fault-tolerant control of chemical...
TRANSCRIPT
FAULT-TOLERANT CONTROL OF CHEMICAL PROCESS
SYSTEMS USING COMMUNICATION NETWORKS
Nael H. El-Farra, Adiwinata Gani
& Panagiotis D. Christofides
Department of Chemical Engineering
University of California, Los Angeles
2003 AIChE Annual Meeting
San Francisco, CA.
November 20, 2003
INTRODUCTION
• Process control system failure:
¦ Typical sources:
? Failure in control algorithm? Faults in control actuators and/or measurement sensors
¦ Induce discrete transitions in continuous dynamics
• Motivation for fault-tolerant control:
¦ Preserve process integrity & dependability
¦ Minimize negative economic & environmental impact:? Raw materials waste, production losses, personnel safety, · · ·, etc.
• Dynamics of chemical processes:
¦ Nonlinear behavior? Complex reaction mechanisms ? Arrhenius reaction rates
¦ Input constraints
? Finite capacity of control actuators
ISSUES IN FAULT-TOLERANT CONTROLOF CHEMICAL PROCESSES
• Availability of multiple control configurations:
¦ Actuator/sensor redundancy
¦ Different manipulated variables
• Illustrative example
Coolant
Out
Controller
Coolant
In
F0, T
0, C
A0
F1, T
1, C
A1
Temperature
Sensor
CSTR 1
Q1
Composition
Analyzer
= Automatic Control Valve
Coolant
Out
Controller
Temperature
Sensor
CSTR 2
Q2
Composition
Analyzer
F2, T
2, C
A2
Coolant
In
ISSUES IN FAULT-TOLERANT CONTROLOF CHEMICAL PROCESSES
• Distributed interconnected nature of process units:
¦ Propagation of failure effects
¦ Large numbers of distributed sensors & actuators involved
¦ Efficient means of communication required
• Types of control system architecture:
Plant
Sensor 1 Sensor n
Computer
Actuator 1 Actuator m... ...
? Point-to-point connections
Sensor
Process 2
Sensor Actuator Actuator
Computer Computer
Monitor
Process 1
Plant
? Distributed control system
INTEGRATING COMMUNICATION NETWORKS IN CONTROL
• Defining feature:
Information exchanged using a network among control system components
• Networked control structure
01101001010101101001010101000101111000101011101010100010101010000011111101011010010100010101000101
Network Channel
a1
a2
s1
s2
sR
vM
v2
v1 w
1
w2
yR
y2
aM
u2
uM
wR
Controller
Plant
x(t)
y1
u1
sensor
delay
actuator
delay
reference
input
actuator
input
sensor
output
... ...
... ...
...
...
...
...
¦ Economic & operational benefits:
. Reduced system wiring
. Ease of diagnosis & maintenance
. Enhanced fault-tolerance:? Rerouting signals? Activation of redundant components
¦ Implementation issues:
? Bandwidth limitations
? Network delays
INTEGRATING COMMUNICATION NETWORKS IN CONTROL
Process 1
Sensor
1
Sensor
n
Computer
Actuator
1
Actuator
m... ...
Plant
Supervisor
Process 2
Sensor
1
Sensor
n
Computer
Actuator
1
Actuator
m... ...
Process 3
Sensor
1
Sensor
n
Computer
Actuator
1
Actuator
m... ...
Local
Network
Local
NetworkLocal
Network
Plant Network... ...
... ...
• Practical implementation considerations:
¦ Size and complexity of the plant
¦ Number of sensors & actuators
¦ Bandwidth limitations in data transmission
¦ Network scheduling and communication delays
PRESENT WORK
• Scope:
¦ Nonlinear process systems
? Input constraints ? Control system failures
• Objectives:
¦ Integrated approach for fault-tolerant control system design
. Design of nonlinear feedback controllers
? Nonlinear dynamics ? Input constraints
. Design of supervisory switching laws
? Orchestrate transition between control configurations
. Use of communication networks
¦ Application to two chemical reactors in series
• Approach:¦ Lyapunov-based nonlinear control ¦ Hybrid systems theory
A HYBRID SYSTEMS FRAMEWORK FOR FAULT-TOLERANTPROCESS CONTROL
• State-space description:
x(t) = fi(x(t)) +m∑
l=1
gli(x(t))uli(t)
i(t) ∈ I = 1, 2, · · · , N <∞uli,min ≤ uli(t) ≤ uli,max
¦ x(t) ∈ IRn : continuous process state variables
¦ ui(t) ∈ IRm : manipulated inputs for i-th mode
¦ i(t) ∈ I : discrete variable controlled by supervisor
¦ N : total number of control configurations
¦ fi(x), g(l)i (x) : sufficiently smooth nonlinear functions
.x = f (x) + g (x)u3 3 3 Discrete Events
.x = f (x) + g (x)u4 4 4
Dis
cre
te E
ven
ts
Discrete Events.
Discrete Events
1 1 1x = f (x) + g (x)u
mode 4
Discre
te E
ven
ts
.x = f (x) + g (x)u2 2 2
mode 1 mode 2
mode 3
• Faults induce discrete events superimposed on continuous dynamics
FAULT-TOLERANT CONTROL PROBLEM FORMULATION
• Coordinating feedback & switching over networks:
¦ Synthesis of a family of stabilizing feedback controllers
? Model for each mode of the hybrid plant: x = fi(x) +Gi(x)ui
? Magnitude of input constraints: |ui| ≤ ui,max
? Family of Lyapunov functions: Vi, i = 1, · · · , N¦ Design of supervisory switching laws that orchestrate mode transitions
i(t) = φ(x(t), i(t−), t)
¦ Design of network communication logic
? Handling bandwidth limitations? Handling transmission delays
• Objective:
¦ Maintain closed-loop stability under failure situations
FEEDBACK CONTROLLER DESIGN
• Lyapunov-based nonlinear control law:
ui = −ki(x, ui,max)(LgiVi)T
¦ Example: bounded robust controller(El-Farra & Christofides, Chem. Eng. Sci., 2001; 2003)
. Controller design accounts for constraints.
• Explicit characterization of stability region:
®
©
ªΩi(ui,max) = x ∈ IRn : Vi(x) ≤ cmaxi & Vi(x) < 0
¦ Explicit guidelines for mode switchings
¦ Larger estimates using a combination of several Lyapunov functions
MODEL PREDICTIVE CONTROL
• Control problem formulation
¦ Finite-horizon optimal control:®
©
ªP (x, t) : minJ(x, t, u(·))| u(·) ∈ U∆, Vσ(x(t+ ∆)) < Vσ(x(t))
¦ Performance index:
J(x, t, u(·)) = F (x(t+ T )) +∫ t+T
t
[‖xu(s;x, t)‖2Q + ‖u(s)‖2R]ds
. ‖ · ‖Q : weighted norm. . Q, R > 0 : penalty weights.
. T : horizon length. . F (·) : terminal penalty.
¦ Same Vσ as that for boundedcontroller design.
¦ Bounded controller may pro-vide “good” initial guess.
k+i|k
futurepast
predicted state trajectory
computed manipulated inputtrajectory
prediction horizon
k k+1 k+p
...
x
HYBRID PREDICTIVE CONTROL(El-Farra et. al., Automatica, 2004; IJRNC, 2004; AIChE J., 2004)
maxu
Con
tol l
evel
x(t)
i
|u| < x(t) = Ax(t) + Bu (t).
Supe
rvis
ory
laye
r
Perofrmance objectives
MPCcontroller
"Optimality"
i=1i=2
stabilit
y region Ω (u )max
Bounded controller
"Constraints"
Switching logic
i = ?
Plan
t
• Switching logic:
ui(x(t)) =
Mi(x(t)), 0 ≤ t < T ∗
bi(x(t)), t ≥ T ∗
¨§
¥¦T ∗ = infT ∗ ≥ 0 : LfiVi(x) + LgiVi(x)Mi(x(T ∗)) ≥ 0
¦ Initially implement MPC, x(0) ∈ Ωσ(umax)
¦ Monitor temporal evolution of Vσ(xM (t))
¦ Switch to bounded controller only ifVσ(xM (t)) starts to increase
V(x)=Cmax
V(x)=C2
V(x)=C1
umaxΩ( )
x(T )
Bounded controller’s
Switching
x(0)
*
Active Bounded controlActive MPC
Stability region
SUPERVISORY SWITCHING LOGIC FOR FAULT-RECOVERY(El-Farra & Christofides, AIChE J., 2003)
• Basic mechanism for preserving closed-loop stability:
¦ Switching between failed & well-functioning configurations
• Limitations imposed by input constraints
¦ Stability regions of control configurations
• Switching policy: mode switching ensures fault-tolerance provided that
¦ State within the stability region of fall-back configuration at time of failure
x(Tf ) ∈ Ωj(uj,max)
Stability region for mode 1
x(0)
switching to mode 1"safe"
switching to mode 2"safe" (u )max1
Ω
Ω
Stability region for mode 2
max)(u2
t2-1
t1-2
Switching between stability regions
• Implications:
? Determines tolerable-failure times fora given reconfiguration strategy
? Determines selection of fall-back con-figuration for a given failure time
DESIGN & IMPLEMENTATION OF COMMUNICATION LOGIC
Unit 1 ...
Local
Controller
Plant
Supervisor
Other communication traffic
from other local controllers
Type of failure
Time of failure
Operating Conditions
Size of disturbance
Failure Information
Local
Controller
Unit 2 Unit n
Process
ModelProcess
Model
Plant
011010010101011010
01101001010101 01101001010101
Minimize unnecessary
communication costs (tradeoff
between network resources &
control performance)
Account for transmission delay
Objective:
Minimize effects of fault propagation
Fault-recovery Tasks
Design robust controller
Compute fault-recovery region
Incorporate delays
Select/activate fall-back config.
u = p(x,umax
,b)
:= (x,umax
,b, tfail)
APPLICATION TO CHEMICAL REACTORS
Coolant
Out
Coolant
In
F0, T
0, C
A0
F1, T
1, C
A1
Temperature
Sensor
CSTR 1
Composition
Analyzer
Coolant
Out
CSTR 2 F2, T
2, C
A2
Coolant
In
01101001010101101001010101000101111000101011101010100 01101001010101101001010101000101111000101011101010100
Temperature
Sensor Composition
Analyzer
01101001010101101001010101000101111000101011101010100010101010000011111101011010010100010101000101
Computer Computer
Plant
Supervisor
Local
Network
Local
Network
Plant Network
01101001010101101001010101000101111000101011101010100
F3, T
03, C
A03
• Process dynamic model:'
&
$
%
dCA1
dt=
F0
V1(CA0 − CA1 )− k0 exp
( −ERT1
)CA1
dT1
dt=
F0
V1(T0 − T1) +
(−∆Hr)
ρcpk0 exp
( −ERT1
)CA1 +
Q1(t)
ρcpV1
dCA2
dt=
F1
V2(CA1 − CA2 )− k0 exp
( −ERT2
)CA2 +
F3
V2(CA03 − CA2 )
dT2
dt=
F1
V2(T1 − T2) +
(−∆Hr)
ρcpk0 exp
( −ERT2
)CA2 +
Q2(t)
ρcpV2+F3
V2(T03 − T2)
FAULT-TOLERANT CONTROL PROBLEM FORMULATION
Coolant
Out
Coolant
In
F0, T
0, C
A0
F1, T
1, C
A1
Temperature
Sensor
CSTR 1
Composition
Analyzer
Coolant
Out
CSTR 2 F2, T
2, C
A2
Coolant
In
01101001010101101001010101000101111000101011101010100 01101001010101101001010101000101111000101011101010100
Temperature
Sensor Composition
Analyzer
01101001010101101001010101000101111000101011101010100010101010000011111101011010010100010101000101
Computer Computer
Plant
Supervisor
Local
Network
Local
Network
Plant Network
01101001010101101001010101000101111000101011101010100
F3, T
03, C
A03
• Control objective:
¦ Under normal operation: stabilize both reactors at unstable steady-states
¦ Under controller failure: preserve closed-loop stability of CSTR 2
• Candidate control configurations:
¦ Under normal operation: (Q1, Q2): |Q1| ≤ Qmax1 , |Q2| ≤ Qmax2
¦ Under failure conditions: (Q2, CA03): |Q2| ≤ Qmax2 , |CA03 − CA03s | ≤ CmaxA03
CLOSED-LOOP SIMULATION RESULTS? Closed-loop state & input profiles under well-functioning & failed controllers
(failure occurs at t = 5 min)
0 5 10 15 20 25 30
300
320
340
360
380
Time (hr)
Temp
eratu
re, T
1 (K)
0 5 10 15 20 25 303.5
3.6
3.7
3.8
3.9
4
Time (hr)
Reac
tant c
once
ntrati
on, C
A1 (k
mol/m
3 )
0 5 10 15 20 25 30
0
1
2
3
4
5
6
7
8x 10
5
Time (hr)
Rate
of he
at inp
ut, Q
1 (KJ/h
r)
CSTR 1
0 50 100 150 200 250 300300
320
340
360
380
400
420
440
Time (hr)
Temp
eratu
re, T
2 (K)
0 50 100 150 200 250 3002.6
2.8
3.0
3.2
3.4
3.6
3.8
4.0
Time (hr)
Reac
tant c
once
ntrati
on, C
A2 (k
mol/m
3 )
0 50 100 150 200 250 300−12
−10
−8
−6
−4
−2
0
2
4x 10
5
Time (hr)
Rate
of he
at inp
ut, Q
2 (KJ/h
r)
CSTR 2
CLOSED-LOOP SIMULATION RESULTS¦ Closed-loop state & input profiles for CSTR 2 when
? (Q1, Q2) configuration fails at t = 5 min
? (Q2, CA03) configuration activated (transmission of “disturbance bounds”over network – no delays)
0 0.2 0.4 0.6 0.8 1400
500
600
700
800
900
1000
1100
Time (hr)
Tem
pera
ture
, T2 (K
)
Activating fall−back controller
Failure (no delays)
0 0.2 0.4 0.6 0.8 1−12
−10
−8
−6
−4
−2
0
2x 10
5
Time (hr)
Rate
of h
eat i
nput
, Q2 (K
J/hr
)
Failure
Activating fall−back controller(no delays)
0 0.2 0.4 0.6 0.8 10
0.5
1.0
1.5
2.0
2.5
3.0
3.5
4.0
Time (hr)
Rea
ctan
t con
cent
ratio
n, C
A2 (k
mol
/m3 )
Failure
Activating fall−back controller
(no delays)
0 0.2 0.4 0.6 0.8 11.6
1.8
2
2.2
2.4
2.6
Time (hr)
Activating fall−back controller (no delays)
Failure
Inle
t rea
ctan
t con
cent
ratio
n, C
A03 (k
mol
/m3 )
CLOSED-LOOP SIMULATION RESULTS
? Implementation of fault-tolerant control strategy over network with total delay(fault-detection/communication/actuator activation) of τD = 2 min & τD = 3.3 min
0 0.2 0.4 0.6 0.8 1200
300
400
500
600
700
800
900
1000
1100
Time (hr)
Tem
pera
ture
, T2 (K
)
τDelay
= 3.3 min
τDelay
= 2 min
Failure
0 0.2 0.4 0.6 0.8 1−3
−2
−1
00
x 106
Time (hr)
Rat
e of
hea
t inp
ut, Q
2 (KJ/
hr)
Failure
τDelay
= 2 min
τDelay
= 3.3 min
0 0.2 0.4 0.6 0.8 10
0.5
1
1.5
2
2.5
3
3.5
4
Time (hr)
Rea
ctan
t con
cent
ratio
n, C
A2 (k
mol
/m3 )
Failure
τDelay
= 2 min
τDelay
= 3.3 min
0 0.2 0.4 0.6 0.8 11.6
1.8
2
2.2
2.4
2.6
Time (hr)
Inle
t rea
ctan
t con
cent
ratio
n, C
A03
(km
ol/m
3 )
Failure
τDelay
= 2 min
τDelay
= 3.3 min
EFFECT OF DELAYS ON FAULT-TOLERANCE
¦ Tradeoff between:
? Network design (communication logic & delays)? Control system design (fault-recovery region, switching logic)
420 440 460 480 500 520 540 5601
2
3
4
Temperature, T2 (K)
Reac
tant
Con
cent
ratio
n, C
A2 (k
mol
/m3 )
Steady−state
(T2(0),C
A2(0))
Failure
Switching after τdelay
= 2 min
Fault−recovery region, CSTR 2
EFFECT OF DELAYS ON FAULT-TOLERANCE
¦ Tradeoff between:
? Network design (communication logic & delays)? Control system design (fault-recovery region, switching logic)
420 440 460 480 500 520 540 5601
2
3
4
Temperature, T2 (K)
Reac
tant
Con
cent
ratio
n, C
A2 (k
mol
/m3 )
Steady−state
(T2(0),C
A2(0))
Failure
Switching after τdelay
= 3.3 min
Fault−recovery region, CSTR 2
CONCLUSIONS
• Chemical process systems with:? Nonlinear dynamics ? Input constraints ? Control system failures
• Integrated approach for fault-tolerant control over communication networks:
¦ Design of constrained nonlinear feedback controllers:
¦ Design of fault-tolerant supervisory switching laws:
? Stability regions of control configurations
¦ Design of communication logic:
? Accounting for network resource limitations
? Effects of delays on fault-tolerance
• Approach brings together tools from Lyapunov and hybrid systems theory
• Application to two chemical reactors in series
ACKNOWLEDGMENT
• Financial support from NSF, CTS-0129571, is gratefully acknowledged