Design of Sensor Network Based on the Signed Directed Graph of the

Ind. Eng. Chem. Res. 2000, 39, 999-1019

999

Design of Sensor Network Based on the Signed Directed Graph of the Process for Efficient Fault Diagnosis Mani Bhushan and Raghunathan Rengaswamy* Department of Chemical Engineering, Indian Institute of Technology, Bombay Powai, Mumbai 400 076, India

An optimally located network of sensors is a prerequisite for successful application of fault diagnosis techniques. Most of the previous work in the area of fault diagnosis deals with methodologies for identifying possible faults, given sensor data. Available literature suggests that very little work has been done on methods for optimally locating the sensors for efficient fault diagnosis. Some algorithms based on the concepts of observability and resolution were discussed in our previous work (ref 1: Raghuraj et al. AIChE J. 1999, 45 (2), 310). These algorithms are based on a digraph (DG) representation of the process. In this article, the sensor location work is extended to use the signed directed graph (SDG) representation of the process. Various issues involved in utilizing the SDG of the process for the problem of sensor location are discussed. Algorithms for sensor network design based on the SDG of the process are detailed and applied to two chemical engineering case studies. It is shown that better design can be obtained by using the SDG instead of the DG. 1. Introduction and Literature Survey There are two major issues in fault diagnosis. One is the ability to identify the most likely fault(s), given the sensor data, and the second and a more basic issue is one of designing optimal sensor locations for better fault diagnosis. An optimally designed sensor network should observe all the faults when they occur and also distinguish between them to the maximum extent possible. Most of the work done in the area of fault diagnosis deals with diagnostic methods to identify possible faults, given sensor data. Some researchers have worked in the area of design of optimal sensor location. Most of these approaches are for designing a sensor network which ensures observability of all variables, and which is optimal with respect to some objective. A variable is said to be observable if it is measured directly or can be estimated indirectly through its relationships with other measured variables.2 Within this framework, the various approaches can be broadly classified in two categories: (i) based on process graph; (ii) based on quantitative process model. On the basis of a process graph, Ali and Narasimhan2,3 presented sensor network design strategies for linear and bilinear processes. Their approach was based on maximizing network reliability which would ensure observability of variables even in the case of some sensor failures. They considered multicomponent mass-flow processes and energy distribution networks. They also extended their approach to design redundant sensors for linear processes.4 Sen et al.5 integrated genetic algorithms with graph-theoretic concepts to solve the problem of optimal design of a sensor network for linear processes. Using genetic algorithms, they could solve the problem to optimize objectives such as cost, estimation accuracy, system reliability, or minimum reliability among all variables. Meyer et al.6 also developed an algorithm for optimal (minimum cost) design of sensors for linear processes based on the process graph. They * To whom all correspondence should be addressed. Email: [email protected].

used a branch-and-bound-type strategy to solve the formulated optimization problem. Sensor location strategies to minimize the cost of the sensor network based on linear mathematical models have been developed by Maquin et al.7 and Madron and Veverka.8 While Maquin et al.7 located sensors to ensure observability of the entire system, Madron and Veverka8 solved the problem based on the concepts of observability and redundancy. Maquin et al.9 and Luong et al.10 analyzed the sensor location for linear processes based on various aspects such as observability, redundancy, estimation precision, and reliability of the measurement system. Ragot et al.11 gave a procedure which ensured observability of all variables in a bilinear process. Bagajewicz12 posed the sensor network problem as an optimization problem with minimization of cost as the objective function and requirements of error-detectability, resilience, and availability as the constraints. The problem tackled in this article is fundamentally different from the work summarized above. Our aim is to design sensors to detect and identify process faults. We use the concept of fault observability and resolution to solve this problem. Few researchers have worked in the area of sensor location for fault diagnosis. Lambert13 used fault trees to analyze the location of sensors depending on the effect of basic units (fault origins) on the process variables. This work was the first step toward the design of sensor locations based on the diagnostic observability criterion. A quantitative approach based on failure probabilities was also explained by Lambert.13 Chang et al.14 gave a procedure to design a sensor network based on the concepts of fault observability and resolution. Their design is based on a trialand-error algorithm which uses the concept of a diagnostic efficiency table. Algorithms to solve the problem of sensor location based on various fault diagnostic observability criteria were also proposed by Raghuraj et al.1 The concepts of fault observability and resolution were defined and used. The algorithms proposed in Raghuraj et al.1 used a digraph (DG) representation of the process to identify

10.1021/ie990383d CCC: $19.00 © 2000 American Chemical Society Published on Web 03/14/2000

1000

Ind. Eng. Chem. Res., Vol. 39, No. 4, 2000

optimal sensor locations. This article extends that work to use a signed directed graph (SDG) representation of the process. The use of SDG has been quite popular in the literature to perform fault diagnosis. This basically involves locating all possible disturbance sources, given on-line sensor data.15 Iri et al.16 were the first to introduce an algorithm for cause-effect diagnosis of system failures based on the SDG. Using the SDG, Kramer and Palowitch15 developed a rule-based approach for identifying possible causes of process disturbances. Chang and Yu17 also gave a systematic design procedure for constructing the rule-based fault diagnostic system using the SDG. They simplified the SDG according to states to remove the problems of spurious and erroneous interpretations. Mohindra and Clark18 devised a distributed fault diagnosis strategy based on the process SDG. Gujima et al.19 increased the efficiency of the SDG-based fault diagnosis algorithm by incorporating information based on delays between the state variables. Vedam and Venkatasubramanian20 developed an SDG-based algorithm for multiple-fault diagnosis. They used a knowledge base consisting of knowledge about the process constraints, maintenance schedules, and so forth to overcome the problem of poor resolution. In this article we will show that improved sensor network design for efficient fault diagnosis can be obtained through the use of SDG representation. It turns out that though the SDG can be utilized for better sensor location design, first, certain difficulties associated with the use of SDG have to be resolved. These difficulties mainly arise as a result of inherent qualitative ambiguities that have to be resolved while analyzing a SDG for cause-effect behavior. Two such issues to be handled are (i) multiple effects with opposite signs and (ii) resolution of loops. These issues have to be addressed from the point of view of sensor location design. In this article, we first propose an approach to address these issues. Following this, we outline our sensor location strategy. A CSTR case study is used to compare the results obtained using the SDG and the DG representations. Sensor location design is also performed on a five-tank system to illustrate the methodology and superiority of the SDG-based design. The rest of the article is structured as follows. We start with a brief description of the DG and SDG representation for a process. Subsequently, we discuss the issues involved in using the SDG representation for the problem of sensor location. After a brief summary of the algorithms that were developed by Raghuraj et al.,1 we present the algorithms for location of sensors based on SDG representation. Application of the algorithm on two case studies is discussed next. A section discussing the limitations and possible improvements to the current approach is presented after the case studies. 2. DG, SDG, and Issues in SDG Representation for the Problem of Sensor Location The solution to the problem of sensor placement can be broadly broken down into two tasks: (i) fault modeling or prediction of cause-effect behavior of the system, generating a set of variables that are affected whenever a fault occurs, and (ii) use of the generated sets to identify sensor locations based on various design criteria, such as observability, resolution, reliability, and so on. The fault propagation or cause-effect behavior is

Figure 1. SDG of an illustrative example.

derived on the basis of the qualitative model that is used to represent the process. DG and SDG are such qualitative models that can be used to infer cause-effect behavior in a system. A directed graph (DG) of a process consists of a set of nodes and directed branches. The nodes represent process variables and the branches represent the causal influences between the nodes. There is a branch from one node to other, if the first node affects the latter. In a SDG, each branch has a sign (+ or -) associated with it, which indicates whether the cause and effect variables tend to change in the same (+) or opposite (-) directions.15 The SDG of the process can be built from the process equations which are used to model the process.21 Analysis of cause-effect behavior is straightforward in a DG representation as the occurrence of a fault in a DG necessarily causes the variables associated with that fault to acquire abnormal states. Therefore, the arcs of a DG represent a “will cause” relationship; that is, an arc from node A to node B implies that A is a sufficient condition for B. This in general is not true for an SDG because of qualitative ambiguities that are inherent in SDG analysis. Further, it might not be possible to uniquely determine the direction of deviation in sensor nodes in all cases. These issues will be discussed in detail in the following sections. The reason for working with the SDG representation, though, is that better resolution of faults in a process can be achieved. This can be explained through the SDG shown in Figure 1. The SDG consists of two faults, B and C, and one possible sensor node, A. The faults have opposite effects on the sensor node. If only the DG is considered, then when the sensor is kept at node A, the faults B and C can be observed, but not distinguished from each other. On the other hand, if the SDG is considered, then when the sensor is kept at node A, the faults can be observed and also distinguished from each other. The SDG representation not only helps in better resolution of faults, but it can also lead to a better design of sensor locations, which could be considerably different from the design obtained using the DG representation. The following example illustrates this point. For the SDG shown in Figure 2, keeping a sensor on node A will ensure that both the faults C and D are observed as well as differentiated, assuming only one fault at a time. If fault C occurs, then the sensor at A will show positive deviation. Whereas if fault D occurs, then the sensor will show negative deviation. If only the DG of the process is considered, then to distinguish between the two faults, sensors should be placed on both nodes A and B. In that case, deviation in both A and B will

Ind. Eng. Chem. Res., Vol. 39, No. 4, 2000 1001

Figure 2. SDG to illustrate better design.

imply that fault C has occurred, whereas deviation only in A will mean that fault D has occurred. 3. Inferring Cause-Effect Behavior Using the SDG Representation for the Problem of Sensor Placement We now address the first task in sensor location, that is, a methodology for deriving the cause-effect behavior based on the SDG representation with a focus on the problem of sensor location design. For the purpose of deriving the cause-effect behavior, it is assumed that the disturbances at the fault nodes in the SDG occur only in the positive direction. In other words, fault nodes will be allowed to have only the “0” or the “+” state. The value “0” will imply nonoccurrence and “+” will denote the occurrence of that fault. Faults which do not have a sense of direction associated with them intrinsically satisfy this assumption. For example, a tank leak either occurs (+) or does not occur (0). On the other hand, the input flow rate can both increase (+) or decrease (-). Such faults can be represented by two separate nodes, both of which will again be allowed to deviate only in the positive direction. For example, a change in flow rate fault can be denoted by two faultss one corresponding to the increase and other to the decrease in the flow rate. The occurrence of the first fault (+ state) will imply an increase in the flow rate, whereas + deviation at the second fault node will imply that the flow rate has decreased. The SDG will be correspondingly modified, and the details of the modifications performed will be discussed later in the article. We now proceed to discuss various issues which are crucial for the generation of fault propagation behavior in a SDG. A few researchers have looked at some of these issues. Chang and Hwang22 presented a comprehensive discussion of various issues in SDG representation for fault-tree analysis. Chang and Yu17 resolved some of these issues to obtain correct interpretations while performing fault diagnosis. In this work, we discuss these issues from the point of view of sensor location. As mentioned before, this involves fault modeling: predicting the response of the plant (effects on nodes), given the state (fault/faults).15 With a DG representation, this is a simple task and can be accomplished by starting from a fault node and finding all possible nodes which can be reached from that fault node. This can be accomplished by a suitable graph algorithm such as depth-first search.23 These nodes will be the set of nodes which will be affected by the given fault. In a SDG representation, apart from identifying the affected nodes, the signs of the nodes also have to be determined. The difficulties in achieving this arise

because of various reasons which are discussed in the following subsections. 3.1. Presence of Multiple Paths. A path from node A to node B is a walk (which is a sequence of alternating nodes and branches) with A being the starting node and B being the terminal node, such that no node appears more than once.24 The path sign is the product of the branches in the path. The presence of a path from node A to node B represents the fact that change in A affects B, with the path sign determining the direction of the effect. In a SDG, it is possible for a fault to have multiple paths with opposite (+ and -) path signs to a sensor node. This represents the presence of opposing effects of that fault on the sensor node. In such a scenario, the fault affects the node but it will not be possible to infer the direction of deviation of the sensor node. Order of magnitude arguments can be conveniently used to resolve the sign of the node but quantitative information will be required. In the present approach, this qualitative ambiguity is treated as it is and hence no assumptions need to be made. Note that this problem is not encountered for the DG representation because for the DG case the path signs are not considered. 3.2. Occurrence of Multiple Faults. This scenario is relevant only when we are finding the propagation behavior for the case when more than one fault has occurred. For example, it is possible that two faults having paths with opposite path signs to a sensor node occur together. This will mean that the two faults have opposing effects on that sensor node. In such a case, the deviation in the sensor depends on the relative magnitude of the effect of the two faults. For example, for the SDG shown in Figure 1, if both the faults occur together, then the sensor at A will deviate in the positive direction if the effect of fault B dominates, and it will show negative deviation if the effect of fault C is overriding. The probability of both the faults having exactly equal (and opposing) effect on the sensor is small and will be neglected. For our design purposes we will assume that when two opposing faults occur at the same time, the sensor will deviate from its normal state, but the direction of deviation will not be known. 3.3. Negative Feedback Loops (Noncontrol Loops). A loop (or cycle) is a closed walk (walk with same initial and terminal node) in which no node (except the initial and the final node) appears more than once.24 A loop is called a negative feedback loop, if the product of signs of all the branches in that loop is negative. A chemical process may have several negative feedback loops. A negative feedback loop represents the presence of compensatory response to the disturbance entering the loop. These loops have to be resolved before a meaningful design or analysis based on the SDG can be performed. Some of these loops will be control loops and some will be noncontrol loops. For loops which are not control loops, consider the following two scenarios: (i) The feedback loop has only one input from the given fault: In this case, the feedback path will be ignored because the presence of only one input to the loop eliminates the feedback path from all valid interpretations.15 As an example consider the negative feedback loop of Figure 3. If only fault A occurs (+), then the negative arc CB can be ignored as the only consistent pattern is [B+, C+]. On the other hand, if only fault D occurs (+), then the consistent pattern is [C+, B-].

1002


Figure 3. A negative feedback loop.

Figure 4. A typical control loop.

(ii) The feedback loop has more than one input from the given fault: This case can be treated as the presence of multiple paths. The case of control loops is discussed next. 3.4. Negative Feedback Loops due to Control. Most of the chemical processes have several control loops which get translated into negative feedback loops in the SDG. Also, each controlled variable is measured. Each control loop will then have at least five nodes: controlled variable, sensor measuring the controlled variable, controller, control valve, and manipulated variable. A typical control loop is shown in Figure 4. These loops have to be treated in a different way, as controlled variables can pass deviations without themselves being significantly altered. Whenever a disturbance affects a controlled variable, the controller reacts in a way to nullify this deviation in the controlled variable. Depending on the magnitude of the disturbance, the following two scenarios are possible:15 (1) Perfect Control Is Attained: If the disturbance is not large, the negative feedback control loop is able to bring back the controlled variable to its normal value. Thus, at steady state the controlled variable has a “normal” value, but other variables in that loop have “normal/deviated” states depending upon their position in the loop, vis a´ vis the controller position and the entry point of the disturbance. (2) The Loop Saturates: If the disturbance is large enough, then the deviation of the controlled variable is too large to be compensated by a deviation in the manipulated variable. Thus, at steady state, the controlled and other variables in the loop have deviated values. To understand the behavior of the control loop when a disturbance in the controlled variable is encountered, we define the following two types of arcs: (1) Causal Arcs: An arc from node A to node B is causal, if the “disturbance in B” is proportional to the “disturbance in A”. This means that if node A is

deviated, then B will also be at a disturbed state. And the normal state of A will necessarily imply a normal state of B. The arcs derived from the physical system (model equations) are normally of this type. Clearly, the above holds when a single arc is incident on B. If more than one arcs are incident, then their interaction has to be considered to get the state of node B. (2) Noncausal Arcs: We define an arc from A to B to be noncausal if deviation in A will cause B to be deviated, whereas a change in B does not necessarily imply that A will be affected. In other words, B can be in a deviated position, even if A is normal. An example of such an arc is the controlled variable sensor output (input to the controller). In Figure 4, the arc from controlled variable sensor S to controller C is a noncausal arc. Initially, when CV is normal (0), all other nodes in the control loop are also normal. If now CV and hence S deviates (say +), because of some disturbance entering CV, then the controller C activates the control valve V, which in turn changes MV such that the affect of disturbance on CV is canceled. Now, even though CV (and hence S also) are normal, C will not return to its original value, but rather remain at the value which caused CV to return to 0. This compensatory effect of the controller makes the control loop different from a normal negative feedback loop. In view of this controller characteristic, the control loop has to be analyzed carefully to find the steady-state conditions of the variables in the control loop. The following example illustrates this point. In the control loop of Figure 5, node CV is the controlled variable and V is the control valve. Node F is a fault which affects the controlled variable. When F occurs, the disturbance enters CV which gets transmitted to controller C via the controlled variable sensor S. The consequent change in the valve position V (controller action) deviates the manipulated variable MV. The negative effect of this deviation on CV counteracts the effect of F on CV and causes it to go to state 0. Once CV goes back to normal, S reverts back to normal as arc CV-S is a causal arc. The normal state of S ensures that the controller takes no further action, but does not cause the controller to go to its earlier position. At steady state the effect on various nodes is as shown in part (b) of Figure 5. On the other hand, the entry of disturbance through node MV (Figure 6a) would give rise to the digraph of Figure 6b at steady state. It is to be noted that in both the cases node E is at 0 state, as it is outside the control loop and its state only depends on the state of the controlled variable (clearly, this may not be the case if it has causal arcs from other disturbed nodes as well). These are the most important cases in the process industry as most of the control loops are PI loops. Other control structures, if present, can be resolved accordingly. An example of a cascade control loop is given in Appendix C. The analysis presented here is a steady-state analysis, and depending on the loop dynamics, magnitude of the disturbance, controller parameters, and so forth, the nodes might oscillate before settling at their new steadystate values. For the case of loop saturation, the control loop is not able to completely compensate for the disturbance, and hence for Figure 5 the digraph shown in Figure 7 is obtained. Here, because the controlled variable CV is disturbed at steady state, its effect is felt on all the other nodes. It should be noted that the analysis presented here is done to locally resolve the control loops, and


Figure 5. Disturbance entry through controlled variable.

Figure 6. Disturbance entry through manipulated variable.

when the sensor network design is done, the complete SDG will be considered. Hence the nodes in the control loops have to be viewed vis-a´-vis their interaction with other variables in the flowsheet. Another situation which has to be modeled is the failure of the control loop itself. We will consider the following two types of failures associated with the control loop: (i) Controlled Variable Sensor Failure: The controller action is based on the controlled variable sensor reading, and not on the actual value of the controlled variable. When the sensor fails, then depending upon the mode of sensor failure (high, low, or normal), the controller acts accordingly, irrespective of the actual state of the controlled variable. For our analysis, we will consider only the case when the sensor fails at the normal value. This will mean that when the controlled variable sensor fails, the controller will not act despite the presence of some deviation in the controlled variable. Cases when the sensor fails high (or low) can also be modeled easily. (ii) Control Valve Sticking: When the control valve gets stuck, then despite the presence of a signal from the controller, no control action is triggered. As before, we will assume that the control valve gets stuck at the

Figure 7. Control loop saturation.

normal (0) value. Cases when the valve gets stuck at high or low deviations can also be modeled similarly.

1004


Figure 8. Consistent loop and its reduction.

The above two reasons for control loop failure can be treated as faults. When none of these two faults have occurred, then a deviation in the controlled variable triggers some control action to compensate for that deviation. The occurrence of either (or both) of these two faults corresponds to the absence of control action despite the presence of deviation in the controlled variable. Hence, these faults are different from other faults as they cannot be observed in isolation. They always require deviation in the controlled variable (because of some other fault) to manifest themselves. They are also different from the case of loop saturation. In the case of loop saturation, a deviation in the controlled variable causes deviations in all the nodes in the control loop. Whereas if the control loop fails and the controlled variable has deviated, then depending on the exact location (reason) of control loop failure, some of the nodes in the loop will be at normal state. For example, in the SDG of Figure 5a, if the control loop fails because of sticking of the control valve (node V), then node MV is always at its normal position irrespective of the state of node CV (this would not have been the case if the disturbance were to enter through node MV itself). On the other hand, if the control loop fails because of the failure of the controlled variable sensor (S), then nodes C, V, and MV will be at their normal positions when disturbance enters through node CV. Also note that we will assume the controller output and the control valve to be measurable variables. It is important to note that there may be other reasons for control loop failure (apart from the two considered here). They can also be modeled similar to the approach outlined here. Ulerich and Powers25 and Lapp and Powers26 have discussed various possible failures associated with a control loop. Analysis of Fault Propagation in the Presence of Control Loops. The three possibilities (perfect control, loop saturation, and loop failure) with control loops discussed above have to be addressed when finding the fault propagation behavior in the SDG. For the case of complete control, the effect of the occurrence of a fault is felt on a lesser number of variables as compared to that of loop saturation. For the SDG of Figure 5a, fault at node F affects nodes C, V, and MV only, when complete control of CV is assumed (Figure 5b). Whereas if loop saturation is assumed, then the effect of the occurrence of fault F is felt on all other variables (Figure 7). Also, if any variable is affected by a fault with the former case, then that variable will also be affected by that fault in the latter case. Hence, a sensor location design which can observe a particular fault for the case of complete control will still observe that fault if loop saturation occurs. Therefore, as far as sensor network

design for observability of faults is concerned, loop saturation is a special case of complete control. A sensor network design based on the assumption of complete control will be a conservative design and will work in the case of loop saturation also. Hence, for our design purposes, we will not consider the case of loop saturation. The case of control loop failure is considered next. In Figure 5a, assume that control loop fails (sticking of control valve) because of a problem at node V (the control valve). Then, the effect of fault F will be felt at nodes CV, S, and C but not at node MV. On the other hand, if the disturbance enters through node MV (Figure 6a), then even though the control loop has failed, the nodes MV, CV, S, and C will be deviated. To analyze the effect of control valve sticking, we will cut the output arc from the control valve. Similarly, to analyze the effect of controlled variable sensor failure, the output arc of the sensor (input to the controller) will be deleted. The strategy to model control loops is summarized below: (1) Control loop is working: (i) All the arcs originating at the controlled variable and going out of the control loop are deleted. (ii) Nodes within the control loop which will be at the normal state at steady state are identified. Nodes which are affected only by the controlled variable will be at state “0”. If the disturbance does not enter the loop through the controlled variable, then the node which has the output arc to the controlled variable will also be at state “0”. (iii) For other variables, given a fault the direction of effect is found by resolving various issues discussed so far. (2) Control loop has failed: Under the single-fault assumption, the control loop failure cannot be detected in isolation. When this fault occurs along with another fault which affects the variables in the control loop, then depending on the exact reason for control loop failure the arcs originating from the controlled variable sensor or control valve are deleted to resolve the control loop. Also note that the occurrence of both controlled variable sensor failure and control valve getting stuck cannot be detected, even if they occur simultaneously. 3.5. Resolution of Consistent Loops. A loop is consistent if the product of all branch signs of that loop is positive. Such a loop is consistent in the sense that if a node belonging to the loop is disturbed, the effect of that disturbance cannot be compensated by the induced deviations of other nodes in that loop. All the nodes in the consistent loop are collapsed into a supernode such that the path sign between any node outside the loop and that supernode is preserved. To understand this, consider the loop shown in Figure 8a. Nodes A, B, and C form a consistent loop because the product of signs of


Figure 9. SDG to illustrate conservative design.

branches AB, BC, and CA is positive. This loop is collapsed to node A (Figure 8b). In the original SDG, the path from node D to A consisted of branches DC and CA. So in the reduced SDG, the branch from D to A has the - sign, which is the product of the signs of the branches DC and CA. Similarly, branch AE has the + sign, which is the product of signs of branches AB and BE. This method of collapsing a loop to a supernode will be used for resolving such loops. The issues discussed in this section were the issues which had to be resolved to generate the fault propagation behavior in the SDG. Before we proceed to the next section, some comments about the approach followed are in order. The difficulty in using SDG arises from the fact that qualitative representation of process systems leads to nonunique solutions. This becomes a bottleneck when one performs qualitative analysis. In this work, though, the qualitative ambiguities translate to conservatism in design. Wherever there are qualitative ambiguities, the solution approach handles these per se, without trying to resolve these ambiguities using restrictive assumptions and hence this might lead to conservative design in some cases. To illustrate this, consider Figure 9. In the figure, fault F1 has multiple paths with opposite gains to node A. If through use of some quantitative information (say arc gains) it could be established that the net affect of F1 on A is +, then to observe as well as differentiate between F1 and F2 sensor A is sufficient (positive effect from F1 and negative effect from F2). In our approach, we have not attempted to resolve such ambiguities. Hence, in Figure 9, the sign of node A when F1 occurs will be assumed to be indeterminate. This would mean that both nodes B and A have to be sensed for observing and differentiating between faults F1 and F2. Deviations in both A and B means that F1 has occurred, while deviation only in A implies the occurrence of fault F2. Hence, just as in this case, in general, conservative design may imply higher costs because new sensors may have to be added to eliminate some of the ambiguities. In the next section we discuss the second major task in sensor location: use of the available fault propagation knowledge to identify sensor locations based on various design criteria. 4. Design of Sensor Location After fault modeling is performed, the next step is to design sensor locations based on the available fault propagation knowledge. The designs are based on criteria such as diagnostic observability and resolution. The methodologies proposed here follow the ones discussed by Raghuraj et al.1 The difference is that Raghuraj et al.1 based their work on DG representation; hence, the fault propagation knowledge was in terms of nodes affected by a given fault. For the SDG case, the signs of the effects on nodes are also available. The

Figure 10. Flow chart of the algorithm for finding the minimal observability set for the bipartite graph.

use of this extra information requires some modification of the algorithms presented by Raghuraj et al.1 Because the basic ideas are essentially the same, a brief description of sensor location based on DG is presented next. For a detailed description of the approach, the interested reader is referred to Raghuraj et al.1 4.1. Sensor Location Based on DG. The sensor location problem is solved for various design criteria such as observability, single-fault resolution, and multiple-fault resolution. These are considered separately. 4.1.1. Observability. Observability refers to the condition that every fault defined for the process has to be observed by at least one sensor. Given a process DG, the observability problem is solved through the following sequence of steps: (i) As a first step in the algorithm, a cycle is located. All the nodes in the cycle are collapsed into a supernode. (ii) This procedure is repeated until there are no more cycles in the DG. (iii) All the nodes with only input arcs (key components) are chosen as sensor nodes. This is called the observability set. Raghuraj et al.1 proved that these nodes are sufficient to observe all the faults, provided the DG is weakly connected. Because most of the process systems are coupled, the DG representations encountered would usually be weakly connected. Though this set of sensors would be sufficient to ensure that all the faults are observed, the set might not be minimal. (iv) The problem of finding a minimal set of sensors is the problem of picking a minimal subset of sensors from the observability set that would have at least one directed path from every root node. This is a well-known set cover problem.27 A flow chart of the approach developed for solving this problem is given in Figure 10. 4.1.2. Resolution. Resolution refers to the ability to identify the exact fault that has occurred. The maximum resolution that is attainable is restricted by the topology of the digraph and the position of the fault or root nodes

1006


in the digraph. Also, the assumption of single fault or multiple faults would lead to different resolutions. 4.1.3. Single-Fault Resolution. The steps for locating the sensors to attain maximum resolution under the single-fault assumption are as follows: (i) For each root node i, a set Ai, which is the set of all nodes connected to root node i, is constructed. (ii) Set Bij ) Bji ) Ai ∪ Aj - Ai ∩ Aj is defined for each pair (i,j) of root nodes. Note that set Bij represents the symmetric difference of sets Ai and Aj. There are m × (m - 1)/2 such sets generated. (iii) Each Bij ) Bji is denoted by a node. A bipartite graph between this node and the nodes in the set Bij ) Bji is drawn. This procedure is repeated for all the new nodes generated. (iv) This new bipartite graph is added to the original bipartite graph (which is between root nodes and sensor nodes). (v) The observability problem for the extended system is solved to obtain the sensors for solving the singlefault maximum resolution problem. If a sensor is picked from every set, then pairwise faults are resolvable which implies complete resolution of all faults. Empty sets would imply that the particular faults are not distinguishable. 4.1.4. Multiple-Fault Assumption. Assuming multiple faults, the sensor location problem is solved as an extension of the single-fault assumption problem. The procedure is illustrated for the specific case where single faults and two simultaneous faults are important. The problem is solved through the following series of steps: (i) Sets Aij ) Aji ) Ai ∪ Aj are defined for all faults pairwise. This generates m × (m - 1)/2 such new sets. Each set is denoted by a node, and a bipartite graph between this node and the nodes in the set Aij ) Aji is drawn. This bipartite graph is added to the original bipartite graph. (ii) Solving the single-fault resolution problem for this new system gives the sensor locations for resolution with double-fault assumption. Clearly, with a greater number of sets generated, the computational complexity of the approach increases, but as discussed in Raghuraj et al.,1 one might not be interested in all multiple-fault situations and the above formulation gives the designer a methodology by which different sensor location problems can be posed and solved. 4.2. Sensor Location Based on SDG. In this section, the DG-based observability and resolution algorithms presented in section 4.1 are extended for the SDG representation of the process. Without loss of generality, we will assume that faults originate only at the root nodes (nodes with no input arcs). If there is a fault node which has input arcs to it, then a new root node can be attached to this fault node. The occurrence of the fault at the original node will now correspond to the occurrence of the fault at the new root node. It is important to note that sensors are also liable to fail. Hence, they can also be treated as fault origins. For our analysis, we have only considered failure of a controlled variable sensor, as the controlled variable is always a sensed variable. Because we are designing sensor locations, the nonconsideration of other sensor failures is not critical at all. For the case when fault diagnosis is performed given sensor data, failures associated with the sensors are critical and have to be incorporated.28 The observability and resolution algorithms as discussed in section 4.1 are based on the bipartite graph

between the root and sensor nodes. The manner in which the bipartite graph is generated will depend on whether one is solving an observability or resolution problem. The whole sensor network design procedure (including the bipartite graph generation) for observability and resolution problems is discussed next. 4.3. Sensor Location for Fault Observability. The problem of observability is one of finding the minimal set of sensor nodes which will cover all the root nodes. For the problem of observability, the sign of the arcs need not be considered. This is due to the fact that we are only detecting and not diagnosing the faults in the observability case. Hence, in this case, we are interested only in inferring if a fault affects a particular node and not in inferring the direction of its effect. The assumption of single or multiple fault leads to different sensors for observability. 4.3.1. Observability with Single-Fault Assumption. The sensor location for this case is performed through the following sequence of steps. Algorithm I: (i) Consider the DG corresponding to the SDG. (ii) Select all controlled variables. (iii) Collapse all noncontrol loops into supernodes. This is done because noncontrol loops (both positive and negative feedback loops) do not compensate for the effect of the original disturbance entering the loop. (iv) For control loops, delete output arcs from each controlled variable going out of the control loop of that variable. This is done because under single-fault and complete control assumption, disturbance can never be transmitted outside the control loop via the controlled variable. In the resulting DG, for each fault, get the measurable nodes which will be affected when that fault occurs. This will involve resolving each control loop on the basis of the fault that has occurred. (v) Form a bipartite graph between faults and the nodes affected by the faults. (vi) Solve the observability problem based on this bipartite graph. The sensors obtained will be the set of sensors which will observe faults under the single-fault assumption. A flow chart of the procedure to find sensors for observability under single-fault and complete control assumption is given in Figure 11. The set obtained is obviously not the minimal set because controlled variables do not observe any fault under the single-fault assumption. Another important aspect is that the occurrence of only control loop failures is not observable as the effect is not felt on any node. 4.3.2. Observability with Double-Fault Assumption. Assuming double faults, the observability problem is solved as an extension of the single-fault case. Besides the single faults considered in Algorithm I, the occurrence of pairs of faults will also have to be considered. For a given pair of faults consider the following possibilities: (i) Both the faults (say F1 and F2) are noncontrol loop failures: for this case none of the controlled variables are deviated. Any sensor which could observe F1 or F2 individually will still be deviated when both the faults occur together. (ii) Both the faults are control loop failures: simultaneous occurrence of this fault pair is not observable as no node is deviated. (iii) One of the faults (F1) is a normal fault while the other is a control valve failure (F2): for this case there


Figure 11. Flow chart for the single-fault observability algorithm for SDG (algorithm I).

are two possibilities. (a) Fault F1 affects variables in the control loop corresponding to fault F2. Then, the controlled variable corresponding to fault F2 will be deviated. Hence, the sensor measuring that controlled variable will observe the simultaneous occurrence of F1 and F2. (b) Fault F1 does not affect variables in the control loop corresponding to F2. Only those nodes will be affected which were deviated when only F1 occurred. Hence, any sensor which observed F1 will still observe the simultaneous occurrence of F1 and F2. (iv) One of the faults (F1) is a normal fault while the other is a controlled variable sensor failure (F2): again, consider the following two possibilities. (a) Fault F1 affects variables in the control loop corresponding to F2. Because the controlled variable sensor (F2) has now failed, despite the presence of deviation in the controlled variable the controller will not be activated. (b) This case is similar to case (b) above for control valve failure. Apart from the pair corresponding to part (a) of item

(iv) above, all other pairs will be observed by the sensors which were selected for the single-fault case. The double-fault observability algorithm can then be given as Algorithm II. Algorithm II: (i) Perform the first three steps of Algorithm I. (ii) Generate the bipartite graph for the single-fault assumption. (iii) Consider all possible pairs in which one of the faults is a controlled variable sensor failure and the other fault is a normal fault which affects the nodes in the corresponding control loop. Consider each such pair as a separate fault. Generate the affected nodes for these new faults. (iv) Add these new faults along with the nodes they affect, to the bipartite graph obtained for the singlefault assumption. (v) Solve the observability problem for this extended bipartite graph. The sensors so obtained will be the optimal set of sensors which will observe faults with double-fault assumption. 4.4. Sensor Location for Fault Resolution. In this section, the design of the sensor network for maximum fault resolution is presented. The fault resolution methodology using a SDG will be considered for the singleand multiple-fault assumption case. Without loss of generality, it will also be assumed in our analysis that faults deviate only in the positive direction. If there is a fault which can deviate in the negative direction also, then a new fault corresponding to negative deviation in the original fault is added to the SDG, with arcs of opposite signs to the original fault, as shown in Figure 12. In Figure 12a, fault F1 can deviate in both directions whereas F2 deviates only in the positive direction. Corresponding to negative deviation in F1, a new fault F1- is added to the SDG which will be allowed to deviate in the positive direction only. F1 has one positive arc to node S1. F1- therefore has a negative arc to node S1 (Figure 12b). No new addition of the fault is required for F2, as F2 can deviate only in the positive direction. The fact that such modification to the SDG is essential is also evident from this example. For the SDG of Figure 12a, the sensor at node S2 will observe as well as distinguish both F1 and F2. Negative deviation in S2 will correspond to the occurrence of F1, while positive deviation will correspond to F2 being the disturbance origin. For the SDG of Figure 12b, node S2 is not sufficient to distinguish between all faults. Negative deviation in S2 will correspond to the occurrence of F1, while positive deviation in S2 will mean either F1- or F2 has occurred. To distinguish between all three faults, sensors are required on both nodes S1 and S2. This procedure of modifying the SDG to account for negative deviations in fault nodes will be used in the algorithms. Similar to the DG case,1 the resolution problem is converted into an appropriate observability problem. The exact procedure for locating sensors for maximum resolution consists of the following sequence of steps and a flow chart of the following approach is given in Figure 13. Algorithm III: (i) Given the process SDG, identify faults which can deviate in both directions (bidirectional). (ii) Add new faults (one for each) corresponding to the negative deviation in the above faults. If fault F- is added corresponding to negative deviation in fault F,

1008


Figure 12. Example to illustrate the addition of new faults.

Figure 13. Algorithm III for single-fault resolution.

then the output arcs of F- will be incident on the same nodes as those of F, but with opposite signs. (iii) Collapse each consistent loop to a supernode. (iv) Resolve noncontrol negative feedback loops as discussed. (v) Resolve control loops as discussed. (vi) For each fault i, find the set of nodes Ai affected by that fault, along with the direction of effect (positive, negative, or indeterminate) on those nodes. Indeterminate cases arise when there are multiple paths of

different signs to a node. For example, if fault F3 affects sensor S2 in the positive direction, then S2+ will be added in A3 and so on. Hence, sets Ai consist of nodes that contain information about the sensor affected and the direction of deviation of the sensor. Nonnegative feedback loops and control loops will be resolved as discussed, to obtain the set Ai for fault i. (vii) On the basis of the sets Ai, construct a bipartite graph between all sensor nodes (without the direction of deviation) and the faults (root nodes). Call this bipartite graph G. (viii) For each pair (i,j) of faults, construct set Bij ) Bji. Bij is the set of sensor nodes that help distinguish between faults (i,j). If a node (sensor with direction of effect) is present only in Ai or Aj and not in both, then the corresponding sensor is included in Bij. For example, if S1+ is present in Ai and S1- is present in Aj (nodes S1+ and S1- would be considered as distinct though the sensed variable is the same) then S1 would be included in Bij. If a sensor node with a positive or negative (“+” or “-”) deviation is present in Ai and the same sensor with an indeterminate effect (“+-”) is present in Aj, then the corresponding sensor will not be included in Bij. This is due to the fact that the particular sensor would not help distinguish between the faults based on a SDG analysis (because of qualitative ambiguity). It is worth noting at this point that this is how the algorithm handles the qualitative ambiguity, per se, without any restricting assumption. It is also clear that some information is lost because of this and this would lead to a conservative design. It is clear that the sets Bij, with a slight modification to handle the indeterminate case, represent the symmetric difference between sets Ai and Aj. There are m × (m - 1)/2 such new sets that are generated. (ix) Denote each Bij by a node. Draw a bipartite graph between this node and the nodes in the set Bij. (x) Add this bipartite graph to the original bipartite graph G. Call the resulting system as G′. (xi) Select all controlled variables. (xii) In G′ delete faults covered by controlled variables sensors. (xiii) Solve the observability problem for the resulting bipartite graph. The solution so obtained will be the nodes where sensors should be placed for maximally resolving faults under the single-fault assumption. The indistinguishable pair of faults correspond to null Bij’s. Once again controlled variables sensors are redundant in resolving faults under single-fault assumption. The design methodology for resolution under multiplefault assumption is illustrated for the double-fault assumption case where the occurrence of up to two


Figure 14. Five-tank system schematic.

faults at a time is considered. A solution strategy for resolving faults when the occurrence of more than two faults at a time is also considered can also be derived in an analogous way. Fault Resolution under Double-Fault Assumption. The general procedure for getting sensors for resolution under double-fault assumption is outlined below. Algorithm IV: (i) Perform the first five steps of the single-fault resolution algorithm as presented above. (ii) Construct Aij ) Aji for each pair (i,j) of faults. Aij is the set of sensor nodes (along with the direction of effect) which are affected when both faults i and j occur. Aij ) Aji ) Ai ∪ Aj if neither fault i nor j is a control loop failure where the union is taken as follows: If a node is present only in Ai (or Aj), then it is included in Aij (with the same direction of effect). If a sensor node, say S1, is present in both Ai and Aj and it is affected in the same + (-) direction in both, then S1+ (S1-) is included in Aij. If a sensor node (say S1) is present in both Ai and Aj but with different effects, then S1+- is included in Aij. If both faults i and j are control loop failures (control valve sticking or controlled variable sensor failure), then Aij ) Aji ) φ. If only one of them, say fault i, is a control valve failure, then consider the two possibilities: (a) Fault j does not affect variables in the control loop corresponding to fault i. Then, Aij ) Aji ) Aj. (b) Fault j affects variables in the control loop corresponding to fault i. Then, in the original SDG, remove arcs originating from the control loop failure node (controlled variable sensor or control valve) corresponding to fault i to obtain a reduced SDG. Now, Aij ) Aji is the set of nodes affected by fault j in the reduced SDG. One important point to note is that the set Aij ) Aji is generated for all possible pairs of faults, except pairs which correspond to the occurrence of the same fault in opposite directions because such faults are mutually exclusive. (iii) Mark the new Aij’s (corresponding to simultaneous occurrence of faults i and j) as root nodes along the original m root nodes. Call this System I. (iv) For resolution with double-fault assumption, apply the single-fault resolution algorithm on System I. The solution obtained will be the set of sensors which will perform maximum resolution with double-fault assumption.

Figure 15. Five-tank system signed digraph.

5. Case Studies The methodologies developed for sensor location based on the process SDG are now applied to two case studies to underscore their utility. Sensor location design for a five-tank system illustrates the design methodology and underscores the superiority of SDG-based design over the DG-based design. A CSTR system is also considered as it is able to illustrate most of the issues discussed in this article. The assumptions made and the sensor location methodology developed are validated through numerical simulations for the CSTR case study. 5.1. Five-Tank System. The five-tank system considered by Chang et al.14 as shown in Figure 14 is considered for application of SDG-based sensor location algorithms. The results are then contrasted with the design obtained by considering the DG of the system. The SDG of the five-tank system (Figure 14) is shown in Figure 15. It is interesting to note that all faults except qi are unidirectional (occur only in + direction). Corresponding to negative deviation in qi, new fault node qi- is added to the SDG (this is not required for observability). The process has no control loops but it

1010


Table 1. Set A for the SDG of the Five-Tank System (Figure 15) set

fault

sensor nodes

A1 A2 A3 A4

qi+

[L1+,F6+,L2+,F8+,F7+,L3+,F9+,L5+,F12+,F10+,L4+,F11+]

qil1 v6

A5 A6 A7

l2 v8 v7

A8 A9 A10 A11 A12 A13 A14

l3 v9 l5 v12 v10 l4 v11

[L1-,F6-,L2-,F8-,F7-,L3-,F9-,L5-,F12-,F10-,L4-,F11-] [L1-,F6-,L2-,F8-,F7-,L3-,F9-,L5-,F12-,F10-,L4-,F11-] [F6-, L2-, F8-, L1+, F7+, L3+, F9+, L5+, F12+, F10+,L4+, F11+] [L2-, F8-] [F8-, L2+] [F7-, L3-, F9-, L5-, F12-, F10-, L4-, F11-, L1+,F6+, L2+, F8+] [L3-, F9-, L5-, F12-, F10-, L4-, F11-] [F9-, L5-, F12-, L3+, F10+, L4+, F11+] [L5-, F12-] [F12-, L5+] [F10-, L4-, F11-, L3+, F9+, L5+, F12+] [L4-, F11-, F10+, L3-, F9-, L5-, F12-] [F11-, L4+, F10-, L3+, F9+, L5+, F12+]

Table 2. Sensors for Single Fault Resolution for the Five-Tank System selected sensors SDG DG

[L2, L5, F10, L4] [L2, L3, L5] indistinguishable faults

SDG DG

[(qi-,

l1)] [(qi+, qi-), (qi+, l1), (qi+, v6), (qi+, v7), (qi-, l1),(qi-, v6), (l1, v6), (qi-, v7), (l1, v7), (v6, v7), (l2, v8), (l3, v9), (l3, v10), (l3, l4), (l3, v11), (v9, v10), (v9, l4), (v9, v11), (l5, v12), (v10, l4), (v10, v11), (l4, v11)]

has eight negative feedback loops. The sensor location algorithm for various cases is then performed on this SDG. 5.1.1. Sensors for Observability. Because there are no control loops, for observability the DG of the given SDG is considered and the sensor location algorithm for DG is applied. This results in the selection of nodes [L2,L5] as the sensor nodes. Note that these sensors will be optimal for observability irrespective of single- or multiple-fault assumption because no control loops are present in the given SDG. 5.1.2. Single-Fault Resolution. The nodes affected by each fault are identified along with the direction of effect (the A sets). This is tabulated in Table 1. Corresponding to each Ai,Aj pair, the Bij set is generated by taking the modified symmetric difference of Ai and Aj. These B sets are marked along with the original faults and the observability algorithm is applied to this extended set of faults. The results are presented in Table 2. The sensors obtained for resolution based on the DG of the process are also given in the same table. From the results it is evident that sensor location design based on the SDG allows better resolution than a design based on the DG. 5.1.3. Resolution under Double-Fault Assumption. Corresponding to the pairs Ai,Aj shown in Table 1, the Aij sets are formed by taking the modified union as explained in the double-fault resolution algorithm (Algorithm IV). Set A1,2 is not formed as faults 1 and 2 represent the occurrence of the same fault (qi) in opposite directions. The Aij sets so generated are listed along with the earlier A sets and the single-fault resolution is applied to this extended system. The sets generated in this way are not shown, but the results of the algorithm are shown in Table 3. A number of indistinguishable pairs of faults are generated. To contrast, the sensors obtained by the DG-based design are also listed in the same table. It is seen that fewer

Table 3. Results for Resolution under Double-Fault Assumption selected sensors SDG DG

[L1,F6,L2,F7,L3,F9,L5,F10,L4,F11] [L1,L2,L3,L5]

sensors are selected for the DG case, and the number of indistinguishable pairs also increases greatly (about 175%) in comparison to that of the SDG case. It is quite likely in general that even with the same number of sensors the resolution attained using SDG might be better than that with the DG. More importantly, the SDG representation allows one to choose more promising sensors that would give maximum information and it would not have been possible to choose these sensors on the basis of just the DG representation of the process. Hence, one can design more optimal sensor locations on the basis of the SDG of the process. 5.2. Application to the CSTR System. The SDG of the CSTR system considered by Mylaraswamy et al.29 is considered for the application of SDG-based sensor location algorithms. The schematic diagram of the process is shown in Figure 16. Figure 17 gives the SDG of the CSTR process. The model equations and some simulation results to validate the design methodology are given in Appendices A and B, respectively. The process brings out all the issues discussed in the previous sections. It has control loops, noncontrol negative feedback loops, positive loops, and multiple paths with opposite signs. The SDG in Figure 17 also has a conditional arc from node P to node Fvg. The arc is conditional because it gets activated only when the control valve VP gets stuck. 5.2.1. Sensors for Observability. Sensor location for observability is performed separately for the singleand double-fault cases. Observability under Single-Fault Assumption. The sequence of steps as detailed in Algorithm I is applied to obtain sensor locations for observing faults under single-fault assumption: (i) The controlled variables T, P, and V are selected. (ii) The DG corresponding to the SDG of Figure 17 is considered. (iii) The noncontrol loop (loop not involving any controlled variable) comprising nodes CA and rA is reduced to supernode CA. (iv) The output arcs from each controlled variable, not belonging to the control loop of that variable, are deleted. For example, consider the temperature control loop consisting of nodes T, TS, TC, VT, Fc, and Tc in Figure 17. Arcs originating from node T and incident on nodes external to this loop are deleted. Hence, arcs T-P and T-CA (Figure 18) are deleted. This is verified by the CA profile plotted in Figure 20a. At steady-state CA is at its original value despite the presence of a fault (decrease in Ti) because the disturbance reaches CA through the controlled variable T. With these modifications the DG shown in Figure 18 is obtained. (v) For each fault the measurable nodes affected by that particular fault are identified. This involves analyzing each control loop to find the affect of the particular fault on the nodes of the loop. As an illustration, consider the analysis of the temperature control loop. A peculiar feature of this loop is the presence of a positive feedback loop between nodes T and Tc. This loop


Figure 16. CSTR process schematic.

Figure 17. SDG of the CSTR process of Figure 16.

is different from a normal positive feedback loop as T is a controlled variable, and Tc belongs to the control loop of that controlled variable. T being a controlled variable will at steady state always have a normal value under single-fault assumption. Node Tc, on the other hand, will be normal or disturbed depending on the entry node of the disturbance in the loop. Consider the disturbance entering through node Tc. Then, both the disturbance as well as the compensatory response of the control loop affect the controlled variable through node Tc. The only way in which node T can be at a normal state is by node Tc also being at a normal

state. This is shown in Figure 21a, where despite the presence of a disturbance (increase in Tci) affecting Tc, node Tc (and hence T also) settles at its original steadystate value. If the disturbance enters through node T, then to compensate for this disturbance, node Tc will be at a disturbed state (action of control loop), the direction and magnitude of which will depend on the disturbance affecting node T. The profile of node Tc is plotted in Figure 20b for a step change (fault) in Ti. Ti affects the T control loop through node T only (Figure 17). Hence, to compensate for the disturbance, Tc is disturbed at steady state.

1012


Figure 18. DG of the CSTR process for observability.

Figure 19. SDG of Figure 17 for single-fault resolution.

Similarly, node Fc will be normal if the disturbance enters through Fc itself (which does not happen for this process) and will be disturbed when the disturbance enters either through T or Tc. This is shown in Figure 21b, where the profile of Fc is plotted for a step change in Tci (fault). Fc is deviated from its normal value as this deviation provides the compensatory effect to cancel the effect of the fault on controlled variable T. The control valve VT, on the other hand, will be disturbed irrespective of the position of disturbance entry. A similar analysis can be performed when the disturbance enters the loop through more than

ne node (for example, the effect of change in U enters the temperature control loop through nodes T as well as Tc). (vi) The list of sensors affected by each fault is presented in Table 4. The sensor location algorithm is applied to obtain node Fc as the node where the sensor should be placed to observe all the faults (except control loop failures) under single-fault assumption. Hence, Fc together with controlled variables sensors [TS,VS,PS] observes faults (except the occurrence of control loop failures) with single-fault assumption. It is evident that sensors [TS,VS,PS] are redundant for this case.


Figure 20. Step change in the inlet feed temperature (530-500 °R).

Figure 21. Step change in the coolant inlet temperature (from 530 to 550 °R). Table 4. Observability under Single-Fault Assumption fault

nodes affected

CAi Fi

[CA,Fc,F4,Tc,TC,VT,PC,VP,Fvg] [CA,VC,VL,F2,F3,F,TC,VT, Fc,F4,Tc,PC,VP,Fvg] [TC,VT,Fc,F4,Tc] [φ] [φ] [φ]

Ti VfL VfT PfS

fault Tci Cd U VfP VfS TfS

nodes affected [TC,VT,Fc,F4] [CA,TC,VT,Fc,F4, Tc,PC,VP,Fvg] [TC,VT,Fc,F4,Tc] [φ] [φ] [φ]

Observability under Double-Fault Assumption. Algorithm II is applied to get the sensors for this case. (i) The first three steps performed in Algorithm I above are carried out. (ii) For each pair of faults, in which one fault is a controlled variable sensor failure and the other fault is a normal fault affecting the corresponding control loop, the affected nodes are generated. These pairs along with the nodes they affect are given in Table 5. For example, consider temperature sensor failure, TfS. Consider a fault such as Ti which affects variables in the temperature control loop. When Ti and TfS occur together, the effect is not felt on any variable (except Tc) within the temperature control loop because the temperature controller is not activated (because of occurrence of TfS). But because of the deviation in T, the effect is transmitted to variables outside the temperature control loop as shown in Table 5.

(iii) The faults generated by the above step alongwith the nodes they affect are listed with single faults. The observability algorithm is applied to this extended bipartite graph to solve the problem of observability under double-fault assumption. The set of selected sensors turns out to be [TS,VS,PS,Fc,Tc]. Note that because of the possibility of controlled variable sensors failing in conjunction with other faults, node Tc has been selected to observe such pairs. Other sensors are the same as those obtained for the single-fault case. 5.2.2. Sensor Location for Fault Resolution. The cases of single-fault assumption and double-fault assumption are considered separately. Resolution under Single-Fault Assumption. Algorithm III is applied to get sensor location for maximum resolution under single-fault assumption. (i) For resolution, negative deviation of faults also has to be taken into account. For this purpose, faults which can occur in both directions are identified. Changes in CAi, Ti, Tci, and Fi are such faults. (ii) Corresponding to the negative deviation of each such fault, a new fault with opposite arc signs is added to the SDG. For example, in the SDG of Figure 17, fault node CAi (the inlet concentration) can either increase or decrease. Node CAi has a positive arc to node CA. Corresponding to negative deviation in CAi, fault CAiis added to the SDG, which has a negative arc to node CA (Figure 19). An interesting aspect of Figure 17 is

1014


Table 5. Observability under Double-Fault Assumption double faults

nodes affected

(Fi,VfS) (CAi,TfS) (Ti,TfS) (U,TfS) (CAi,PfS)

[CA,TC,VT,Fc,F4,Tc,PC,VP,Fvg] [CA,Tc,PC,VP,Fvg,n] [CA,Tc,PC,VP,Fvg,n] [Tc,CA,PC,VP,Fvg,n] [CA,TC,VT,Fc,F4,Tc,Fvg,n]

double faults (Fi,TfS) (Cd,TfS) (Tci,TfS) (Cd,PfS) (Fi,PfS)

nodes affected [CA,VC,VL,F2,F3,F,Tc,PC,VP,Fvg,n] [CA,Tc,PC,VP,Fvg,n] [Tc,CA,PC,VP,Fvg,n] [CA,TC,VT,Fc,F4,Tc,Fvg,n] [CA,VC,VL,F2,F3,F,TC,VT,Fc,F4,Tc,Fvg,n]

Table 6. Set A for SDG of Figure 17 fault (no.)

set A

fault (no.)

set A

CAi+ (R1) CAi- (R2) Fi+ (R5) Fi- (R6) Cd- (R9) VfL (R11) VfT (R13) PfS (R15)

[CA+,TC+,VT+,Fc+,F4+,Tc-,PC+,VP+,Fvg+] [CA-,TC-,VT-,Fc-,F4-,Tc+,PC-,VP-,Fvg-] [CA+,VC+,VL+,F2+,F3+,F+,TC+,VT+,Fc+,F4+,Tc-,PC+,VP+,Fvg+] [CA-,VC-,VL-,F2-,F3-,F-,TC-,VT-,Fc-,F4-,Tc+,PC-,VP-,Fvg-] [CA+,TC-,VT-,Fc-,F4-,Tc+,PC-,VP-,Fvg-] [φ] [φ] [φ]

Ti+ (R3) Ti- (R4) Tci+ (R7) Tci- (R8) U- (R10) VfP (R12) VfS (R14) TfS (R16)

[TC+,VT+,Fc+,F4+,Tc-] [TC-,VT-,Fc-,F4-,Tc+] [TC+,VT+,Fc+,F4+] [TC-,VT-,Fc-,F4-] [TC+-,VT+-,Fc+-,F4+-,Tc-] [φ] [φ] [φ]

Table 7. B Sets for the Faults of Table 6 sets

nodes

(B1,2),(B1,4),(B1,8),(B2,3),(B2,7),(B3,9),(B7,9) (B1,3),(B1,10),(B2,4),(B4,9) (B1,5),(B2,6) (B1,6),(B2,5),(B3,6),(B4,5),(B5,6),(B5,8),(B6,7) (B1,7),(B2,8),(B2,10),(B8,9),(B9,10) (B1,9) (B2,9) (B3,4),(B3,8),(B4,7) (B3,5),(B4,6),(B5,10) (B3,7),(B4,8),(B4,10),(B7,10),(B8,10) (B3,10) (B5,7),(B6,8),(B6,10) (B5,9) (B7,8) (B6,9)

[CA,TC,VT,Fc,F4,Tc,PC,VP,Fvg] [CA,PC,VP,Fvg] [VC,VL,F2,F3,F] [CA,VC,VL,F2,F3,F,TC,VT,Fc,F4,Tc,PC,VP,Fvg] [CA,Tc,PC,VP,Fvg] [TC,VT,Fc,F4,Tc,PC,VP,Fvg] [CA] [TC,VT,Fc,F4,Tc] [CA,VC,VL,F2,F3,F,PC,VP,Fvg] [Tc] [φ] [CA,VC,VL,F2,F3,F,Tc,PC,VP,Fvg] [VC,VL,F2,F3,F,TC,VT,Fc,F4,Tc,PC,VP,Fvg] [TC,VT,Fc,F4] [CA,VC,VL,F2,F3,F]

that there are certain faults (heat-transfer coefficient U and catalyst activity Cd) which can deviate only in the negative direction. To account for this, the SDG is modified by reversing the signs of the output arcs of these faults (Figure 19). (iii) The output arcs from each controlled variable going out of the control loop of that variable are deleted (Figure 19). (iv) Corresponding to each fault i, the set Ai of affected nodes is found (Table 6). (v) Corresponding to each pair i,j of faults, the set Bij is generated using the modified symmetric difference procedure described in Algorithm III. For illustration consider faults CAi+ and Tci+. Nodes (TC,VT,Fc,F4) are affected by both the faults in the positive direction. Hence, they will not assist in resolving the two faults. Nodes (CA,Tc,PC,VP,Fvg), on the other hand, are affected only by fault CAi+, and placing a sensor at either of these will resolve CAi+ and Tci+. The B set corresponding to this pair of faults (B1,7) therefore consists of nodes (CA,Tc,PC,VP,Fvg). Also worth noting is that (B3,10) is empty as both the faults Ti+ and U- affect the same set of nodes (TC,VT,Fc,F4,Tc), with the same effect on Tc (-), and the effect of fault U- on the remaining nodes being indeterminate. The B sets corresponding to all the pairs of faults are listed in Table 7. For the sake of brevity, control loop failure faults are not considered while forming the B sets. The reason being that the control loop failures cannot be distinguished from each other, and the B set corresponding to a control loop failure fault and a normal fault is the A set for that fault itself.

(vi) The sets Bij as listed in Table 7 are listed along with the Ai sets (considered without signs of nodes) corresponding to individual faults (Table 6), and the observability problem solved for this extended system. This gives nodes [CA,Tc,Fc,F] as the minimal set of nodes where the sensors should be placed for solving the single-fault resolution problem. The control variable sensors are already selected. This gives [VS,PS,TS,CA,Tc,Fc,F] as the complete set of sensor nodes which gives maximum resolution under single-fault assumption. The null Bij’s correspond to indistinguishable pairs. To contrast, results for the DG case are also generated as follows: the Ai sets are considered without signs. The single-fault resolution algorithm as explained for the DG case in section 4.1 is applied. The same set of sensors as that for the SDG case is obtained as shown in Table 9 (the controlled variables are again selected), but the number of indistinguishable faults are more than that for the SDG case. Including control loop failures also, the null sets (corresponding to indistinguishable pairs and unobservable faults) increases from 22 for the SDG case to 29 for the DG case. Resolution under Double-Fault Assumption. The double-fault resolution algorithm (Algorithm IV) is applied on this CSTR system. The Aij ) Aji sets are generated for each pair of faults, except those pairs which represent the occurrence of the same fault in opposite directions. Because of the possibility of control loop failures, the set Aij may not be equal to Ai ∪ Aj. Aij is the set of nodes which are disturbed when both faults i and j occur simultaneously. The methodology described

Ind. Eng. Chem. Res., Vol. 39, No. 4, 2000 1015 Table 8. Set Aij’s for Some Pairs of Table 4 sets A1,11 A1,13 A2,12 A3,11 A3,13 A4,12 A5,12 A5,11 A6,12 A7,11 A7,13 A8,12 A9,11 A9,13 A10,12

elements [CA+,TC+,VT+,Fc+,F4+,Tc-,PC+,VP+,Fvg+] [CA+,TS+,TC+,Tc+,PC+,VP+,Fvg+,n-] [CA-,TC-,VT-,Fc-,F4-,Tc+,Fvg-,n-,PS-,PC-] [TC+,VT+,Fc+,F4+,Tc-] [TS+,TC+,CA-,Tc+,PC+,VP+,Fvg+,n-] [TC-,VT-,Fc-,F4-,Tc+] [CA+,VC+,VL+,F2+,F3+,F+,TC+,VT+,Fc+,F4+,Tc-,Fvg+,n+,PS+,PC+] + + + + + + + + [VS+,VC+,CA+ -,TC-,VT-,Fc-,F4-,Tc-,PC-,VP-,Fvg-] [CA-,VC-,VL-,F2-,F3-,F-,TC-,VT-,Fc-,F4-,Tc+,Fvg-,n-,PS-,PC-] [TC+,VT+,Fc+,F4+] [TS+,TC+,CA-,Tc+,PC+,VP+,Fvg+,n-] [TC-,VT-,Fc-,F4-] [CA+,TC-,VT-,Fc-,F4-,Tc+,PC-,VP-,Fvg-] [TS-,TC-,CA+,Tc-,PC-,VP-,Fvg-,n+] + + + [TC+ -,VT-,Fc-,F4-,Tc ]

Table 9. Set of Selected Sensors for the CSTR System SDG DG

single-fault resolution

double-fault resolution

[VS,PS,TS,CA,Tc,Fc,F] [VS,PS,TS,CA,Tc,Fc,F]

[VS,PS,TS,CA,F,Fc,Tc,PC] [VS,PS,TS,CA,F,Fc,Tc,PC]

in Algorithm IV is followed to generate these sets for the faults listed in Table 6. For compactness, only the pairs in which one of the faults is a control valve failure are listed in Table 8. The nodes affected by the simultaneous occurrence of a fault and a control sensor failure will be the same as the set of nodes affected by that fault when it occurs alongwith the corresponding control valve failure. The only difference is that the controlled variable sensor itself and the controller output will be normal now (even though the controlled variable might be deviated). For example, the set of nodes affected by the simultaneous occurrence of faults CAi+ (R1) and VfT (R13) is A1,13 which is as given in Table 8. Hence, the set of nodes affected by the simultaneous occurrence of faults CAi+ (R1) and TfS (R16) will be the same as A1,13 except nodes TS and TC which will now be normal. For other pairs (i,j) of faults, Aij is equal to Ai ∪ Aj (the modified union as explained in Algorithm IV). The Aij’s are treated as fault nodes and added to the original set of faults. A bipartite graph (called G) between the sensor nodes and the extended set of faults is generated. The single-fault resolution algorithm (Algorithm III) is applied on system G to obtain nodes [VS,PS,TS,CA,F,Fc,Tc,PC] for attaining maximum resolution of faults (not all pairs of faults in G are resolved) under double-fault assumption (Table 9). Once again, results based on the process DG are generated to compare with the SDG-based results. The Aij sets without signs on sensors are considered and the doublefault resolution algorithm as given in section 4.1 is applied to obtain [VS,PS,TS,CA,F,Fc,Tc,PC] as the nodes where sensors should be placed to maximally resolve faults under the double-fault assumption (once again controlled variables were first selected and then an optimal number of sensors out of the remaining nodes were selected). Comparing with the SDG results as shown in Table 9, the same sensors have been selected, but the indistinguishable pairs increase by almost 70%. 6. Limitations and Discussions The SDG-based approach for sensor design as presented in the previous sections, even though useful and

sets A1,12 A2,11 A2,13 A3,12 A4,13 A4,11 A5,13 A6,11 A6,13 A7,12 A8,13 A8,11 A9,12 A10,13 A10,11

elements [CA+,TC+,VT+,Fc+,F4+,Tc-,Fvg+,n+,PS+,PC+] [CA-,TC-.VT-,Fc-,F4-,Tc+,PC-,VP-,Fvg-] [CA-,TS-,TC-,Tc-,PC-,VP-,Fvg-,n+] [TC+,VT+,Fc+,F4+,Tc-] [TS-,TC-,CA+,Tc-,PC-,VP-,Fvg-,n+] [TC-,VT-,Fc-,F4-,Tc+] + + + + + + + + + + + [CA+ -,VC ,VL ,F2 ,F3 ,F ,TS ,TC ,Tc ,PC ,VP ,Fvg ,n ] + + + + + + + + [VS-,VC-,CA+ ,TC ,VT ,Fc ,F4 ,Tc ,PC ,VP ,Fvg ] - - + [CA+ -,VC ,VL ,F2 ,F3 ,F ,TS ,TC ,Tc ,PC ,VP ,Fvg ,n ] [TC+,VT+,Fc+,F4+] [TS-,TC-,CA+,Tc-,PC-,VP-,Fvg-,n+] [TC-,VT-,Fc-,F4-] [CA+,TC-,VT-,Fc-,F4-,Tc+,Fvg-,n-,PS-,PC-] + + + + + + + [TS+ -,TC-,CA-,Tc-,PC-,VP-,Fvg-,n-] + + + -] [TC+ ,VT ,Fc ,F4 ,Tc -

easy to apply, suffers from some drawbacks. Some of these are listed below: (i) Multiple paths with opposite signs reduce the resolution. Order of magnitude information can be incorporated in the SDG to overcome this problem. (ii) Dynamic information (time delays, propagation times) has not been used in this article. Use of this information may further enhance the resolution. (iii) The signs of the arcs are derived from the steadystate values of the process variables. For large deviations in the process variables, the arcs might change signs. This has not been taken into consideration. The assumption of arc gain not changing sign is made in most of the approaches that use the SDG representation of the process. It is to be noted that, in the worst case, the SDGbased sensor location design will be the same as the DGbased design. In all the other cases, the SDG-based design will offer better resolution than the design based on the process DG. 7. Conclusions In this article, some of the issues associated with sensor location based on the signed directed graph representation of the process were discussed. The algorithms for sensor location design developed by Raghuraj et al.1 were extended on the basis of the SDG of the process. To summarize, SDG is a powerful representation of the process and has been widely used in fault diagnosis of chemical process systems. In this work we have used the SDG representation of the process for the location of sensors for efficient fault diagnosis. The proposed approach provides a method in which the sensor locations can be designed for subsequent fault diagnosis using any of the techniques available in the literature. A good initial design is obtained on the basis of minimum information about the plant without many restricting assumptions. The only restricting assumption is that the arcs do not change the gain sign. This assumption is made in most of the approaches that use the SDG representation of the process. A CSTR case study was used to illustrate the fact that better results are obtained with the SDG. A five-tank system was also considered to highlight the methodology and superiority of the SDG-based design approach. Design of a sensor network for efficient fault diagnosis based on suitable reliability criteria needs to be developed.

1016


Table 10. Values for the CSTR of Figure 16 notation

variable

(steady state/constant) value

V CA T F n P Fvg Fi CAi Tc Fc Ti Vj k0 Cd E R U A Tci ∆H Cp Cpj F Fj Vg

volume of reactor reactant conc. in reactor reactor temp. outlet flow rate no. of moles of vapor pressure in the vapor space vent flow rate inlet feed flow rate inlet reactant conc. jacket temp. coolant flow rate inlet feed temp. volume of jacket frequency factor catalyst activity activation energy universal gas constant heat-transfer coeff. heat-transfer area inlet coolant temp. heat of reaction heat capacity (process side) heat capacity (coolant side) density of process mixture density of coolant volume of the vapor space

48 ft3 0.2345 lb‚mol of A/ft3 600 °R 40 ft3/h 28.3657 lb‚mol 2116.79 lb/ft2 10.6137 lb‚mol/h 40 ft3/h 0.50 lb‚mol of A/ft3 590.51 °R 56.626 ft3/h 530 °R 3.85 ft3 7.08 × 1010 h-1 1 29 900 btu/lb‚mol 1.99 btu/lb‚mol‚°R 150 btu/h‚ft2‚°R 150 ft2 530 °R -30 000 btu/lb‚mol 0.75 btu/lbm‚°R 1.0 btu/lbm‚°R 50 lbm/ft3 62.3 lbm/ft3 16 ft3

Nomenclature A ) set of connected nodes Bij ) modified symmetric between Ai and Aj C ) candidate for sensor node c ) number of selected sensor nodes G,G′ ) bipartite graph between root and possible sensor nodes m ) number of original root nodes Subscripts i,j ) element Superscripts + ) indicates positive deviation - ) indicates negative deviation ( ) indicates presence of deviation with unknown direction

system is shown in Figure 16. The process involves a liquid-phase reaction A(l) f B(l) + C(g). This reaction is highly exothermic and occurs in the reactor. The temperature controller controls the temperature of the reactor by manipulating the flow rate of the coolant flowing through the jacket. The level in the reactor is controlled by the level controller by manipulating the outlet flow rate from the reactor. The pressure in the reactor is controlled by changing the vent gas flow rate. Both the reactor and the jacket are modeled with perfectly mixed-tank dynamics. The reactor volume at any time is given by

dV ) Fi - F dt The reactant concentration CA is given by

dCA Fi ) (CAi - CA) - rA dt V

(2)

Assuming constant heat capacities and densities, an overall heat balance on the reactor gives the reactor temperature as

rA(-∆H) UA(T - Tc) dT Fi ) (Ti - T) + dt V FCp VFCp

(3)

Overall heat balance on the jacket gives the coolant temperature

UA(T - Tc) dTc Fc ) (Tci - Tc) + dt Vj VjFjCpj

(4)

The pressure in the reactor depends on the number of moles of vapor, n. This in turn depends on the rate of reaction and vent (molar) flow rate Fvg. The vapor space Vg is assumed to be constant and the vapor is assumed to behave ideally.

Appendix A: CSTR Model Equations The exothermic CSTR system given by Mylaraswamy et al.29 is simulated to obtain the manipulated and controlled variable data to validate the sensor location design methodology. For simulation the values as given by Luyben30 are used. The schematic of the CSTR

(1)

dn ) rAV - Fvg dt

(5)

PVg ) nRT

(6)

The reaction rate is given as

rA ) CdCAk0e-E/RT

(7)

Assuming no accumulation in the pumps and valves,

Figure 22. Step change in the inlet feed concentration (from 0.5 to 0.4 lb‚mol of A/ft3).


Figure 23. A typical cascade control loop.

Figure 24. Disturbance entry through the primary controlled variable.

Figure 25. Disturbance entry through the manipulated variable.

1018


the following relations are obtained:

F3 ) F2

(8)

F2 ) F

(9)

F4 ) Fc

(10)

the secondary loop are corrected by the secondary controller before they can affect the primary controlled variable.31 This gives rise to the SDG of Figure 25b at steady state. Similar to the way cascade control has been handled, other control structures can also be analyzed to get the effect on variables for a particular fault. Literature Cited

PI controllers are used to control the temperature, volume, and pressure of the reactor. The values used in the simulation are tabulated in Table 10. Appendix B: CSTR Simulation Results Some simulation results for the CSTR system considered in this article are plotted to validate the analysis. (1) Under single-fault assumption, the control variable does not transmit disturbances outside the control loop. Hence, node T does not pass disturbance to node CA. Figure 20a shows change in CA for a step change in inlet feed temperature. Initially, when T deviates (Figure 20b), CA increases, but T being a controlled variable is brought back to its original value. This causes CA also to settle at its original steady-state value. Node Tc, on the other hand, settles at a different value (Figure 20b). (2) Figure 21 shows T, Tc, and Fc plots for a step change in coolant inlet temperature Tci. Here, disturbance enters the T control loop through node Tc. Hence, both nodes T and Tc finally come back to their original values as shown in Figure 21a. Node Fc, on the other hand, is deviated (Figure 21b) as this deviation forces Tc (and hence T) to go to the normal state. (3) The assumption of noncontrol negative feedback loops not being able to compensate for disturbance entering the loop is validated for the loop formed by CA and rA. Figure 22a,b shows respectively the plot of CA and rA for a step change in inlet concentration, CAi. Here, even though rA has a negative arc to CA, it is not able to compensate for the decrease in CA because of a decrease in CAi. Appendix C: Cascade Control To explain the methodology for various types of control loops, a specific case of a cascade control loop is presented. The SDG for a typical cascade control loop is shown in Figure 23. The adder node in the loop is part of the secondary controller. For clarity, we have represented it as a separate node which will be considered as an unmeasurable node. For the cascade loop, analyses for the following two cases have been carried out: (1) Disturbance entry through the primary controlled variable: For this case the original SDG is shown in Figure 24a. At steady state, the SDG shown in Figure 24b is obtained. A point worth noting is that at steady state the secondary controlled variable is not at the normal value, even though a single fault has occurred. (2) Disturbance entry through manipulated variable: The original SDG for this case is shown in Figure 25a. While performing the analysis for this case, the dynamics of the secondary control loop are assumed to be extremely fast as compared to the dynamics of the primary control loop. Hence, disturbances arising within

(1) Raghuraj, R.; Bhushan, M.; Rengaswamy, R. Location of sensors in complex chemical plants based on fault diagnostic observability criteria. AIChE J. 1999, 45 (2), 310. (2) Ali, Y.; Narasimhan, S. Sensor network design for maximizing reliability of linear processes. AIChE J. 1993, 39 (5), 820. (3) Ali, Y.; Narasimhan, S. Sensor network design for maximizing reliability of bilinear processes. AIChE J. 1996, 42 (9), 2563. (4) Ali, Y.; Narasimhan, S. Redundant sensor network design for linear processes. AIChE J. 1995, 41 (10), 820. (5) Sen, S.; Narasimhan, S.; Deb, K. Sensor network design of linear processes using genetic algorithms. Comput. Chem. Eng. 1998, 22 (3), 385. (6) Meyer, M.; Lann, J. M. L.; Koehret, B.; Enjalbert, M. Optimal selection of sensor location on a complex plant, using a graph oriented approach. Comput. Chem. Eng. 1994, 18 (Suppl.), S535. (7) Maquin, D.; Darouach, M.; Fayolle, J.; Ragot, J. Localization of sensors in large scale industrial systems. In Applied Modelling and Simulation of Technological Systems; Borne, P., Tzafestas, S., Eds.; Elsevier Sciences: The Netherlands, 1987. (8) Madron, F.; Veverka, V. Optimal selection of measuring points in complex plants by linear models. AIChE J. 1992, 38 (2), 227. (9) Maquin, D.; Luong, M.; Ragot, J. Observability analysis and sensor placement. In SAFE PROCESS’94 IFAC/IMACS Symposium on Fault Detection, Supervision and Safety for Technical Process, Espoo, Finland, 1994. (10) Luong, M.; Maquin, D.; Huynh, C.; Ragot, J. Observability, redundancy, reliability and integrated design of measurement systems. In 2nd IFAC Symposium on Intelligent Components and Instrument Control Applications, SICICA’94, Budapest, Hungary, 1994. (11) Ragot, J.; Maquin, D.; Bloch, G. Sensor positioning for processes described by bilinear equations. Diagnosticet Surˆ ete´ de Fonctionnement 1992, 2, 115. (12) Bagajewicz, M. J. Design and retrofit of sensor networks in process plants. AIChE J. 1997, 43 (9), 2300. (13) Lambert, H. E. Fault trees for locating sensors in process systems. Chem. Eng. Prog. 1977, (Aug), 81. (14) Chang, C. T.; Mah, K. N.; Tsai, C. S. A simple design strategy for fault monitoring systems. AIChE J. 1993, 39 (7), 1146. (15) Kramer, M. A.; Palowitch, B. L. J. A rule-based approach to fault diagnosis using the signed directed graph. AIChE J. 1987, 33 (7), 1067. (16) Iri, M.; Aoki, K.; O’Shima, E.; Matsuyama, H. An algorithm for diagnosis of system failures in the chemical process. Comput. Chem. Eng. 1979, 3, 489. (17) Chang, C. C.; Yu, C. C. On-line fault diagnosis using the signed directed graph. Ind. Eng. Chem. Res. 1990, 29, 1290. (18) Mohindra, S.; Clark, P. A. A distributed fault diagnosis method based on digraph models.-steady state analysis. Comput. Chem. Eng. 1993, 17, 193. (19) Gujima, F.; Shibata, B.; Tsuge, Y.; Shiozaki, J.; Matsuyama, H.; O’Shima, E. Improvement of the accuracy of faultdiagnosis systems, using signed directed graphs. Int. Chem. Eng. 1993, 33 (4), 671. (20) Vedam, H.; Venkatasubramanian, V. Signed digraph based multiple fault diagnosis. Comput. Chem. Eng. 1997, 21(Suppl.), S655. (21) Mylaraswamy, D.; Kavuri, S. N.; Venkatasubramanian, V. Systematic development of causal digraph models for chemical processes part i. general framework. In AIChE Meeting, San Francisco, CA, 1994. (22) Chang, C. T.; Hwang, H. C. New developments of the digraph based techniques for fault-tree synthesis. Ind. Eng. Chem. Res. 1992, 31, 1490.

Ind. Eng. Chem. Res., Vol. 39, No. 4, 2000 1019 (23) Aho, A. E.; Hopcroft, J. E.; Ullman, J. D. Data Structures and Algorithms; Addison-Wesley Publishing Co.: Reading, MA, 1985. (24) Deo, N. Graph Theory with Applications to Engineering and Computer Science; Prentice Hall of India Private Limited: New Delhi, 1997. (25) Ulerich, N. H.; Powers, G. J. On-line hazard aversion and fault diagnosis in chemical processes: The digraph + fault-tree method. IEEE Trans. Reliab. 1988, 37 (2), 171. (26) Lapp, S. A.; Powers, G. J. Computer-aided synthesis of fault trees. IEEE Trans. Reliab. 1977, 26, 2. (27) Asratian, A. S.; Denley, T. M. J.; Ha¨ggkvist, R. Bipartite Graphs and Their Applications; Cambridge University Press: Cambridge, 1998. (28) Rengaswamy, R. A Framework for Integrating Process Monitoring, Diagnosis and Supervisory Control. Ph.D. Thesis, Purdue University, 1995.

(29) Mylaraswamy, D.; Kavuri, S. N.; Venkatasubramanian, V. Systematic development of causal digraph models for chemical processes part ii. applications. In AIChE Meeting, San Francisco, CA, 1994. (30) Luyben, W. L. Process Modeling, Simulation and Control for Chemical Engineers; McGraw-Hill Publishing Co.: New Delhi, 1990. (31) Stephanopoulos, G. Chemical Process Control: An Introduction to Theory and Practice; Prentice Hall of India Private Limited: New Delhi, 1995.

Received for review June 1, 1999 Revised manuscript received November 2, 1999 Accepted December 6, 1999 IE990383D

Design of Sensor Network Based on the Signed Directed Graph of the

Recommend Documents