(406e) Plant Wide Reconfigurable Control in the Face of Sensor and Actuator Failures: Supervisory Architecture and Application to Tennessee Eastman Process

The requirement of improved reliability, maintainability and survivability (Stengel, 1991) during process operation brings evermore sophistication to the control design problem. Traditionally, the prime control objective has been to maintain desired (optimal) process performance while ensuring robustness against process disturbances. However, in the event of certain critical faults the complete control performance can either deteriorate significantly, or may even collapse. One of the emerging control paradigm is to incorporate fault recovery mechanism into the controller design so that faults critical to process operation are handled in a systematic manner rather than through ad hoc corrections. The fault tolerant control (FTC) design essentially aims at retaining some portion of control integrity even in the presence of faults. Based on the design philosophy adopted, the fault tolerant control approaches are classified as active and passive (Patton, 1997). The FTC literature covers a wide range of fault corrective measures namely, control re-design (e.g. retuning, reformulation, reconfiguration, rescheduling, etc.) accomplished via adaptive, optimal, predictive, supervisory methods performed online (thereby, active approach) and the passive robust design methods where the fault effect is nullified at the design stage. The fault tolerant control systems are being widely used in safety critical aerospace (Kale and Chipperfield, 2005) and nuclear systems. The application realm of chemical processes still needs to be adequately addressed where the incentive lies more on improving overall the plant operability by minimizing plant down times, albeit economically in the event of faults (Nimmo, 1995). Herein, the challenge involves plant wide nature of the problem itself with inbuilt fault propagation intricacies due to multiple interacting unit operations, product recycle etc.

The present work proposes a reconfigurable control structure implemented using supervisory model predictive control (MPC) formulation to ensure uninterrupted process operation in the event of individual loop failures associated with the base control system. The proposed fault tolerant control architecture includes process monitoring, diagnosis and recovery blocks. Any suitable monitoring and diagnosis technology can be used in the first two blocks. The focus in this work is on developing a resilient general purpose fault recovery block. This block functions as follows: At first, the fault recovery measures for individual loop failures (e.g.: due to stuck valves) are ascertained from a fault impact analysis. Thereby, the fault recovery principle initiates a change in the operating strategy of the plant by incorporating changes in the operating factors associated with failures in the model based control calculations. Depending upon the failure type, a typical control problem reformulation would involve one or more the following tasks:

1. Modifying set-points 2. Redefining constraints/limits 3. Changing the internal model to reflect the fault condition.

The control solutions thus obtained are stored in a decision table and translated by the supervisory module for implementation over the base control system in the event of failures.

The efficacy of the proposed scheme is demonstrated on the Tennessee Eastman problem introduced by Downs and Vogel (1993). This problem has been widely considered as a prototypical example of plant wide industrial process control problem. Specifically, we consider the nonlinear model predictive control strategy (NLMPC) developed by Ricker and Lee (1995) with a nonlinear mechanistic state variable formulation as the baseline controller. Using the above summarized fault recovery principle, for various control loop failures, we have developed reconfigured schemes which enable the plant to continue to be operated safely (albeit at lower performance levels) and obviate its shutdown. In this paper, we will describe the proposed methodology and illustrate its ability to endow graceful performance degradation capability in the face of hard failures.

Keywords: Sensor and actuator failures; Plant wide problem, Supervisory module, Fault tolerant control; Reconfiguration

References:

1. Stengel, R. F. (1991) Intelligent failure-tolerant control. IEEE Con. Sys. Mag., 14-23.

2. Patton, R. J. (1997) Fault Tolerant Control: The 1997 situation. Proceedings of IFAC Safe Process, 1029-1051.

3. Kale, M. M. and A. J. Chipperfield (2005) Stabilised MPC formulations for robust reconfigurable flight control. Control Engineering Practice. 771-788.

4. Nimmo, I. (1995) Adequately address abnormal situation operations. Chem. Eng. Prog. 91, 36-45.

5. Downs, J. J. and E. F. Vogel (1993) A plant-wide industrial process control problem. Computers chem. Engng, 17(3), 245-255.

6. Ricker, N. L. and J. H. Lee (1995) Nonlinear model predictive control of the Tennessee Eastman challenge process. Computers chem. Engng, 19(9), 961-981.