible to define process objectives in the form of relations. • The aggregation of processes with shared objectives is defined as a process plant. The structure of the paper is the following: In Section 2, the Process Definition File will be described. This file provides the process information required to build the process model based on components, relations and process variables. Section 3 will present how the process model is generated by the software. As well as the software architecture of the FAST tool is introduced, it will be presented how additional components can be incorporated. Section 4 explains the implementation of the process supervision as a software agent. The representation as a software agent becomes natural once the characteristics of software agents are presented. Section 5 will describe how distributed plant processes can be supervised by deploying FAST and how plant-level objectives can be achieved with increased reliability. Some conclusions and further research are finally highlighted.
2. THE PROCESS DEFINITON FILE The Process Definition File provides the process description in XML. The eXtensible Markup Language allows the representation of entities, entity properties and entity attributes in a structured form both human and machine readable. In this way, components, relations and process variables are represented as XML data structures. The information for these structures is obtained from the component physical properties (for instance, the device data sheet) and from the P&ID which describes the process topology. During the design process, the process engineer will select and represent the process components in the P&ID diagram according to the process objectives and specifications. In this design phase, information about the process redundancies should be obtained. Therefore, FAST can be used stand-alone, that is, without being connected to the real process but just providing the PDL, in order to analyse the FDI capabilities of the process under design. In this way, the process engineer will be able to perform what-if analysis and identify if adding or relocating process components the reliability can be increased. In Samantaray et al. (2004), it is illustrated how using a software tool and through the systematic structural analysis of a process, it is possible to improve the sensor placement in order to increase the observability and therefore the capacity for fault detection and isolation. The Process Variables section in the PDL will provide the symbolic information of the variables in the process. Then, these symbols will be used in the relations and will define the connections between them. That is, if two relations contain the same process variable, it means that they are connected. In this file section, we also assign the initial value for the process variable which will be used for simulation and the tag as indicated in the P&ID. The Components section is where the components belonging to the process will be listed. The components are linked to the relations. That is, every relation belongs to a component and thus a component can have one or more relations. The tag is also specified, which will be used to indicate if the component is in error. Finally, the Relations section define the component model and are mostly derived from the first-principles specifying the physical properties of the component. However, the relations can be reused between components. That is, a tank can have an input and an output valve, or one input and two output valves, a temperature sensor, a level sensor measuring in liters or in millimeters, a level sensor just indicating if the maximum level has been reached. All these characteristics are defined as relations. Thus, by associating the relations to the component, the component characteristics are defined. The information to be provided in a relation depends on its type. For instance, a process which includes a liquid tank will incorporate the component Liquid Tank. The cylindrical tank has a level sensor in millimeters and one input and one output valves. The following relations associated to the tank will be defined: (1) Cylindrical Tank Relation: defines the relation of the level variation inside the liquid tank with respect to the input and output flows and the tank geometry.
890
SAFEPROCESS 2015 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
891
Fig. 2. FAST software architecture (working on-line). Fig. 1. FAST software architecture (working off-line). (2) Derivative Relation: defines a derivative relation between two process variables. In this case, it will be the variation of the level and the level. (3) Sensor Relation: it will exist for each measured variable. In this case, it will be the liquid level. For this component, the process variables corresponding to the tank level and input and output flows will be defined. The relations model is implemented into FAST and therefore just by indicating that the component Liquid Tank contains this set of Relations with the defined Process Variables, the component model will be instantiated and initialised from the data provided in the PDL. Relation models can be extended to cover a wide range of components and component configurations. As the software is structured in classes, new relations can be added by just creating a new class for every new relation. New relations inherit from the Relation virtual class and must implement the virtual methods which are mandatory to be used by the software model. Mainly, the expression (analytical, algorithm or even fuzzy) which will relate the process variables and the different explicit forms to obtain the value of each causal process variable. The task of grouping and defining the relations associated to a component is very important as we are interested in identifying faults at component level. Eventually, the relations define the model of the component and deviations from the component model will be identified as faults. Thus, the real behaviour measured by the sensors, and the possible analytical redundancy is what will provide the fault detection and isolation capabilities. Every Process Definition File identifies the information related to one process. Therefore, if the plant is formed by several related processes, several files will be generated, one for each process. The process interactions will be explained in Section 5. 3. THE PROCESS MODEL FAST loads the PDLs through the Parser module (see Figure 1). The PDL is the only input, besides some ancillary configuration parameters, to generate process models. During the design phase, the off-line mode can be used to analyse the process. The off-line mode allows the engineer to test and analyse different process configurations and introduce error conditions. FAST allows the simulation of the process and generates Excel files with the simulation results which can be used to generate graphs and reports to support the design decisions. The parsing of the PDL provides to the tool the inputs to perform the structural analysis of the process (Maquin et al. (1997)). This initialisation process will generate the 891
Structural Matrix (SM), obtain the analytical redundant relations (ARRs), the residuals and the Fault Signature Matrix (FSM). All this information will form the Process Model (PM). However, FAST functionality is fully deployed once the process has been physically assembled in the plant and is running. In this case, the tool is able to perform the online monitoring of the process by just providing the final PDL corresponding to the final process design. The PM in this case forms the observation world of a Software Agent, commonly called the agent knowledge-base. Usually an industrial process is supervised through an SCADA system. The SCADA system interfaces with the Process Logic Controllers (PLCs) from which it acquires the process variable values. The SCADA stores the values of the sensors in the process database, which are refreshed periodically. FAST will be connected to the SCADA process database through an OPC interface library. Through this library, FAST will have access to the values of the process variables obtained from the process database of the SCADA. FAST will take these values and calculate the fault vector through the residuals obtained in the initialisation process. The OPC Interface is implemented using the Java library JeasyOpc 1 (see Figure 2). One of the key skills of FAST is the calculation of residuals. From the structural analysis, the ARR set is obtained. Then, from every ARRi , there is a related set of elementary relations which allows the tool to calculate all process variables participating in the ARRi . Therefore, in every cycle, FAST will acquire the process values for the measured variables and next it will calculate all the residuals by calling for each ARRi , which are in fact a subset of Relation instances, the method calcResidual. This method will obtain from the elementary relations, the value of the unmeasured variables. For every process variable, the method goes through the list of related elementary relations checking if the elementary relation contains this variable and defining a perfect matching with respect to this process variable. The algorithms to obtain the ARR and the F SM are detailed in Duatis et al. (2014). 4. THE PROCESS SUPERVISOR AGENT The logic to supervise the processes is implemented as a software agent called Process Supervisor Agent. This software agent will continuously monitor the process with the objective of detecting faults. It follows the architecture of a Believe, Desire, Intention (BDI) agent, which is composed by the following parts: 1 JEasyOPC, 05/11/2014).
http://sourceforge.net/projects/jeasyopc/
(visited
SAFEPROCESS 2015 892 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
• Knowledge-Base (B): contains all the information needed by the agent to perform its function. It is continuously refreshed and changes in elements can trigger events. • Objectives (Γ): define the set of purposes of the agent which it should autonomously reach. • Plans (Π): define the set of procedures which are available to the agent to reach the objectives. • Agenda (A): is the sequence of actions scheduled by the agent. It is continuously changing due to the generation of events, which create new actions and force rescheduling for actions already in the agenda. For the Process Supervisor Agent the Knowledge-Base (B) is the Process Model, with the set of Process Variables, Relations and Components. The basic set of objectives is defined as Γ = {Acquire Process Data, Detect Faults, Notify Faults}. The first two objectives will be continuous and run in parallel. Notify Faults will be an objective which will be activated only if a fault is detected. The set of plans in order to allow the agent to achieve its objectives is defined as: Π = {Refresh Process Data, Calculate Residuals, Send Fault}. The fact of having objectives and plans, although it might seem redundant, allows the agent to apply different plans to achieve the same objectives and have a deliberative process to evaluate which plan is the optimum to apply according to the current conditions. For the most simple implementation of our Process Supervision Agent, there will be a single matching between objectives and plans. That is, to achieve the objective of Acquire Process Data, it will execute the plan Refresh Process Data and to achieve the objective Detect Faults it will execute the plan Calculate Residuals and so on. The fact of structuring the supervision process using software agents is a natural consequence of the functionality they provide. The main characteristics of the software agents are: • Autonomy: software agents are autonomous since they do not need an external intervention to react to events. • Reactivity: a software agent receives information from its environment and reacts according to changes in this information. • Pro activity: a software agent not only will initiate actions as a response to changes in its environment but also will exhibit an objective oriented behaviour such as taking an initiative. • Sociability: a software agent is prepared to exchange information with other agents to accomplish its objectives. A software agent can be seen as a state machine with an indefinite number of states. Each state σ is determined by the tuple σ =< B, Γ, Π, A > . Every action executed by the agent will generate a new tuple σ =< B , Γ , Π , A >, since each of these components can be affected. Actions are generated as a result of an internal event or by receiving an external event, normally from another agent. The scheduling of actions is represented in Figure 3. The first step is to select the next action α from the Agenda α = fsel (A). The plans are divided into steps, so the most basic 892
Fig. 3. Software Agent action scheduling process. action is to execute a Plan step. Other possible actions are to select the next Plan to be executed and schedule it, based on the event received (either internal or external). Every action execution can update the knowledge-base, the objectives or the plans and schedule new actions in the Agenda, feff (α, σ) in the figure. In addition, once an action is executed, the agent will execute the function fside eff (B , Γ , Π ) which evaluates the side-effects caused by the action execution, not by the action itself, which can also generate new events or change priorities of actions in the agenda. For instance, a change in the knowledge-base can trigger the generation of an event and this change can be caused for more than one action. It is clear that at this stage, besides the residuals obtained from the Structural Analysis over the process defined by the PDL taking advantage of any possible analytical redundancy, the tool can be extended by using other more adhoc diagnostic algorithms. By redefining the plan Calculate Residuals to something more generic as Identify Faults with the same objective of Detect Faults, the agent can be extended to identify faults by other mechanisms. For instance, trending algorithms based on data mining or model based fault detection (Blanke et al. (2003); Gertler (1991)). However, it is important to remark that the plans by default will only require configuration data to be operative, that is, only by providing the information of the process through the Process Definition File, all the mechanism can be deployed. Another possibility resulting from the Structural Analysis and if eventually analytical redundancies are identified, is to use these analytical redundancies to avoid stopping the process in case of a fault in a sensor and no hardware redundancy is available, by using these redundancies to build process observers. This functionality will configure the process in a degraded mode but it will be possible to continue its function. It is important to remark that this would be only possible for some faults, that is, faults which can be detected and for which isolation is possible. To implement this functionality the agent will incorporate another objective Provide Faulty Signal with the associated plan Faulty Signal Observer. The plans Refresh Process Data and Notify Fault interface with the OPC client library. The configuration of the agent coming from the PDL will include the identification of the tags which need to be acquired or updated to obtain the process data or to communicate a fault respectively. The Jadex agent platform provides the agent architecture which implements the scheduling process and includes templates to define all the agent components; the knowledge-base, the objectives and the plans. Also it defines which actions and events should follow. The platform incorporates the capability of multi-
SAFEPROCESS 2015 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
893
agent communication by defining an ontology and using the FIPA message structure (Woolridge and Wooldridge (2001)). The capability of multi-agent communication will be used by FAST to coordinate objectives at plant level as explained below. 5. PLANT WIDE PROCESS SUPERVISION Another major step in the deployment of FAST functionality is when more than one process is supervised and these processes are related. If there is a clear dependency between two or more processes, this dependency can be also modeled. Extending this approach, a model based global planning of the plant can be generated. This model will estimate in a predefined horizon, similarly as in a Model Predictive Controller (MPC), the deviation from the global objectives based on the data available at the current instant. In case any of the Process Supervisor Agents reports a fault, the model will incorporate the fault into the calculations and provide an estimation of the effects of this fault to the global planning (see Figure 4). This Plant Supervisor Agent will be responsible of indicating, also interacting with the SCADA, the level of accomplishment of the objectives in the near term based on the current status of the plant. This functionality can help the global planning in a way that can relegate a maintenance intervention. Thus, it has minimal effect on the global plant objectives or on the contrary it indicates a high priority in an activity which can cause an unrecoverable status in a given time. This functionality can be very important in manufacturing chains with processes sharing strong dependencies or bio-chemical plants where the products from one process are inputs for other processes. The Plant Supervisor Agent will have a knowledgebase formed with the process variables of relevance used to estimate the plant objectives performance. In this case, the knowledge-base will be updated basically by the external messages received from the Process Supervisor Agents which will provide the current values of their outputs. This agent will have the following objectives, in the simplified form: Estimate Plant Performance and Notify Plant Performance. The associated plans to the Plant Supervisor Agent are Calculate Plant Performance and Send Plant Performance Data. In this case, the plans are not generated systematically as the need to be defined specifically by each plant configuration. The availability of this architecture, provides another important feature which is the possibility of autonomous reconfiguration of the plant. The Plant Supervisor Agent needs to know the contribution of each of the Process Supervision Agents to the objectives of the plant. If the plant has critical processes most probably it will implement physical redundancies for this critical processes. FAST is aimed to provide a global supervision solution to the implementation of a Life Support System based on biological processes to provide fresh water, air and food by recycling human wastes in a closed environment, such as a planetary base or a space transit vehicle. The tool is being tested using data from the MELiSSA Claude Chipaux Laboratory Lasseur (2008), which is a laboratory managed by the European Space Agency (ESA) located at the Universitat Aut` onoma de Barcelona (Spain). This project requires a global supervision system able to provide a high level of autonomy and reliability. In addition, the process requires a global 893
Fig. 4. Plant Supervisor Agent. planning able to predict the availability of consumables in a defined period of time based on the current plant activity. One of the best known processes in this system is the production of oxygen through an alga bio-reactor. The bio-reactor holds a culture of spirulina plantensis, which is an alga that can be also consumed in low quantities and generates oxygen through the photosynthesis. When in steady state, the production of oxygen is proportional to the biomass concentration in the bio-reactor and at the same time the biomass concentration is related to the availability of a light source, CO2 and the required nutrients. The nutrients are basically provided by other bio-reactors which are able to process human wastes. CO2 is provided as a result of the human metabolism, which causes the humans to expire CO2 continuously and the light is provided by natural illumination or by artificial lighting systems. In any case, the production of oxygen will be highly dependent on the external provision of the required inputs, as well as maintaining the optimal environmental conditions (temperature, pH, etc.). In addition, the system has critical levels which should never be reached to keep the bio-reactor permanently in steady state. That is, if the biomass concentration is too low, the biomass will become impossible and the bio-reactor can lose completely its function. In the same way, if the biomass concentration becomes too high, the light will not reach part of the culture or the nutrients becoming insufficient. Thus, the biomass will become impossible very fast and die, resulting as well in a loss of the bioreactor function. It is clear that a global planning system is required in these cases. FAST will provide the required functionality. Locally, at process level, it will monitor the different control loops, complementing the alarm management function of the SCADA by detecting faults using the available analytical redundancy and providing periodically the required information to the Plant Supervision Agent. In addition, the Plant Supervision Agent will monitor the objectives of the plant. In the case of the spirulina photo bio-reactor, it will monitor the oxygen production as the main objective. It will use a model of the biomass growth already identified in Lasseur (2008) to estimate the biomass concentration and thus the expected oxygen production at a given time. This is very important in order to plan for possible countermeasures in case that there is any incidence which causes to decrease the oxygen production below the expected levels or to prevent situations in which eventually the bio-reactor function is stopped because the biomass becomes impossible. For some of the incidences, there will be some actions which can be automatically implemented in case that a fault affecting the plant objectives is detected. For instance, in case that
SAFEPROCESS 2015 894 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
for a specific case, therefore a plant function from the MELiSSA Claude Chipaux laboratory will be selected. As the best known process is the biomass and oxygen production of the spirulina photo bio-reactor, the idea is to implement a Plant Supervision Agent for this process. This agent will calculate periodically the estimation of the oxygen production based on the information provided by the performance of its own processes and the processes from other bio-reactors. REFERENCES Fig. 5. FAST interfacing with a SCADA signaling a fault detected in the Level Sensor some fault affects the production of nutrients required by the bio-reactor, the system can activate an artificial source of these nutrients which will maintain the plant in operation although in a degraded mode. The plans for the Plant Supervision Agent can be easily implemented using the available templates to generate agent plans which are available in the JADEX multiagent system platform (Pokahr et al., 2005). The plans are implemented in Java and follow a predefined structure. Once the model of the plant objectives is available, it is simple to generate the corresponding Java code. The Process Supervision Agents should deliver periodically the values of the required variables and the status of the processes on-line such as normal, degraded and faulty. This information is provided through agent messages which are processed by the Plant Supervisor Agent. These messages will update the agent knowledge-base. The Plant Supervision Agent will execute periodically the Calculate Plant Performance plan which taking the information from the knowledge-base will calculate the estimated objective for the near term period. This data will be stored as well in the knowledge database. The plan Send Plant Performance Data will send this data to the SCADA which will be able to represent it in a trending graph. 6. CONCLUSIONS AND FUTURE WORK This work presents an architecture based on software agents to implement the supervision of industrial processes requiring a high level of autonomy and reliability. The architecture is presented in a hierarchical structure, by defining the Process Supervisor Agents, responsible for supervising single processes and the Plant Supervisor Agent responsible of supervising the global plant objectives. The idea to generate this architecture was already drafted in Duatis et al. (2014) and from then the work has been focused on developing a tool implementing it. Up to now, the architecture has demonstrated that it is able to cover the global supervision requirements successfully. The FAST tool is still under development. Currently, the tool is able to generate the Process Supervisor Agent by providing the Process Definition File, connect to a SCADA to obtain process data and detect faults in processes with analytical redundancy. The faults are recorded and communicated to a SCADA system which is able to represent the fault in a synoptic diagram and generate the corresponding alarm (see Figure 5). To implement the software agents the JADEX multiagent system platform is being used. The next step will be to implement a Plant Supervision Agent. The Plant Supervision Agent needs to be implemented 894
Blanke, M., Kinnaert, M., Lunze, J., and Staroswiecki, M. (2003). Diagnosis and Fault-tolerant Control. Springer Verlag, 1st edition. Blanke, M. and Lorentzen, T. (2006). SaTool - a Software Tool for Structural Analysis of Complex Automation Systems, 673–678. Elsevier Science. Bouamama, B.O., Samantaray, A., Medjaher, K., Staroswiecki, M., and Dauphin-Tanguy, G. (2005). Model builder using functional and bond graph tools for FDI design. Control Engineering Practice, 13(7), 875–891. Duatis, J., Angulo, C., and Puig, V. (2014). FAST: a fault analysis software tool. In The 2014 IEEE MultiConference on Systems and Control (MSC 2014). IEEE MSC 2014. Gertler, J. (1991). Analytical redundancy methods in fault detection and isolation. survey and synthesis. In IFAC/IMACS-Symposium on fault detection, supervision and safety for technical processes - Safeprocess ’91, 9–22. Lasseur, C. (2008). Melissa: The European project of a closed life support system. In 37th COSPAR Scientific Assembly, volume 37 of COSPAR Meeting, 1706. Maquin, D., Cocquempot, V., Cassar, J.P., Staroswiecki, M., and Ragot, J. (1997). Generation of Analytical Redundancy Relations for FDI purposes. In IFAC Symposium on Diagnostics for Electrical Machines, Power Electronics and Drives, SDEMPED’97, 86–93. Carry-le Rouet, France. Merzouki, R., Samantaray, A.K., Pathak, P.M., and Bouamama, B.O. (2013). Intelligent Mechatronic Systems: Modeling, Control and Diagnosis. Springer Verlag, 1st edition. Pokahr, A., Braubach, L., and Lamersdorf, W. (2005). Jadex: A bdi reasoning engine. In R.H. Bordini, M. Dastani, J. Dix, and A.E. Fallah-Seghrouchni (eds.), MultiAgent Programming, volume 15 of Multiagent Systems, Artificial Societies, and Simulated Organizations, 149– 174. Springer. Samantaray, A.K., Medjaher, K., Bouamama, B.O., Staroswiecki, M., and Dauphin-Tanguy, G. (2004). Component-based modelling of thermofluid systems for sensor placement and fault detection. Simulation, 80(78), 381–398. Samantary, A. and Ghoshal, S. (2008). Bicausal bond graphs for supervision: From fault detection and isolation to fault accommodation. Journal of the Franklin Institute, 345(1), 1–28. Woolridge, M. and Wooldridge, M.J. (2001). Introduction to Multiagent Systems. John Wiley & Sons, Inc., New York, NY, USA.
ScienceDirect
The The The The
IFAC-PapersOnLine 48-21 (2015) 889–894
Software Architecture of FAST: Software Architecture of FAST: Software Architecture of Software Architecture of FAST: FAST: Agent-based FDI Tool Agent-based FDI Tool Agent-based Agent-based FDI FDI Tool Tool
An An An An
∗ ∗∗ ∗∗ ∗ ∗∗ ∗∗ Jordi Duatis c Puig ∗ Cecilio Angulo ∗∗ Vicen¸ ∗∗ Jordi Duatis Cecilio Angulo ∗∗ Vicen¸ c Puig ∗ ∗∗ ∗ Cecilio Angulo ∗∗ Jordi Duatis Vicen¸ c Puig Jordi Duatis Cecilio Angulo Vicen¸ c Puig ∗∗ ∗ ∗ ees, Spain (e-mail: [email protected]) ∗ SENER, Cerdanyola del Vall` SENER, Cerdanyola del Vall` Spain (e-mail: [email protected]) ∗ ∗∗ ∗∗ Automatic ∗ SENER, Cerdanyola del Vall` ees, s, Spain (e-mail: [email protected]) Control Department, Universitat Polit`ecnica de ∗∗ SENER, Cerdanyola del Vall` s, Spain (e-mail: [email protected]) Automatic Control Department, Universitat Polit` ecnica de ∗∗ ∗∗ Automatic Control Department, Universitat Polit` Catalunya, Barcelona, Spain (e-mail: {cecilio.angulo, Automatic Control Department, Universitat Polit`eecnica cnica de de Catalunya, Barcelona, Spain (e-mail: {cecilio.angulo, Catalunya, Barcelona, Barcelona, Spain (e-mail: (e-mail: {cecilio.angulo, {cecilio.angulo, vicenc.puig}@upc.edu) Catalunya, Spain vicenc.puig}@upc.edu) vicenc.puig}@upc.edu) vicenc.puig}@upc.edu) Abstract: This paper introduces the architecture of the Fault Analysis Software Tool (FAST ). Abstract: This paper introduces the architecture of the Fault Analysis Software Tool (FAST ). Abstract: This paper introduces the architecture of the Fault Analysis Software Tool (FAST ). The tool identifies analytical redundancies from a reduced process description and use them Abstract: This paper introduces the architecture of the Fault Analysis Software Tool (FAST ). The tool identifies analytical redundancies from a reduced process description and use them The tool identifies analytical redundancies from a reduced process description and use them to provide fault detection and isolation (FDI). In this form, the automated supervision of The tool identifies analytical redundancies from a reduced process description and use them to provide fault detection and isolation (FDI). In this form, the automated supervision of to provide fault and (FDI). In form, the automated supervision of industrial is simplified. FAST can operate either stand in simulation mode to provide processes fault detection detection and isolation isolation (FDI). In this this form, the alone automated supervision of industrial processes is simplified. FAST can operate either stand alone in simulation mode industrialby processes is simplified. FAST can operate either stand alone alone in simulation simulation mode (off-line) reading the measured values from data files, or on-line connected to the process industrial processes is simplified. FAST can operate either stand in mode (off-line) by reading the measured values from data files, or on-line connected to the process (off-line) by the measured values from data files, on-line connected to process plant through an OPC The OPC interface tool to be connected to almost (off-line) by reading reading theinterface. measured values from data allows files, or orthe on-line connected to the the process plant through an OPC interface. The OPC interface allows the tool to be connected to almost plant through an OPC interface. The OPC interface allows the tool to be connected to almost any process which features a SCADA system for supervisory control. When running in onplant through an OPC interface. The OPC interface allows the tool to be connected to almost any process which features a SCADA system for supervisory control. When running in onany process which features a SCADA system for supervisory control. When running in online mode, each process is monitored by a software agent. In case of a fault, FAST any process whichprocess features amonitored SCADA system for supervisory control. When running in will online mode, each is by a software agent. In case of a fault, FAST will line mode, mode, each process is the monitored by aa software software agent. In InThe case of aa fault, fault, FAST and will detect it and will indicate faulty device to the SCADA. SCADA can display line each process is monitored by agent. case of FAST will detect it and will indicate the faulty device to the SCADA. The SCADA can display and detect it will indicate the faulty to the SCADA. can display and record the fault allowing the implementation For some detect it and and will indicate the faulty device deviceof toearly the countermeasures. SCADA. The The SCADA SCADA canfaults, displayFAST and record the fault allowing the implementation of early countermeasures. For some faults, FAST record the fault allowing the implementation of early countermeasures. For some faults, FAST can also automatically reconfigure the process to temporarily avoid an emergency stop. This record the fault allowing the implementation of early countermeasures. For some faults, FAST can also automatically reconfigure the process to temporarily avoid an emergency stop. This can also reconfigure the to temporarily avoid stop. This functionality is specially useful in systems with level of autonomy, difficult access for can also automatically automatically reconfigure the process process tohigh temporarily avoid an an emergency emergency stop.or This functionality is specially useful in systems with high level of autonomy, difficult access or functionality is specially specially usefulcannot in systems systems with high high level level of autonomy, autonomy, difficult access or for for which maintenance operations be immediately implemented. The objective of FAST is functionality is useful in with of difficult access or for which maintenance operations cannot be immediately implemented. The objective of FAST is which maintenance operations cannot be immediately implemented. The objective of FAST is to provide to the industry a tool which can be used with a moderate level of complexity to which maintenance operations cannot be immediately implemented. The objective of FAST is to provide to the industry a tool which can be used with a moderate level of complexity to to provide to the industry a tool which can be used with a moderate level of complexity to apply FDI on top of the traditional process supervision. to provide to the industry a tool which can be used with a moderate level of complexity to apply FDI top of the traditional process supervision. apply FDI on on top process supervision. apply on(International top of of the the traditional traditional process supervision. © 2015,FDI IFAC Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Keywords: Fault detection and isolation, structural analysis, agents, supervision, maintenance Keywords: Fault detection and isolation, structural Keywords: Fault Fault detection detection and and isolation, isolation, structural structural analysis, analysis, agents, agents, supervision, supervision, maintenance maintenance Keywords: analysis, agents, supervision, maintenance 1. INTRODUCTION required to monitor the process objective. This complex 1. required to monitor the process objective. This complex 1. INTRODUCTION INTRODUCTION required to monitor the process objective. This complex model could be determined by using well known techniques 1. INTRODUCTION required to monitor the process objective. This complex model could be determined by using well known techniques model could be determined by using well known techniques (first principles, estimation, identification, etc.), especially model could be determined by using well known techniques In Blanke et al. (2003), the component-based FDI analysis (first principles, estimation, identification, etc.), especially In Blanke et the FDI analysis (first principles, estimation, identification, etc.), especially In Blanke et al. al. (2003), (2003), the component-based component-based FDIdefines analysisa if the system is already existing. In this example, the andBlanke architecture is introduced. This architecture (first principles, estimation, identification, etc.), especially In et al. (2003), the component-based FDI analysis if the system is already existing. In this example, the and architecture is introduced. This architecture defines a if the system is already existing. In this example, the and architecture is introduced. This architecture defines a model can define the BOD (Biological Oxygen Demand) if the system is already existing. In this example, the generic component model based on services and use modes. and architecture is introduced. This architecture defines a model can define the BOD (Biological Oxygen Demand) generic component model based on services and use modes. model can define the BOD (Biological Oxygen Demand) in the reactor in function of the time, the environment generic component model based on services and use modes. model can define the BOD (Biological Oxygen Demand) The use modes define which subset of services is available generic component model based on services and is use modes. in the reactor in function of the time, the environment The use define which of in the in the the environment variables (temperature, pH,of and chemical Theeach use modes modes define which subset subset of services services is available available in the reactor reactor in function function ofpressure) the time, time, thesome environment at mode. A component defines aa physical entity The use modes define which subset of services is available variables (temperature, pH, pressure) and some chemical at each mode. A component defines physical entity variables (temperature, pH, pressure) and some at each mode. A component defines a physical entity compounds concentration. with physical characteristics and a component model is variables (temperature, pH, pressure) and some chemical chemical at each mode.characteristics A componentand defines a physical entity compounds concentration. with physical a component model is compounds concentration. with physical physical characteristics and aa component component model is is compounds concentration. exactly modeling those characteristics. The components with characteristics and model Therefore, a process is described as the aggregation of comexactly modeling those characteristics. The components Therefore, aa process is as the of exactly modeling those those characteristics. The components can be aggregated and both, the analysis faults and exactly modeling characteristics. Theof components Therefore, process is described described as the aggregation aggregation of comcomponents with a global objective. From this definition it is can be aggregated and both, the analysis of faults and Therefore, a process is described as the aggregation of comwith aa global objective. From this definition it is can be be aggregatedare and both, the the analysis of faults faults and and ponents fault propagation extended to the aggregation. can aggregated and both, analysis of ponents with global objective. From this definition it is possible to study even the aggregation of processes, where fault propagation are extended to the aggregation. ponents with a global objective. From this definition it is possible to study even the aggregation of processes, where fault propagation are extended to the aggregation. fault propagation are extended to the aggregation. possible to study even the aggregation of processes, where higher level objectives are defined. The set of aggregated possible to study even the aggregation of processes, where However, sometimes the concept of component aggregahigher level objectives are defined. The set of aggregated However, sometimes the concept of component higher level objectives are defined. The of However, sometimes the concept ofaggregation componentofaggregaaggregaprocesses will represent aa process involving higher higher level objectives are defined. plant The set set of aggregated aggregated tion is not enough. In our work, an compoHowever, sometimes the concept of component aggregaprocesses will represent process plant involving higher tion is not enough. In our work, an aggregation of compoprocesses will represent represent arepresenting process plant plant involving higher tion is not enough. In our work, an aggregation of compolevel objectives and also a physical entity. nents will be a process, and the objectives of the process processes will a process involving higher tion is not enough. In our work, an aggregation of compolevel objectives and also representing a physical entity. nents will be aa process, and the objectives of the process level objectives and also representing aa physical entity. nents will be process, and the objectives of the process level objectives and also representing physical entity. and its constraints are not component properties but pronents will be a process, andcomponent the objectives of thebut process In Samantary and Ghoshal (2008) and Merzouki et al. and constraints are not properties In and (2008) and Merzouki al. and its its constraints aretwo notdifferent component properties but proprocess properties. This layers can enhance the and its constraints are not component properties but proIn Samantary Samantary and Ghoshal Ghoshal (2008) and introduced Merzouki et et al. (2013), model based FDI and FTC are using cess properties. This two different layers can enhance the In Samantary and Ghoshal (2008) and Merzouki et al. (2013), model based FDI and FTC are introduced using cess properties. This two different layers can enhance the FDI architecture since component (or component aggrecess properties. This two different layers can enhance the (2013), model based FDI and FTC are introduced using bond-graphs as a helpful modelling paradigm. Moreover, FDI architecture since component (or component aggre(2013), model based FDI and FTC are introduced using as a helpful modelling paradigm. Moreover, FDI architecture since component (or component component aggre- bond-graphs gation) objectivessince and process objectives are not always FDI architecture component (or aggrebond-graphs as Moreover, some tools (Blanke and modelling Lorentzen paradigm. (2006), Bouamama gation) objectives and process objectives are not always bond-graphs as aa helpful helpful modelling paradigm. Moreover, some tools (Blanke and Lorentzen (2006), Bouamama gation) objectives and process objectives are not always related. In a fermentation reactor, for instance, each comgation) objectives and process objectives are not always some tools (Blanke and Lorentzen (2006), Bouamama et al. (2005)) allow the generation of the process by related. In a fermentation reactor, for instance, each comsome tools (Blanke and Lorentzen (2006), Bouamama et al. (2005)) allow the generation of the process model by related.(tank, In aa fermentation fermentation reactor, for instance, instance, each comcom- et al. (2005)) allow the generation of the process model ponent valve, sensor, pump, heater, heat-exchanger, related. In reactor, for each model by connecting blocks and they can generate C code for the ponent (tank, valve, sensor, pump, heater, heat-exchanger, et al. (2005)) allow the generation of the process model by connecting blocks and they can generate C code for the ponent (tank, valve, sensor, pump, heater, heat-exchanger, etc.) has a very specific objective. However, the purpose ponent (tank, valve, sensor, pump, heater, heat-exchanger, connecting blocks can generate code for the model. These toolsand are they mainly oriented toC the modelling etc.) has a very specific objective. However, the purpose connecting blocks and they can generate C code for the These tools are mainly oriented to the modelling etc.) has very specific objective. However, the the variables purpose model. of thehas process is specific to maintain the environmental etc.) aa very objective. However, purpose model. These are oriented to the modelling of the process and some of them perform of the process is to maintain the environmental variables model. These tools tools are mainly mainly oriented to the the Structural modelling of the process and some of them perform the Structural of the process is to maintain the environmental variables at fixed set points in order to perform the fermentation of the process is to in maintain the environmental variables Analysis. of the process and some of them perform the Structural FAST is not a modelling tool but a tool to at fixed set points order to perform the fermentation of the process andis some ofmodelling them perform the Structural Analysis. FAST not a tool but a at fixed set points in order to perform the fermentation in optimal hence more complex model is at fixed set conditions, points in order toaaperform the fermentation Analysis. FAST FAST is not aathat modelling tool but but a tool tool to to implement a FDI system can be tested in simulation in optimal conditions, hence more complex model is Analysis. is not modelling tool a tool to implement a FDI system that can be tested in simulation in optimal conditions, hence a more complex model is in optimal conditions, hence a more complex model is and implement can be tested moved aatoFDI thesystem on-linethat implementation inin a simulation very userimplement FDI system that can be tested in simulation and moved to the on-line implementation in a very user This work has also been partially funded by the Spanish Ministry and moved to on-line implementation in very This work has also been partially funded by the Spanish Ministry friendly manner. models of the process and moved to the theThe on-line implementation in aacomponents very useruser friendly manner. The models of the process components work has also been partially funded by the Spanish Ministry of This Science and Technology through the Project ECOCIS (Ref. friendly manner. The of the components workand has also been partially funded the Spanish Ministry of This Science Technology through the by Project ECOCIS (Ref. must be already available. They be expressed in any friendly manner. The models models of can the process process components must be already available. They can be expressed in any DPI2013-48243-C2-1-R) and Project HARCRICS (Ref. DPI2014of Science and Technology through the Project ECOCIS (Ref. of Science and Technology the Project (Ref. ECOCIS (Ref. must be already available. They can be expressed in any DPI2013-48243-C2-1-R) and through Project HARCRICS DPI2014form (as e.g. expressed by means of analytical equations or must be already available. They can be expressed in any DPI2013-48243-C2-1-R) and Project HARCRICS (Ref. DPI2014form (as e.g. expressed by means of analytical equations or 58104-R), and by EFFINET grant FP7-ICT-2012-318556 of the DPI2013-48243-C2-1-R) and Project HARCRICS (Ref. DPI201458104-R), and by EFFINET grant FP7-ICT-2012-318556 of the form (as e.g. expressed by means of analytical equations or bond-graphs) being easily integrated in FAST. However, form (as e.g. expressed by means of analytical equations or European Commission. 58104-R), and by EFFINET grant FP7-ICT-2012-318556 of the bond-graphs) being easily integrated in FAST. However, 58104-R), and by EFFINET grant FP7-ICT-2012-318556 of the European Commission. bond-graphs) being easily integrated in FAST. However, bond-graphs) being easily integrated in FAST. However, European Commission. European Commission.
Copyright © 2015, 2015 IFAC 889 Hosting by Elsevier Ltd. All rights reserved. 2405-8963 © IFAC (International Federation of Automatic Control) Copyright © 2015 IFAC 889 Copyright © 2015 IFAC 889 Peer review under responsibility of International Federation of Automatic Copyright © 2015 IFAC 889Control. 10.1016/j.ifacol.2015.09.639
SAFEPROCESS 2015 890 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
one of the goals is to keep the tool utilisation as simple as possible: the process engineer does not need to deal with modelling, but only indicating the topology of the process (components and their relationships) it is possible to obtain valuable design information (by simulation) which can be feed-backward into the design to refine it. Finally, it is possible to connect the tool to the process and implement FDI in real-time without needing to add some extra modelling information. For this latter feature, the tool implements an OPC interface which allows the direct interaction with any commercial SCADA. The tag names which establish the relation between the process data and FAST are provided in the Process Definition File (PDL). The low level FDI analysis implemented in FAST related to process components has been introduced in Duatis et al. (2014), where the algorithms to perform the Structural Analysis from the process components point of view are explained and verified using the well-known two-tanks example. The main software architecture characteristics of FAST are the elements that will be introduced in detail in this paper: • Components are abstracted like software structures (Java classes). • Services belonging to each component are generalised by the definition of relations. Each component has a predefined set of relations. Each type of relation is represented also as a class. Several input process variables are implied in each relation and one output process variable is calculated. • Each process variable is also a class. • The software representation of the components does not implement behaviour since it is only an abstraction of the real component. • Behaviour is provided by a software BDI agent which encapsulates a process. Software agents are developed in the Jadex platform (Pokahr et al., 2005). • The aggregation of components is the world representation of this agent. • Processes can be distributed. • It is possible to define process objectives in the form of relations. • The aggregation of processes with shared objectives is defined as a process plant. The structure of the paper is the following: In Section 2, the Process Definition File will be described. This file provides the process information required to build the process model based on components, relations and process variables. Section 3 will present how the process model is generated by the software. As well as the software architecture of the FAST tool is introduced, it will be presented how additional components can be incorporated. Section 4 explains the implementation of the process supervision as a software agent. The representation as a software agent becomes natural once the characteristics of software agents are presented. Section 5 will describe how distributed plant processes can be supervised by deploying FAST and how plant-level objectives can be achieved with increased reliability. Some conclusions and further research are finally highlighted.
2. THE PROCESS DEFINITON FILE The Process Definition File provides the process description in XML. The eXtensible Markup Language allows the representation of entities, entity properties and entity attributes in a structured form both human and machine readable. In this way, components, relations and process variables are represented as XML data structures. The information for these structures is obtained from the component physical properties (for instance, the device data sheet) and from the P&ID which describes the process topology. During the design process, the process engineer will select and represent the process components in the P&ID diagram according to the process objectives and specifications. In this design phase, information about the process redundancies should be obtained. Therefore, FAST can be used stand-alone, that is, without being connected to the real process but just providing the PDL, in order to analyse the FDI capabilities of the process under design. In this way, the process engineer will be able to perform what-if analysis and identify if adding or relocating process components the reliability can be increased. In Samantaray et al. (2004), it is illustrated how using a software tool and through the systematic structural analysis of a process, it is possible to improve the sensor placement in order to increase the observability and therefore the capacity for fault detection and isolation. The Process Variables section in the PDL will provide the symbolic information of the variables in the process. Then, these symbols will be used in the relations and will define the connections between them. That is, if two relations contain the same process variable, it means that they are connected. In this file section, we also assign the initial value for the process variable which will be used for simulation and the tag as indicated in the P&ID. The Components section is where the components belonging to the process will be listed. The components are linked to the relations. That is, every relation belongs to a component and thus a component can have one or more relations. The tag is also specified, which will be used to indicate if the component is in error. Finally, the Relations section define the component model and are mostly derived from the first-principles specifying the physical properties of the component. However, the relations can be reused between components. That is, a tank can have an input and an output valve, or one input and two output valves, a temperature sensor, a level sensor measuring in liters or in millimeters, a level sensor just indicating if the maximum level has been reached. All these characteristics are defined as relations. Thus, by associating the relations to the component, the component characteristics are defined. The information to be provided in a relation depends on its type. For instance, a process which includes a liquid tank will incorporate the component Liquid Tank. The cylindrical tank has a level sensor in millimeters and one input and one output valves. The following relations associated to the tank will be defined: (1) Cylindrical Tank Relation: defines the relation of the level variation inside the liquid tank with respect to the input and output flows and the tank geometry.
890
SAFEPROCESS 2015 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
891
Fig. 2. FAST software architecture (working on-line). Fig. 1. FAST software architecture (working off-line). (2) Derivative Relation: defines a derivative relation between two process variables. In this case, it will be the variation of the level and the level. (3) Sensor Relation: it will exist for each measured variable. In this case, it will be the liquid level. For this component, the process variables corresponding to the tank level and input and output flows will be defined. The relations model is implemented into FAST and therefore just by indicating that the component Liquid Tank contains this set of Relations with the defined Process Variables, the component model will be instantiated and initialised from the data provided in the PDL. Relation models can be extended to cover a wide range of components and component configurations. As the software is structured in classes, new relations can be added by just creating a new class for every new relation. New relations inherit from the Relation virtual class and must implement the virtual methods which are mandatory to be used by the software model. Mainly, the expression (analytical, algorithm or even fuzzy) which will relate the process variables and the different explicit forms to obtain the value of each causal process variable. The task of grouping and defining the relations associated to a component is very important as we are interested in identifying faults at component level. Eventually, the relations define the model of the component and deviations from the component model will be identified as faults. Thus, the real behaviour measured by the sensors, and the possible analytical redundancy is what will provide the fault detection and isolation capabilities. Every Process Definition File identifies the information related to one process. Therefore, if the plant is formed by several related processes, several files will be generated, one for each process. The process interactions will be explained in Section 5. 3. THE PROCESS MODEL FAST loads the PDLs through the Parser module (see Figure 1). The PDL is the only input, besides some ancillary configuration parameters, to generate process models. During the design phase, the off-line mode can be used to analyse the process. The off-line mode allows the engineer to test and analyse different process configurations and introduce error conditions. FAST allows the simulation of the process and generates Excel files with the simulation results which can be used to generate graphs and reports to support the design decisions. The parsing of the PDL provides to the tool the inputs to perform the structural analysis of the process (Maquin et al. (1997)). This initialisation process will generate the 891
Structural Matrix (SM), obtain the analytical redundant relations (ARRs), the residuals and the Fault Signature Matrix (FSM). All this information will form the Process Model (PM). However, FAST functionality is fully deployed once the process has been physically assembled in the plant and is running. In this case, the tool is able to perform the online monitoring of the process by just providing the final PDL corresponding to the final process design. The PM in this case forms the observation world of a Software Agent, commonly called the agent knowledge-base. Usually an industrial process is supervised through an SCADA system. The SCADA system interfaces with the Process Logic Controllers (PLCs) from which it acquires the process variable values. The SCADA stores the values of the sensors in the process database, which are refreshed periodically. FAST will be connected to the SCADA process database through an OPC interface library. Through this library, FAST will have access to the values of the process variables obtained from the process database of the SCADA. FAST will take these values and calculate the fault vector through the residuals obtained in the initialisation process. The OPC Interface is implemented using the Java library JeasyOpc 1 (see Figure 2). One of the key skills of FAST is the calculation of residuals. From the structural analysis, the ARR set is obtained. Then, from every ARRi , there is a related set of elementary relations which allows the tool to calculate all process variables participating in the ARRi . Therefore, in every cycle, FAST will acquire the process values for the measured variables and next it will calculate all the residuals by calling for each ARRi , which are in fact a subset of Relation instances, the method calcResidual. This method will obtain from the elementary relations, the value of the unmeasured variables. For every process variable, the method goes through the list of related elementary relations checking if the elementary relation contains this variable and defining a perfect matching with respect to this process variable. The algorithms to obtain the ARR and the F SM are detailed in Duatis et al. (2014). 4. THE PROCESS SUPERVISOR AGENT The logic to supervise the processes is implemented as a software agent called Process Supervisor Agent. This software agent will continuously monitor the process with the objective of detecting faults. It follows the architecture of a Believe, Desire, Intention (BDI) agent, which is composed by the following parts: 1 JEasyOPC, 05/11/2014).
http://sourceforge.net/projects/jeasyopc/
(visited
SAFEPROCESS 2015 892 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
• Knowledge-Base (B): contains all the information needed by the agent to perform its function. It is continuously refreshed and changes in elements can trigger events. • Objectives (Γ): define the set of purposes of the agent which it should autonomously reach. • Plans (Π): define the set of procedures which are available to the agent to reach the objectives. • Agenda (A): is the sequence of actions scheduled by the agent. It is continuously changing due to the generation of events, which create new actions and force rescheduling for actions already in the agenda. For the Process Supervisor Agent the Knowledge-Base (B) is the Process Model, with the set of Process Variables, Relations and Components. The basic set of objectives is defined as Γ = {Acquire Process Data, Detect Faults, Notify Faults}. The first two objectives will be continuous and run in parallel. Notify Faults will be an objective which will be activated only if a fault is detected. The set of plans in order to allow the agent to achieve its objectives is defined as: Π = {Refresh Process Data, Calculate Residuals, Send Fault}. The fact of having objectives and plans, although it might seem redundant, allows the agent to apply different plans to achieve the same objectives and have a deliberative process to evaluate which plan is the optimum to apply according to the current conditions. For the most simple implementation of our Process Supervision Agent, there will be a single matching between objectives and plans. That is, to achieve the objective of Acquire Process Data, it will execute the plan Refresh Process Data and to achieve the objective Detect Faults it will execute the plan Calculate Residuals and so on. The fact of structuring the supervision process using software agents is a natural consequence of the functionality they provide. The main characteristics of the software agents are: • Autonomy: software agents are autonomous since they do not need an external intervention to react to events. • Reactivity: a software agent receives information from its environment and reacts according to changes in this information. • Pro activity: a software agent not only will initiate actions as a response to changes in its environment but also will exhibit an objective oriented behaviour such as taking an initiative. • Sociability: a software agent is prepared to exchange information with other agents to accomplish its objectives. A software agent can be seen as a state machine with an indefinite number of states. Each state σ is determined by the tuple σ =< B, Γ, Π, A > . Every action executed by the agent will generate a new tuple σ =< B , Γ , Π , A >, since each of these components can be affected. Actions are generated as a result of an internal event or by receiving an external event, normally from another agent. The scheduling of actions is represented in Figure 3. The first step is to select the next action α from the Agenda α = fsel (A). The plans are divided into steps, so the most basic 892
Fig. 3. Software Agent action scheduling process. action is to execute a Plan step. Other possible actions are to select the next Plan to be executed and schedule it, based on the event received (either internal or external). Every action execution can update the knowledge-base, the objectives or the plans and schedule new actions in the Agenda, feff (α, σ) in the figure. In addition, once an action is executed, the agent will execute the function fside eff (B , Γ , Π ) which evaluates the side-effects caused by the action execution, not by the action itself, which can also generate new events or change priorities of actions in the agenda. For instance, a change in the knowledge-base can trigger the generation of an event and this change can be caused for more than one action. It is clear that at this stage, besides the residuals obtained from the Structural Analysis over the process defined by the PDL taking advantage of any possible analytical redundancy, the tool can be extended by using other more adhoc diagnostic algorithms. By redefining the plan Calculate Residuals to something more generic as Identify Faults with the same objective of Detect Faults, the agent can be extended to identify faults by other mechanisms. For instance, trending algorithms based on data mining or model based fault detection (Blanke et al. (2003); Gertler (1991)). However, it is important to remark that the plans by default will only require configuration data to be operative, that is, only by providing the information of the process through the Process Definition File, all the mechanism can be deployed. Another possibility resulting from the Structural Analysis and if eventually analytical redundancies are identified, is to use these analytical redundancies to avoid stopping the process in case of a fault in a sensor and no hardware redundancy is available, by using these redundancies to build process observers. This functionality will configure the process in a degraded mode but it will be possible to continue its function. It is important to remark that this would be only possible for some faults, that is, faults which can be detected and for which isolation is possible. To implement this functionality the agent will incorporate another objective Provide Faulty Signal with the associated plan Faulty Signal Observer. The plans Refresh Process Data and Notify Fault interface with the OPC client library. The configuration of the agent coming from the PDL will include the identification of the tags which need to be acquired or updated to obtain the process data or to communicate a fault respectively. The Jadex agent platform provides the agent architecture which implements the scheduling process and includes templates to define all the agent components; the knowledge-base, the objectives and the plans. Also it defines which actions and events should follow. The platform incorporates the capability of multi-
SAFEPROCESS 2015 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
893
agent communication by defining an ontology and using the FIPA message structure (Woolridge and Wooldridge (2001)). The capability of multi-agent communication will be used by FAST to coordinate objectives at plant level as explained below. 5. PLANT WIDE PROCESS SUPERVISION Another major step in the deployment of FAST functionality is when more than one process is supervised and these processes are related. If there is a clear dependency between two or more processes, this dependency can be also modeled. Extending this approach, a model based global planning of the plant can be generated. This model will estimate in a predefined horizon, similarly as in a Model Predictive Controller (MPC), the deviation from the global objectives based on the data available at the current instant. In case any of the Process Supervisor Agents reports a fault, the model will incorporate the fault into the calculations and provide an estimation of the effects of this fault to the global planning (see Figure 4). This Plant Supervisor Agent will be responsible of indicating, also interacting with the SCADA, the level of accomplishment of the objectives in the near term based on the current status of the plant. This functionality can help the global planning in a way that can relegate a maintenance intervention. Thus, it has minimal effect on the global plant objectives or on the contrary it indicates a high priority in an activity which can cause an unrecoverable status in a given time. This functionality can be very important in manufacturing chains with processes sharing strong dependencies or bio-chemical plants where the products from one process are inputs for other processes. The Plant Supervisor Agent will have a knowledgebase formed with the process variables of relevance used to estimate the plant objectives performance. In this case, the knowledge-base will be updated basically by the external messages received from the Process Supervisor Agents which will provide the current values of their outputs. This agent will have the following objectives, in the simplified form: Estimate Plant Performance and Notify Plant Performance. The associated plans to the Plant Supervisor Agent are Calculate Plant Performance and Send Plant Performance Data. In this case, the plans are not generated systematically as the need to be defined specifically by each plant configuration. The availability of this architecture, provides another important feature which is the possibility of autonomous reconfiguration of the plant. The Plant Supervisor Agent needs to know the contribution of each of the Process Supervision Agents to the objectives of the plant. If the plant has critical processes most probably it will implement physical redundancies for this critical processes. FAST is aimed to provide a global supervision solution to the implementation of a Life Support System based on biological processes to provide fresh water, air and food by recycling human wastes in a closed environment, such as a planetary base or a space transit vehicle. The tool is being tested using data from the MELiSSA Claude Chipaux Laboratory Lasseur (2008), which is a laboratory managed by the European Space Agency (ESA) located at the Universitat Aut` onoma de Barcelona (Spain). This project requires a global supervision system able to provide a high level of autonomy and reliability. In addition, the process requires a global 893
Fig. 4. Plant Supervisor Agent. planning able to predict the availability of consumables in a defined period of time based on the current plant activity. One of the best known processes in this system is the production of oxygen through an alga bio-reactor. The bio-reactor holds a culture of spirulina plantensis, which is an alga that can be also consumed in low quantities and generates oxygen through the photosynthesis. When in steady state, the production of oxygen is proportional to the biomass concentration in the bio-reactor and at the same time the biomass concentration is related to the availability of a light source, CO2 and the required nutrients. The nutrients are basically provided by other bio-reactors which are able to process human wastes. CO2 is provided as a result of the human metabolism, which causes the humans to expire CO2 continuously and the light is provided by natural illumination or by artificial lighting systems. In any case, the production of oxygen will be highly dependent on the external provision of the required inputs, as well as maintaining the optimal environmental conditions (temperature, pH, etc.). In addition, the system has critical levels which should never be reached to keep the bio-reactor permanently in steady state. That is, if the biomass concentration is too low, the biomass will become impossible and the bio-reactor can lose completely its function. In the same way, if the biomass concentration becomes too high, the light will not reach part of the culture or the nutrients becoming insufficient. Thus, the biomass will become impossible very fast and die, resulting as well in a loss of the bioreactor function. It is clear that a global planning system is required in these cases. FAST will provide the required functionality. Locally, at process level, it will monitor the different control loops, complementing the alarm management function of the SCADA by detecting faults using the available analytical redundancy and providing periodically the required information to the Plant Supervision Agent. In addition, the Plant Supervision Agent will monitor the objectives of the plant. In the case of the spirulina photo bio-reactor, it will monitor the oxygen production as the main objective. It will use a model of the biomass growth already identified in Lasseur (2008) to estimate the biomass concentration and thus the expected oxygen production at a given time. This is very important in order to plan for possible countermeasures in case that there is any incidence which causes to decrease the oxygen production below the expected levels or to prevent situations in which eventually the bio-reactor function is stopped because the biomass becomes impossible. For some of the incidences, there will be some actions which can be automatically implemented in case that a fault affecting the plant objectives is detected. For instance, in case that
SAFEPROCESS 2015 894 September 2-4, 2015. Paris, France
Jordi Duatis et al. / IFAC-PapersOnLine 48-21 (2015) 889–894
for a specific case, therefore a plant function from the MELiSSA Claude Chipaux laboratory will be selected. As the best known process is the biomass and oxygen production of the spirulina photo bio-reactor, the idea is to implement a Plant Supervision Agent for this process. This agent will calculate periodically the estimation of the oxygen production based on the information provided by the performance of its own processes and the processes from other bio-reactors. REFERENCES Fig. 5. FAST interfacing with a SCADA signaling a fault detected in the Level Sensor some fault affects the production of nutrients required by the bio-reactor, the system can activate an artificial source of these nutrients which will maintain the plant in operation although in a degraded mode. The plans for the Plant Supervision Agent can be easily implemented using the available templates to generate agent plans which are available in the JADEX multiagent system platform (Pokahr et al., 2005). The plans are implemented in Java and follow a predefined structure. Once the model of the plant objectives is available, it is simple to generate the corresponding Java code. The Process Supervision Agents should deliver periodically the values of the required variables and the status of the processes on-line such as normal, degraded and faulty. This information is provided through agent messages which are processed by the Plant Supervisor Agent. These messages will update the agent knowledge-base. The Plant Supervision Agent will execute periodically the Calculate Plant Performance plan which taking the information from the knowledge-base will calculate the estimated objective for the near term period. This data will be stored as well in the knowledge database. The plan Send Plant Performance Data will send this data to the SCADA which will be able to represent it in a trending graph. 6. CONCLUSIONS AND FUTURE WORK This work presents an architecture based on software agents to implement the supervision of industrial processes requiring a high level of autonomy and reliability. The architecture is presented in a hierarchical structure, by defining the Process Supervisor Agents, responsible for supervising single processes and the Plant Supervisor Agent responsible of supervising the global plant objectives. The idea to generate this architecture was already drafted in Duatis et al. (2014) and from then the work has been focused on developing a tool implementing it. Up to now, the architecture has demonstrated that it is able to cover the global supervision requirements successfully. The FAST tool is still under development. Currently, the tool is able to generate the Process Supervisor Agent by providing the Process Definition File, connect to a SCADA to obtain process data and detect faults in processes with analytical redundancy. The faults are recorded and communicated to a SCADA system which is able to represent the fault in a synoptic diagram and generate the corresponding alarm (see Figure 5). To implement the software agents the JADEX multiagent system platform is being used. The next step will be to implement a Plant Supervision Agent. The Plant Supervision Agent needs to be implemented 894
Blanke, M., Kinnaert, M., Lunze, J., and Staroswiecki, M. (2003). Diagnosis and Fault-tolerant Control. Springer Verlag, 1st edition. Blanke, M. and Lorentzen, T. (2006). SaTool - a Software Tool for Structural Analysis of Complex Automation Systems, 673–678. Elsevier Science. Bouamama, B.O., Samantaray, A., Medjaher, K., Staroswiecki, M., and Dauphin-Tanguy, G. (2005). Model builder using functional and bond graph tools for FDI design. Control Engineering Practice, 13(7), 875–891. Duatis, J., Angulo, C., and Puig, V. (2014). FAST: a fault analysis software tool. In The 2014 IEEE MultiConference on Systems and Control (MSC 2014). IEEE MSC 2014. Gertler, J. (1991). Analytical redundancy methods in fault detection and isolation. survey and synthesis. In IFAC/IMACS-Symposium on fault detection, supervision and safety for technical processes - Safeprocess ’91, 9–22. Lasseur, C. (2008). Melissa: The European project of a closed life support system. In 37th COSPAR Scientific Assembly, volume 37 of COSPAR Meeting, 1706. Maquin, D., Cocquempot, V., Cassar, J.P., Staroswiecki, M., and Ragot, J. (1997). Generation of Analytical Redundancy Relations for FDI purposes. In IFAC Symposium on Diagnostics for Electrical Machines, Power Electronics and Drives, SDEMPED’97, 86–93. Carry-le Rouet, France. Merzouki, R., Samantaray, A.K., Pathak, P.M., and Bouamama, B.O. (2013). Intelligent Mechatronic Systems: Modeling, Control and Diagnosis. Springer Verlag, 1st edition. Pokahr, A., Braubach, L., and Lamersdorf, W. (2005). Jadex: A bdi reasoning engine. In R.H. Bordini, M. Dastani, J. Dix, and A.E. Fallah-Seghrouchni (eds.), MultiAgent Programming, volume 15 of Multiagent Systems, Artificial Societies, and Simulated Organizations, 149– 174. Springer. Samantaray, A.K., Medjaher, K., Bouamama, B.O., Staroswiecki, M., and Dauphin-Tanguy, G. (2004). Component-based modelling of thermofluid systems for sensor placement and fault detection. Simulation, 80(78), 381–398. Samantary, A. and Ghoshal, S. (2008). Bicausal bond graphs for supervision: From fault detection and isolation to fault accommodation. Journal of the Franklin Institute, 345(1), 1–28. Woolridge, M. and Wooldridge, M.J. (2001). Introduction to Multiagent Systems. John Wiley & Sons, Inc., New York, NY, USA.