Copyright © IFAC On-line Fault Detection and Supervision

in the Chemical Process Industries, Delaware, USA, 1992

A REAL-TIME, FUZZY, DEEP-KNOWLEDGE BASED

FAULT-DIAGNOSIS SYSTEM FOR A CSTR
V_J. Terpstra, H.B. Verbruggen, M.W. Hoogland and R.A.E. Ficke

Delft University of Technology , Department of Electrical Engineering, Control Laboratory, p.a. Box 5031,
2600 GA De/ft, The Netherlands

Abstract. An on -line. real -time. fuzzy. deep-knowledge based fault detection and diagnosis system (FDD system) for a
CSTR (Continuous Stirred Tank Reactor) has been developed and implemented in the expert system shell 02. The FDD system
is tested on a dynamic simulation of the CSTR. The FDD system is fully separated from the model of the process it diagnoses.
lt operates independently of the model of the specific CSTR application and can be used for other processes. The model is
structured according to a hierarchical object oriented description. The FDD system is based on a diagnosis method called the
'governing equations'-method, in combination with fuzzy logic, to obtain a stable diagnosis. The FDD system is a real-time
system whose features include progressive reasoning with an 'any-time' mechanism and a minimization of the worst-case fault
detection-time.

Keywords. Artificial intelligence, Chemical industry, Expert systems, Failure detection, Fault diagnosis, Fuzzy systems,
Hierarchically intelligent control. Integrated plant control, Supervisory control.

1 Introduction

This paper reports some of the work within the scope of the
SCWERE project (Supervisory Control With Embedded
Real-time Expert systems). This is a joint project between
the faculties of Informatics and Electrical, Mechanical and
Chemical Engineering of the Delft University of Technology
and is linked to some industrial organizations.
The aim of this project is to support plantwide control
systems on a supervisory level by means of artificial intelli-
gence techniques. This support is envisaged in the areas of Fig, 1 The CSTR process.
fault detection and diagnosis, planning in response to faults,
However, another limitation of many FDD systems, namely
scheduling, optimization, on-line model updating. preven-
the assumption that the sensors are functioning correctly, is
tion of alarm inflation, etc . Emphasis is given to the on-line
not necessary in the FDD system presented in this paper. In
and real-time aspects of these tasks [Terpstra, 1991).
paragraph 12 an extension is presented to include not fore-
In the chemical process industry it is necessary, for econom- seen, unknown faults. In paragraph 13 some ideas are pre-
ical and safety reasons, to detect and diagnose a fault as soon sented about the extension of the FDD to a process which
as possible and plan actions to continue or resume the proc- operates in a dynamic state.
ess operations. This task is usually performed by human
operators. The complexity of a chemical process makes it
very difficult for humans to accomplish this task fast enough 2 The FDD method
and in a correct way. A possible solution is to accomplish
these actions automatically by means of a FDD system. Error detection and fault diagnosis 1 is an area which is
The FDD system uses a model of the CSTR process widely studied. The FDD research field can be divided into
(see Fig. I) and operates independently of the actual CSTR two main streams: the mathematical model approach and the
case. The CSTR is described by means of hierarchically ori- knowledge based approach. Within the knowledge based
ented objects. Each object has its own local FDD methods, approach two main directions can also be recognized: the
which are not prescribed in advance. A global FDD mecha- shallow-knowledge (heuristics) and the deep-knowledge
nism instructs objects in the hierarchical model to detect and (models) techniques [Tzafestas, 1989J.
diagnose their own faults. Our research is based upon the deep-knowledge based
In this study the following assumptions have been approach using hierarchical oriented submodels/objects.
made: This will be explained in §3 "Objects".
Only single faults are foreseen.
All possible faults are known and modelled. I. In this paper a fault is defined as the cause of an error and errors
Process operates in steady state. are detected through their symptoms,

73
mediately ask the correct object for its data and use it. Only
when the model changes, the links must be updated.
The FDD can handle a situation in which there is no external
sens.or available. In fact, this principle is one of the big
advantages of this FDD method. It is easy to investigate what
the effects will be if one or more sensors are removed from
the process. In that case, the equations which use these sen-
sors are simply not used by the GE algorithm. The effect will
be a graceful degradation of the performance: the conclu-
sions become less specific (more possible faults) and fuzzier
(lower certainty).
7 Fuzzy reasoning
As mentioned before, thresholds are used to determine
whether or not the value of a variable is correct. So the
thresholds give the maximum and minimum expected value
of the variable. If these thresholds separate the range of the
value exactly into 'correct' and 'incorrect', an instable diagno-
sis occurs when one of the variables fluctuates around its
threshold (see Example 1) [Kramer, 1987J. The Boolean GE
algorithm gives opposite diagnoses for values just above or
just below the threshold.
This problem is solved using fuzzy logic. Each thresh-
old is fuzzified. That means that the result of the evaluation
of an equation is no longer Boolean, but a real value from 0
to I which will be assigned to the conditions of the equation.
The standard, non-fuzzy GE algorithm uses a Boolean dis -
junction and conjunction operator to select the faulty condi-
tion. When using fuzzy values, a new combined fuzzy
disjunction and conjunction operator had to be developed to
handle the fuzzy logic in the GE algorithm. It is a complex
operator which also uses the number of equations related to
the condition . The result of the fuzzy GE algorithm is a set
of possible faults with certainty factors (see Example 2).
8 Real-time aspects
The FDD system is applied on-line and real-time. It must be
able to monitor the CSTR process continuously. In the fol-
lowing ways time aspects are included:
1. Fault propagation times.
The effects/symptoms of faults propagate through the
process. This propagation takes a certain time, depending on
the dynamics of the process, the value of the thresholds and
the magnitude of the fault. Thus the FDD system has to wait
for certain effects to take place after the occurrence of a fault.
This waiting time is particularly important in the case of sen-
Hl = {al ,a2}
H2 = {al}
Suppose: al a2
El = fault 1~ Hl : 1 1
E2 = fault 1~ H2: 1 E2 = maybe ault
Result of GE: 1 0
Suppose: al a2
El = fault 1~ Hl : 1 1
E2 = not fault O~ H2: Q E2 = maybe not fault
Result of GE: 0 Result of GE:
Example 1 The standard Boolean GE method.
Also a major disadvantage of the Boolean GE
is illustrated: when E2 fluctuates round its
threshold, the GE algorithm concludes that
either al or a2 is faulty: instable diagnosis.
76
sor faults . The FDD system has to wait for the maximum
time to be sure that no other effects are visible. In that case
the detected fault is a sensor fault.
To put in more general terms, in time more informa-
tion appears. The FDD system is able to produce a more de-
tailed diagnosis in time and it knows how long to wait before
final conclusions can be drawn. If the time that the system
must wait for the conclusion of an object takes too long, the
global algorithm suspends the FDD of that object and contin-
ues with other suspects of the occurred fault.
2. Progressive reasoning/'any-time' algorithm.
The FDD system produces a set of possible faults at all
times. It starts with a maximum set of all possible faults. As
time passes, more elements of this set can be excluded using
the GE algorithm. Because of the way the global diagnosis
searches in the hierarchy of objects, it produces a continu-
ously improving diagnosis. This improving diagnosis means
that the FDD system reveals more detailed faults by limiting
the set of possible faults .
Also zooming takes place. In the beginning of the di-
agnosis, the possible faulty objects are high level objects. As
the diagnosis continues, lower level, more detailed suspect-
objects are presented .
3. Unmodelled dynamics.
Not all (fast) dynamics are modelled in the FDD sys-
tem. If the FDD system is much faster than the modelled dy-
namics of the process (i.e. the FDD system has to wait fot
certain effects to propagate), it may interpret phenomena due
to fast dynamics and it must wait until such phenomena are
over. Therefore an estimation of these dynamics have to be
included. If the FDD system is much slower than the dynam-
ics of the process, certain effects of detected faults are invis-
ible for the system and it is impossible to make a diagnosis
with these (fast) effects.
4. An optimal set of scanned objects.
In the detection phase, the FDD system must detect ab-
normalities as fast as possible. It can detect abnormalities at
a high level and at a low level. Symptoms propagate from the
bottom of the hierarchy to the top. By evaluating only the
highest level object, all faults can be detected. Only one ob-
ject is evaluated in the scanning. Therefore the scanning will
take less time, but the symptoms must propagate all to the
top and this may take a long time. The alternative is to eval-
uate all low level objects. The propagation time will be as
low as possible. But then the scan-time increases, because
the maximum number of objects must be evaluated. The
worst detection time of an error is the propagation time + the
scan time (or cycle time). Therefore an optimum can be
found in a selection of a set of objects in the middle of the
hierarchy at which the fault-detection-time is minimal.
Hl = {al ,a2}
H2 = {al}
Suppose: al a2
El = probabl~ fault 0.8~ Hl : 0.8 0.8
0.6~ H2: Q6
Result of GE: 0.6 0.32
Suppose: al a2
El = probably fault 0 . 8~ Hl : 0.8 0.8
0.4~ H2: M
0.4 0.48
Example 2 The fuzzy GE method.
When E2 flu(;tuates, it has only small effects
in the diagnosis result: stable diagnosis.
 9 Simulating the CSTR process A B

The CSTR process that is used to evaluate the FDD system

is given in Fig. I . In the Continuou s Stirred Tank Reactor, an
exothermic chemical reaction takes place: feed materia l is
converted into a product. The produced heat is removed by a
cooling medium in the cooling jacket of the reactor. The feed
of the CSTR and the cooling fluid are brought into the reac-
tor via a circuit consisting of a pump, a controlled val ve
(using a PI algorithm in the flow -controller) and a connec-
tion.
The CSTR process can be described with three (non-
linear) differential equations for the state variables of the ® result of diagnosis: faulty object
process: the temperature of the reactor, the concentration of
~ evaluated but non-faulty object
material A and the temperature of the cooling fluid . Further-
more there are several equations that describe the flows in o non-evaluated, non-faulty object
the system and the influence of the flow-controller. Fig. 5 Search trees in case of fault models (A) and in
It is possible to introduce faults in several components case of no fault models (8) .
of the simulated process, according to a certain (chosen) set sec.). Diagnosing small, slow changes of parameters takes
of faults that can occur in such a process. For instance, it is more time (150-2700 sec.). The calculation times of this
possible to introduce different kinds of sensor faults, step or implementation of the FDD system are about 5-20 sec.
ramp shaped disturbances on all kinds of parameters or in- Because the main parts of the CSTR process are slow, the
puts. diagnosis time mainly depends on fault propagation times.

10 Example of fault detection and

diagnosis. 12 Unknown faults

The present FDD system can only manage known, modelled

As an example, the detection and diagnosis of a fault in the
faults. Within the concept presented in this paper, the exten-
temperature sensor attached to the reactor is described .
sion to add unknown faults is quite simple. In general an
If a fault is introduced in the temperature sensor of the
object can fail in several ways (called fault modes) and in an
reactor (e.g. the temperature is fixed at a certain value out-
unknown way. This unknown way can be modelled just as an
side the range between the thresholds of the temperature of
extra fault mode. In respect to the object hierarchy, this
the reactor) the FDD system detects an error in the tempera-
means that an object gets an extra child-object which repre-
ture of the reactor (in the object CSTR). The equation 'tem-
sents the unknown fault. The unknown-fault-child-object
perature is normal' is evaluated abnormally and in the set of
has no children because it can ' t specify the fault any further.
conditions of that equation, one of these conditions must be
The unknown fault is defined as a possible cause of an
false .
error with respect to the normative behaviour. The normative
The object CSTR now has to decide whether it is an in-
behaviour can be described by means of a set of parity equa-
ternal or external fault. If the T-sensor is correct and the tem-
tions. The normative behaviour equations have at least one
perature of the vessel is too high , this shall have its effects on
condition: the condition which represents the unknown fault.
the concentration of the outflow . This is a slow process, as to
Next to these, other equations can be used to add information
prevent premature conclusions, the FDD must wait to u s~ ~he
about the known faults . Because every symptom can be ex-
equations which use the concentration sensor. The waItmg
plained by the presence of an unknown fault, every equation
time for this equation is 600 seconds. That means that, if af-
has the unknown-fault-condition. Therefore even if a known
ter a maximum of 600 seconds no changes occur in the con-
fault can be found which explains all symptoms, also the un-
centration, apparently the real temperature did not change.
known fault is presented as a possible cause of the error.
Therefore the conclusion is: the sensor must be broken.
This definition of the unknown fault differs from the
Real changes in the temperature can be caused only by
definition in which only modelled components can fail (like
external objects (e.g. the feed or coolant supply). Because
for instance in the GDE [de Kleer, 1987]). In the last defini-
the waiting time is very high, the FDD decides to evaluate
tion errors which are not caused by the components which
the feed - and coolant supply first. Those two conclude that
are explicitly modelled (which describe only the normative
they are functioning correctly . Therefore the fault must lie
behaviour), can not be diagnosed. These can be external in-
inside the CSTR: hence it must be the sensor. It can draw this
fluences or components which have normally no influence
conclusion without having to wait for the information from
on the normative behaviour and which are therefore not
the output-concentration sensor because all other possible
modelled (e.g. a failing isolator). This definition demands
faults have been eliminated.
implicitly a kind of fault-modelling, whereas our definition
does not.
In practice, allowing unknown faults and the advan-
11 Results
tage of not having to model faults means that the FDD will
stop diagnosing on one level higher in the hierarchy com-
The FDD system has been implemented in G2. It monitors a pared with the FDD which uses only known fault models.
dynamic simulation of a CSTR process, which is also imple- Also, if in an object only its normative behaviour is given, it
mented in G2. Large, fast faults are quickly diagnosed (5-35 cannot diagnose an internal fault. That implies that it cannot

77
point out one of its children as the cause of the error. That
doesn't mean that one of those children is not faulty . To in-
vestigate this, each child has to be asked separately to evalu-
ate its behaviour. This means that, compared to the known-
faults situation, search time increases (see Fig. 5).
13 FDD in dynamic changing states
To be able to diagnose a process which will not stay in a
steady state, it is impossible to use equations in which abso-
lute, steady state values (i.e. thresholds) are compared with
measured sensor data. There are two solutions to avoid this.
The first solution is to make the thresholds dynamic. In
this way the thresholds are defined relative to an expected,
correct state. Two problems arise:
What is a correct state? A simulator which runs in paral-
lel to the real process can be used as a reference. Problem
is that even in a very good simulator the results will drift
away from the real process measurements. Therefore the
simulator must be aligned with the process. The danger
of this aligning is that slow errors will not be detected be-
cause the simulator will try to follow the (faulty) process.
So the errors will be 'compensated ' .
Non-linearities. In this case study, the CSTR exhibits a
strong non-linear behaviour. This means that the posi-
tions of the thresholds relative to the expected state can
not be a constant, but should be a function of the state.
The second solution is to use only equations which are
independent of the state of the process. Mass and energy bal -
ances are such equations. Multilevel Flow Modelling
(MFM) diagnosis uses those equations ISassen, 19911. Us-
ing only these kind of equations has two disadvantages.
They contain less information than equations in which is
referred to state values. That means that the diagnosis be-
comes less specific .
Those equations process more state variables than the
equations which compare only one state variable with a
reference. Therefore the cumulative inaccuracies are
larger. That means that the FDD system can diagnose
only larger errors and will diagnose those later.
14 Future research
At present research is going on to solve some problems and
limitations of the FDD system.
Important subjects are multiple faults , definition of a
fault, tuning of thresholds and the link to mathematical FDD
approaches. Those four topics are closely related and proba-
bly can't be solved independently. Another project is to use
the FDD concepts described in this paper on a sub-system of
an aeroplane. In that case, FDD in dynamic changing states
must be included. This also demands the use of trend-infor-
mation . Because this probably means that the models will
become more and more complex, the automatic generation
of equations, their conditions and thresholds from state and
fault models will be investigated .
15 Conclusions
The FDD system can detect and diagnose the faults that can
occur in the CSTR process simulation. Dependent on the
78
redundancy of information (e.g. sensors) the system can
make a more precise diagnosis of the fault.
The FDD system is independent of the model descrip-
tion as long as this description follows the hierarchical object
oriented modelling syntax.
The effects of removing a sensor from the process can
easily be investigated.
The FDD produces certainty factors with its conclu-
sions and produces a stable diagnosis due to the use of fuzzy
techniques.
The FDD system can be real-time implemented. It can
handle the dynamics of the process. It produces a result
which improves if more time is available for evaluation. The
detection phase is optimized with respect to the calculation-
and fault propagation times.
The main problem of this method is found in the mod-
elling, especially regarding the tuning of the thresholds. This
problem occurs only when the symptoms of the faults are
still small ; the signals are moving near their thresholds. If the
signals are large compared to their thresholds, the FDD sys-
tem diagnoses correctly.
The execution time using G2 is rather slow, but com-
pared to the time constants of the process, fast enough.
Some ideas on how to extend the FDD system to be
able to diagnose unknown faults and to diagnose in a dynam-
ical changing state are presented.
16 References
de Kleer, J. and B. C. Williams (1987). Diagnosing multiple
faults . Artificial Intelligence, No. 32, 97-130.
Kramer, M. A. (1987). Malfunction diagnosis using quanti-
tative models with non-Boolean reasoning in expert systems.
AIChE Journal, Vol. 33, No. 1,130-140.
Petti, T. F., J. Klein and P. S. Dhurjati (1990). Diagnostic
model processor: using deep knowledge for process fault
diagnosis. AIChE Journal, Vol. 36, No. 4, 565-575 .
Ree, R. v. d., H. Koppelaar and E. J. H. Kerckhoffs (to be
published). Knowledge management in process modelling.
EURISCON'91, The European Robotics and Intelligent Sys-
tems Conference , Kanoni, Corfu, Greece.
Rich, S. H. and V. Venkatasubramanian (1987). Model-
based reasoning in diagnostic expert systems for chemical
process plants. Computers & Chemical Engineering, Vol.
11, No. 2,111 - 122.
Sassen, J. M. A., P. Riedijk and R. B. M. Jaspers (1991).
Using multi level-flow models for fault-diagnosis of indus-
trial processes. 3th European Conference on Cognitive Sci-
ence Approaches to Process Control, Cardiff, UK. 207-216.
Terpstra, V. J., H. B. Verbruggen and P. M . Bruijn (1991).
Integrating information processing and knowledge represen-
tation in an object-oriented way. IFAC Workshop on compu-
ter software structures integrating All KBS systems in
process control, Bergen, Norway. IFAC. 19-29.
Tzafestas, S. G. (1989). System fault diagnosis using the
knowledge-based methodology. Chapter 15 from: R. Patton
et al. (Ed.), Fault diagnosis in dynamic systems. Theory and
applications. Prentice Hall, London. p. 509-594.