Chemical Engineering Science 104 (2013) 294–303

Contents lists available at ScienceDirect

Chemical Engineering Science

journal homepage: www.elsevier.com/locate/ces

Actuator and sensor fault isolation of nonlinear process systems

Miao Du, James Scott, Prashant Mhaskar n
Department of Chemical Engineering, 1280 Main Street West, Hamilton, ON, Canada L8S 4L7

H I G H L I G H T S

An integrated FDI framework for sensors and actuator fault isolation.

Dedicated residual design to isolate faults while accounting for nonlinearity.

Simulation example illustrating the application subject to measurement noise and uncertainty.

art ic l e i nf o a b s t r a c t

Article history: This work considers the problem of isolating actuator and sensor faults in nonlinear process systems. The
Received 2 December 2012 key idea of the proposed method is to exploit the analytical redundancy in the system through state
Received in revised form observer design. To this end, we consider subsets of faults, and design state observers that use information
1 July 2013
of inputs and outputs only subject to faults in each subset. We then design residuals using the process
Accepted 8 August 2013
model and state estimates such that each residual is only sensitive to the corresponding subset of faults. The
Available online 6 September 2013
occurrence of faults in a subset is detected if the corresponding residual breaches its threshold. With the
Keywords: ability of detecting the occurrence of faults in a subset, faults can be isolated using a bank of residuals and a
Fault detection and isolation logic rule. The proposed method enables differentiation between and isolation of actuator and sensor faults
Fault diagnosis
while explicitly accounting for system nonlinearity. The effectiveness of the fault isolation design subject to
Actuator faults
plant-model mismatch and measurement noise is illustrated using a chemical reactor example.
Sensor faults
Nonlinear systems & 2013 Elsevier Ltd. All rights reserved.
High-gain observers

1. Introduction A typical approach to FDI is to utilize the information embodied

in a process (identification or deterministic) model to detect and
The last few decades have witnessed significant improvements isolate faults (see, e.g., Frank, 1990; Bokor and Szabó, 2009 for
in efficiency and profitability of chemical process operations due reviews). In this approach, residuals are generated as fault indica-
to the advances in automatic control techniques. The increased tors using the analytical redundancy extracted from a process
level of automation, however, also makes process control systems model. Faults are detected by checking whether or not the residuals
susceptible to equipment abnormalities, such as failures in actua- breach their thresholds, and isolated using certain isolation logic.
tors (e.g., valves and pumps) or sensors (e.g., thermocouples, flow This approach has been studied extensively for linear systems (see,
meters, and gas chromatographs). If not properly handled, they e.g., Mehra and Peschon, 1971; Clark et al., 1975; Clark, 1978; Chow
can lead to consequences ranging from failures to meet product and Willsky, 1984; Frank, 1990; Patton and Chen, 1993; Chen et al.,
quality specifications to plant shutdowns, incurring substantial 1996; Hamelin and Sauter, 2000; Venkatasubramanian et al., 2003;
economic losses, safety hazards to facilities and personnel, and Chen and Saif, 2007; Li et al., 2008). The existing results include the
damages to the environment. It is desired that faults be detected parity space approach, the observer approach, the fault detection
and the faulty equipment be accurately located so that corrective filter approach, and the parameter identification approach (see, e.g.,
control action can be taken before they turn into a catastrophic Frank, 1990). While there is a significant body of results for linear
failure. This realization has motivated significant research efforts systems, they may not remain effective for chemical process
in the area of fault detection and isolation (FDI). systems with strong nonlinear dynamics.
Recently, the problem of FDI has also been studied for non-
linear process systems subject to actuator or process faults. In De
n
Corresponding author. Tel.: þ 1 905 525 9140x23273; fax: þ1 905 521 1350.
Persis and Isidori (2001), a nonlinear FDI filter is designed to solve
E-mail addresses: [email protected] (M. Du), [email protected] (J. Scott), a fundamental problem of residual generation using a geometric
[email protected] (P. Mhaskar). approach. The objective of the filter design is to build a dynamic

0009-2509/$ - see front matter & 2013 Elsevier Ltd. All rights reserved.
http://dx.doi.org/10.1016/j.ces.2013.08.009
 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303 295

system for the generation of residuals that are affected by a framework, a differentiation between actuator and sensor faults
particular fault and not affected by disturbances and the rest of cannot be achieved.
faults. The problem of actuator fault isolation is also studied by In comparison, there exist limited results on distinguishing
exploiting the system structure to generate dedicated residuals (see, between and isolating actuator and sensor faults in a unified
e.g., Mhaskar et al., 2008; Hu and El-Farra, 2011; Chilin et al., 2010; framework for nonlinear process systems. In the literature, the
El-Farra and Ghantasala, 2007; Ghantasala and El-Farra, 2009 in the problem has been studied using two unscented Kalman filters
context of distributed parameter systems). In this approach, each dedicated to detect actuator and sensor faults, respectively, in
residual, defined as the discrepancy between state measurements Shang and Liu (2011), where a squared residual is used to diagnose
and their expected trajectories, is uniquely sensitive to one fault. if an actuator or sensor fault takes place. However, the FDI design
Thus, a fault is isolated when the corresponding residual breaches its works with the assumption that only one actuator or sensor is
threshold. While uncertainty is not explicitly considered, the thresh- faulty. In contrast, the present work considers at most two
olds can be appropriately relaxed in the practical implementation simultaneous faults, where the problem is tackled by designing a
of this approach to reduce the effect of process uncertainty and bank of residuals (aided by a bank of state observers) and a logic
measurement noise. In addition, adaptive estimation techniques are rule for fault isolation. In addition, it is able to differentiate
used to explicitly account for unstructured modeling uncertainty for between and isolate actuator and sensor faults while explicitly
a class of Lipschitz nonlinear systems (see, e.g., Zhang et al., 2002, accounting for process nonlinearity.
2010). In these results, residuals, defined as output estimation errors, Motivated by the above considerations, this work considers the
and time-varying thresholds are generated using a bank of estima- problem of isolating actuator and sensor faults in nonlinear
tors, and a fault is isolated when the corresponding residuals breach process systems. The key idea of the proposed method is to exploit
their thresholds. The above results rely on the FDI requirements the analytical redundancy in the system through state observer
being satisfied at the nominal operating condition. Recently, the idea design. The rest of the paper is organized as follows: The system
of active fault isolation has been proposed to enhance isolation of description and a state observer are presented in Section 2. The
faults that may be hard to isolate under nominal operation (see Du fault isolation method is proposed in Section 3, where subsets of
and Mhaskar, 2013). The fault isolation design exploits the process faults are considered, and for each subset, a residual is designed
nonlinearity to drive the process to a region where the effects of such that it is only sensitive to faults in a subset. The occurrence of
faults can be differentiated from each other. faults can be detected when the corresponding residual breaches
Results are also available for sensor FDI of nonlinear process its threshold. With the ability of detecting the occurrence of faults
systems. This problem has been studied for Lipschitz nonlinear in a subset, faults can be isolated by checking whether the
systems (see, e.g., Vemuri, 2001; Rajamani and Ganguli, 2004; corresponding residuals breach their thresholds using a logic rule.
Zhang et al., 2005; Pertew et al., 2007; Zhang, 2011), and in the The effectiveness of the fault isolation design subject to plant-
context of asynchronous measurements or complete sensor failures model mismatch and measurement noise is illustrated using a
(Mhaskar et al., 2007; Martini et al., 1987; McFall et al., 2008). In chemical reactor example in Section 4. Finally, Section 5 gives
Rajamani and Ganguli (2004), a nonlinear state observer is designed some concluding remarks.
to generate state estimates using a single sensor. The fault isolation
logic, however, is limited to systems with three or more outputs.
Similar to actuator FDI, adaptive estimation techniques are used to 2. Preliminaries
deal with unstructured but bounded uncertainty for sensor FDI (see,
e.g., Zhang et al., 2005; Zhang, 2011). The problem is also studied Consider a multi-input multi-output nonlinear system described by
through sensor fault estimation in Pertew et al. (2007), where linear
x_ ¼ f ðxÞ þ GðxÞðu þ uÞ
~ y ¼ hðxÞ þ y~ ð1Þ
matrix inequality techniques are used to design an observer for
the identification of the fault vector. In addition, a sliding mode where x A X  Rn denotes the vector of state variables, with X being a
observer is designed to reconstruct or estimate faults by transform- compact set of the admissible state values, u ¼ ½u1 ; …; um T A Rm
ing sensor faults into pseudo-actuator faults in Yan and Edwards denotes the vector of prescribed control inputs, taking values in a
(2007). This approach, however, requires a special system structure, nonempty compact convex set U DRm , u~ ¼ ½u~ 1 ; …; u~ m T A Rm denotes
and limits the kind of system nonlinearity that can be handled. the unknown fault vector for the actuators, y ¼ ½y1 ; …; yp T A Rp
While a bank of observers is used to isolate sensor faults in Mattei denotes the vector of output variables, y~ ¼ ½y~ 1 ; …; y~ p T A Rp denotes
et al. (2005), the observer gain is obtained through the first order the unknown fault vector for the sensors, and GðxÞ ¼ ½g 1 ðxÞ; …; g m ðxÞ.
approximation of the nonlinear dynamics. Recently, a method that Due to the presence of physical constraints, the actual input u þ u~
uses a bank of high-gain observers was proposed to isolate and implemented to the system takes values from the set U as well. It is
handle sensor faults (see Du and Mhaskar, 2012). The enhanced assumed that the functions f : Rn -Rn , g i : Rn -Rn , i ¼ 1; …; m, and
applicability of the state observer (see also Findeisen et al., 2003) h : Rn -Rp are smooth over their domains of definitions. Throughout
aids in the explicit consideration of process nonlinearity in the fault the paper, J  J denotes the Euclidean norm.
isolation mechanism design. In this work, we consider the problem of FDI for at most two
FDI designs that consider actuator and sensor faults separately, faults. It encompasses the cases of a single actuator or sensor fault,
however, typically cannot differentiate between the two types of two actuator or sensor faults, and the simultaneous occurrence of
faults (see, e.g., Mhaskar et al., 2008; Du and Mhaskar, 2012, 2013). one actuator fault and one sensor fault. It follows that the total
To illustrate this point, we consider a residual that is designed for number of faulty scenarios nf ¼ m þ 12 mðm1Þ þ p þ 12pðp1Þ þ mp.
isolating only actuator (or, alternatively, only sensor) faults. Such a Since a large number of simultaneous faults would occur less
residual is often computed using information of measurements (or frequently, the consideration of two faults would meet most of the
prescribed inputs). There are two cases where this residual can practical needs. More importantly, the proposed method would
breach its threshold. One case is that an actuator (or sensor) fault still serve as a fault detection mechanism clearly detecting that
takes place (and this residual is designed to be sensitive to this more than two faults have taken place simultaneously, which
fault). The other case is that a sensor (or actuator) fault takes place, would likely necessitate a more drastic corrective action, such as
and the computation of this residual uses the erroneous measure- shutdown, in any case.
ment (or the incorrect input to the plant). Because the design of Preparatory to the presentation of the fault isolation mechan-
residuals does not consider the two types of faults in a unified ism, we review a high-gain observer design for a generalized class
296 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303

of nonlinear process systems presented in Du and Mhaskar (2012). also that the relaxation on the system structure as described by
To this end, consider the system of Eq. (1) under fault-free con- Assumption 1 is not restricted to high-gain observers. Other state
ditions (i.e., u~  0 and y~  0), which satisfies Assumption 1 below. estimation techniques can still be applied. In this work, high-gain
observers are used because the state estimation error can converge
Assumption 1 (Findeisen et al., 2003). There exist integers ωi , at a desired rate. The convergence property of the state observer is
i ¼ 1; …; p, with ∑pi¼ 1 ωi ¼ n, and a coordinate transformation the basis of the fault isolation design proposed in this work.
ζ ¼ Tðx; uÞ such that if u ¼ u, where u A U is a constant vector, then
the representation of the system of Eq. (1) in the ζ coordinate
3. Actuator and sensor fault isolation design
takes the following form:

ζ_ ¼ Aζ þ Bϕðx; uÞ y ¼ C ζ ð2Þ In this section, we present a method for isolation of actuator

and sensor faults, including the generation of residuals and the
where ζ ¼ ½ζ 1 ; …; ζ p  A R , A ¼ blockdiag½A1 ; …; Ap , B ¼ blockdiag
T n
fault isolation logic. To this end, we first adapt the high-gain
½B1 ; …; Bp , C ¼ blockdiag½C 1 ; …; C p , ϕ ϕ ϕ
¼ ½ 1 ; …; p T , ζ ζ
i ¼ ½ i;1 ; observer design presented in Section 2 to generate state estimates
ζ T 0 I ωi 1
ω ω
…; i;ωi  , Ai ¼ ½0 0 , with I ωi 1 being a ð i 1Þ  ð i 1Þ identity that are continuously available. It follows from Proposition 1 that
given 0 o τ r Δ, if the observer parameter is appropriately chosen,
matrix, Bi ¼ ½0Tωi 1 ; 1T , with 0ωi 1 being a vector of zeros of the state estimate can converge at time t k þ τ and stay within the
dimension ω T
ϕ
i 1, C i ¼ ½1, 0ωi 1 , and ϕ
i ðx; uÞ ¼ i;ωi ðx; uÞ, with neighborhood of the actual state, satisfying the desired estimation
ϕi;ωi ðx; uÞ defined through the successive differentiation of error, until the next input update time t k þ 1 . To generate contin-
uous estimates, xðt ^ k Þ can be chosen as the estimate for the initial
hi(x): ϕi;1 ðx; uÞ ¼ hi ðxÞ and ϕi;j ðx; uÞ ¼ ð∂ϕi;j1 =∂xÞ½f ðxÞ þ GðxÞu;
period ½t k ; t k þ τÞ for a sufficiently small τ. By following this idea,
j ¼ 2; …; ωi . Furthermore, T : Rn  U-Rn and T 1 : Rn  U-Rn
the state estimate at time t is obtained as follows:
are C1 functions on their domains of definition. (
x^ d ðt k Þ; tk r t o tk þ τ
^ ¼
xðtÞ ð4Þ
We next present the high-gain observer formulation, which is T 1 ðζ ðtÞ; uðt k ÞÞ; t k þ τ r t o t k þ 1
coupled with implement-and-hold control. In the closed-loop
system, the input is prescribed at discrete times t k ¼ kΔ, where x^ d ðt k Þ ¼ T 1 ðζ ðt 
k Þ; uðt k ÞÞ denotes the state estimate given in
k ¼ 0; …; 1, with Δ being the hold-time of the control action. For Proposition 1. The convergence property of the adapted observer
t A ½t k ; t k þ 1 Þ, the observer is formulated as follows: is formalized in Proposition 2 below.
_
ζ^ ¼ Aζ^ þ Bϕ0 ðx;^ uðt k ÞÞ þ HðyC ζ^ Þ Proposition 2. Consider the system of Eq. (1), for which Assump-
^ tions 1 and 2 hold, under fault-free conditions. Then, given d 4 0,
ζ ðt k Þ ¼ Tðxðt
^ k Þ; uðt k ÞÞ ð3Þ
Δ 4 0, and an integer k′4 0, there exist 0 o τ r Δ and ε~ n 4 0 such
where x^ and ζ^ denote the estimates of x and ζ , respectively, that if ε A ð0; ε~ n , then J xðtÞxðtÞ
^ J r d 8 t Z t k′ .
H ¼ blockdiag½H 1 ; …; H p  is the observer gain, H i ¼ ½ai;1 =ε; …; Proof. Since f ðÞ and GðÞ are continuous, there exists M 4 0 such
ai;ωi =εωi T , with sωi þ ai;1 sωi 1 þ ⋯ þ ai;ωi ¼ 0 being a Hurwitz poly- that J f ðxÞ þGðxÞu J r M for any x A X and u A U. It then follows from
Rt
nomial and ε being a positive constant to be specified, xðt ^ kÞ ¼ xðtÞ ¼ xðt k Þ þ tk ½f ðxÞ þ GðxÞuds that J xðtÞxðt k Þ J r Mðtt k Þ r M τ
1 ^ 
T ðζ ðt Þ; uðt ÞÞ for k ¼ 1; …; 1, and ϕ is the nominal model of for any t A ½t k ; t k þ τÞ. Thus, for any τ r minfd=2M; Δg, we have
k k1 0
ϕ. The initial state of the observer is denoted by x^ 0 ≔xð0Þ,
^ which J xðtÞxðt k Þ J r 12d ð5Þ
takes values from any compact set Q D Rn . In the transformed
for any t A ½t k ; t k þ τÞ. By following a similar line of argument to the
coordinate, the state estimate ζ^ is re-initialized at discrete times to proof of Theorem 1 in Du and Mhaskar (2012), it can be shown
account for the possible changes in the input. The state observer that given d 40, Δ 40, k′4 0, and τ r minfd=2M; Δg, there exists
analysis requires the global boundedness of ϕ0 formalized in ε~ n A ð0; εn Þ such that
Assumption 2 below. Note that the particular choice of ϕ0 only
J T 1 ðζ ðtÞ; uðt k ÞÞxðtÞ J r 12d od ð6Þ
affects the observer performance. It can always be chosen as zero
to satisfy this assumption. for any t A ½maxft k′ ; t k þ τg; t k þ 1 . It follows that

Assumption 2. ϕ0 ðx; uÞ is a C function on its domain of definition

0 J x^ d ðt k Þxðt k Þ J r 12d ð7Þ
and globally bounded in x.
for any t k Z t k′ . It then follows from Eqs. (5) and (7) that
The proposition below formalizes the property of the high-gain ^
J xðtÞxðtÞ J ¼ J x^ d ðt k ÞxðtÞ J
observer. The proof follows a similar line of argument to that of r J x^ d ðt k Þxðt k Þ J þ J xðt k ÞxðtÞ J r d ð8Þ
Theorem 1 in Du and Mhaskar (2012), and is hence omitted.
for any t A ½maxft k′ ; t k g; t k þ τÞ. In summary, it is shown that J xðtÞ
^
Proposition 1. Consider the system of Eq. (1), for which Assump- xðtÞ J r d 8 t Z t k′ . This concludes the proof of Proposition 2. □
tions 1 and 2 hold, under fault-free conditions. Then, given d 4 0,
Δ 40, and an integer k′ 4 0, there exists εn 4 0 such that if ε A ð0; εn , Having established the convergence property of the adapted
^ k Þxðt k Þ J rd 8 t k Z t k′ .
then J xðt state observer, we now show how to generate residuals using the
state estimates. In this work, the residuals are defined as dis-
Remark 1. Proposition 1 shows that the state estimate at discrete crepancies between the state estimates and the expected trajec-
time tk converges to an arbitrarily small neighborhood of the tory of the process. Each residual is designed such that it is
actual state within a finite period of time as long as the observer sensitive only to a subset of faults, but insensitive to the other
parameter ε is sufficiently small. Note that in general, the analysis faults. To this end, let θf ;i denote a fault variable or the vector of
of the convergence property of the state observer is made by two fault variables for the ith faulty scenario, and θ f ;i the vector of
simultaneously considering a control design, under which the the rest of fault variables, i ¼ 1; …; nf . For example, for a one-input-
process state stays bounded. Proposition 1, however, focuses on two-output system, θf ;i , i ¼ 1; …; 6, can be defined as follows:
the state estimation part of the problem. As the control design is θf ;1 ¼ u~ 1 , θf ;2 ¼ y~ 1 , θf ;3 ¼ y~ 2 , θf ;4 ¼ ½y~ 1 ; y~ 2 T , θf ;5 ¼ ½u~ 1 ; y~ 1 T , and
concerned, readers are referred to Du and Mhaskar (2012). Note θf ;6 ¼ ½u~ 1 ; y~ 2 T . The vectors θ f ;i , i ¼ 1; …; 6, can be defined
 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303 297

accordingly. For example, θ f ;1 ¼ ½y~ 1 ; y~ 2 T and θ f ;2 ¼ ½u~ 1 ; y~ 2 T . Simi- prediction horizon: T¼1 if 0 o t k r t k′ ; T ¼ kk′ if t k′ o t k rt k′ þ T p ;
larly, let uf ;i and yf ;i denote the vectors of input and output and T ¼ T p if t k 4 t k′ þ T p , with a positive integer Tp being the
variables subject to faults θf ;i , respectively. Let u f ;i and y f ;i denote prediction horizon after the initialization period. The initial condi-
the vectors of the rest of the input and output variables, tion for the prediction model is the state estimate at time t kT :
respectively. x~^ sub;l;j ðt kT Þ ¼ x^ sub;l;j ðt kT Þ, where x^ sub;l;j is the estimate of xsub;l
We first generate state estimates that are only affected by a provided by the jth observer. Let x~ sub;l;j ðt k Þ denote the prediction
subset of faults θ f ;i , i ¼ 1; …; nf . The system structure requirement for the state vector xsub;l at time tk. By solving Eq. (11),the state
for the generation of such estimates is formalized in Assumption 3 prediction at time tk is obtained: x~ sub;l;j ðt k Þ ¼ x~^ sub;l;j ðt k Þ. For the ith
below. faulty scenario, the residual (at the discrete time tk) is defined as
follows:
Assumption 3. Assumptions 1 and 2 hold for the system of Eq. (1),
with u f ;i and y f ;i being the vectors of input and output variables, r i;k ¼ J x~ sub;l;j ðt k Þx^ sub;l;j ðt k Þ J ð12Þ
respectively, i ¼ 1; …; nf . which is the norm of the difference between the state prediction
and the state estimate for the subsystem of Eq. (10). The fault
Remark 2. The number of state observers required depends on
detection mechanism using the above residuals is formalized in
the structure of a specific system. For the cases of single or two
Proposition 3 below.
sensor faults, we need to design state observers based on any p1
or p2 outputs, resulting in p þ 12pðp1Þ observers, so that the state Proposition 3. Consider the system of Eq. (1), for which Assumption
estimates are only affected by the other faults. Note that for the 3 holds. Then, given d 4 0, δ0;i 4 0, and an integer k′ 4 0, there exist
cases of a single actuator fault, two actuator faults, or a combina- ε nj 4 0 and δi 4 0 such that if εj A ð0; ε nj , t kT p Z t k′ , r i;k 4 δi , then
tion of a single actuator fault and a single sensor fault, the coordi- θ f ;i ðtÞ a 0 for some t A ½t k′ ; t k Þ.
nate transformation in the state estimation should not involve any
input in uf ;i . Otherwise, the state estimates will be subject to faults Proof. Consider the subsystem of Eq. (10) in the absence of faults
in uf ;i , which is undesired. For these cases, additional observers θ f ;i , a parameter εj A ð0; ε~ nj , and the time interval ½t k′ ; 1Þ. Note that
other than those using measurements of p1 or p2 outputs may xsub;l ðtÞ and x~^ sub;l;j ðtÞ are solutions of Eqs. (10) and (11), respectively.
be required. Whether or not additional observers are required Since f sub;l ðxÞ and Gsub;l ðxÞ are continuous and locally Lipschitz in x
depends on the structure of a specific system. To illustrate this on fx′ A Rn j J x′x J rd; x A X g, it follows from a similar line of
point, we consider a case where the measured outputs are part of argument as Theorem 3.5 of Khalil (2002) that, given δ0;i 4 0,
the state variables, ζ includes the derivatives of x only up to the there exists d′ 40 such that if J x~^ sub;l;j ðt kT p Þxsub;l ðt kT p Þ J o d′ and
first order, and Assumption 3 is satisfied for one or two sensor J x^ sub;l;j ðtÞx sub;l ðtÞ J o d′8 t A ½t kT p ; t k , then J x~ sub;l;j ðt k Þ
faults. For this case, if the number of outputs such that any input in xsub;l ðt k Þ J o δ0;i . It follows from Proposition 2 that given d′ 4 0,
uf ;i appears on the right-hand side of the corresponding ordinary there exists εj ′4 0 such that if εj A ð0; ε nj , where ε nj ¼ min fε~ nj ; εj ′g,
differential equation (ODE) in the state space description is less then J x~^ sub;l;j ðt kT p Þxsub;l ðt kT p Þ J o d′ and J x^ sub;l;j ðtÞx sub;l ðtÞ J o d′ 8
than or equal to two, the observers based on p1 or p2 outputs t A ½t kT p ; t k . Consider εj A ð0; ε nj . Then, the following equation
suffice. Otherwise, observers based on ODE's for fewer (less than holds:
p2) outputs are required. Therefore, the number of state obser- r i;k ¼ J x~ sub;l;j ðt k Þx^ sub;l;j ðt k Þ J
vers may not equal to that of faulty scenarios. The minimum
r J x~ sub;l;j ðt k Þxsub;l ðt k Þ J þ J xsub;l ðt k Þx^ sub;l;j ðt k Þ J o δ0;i þ d ð13Þ
number of observers for fault isolation is 12pðp þ1Þ.
Let δi ¼ δ0;i þ d. It is now established that if θ f ;i  0, then r i;k o δi for
Under Assumption 3, the state observer for the ith faulty
k Z k′. Since the state estimation and the evolution of the states in
scenario is designed as follows:
Eqs. (10) and (11) are not affected by faults θf ;i , the only way that
_j j j r i;k 4 δi is due to θ f ;i ðtÞ a 0 for some t A ½t k′ ; t k Þ. This concludes the
ζ^ ¼ Aj ζ^ þ Hj ðy f ;i C j ζ^ Þ
proof of Proposition 3. □
_j
ζ^ ðt k Þ ¼ T j ðx^ j ðt k Þ; u f ;i ðt k ÞÞ ð9Þ Remark 3. Proposition 3 presents a mechanism to detect the
where the superscript j denotes the jth observer, for which the occurrence of faults in a subset of inputs and outputs. Since uf ;i and
observer parameter ε~ n in Proposition 2 is denoted by ε~ nj . yf ;i are not used in the state estimation or prediction, the residuals
In addition to state estimation, we also compute the expected are insensitive to faults θf ;i . In addition, the residuals are designed
trajectory of the process states or part of the states. To this end, we in a way such that they could be affected by other faults. Since the
consider a subsystem of Eq. (1) for which the state variables are all state estimate is generated using measurements y f ;i , it is affected
of those such that no inputs in uf ;i appear on the right-hand side of by faults in the corresponding sensors. If the resulting state
the corresponding ODE's. Let xsub;l denote the vector of state estimate is essentially used in the computation of the residual,
variables for the subsystem, and x sub;l the vector of the rest of the residual is affected by the sensor faults. Similarly, if inputs u f ;i
the state variables. Without loss of generality, the model of the appear in the prediction equation, the residual is also affected by
subsystem can be described as follows: the actuator faults.

x_ sub;l ¼ f sub;l ð½xTsub;l ; x Tsub;l T Þ þ Gsub;l ð½xTsub;l ; x Tsub;l T Þu f ;i ð10Þ Having established the ability to detect the occurrence of faults
in a subset of inputs and outputs, we next present the fault
where f sub;l ðÞ and Gsub;l ðÞ are appropriately defined. isolation logic for the identification of the faulty control equipment.
For each faulty scenario, the expected process trajectory is
computed using the process model and the state estimates gener- Theorem 1. Consider the system of Eq. (1), for which Assumption 3
ated by the jth observer that is not subject to faults θf ;i . Specifically, holds. If t kT p Zt k′ and r i;k 4 δi for all iA f1; …; nf g\fjg, then θf ;j ðtÞ a0
for t A ½t kT ; t k Þ, a prediction model is designed as follows: for some t A ½t k′ ; t k Þ.

_
x~^ sub;l;j ¼ f sub;l ð½x~^ Tsub;l;j ; x^ Tsub;l;j T Þ þ Gsub;l ð½x~^ Tsub;l;j ; x^ Tsub;l;j T Þu f ;i ð11Þ Proof. We show that faults θf ;j take place by a contradiction
argument. Suppose that faults θf ;s take place, where s aj. Since
where x~^ sub;l;j is the state of the prediction model, x^ sub;l;j is the r i;k 4 δi for all i A f1; …; nf g\fjg, we have r s;k 4 δs . It follows from
estimate of x sub;l provided by the jth observer, and T is the Proposition 3 that a fault in θ f ;s must have taken place. Two cases
298 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303

will be considered. In the first case, θf ;s includes only one fault. Case5: A single actuator fault in ui and a single sensor fault in yj:
In this case, a fault taking place in θ f ;s is contradictory to the fact For this case, the residuals that are expected to breach their
that only one fault takes place. In the second case, θf ;s includes two thresholds include all r a;k 's, all r ′a;k 's, all r s;k 's, all r ′s;k 's, and all
faults. In this case, a fault taking place in θ f ;s implies that more r as;k 's except for the one that is insensitive to faults in ui and yj.
than two faults have taken place, which is contradictory to the
assumption that at most two faults take place simultaneously. This Remark 4. Theorem 1 presents sufficient conditions for isolating
concludes the proof of Theorem 1. □ the exact faults that have taken place. Depending on the plant-
model mismatch, sizes of measurement noise, and thresholds
Having presented a generic way to generate residuals, we next chosen, there may exist cases where the residuals breaching their
present the patterns of residuals breaching their thresholds for the thresholds are inconsistent with the expectation (i.e., not all the
five faulty scenarios. To this end, let r a;i , i ¼ 1; …; m, and r ′a;i , expected residuals breach their thresholds or unexpected residuals
i ¼ 1; …; 12mðm1Þ, denote the residuals for a single actuator fault do) even if the residuals are designed such that they are affected
and two actuator faults, respectively, r s;i , i ¼ 1; …; p, and r ′s;i , by these faults. As the negative impact of measurement noise on
i ¼ 1; …; 12pðp1Þ, the residuals for a single sensor fault and two state estimation is concerned, measured outputs can be filtered
sensor faults, respectively, and r as;i , i ¼ 1; …; mp, the residuals for before state estimation, and the thresholds can be appropriately
the case of an actuator fault and a sensor fault. The patterns of relaxed to reduce false detections. However, they should not be
residuals breaching their thresholds for the five faulty scenarios too large to lose sensitivity to faults. This reflects the fundamental
are presented as follows: tradeoff between high sensitivity to faults and small false detec-
Case 1: A single actuator fault in ui: For this case, the residuals tions. Note also that a theoretical analysis on the effect of measure-
that are expected to breach their thresholds include all r a;k 's except ment noise is outside the scope of the present work. This would
for the one that is insensitive to the fault in ui, all r ′a;k 's except for require constructing a relationship between state estimation errors
m1 residuals that are insensitive to the fault in ui and a fault in and bounds on measurement noise, and result in an increase in the
some other input variable, all r s;k 's and r ′s;k 's, and all r as;k 's except thresholds for fault detection. The readers are referred to see Ahrens
for p residuals that are insensitive to faults in ui and some other and Khalil (2009) for a study of high-gain observers in the presence
output variable. of measurement noise.
Case 2: Two actuator faults in ui and uj: For this case, the
residuals that are expected to breach their thresholds include all Remark 5. Note that the residual in Eq. (12) may be sensitive
r a;k 's, all r ′a;k 's except for the one that is insensitive to the faults in to only part of faults θf ;i depending on the system structure.
ui and uj, all r s;k 's and r ′s;k 's, and all r as;k 's. To illustrate this point, consider the following example: x_ 1 ¼ f 1 ðxÞ þ
Case 3: A single sensor fault in yi: For this case, the residuals g 1;1 ðxÞu1 þ g 1;2 ðxÞu2 , x_ 2 ¼ f 2 ðxÞ þg 2;2 ðxÞu2 , x_ 3 ¼ f 3 ð½x1 ; x3 T Þ, y ¼ ½x1 ;
that are expected to breach their thresholds include all r a;k 's, all x2 ; x3 T . According to the proposed procedures, the residual that is
r ′a;k 's, all r s;k 's except for the one that is insensitive to the fault in yi, insensitive to faults in u2 and y1 is generated using the equation
all r ′s;k 's except for p1 residuals that are insensitive to faults in yi x_ 3 ¼ f 3 ðxÞ. This residual, however, is at best sensitive to faults in
and some other output variable, and all r as;k 's except for m measurements y2 and y3, but not to that in u1 since u1 does not
residuals that are insensitive to faults in yi and some other input explicitly appear on the right-hand side of this equation. For such
variable. cases, the proposed method can identify a subset of faults that
Case 4: Two sensor faults in yi and yj: For this case, the residuals contains those that have taken place. Letting S i be the set of faults
that are expected to breach their thresholds include all r a;k 's, all θ f ;i , i ¼ 1; …; nf , this subset of faults is the intersection of S i 's such
r ′a;k 's, all r s;k 's, all r ′s;k 's except for the one that is insensitive to faults that r i;k 4 δi , which could be significantly smaller than the set of all
in yi and yj, and all r as;k 's. possible faults.

Remark 6. Note that the intent of the proposed FDI scheme is not
to replace redundancy in sensors and actuators, but to add an
Table 1
Process parameters for the chemical reactor example of Section 4.
additional model-based redundancy on top of the existing sensing
and actuating mechanisms. The FDI design can be utilized as a
Parameter Value Unit component of integrated fault-tolerant control structures (e.g.,
Basila et al., 1990; Du et al., 2011; Perk et al., 2012). Note also that
F 0.12 m3/min
the presence of feedback control is inherently considered in the
V 1 m3
k1A0 1.50  1010 min  1
k1A0 1.25  1010 min  1 Table 2
k2A0 1.50  1010 min  1 Faults to which the residuals are insensitive and thresholds for the fault isolation
k2A0 1.25  1010 min  1 design of the example in Section 4.
k3C0 1.50  1010 min  1
k3C0 1.25  1010 min  1 Residual Faults Threshold Residual Faults Threshold
E1 6.5  104 kJ/kmol
E1 6.6  104 kJ/kmol r1 y~ 1 0.5 r2 y~ 2 0.5
E2 6.8  104 kJ/kmol r3 y~ 3 0.5 r4 y~ 4 0.5
E2 6.6  104 kJ/kmol r5 y~ 5 0.75 r6 y~ 1 ; y~ 2 0.75
E3 6.8  104 kJ/kmol r7 y~ 1 ; y~ 3 0.75 r8 y~ 1 ; y~ 4 0.75
E3 6.6  104 kJ/kmol r9 y~ 1 ; y~ 5 0.75 r10 y~ 2 ; y~ 3 0.5
R 8.314 kJ/kmol K r11 y~ 2 ; y~ 4 0.75 r12 y~ 2 ; y~ 5 0.75
ΔH 1  1.50  104 kJ/kmol r13 y~ 3 ; y~ 4 0.75 r14 y~ 3 ; y~ 5 1.5
ΔH 2  0.75  104 kJ/kmol r15 y~ 4 ; y~ 5 1 r16 u~ 2 0.002
ΔH 3  0.70  104 kJ/kmol r17 u~ 2 ; y~ 5 0.002 r18 u~ 1 0.5
ρ 1000 kg/m3 r19 u~ 1 ; y~ 1 0.5 r20 u~ 1 ; u~ 2 0.002
cp 0.315 kJ/kg K r21 u~ 1 ; y~ 2 0.5 r22 u~ 1 ; y~ 3 0.5
C A0 3 kmol/m3 r23 u~ 1 ; y~ 4 0.5 r24 u~ 1 ; y~ 5 0.75
C B0 4 kmol/m3 r25 u~ 2 ; y~ 1 0.002 r26 u~ 2 ; y~ 2 0.002
T0 320 K r27 u~ 2 ; y~ 3 0.002 r28 u~ 2 ; y~ 4 0.002
 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303 299

modeling of faults. This is because the computation of the control trajectories that would be expected in the absence of faults
action is independent of actuator or sensor faults. No matter because of the feedback mechanism. This deviation, however, is
whether sensor faults take place, the prescribed inputs are not the actuator fault defined in Eq. (1), which is an error between
calculated using a control law, and the calculation is always correct the prescribed input and the actual input to the plant. Thus, a
(since no controller faults are considered). Admittedly, a sensor ~ and consequently
sensor fault alone will not lead to an error in u,
fault typically results in the prescribed inputs deviating from their will not be isolated as an actuator fault by the proposed method.

1.4 1

1.2
CA (kmol/m3)

CB (kmol/m3)
0.9
1
0.8
0.8

0.7
0 10 20 0 10 20
Time (min) Time (min)

1.2
CC (kmol/m3)

CU (kmol/m3)

1.1 0.5

0.9 0
0 10 20 0 10 20
Time (min) Time (min)

1 440
CD (kmol/m3)

430
TR (K)

0.5
420

0 410
0 10 20 0 10 20
Time (min) Time (min)
Fig. 1. Evolution of the closed-loop measurements (solid lines), the state estimates (dashed lines), and the actual values of the process states (dashed-dotted lines). Faults in
C A and T R take place at time tf ¼7.5 min. The state estimates stay close to their actual values before the occurrence of the faults, while they deviate from the actual values
after the occurrence of the faults. Because of faults, the process states deviate from the nominal operating point.

6 330
CA0 (kmol/mK3)

4 320
T0 (K)

2 310

0 300
0 10 20 0 10 20
Time (min) Time (min)
Fig. 2. Evolution of the closed-loop input profiles. No faults take place in the input variables.
300 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303

4. Simulation example where Ci is the concentration of species i, i ¼ A, B, C, U, D, T R is the

temperature in the reactor, V is the volume of the reactor, ΔH i ,
In this section, we illustrate the proposed method through a i¼1, 2, 3 are the enthalpy of the ith reaction, and ρ and cp are the
continuous-stirred tank reactor (CSTR) example. The feed to the density and the heat capacity of the fluid in the reactor, respec-
reactor consists of A and B at a flow rate F, concentrations C A0 and tively. The reaction rates are as follows:
C B0 , and temperature T0. In the reactor, the following three
r 1A; forward ¼ k1A0 eE1 =ðRT R Þ C A C B
reversible elementary exothermic reactions take place adiabati-
cally: r 1A; reverse ¼ k1A0 eE1 =ðRT R Þ C C
k1A k2A k3C r 2A; forward ¼ k2A0 eE2 =ðRT R Þ C A C C
AþB ⇌ C A þC ⇌ D CþD ⇌ U ð14Þ
k1A k2A k3C r 2A; reverse ¼ k2A0 eE2 =ðRT R Þ C D
where C is the intermediate product, D is the desired product, U is r 3C; forward ¼ k3C0 eE3 =ðRT R Þ C C C D
the undesired product, and k1A , k1A , k2A , k2A , k3C , and k3C are
r 3C; reverse ¼ k3C0 eE3 =ðRT R Þ C U ð16Þ
specific rates of reaction for the forward and reverse reactions,
respectively. The mathematical model of this chemical reactor where kij0 and kij0 , i¼ 1, 2, 3, j¼A, C are the pre-exponential
takes the following form: constants for the forward and reverse reactions, respectively, Ei
and Ei , i¼1, 2, 3 are the activation energies for the forward and
F
C_ A ¼ ðC A0 C A Þ þ r 1A; forward þ r 1A; reverse þ r 2A; forward þr 2A; reverse reverse reactions, respectively, and R is the ideal gas constant. The
V
F process parameters can be found in Table 1.
C_ B ¼ ðC B0 C B Þ þ r 1A; forward þ r 1A; reverse The control objective under normal conditions is to operate
V
F the process at the nominal operating point, where C A ¼
C_ C ¼  C C r 1A; forward r 1A; reverse þr 2A; forward þ r 2A; reverse 0:828 kmol=m3 , C B ¼ 0:743 kmol=m3 , C C ¼ 0:976 kmol=m3 , C U ¼
V
þ r 3C; forward þ r 3C; reverse 0:365 kmol=m3 , C D ¼ 0:550 kmol=m3 , and T R ¼ 425:4 K. To this
end, consider manipulated input variables u ¼ ½C A0 ; T 0 T , where
F
C_ U ¼  C U r 3C; forward r 1C; reverse 0 r C A0 r10 kmol=m3 and 300 rT 0 r 350 K, and measured out-
V
puts y ¼ ½C A ; C B ; C C ; C D ; T R T . A Lyapunov-based model predictive
F
C_ D ¼  C D r 2A; forward r 2A; reverse þ r 3C; forward þ r 3C; reverse control design of Mahmood and Mhaskar (2008) is used to
V
illustrate the results. The hold-time for the control action is chosen
F ðΔH 1 Þ
T_ R ¼ ðT 0 T R Þ þ ðr 1A; forward þ r 1A; reverse Þ as Δ ¼ 0:5 min, the prediction horizon is chosen as 2Δ, the
V ρc p
weighting matrices used to penalize the deviations of the state
ðΔH 2 Þ ðΔH 3 Þ and input from their nominal values are chosen as Q w ¼ diag[1, 1,
þ ðr 2A; forward þ r 2A; reverse Þ þ ðr 3C; forward þ r 3C; reverse Þ
ρcp ρc p 1, 1, 1, 1] and Rw ¼diag[0.1, 0.001], respectively, and the stability
ð15Þ region is characterized as fx A R6 : VðxÞ ¼ xT Px r cg, where x is the

100 100 100 100

r1

r2

r3

r4

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100 100 100 100

r5

r6

r7

r8

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100 100 100 100

r10

r11

r12
r9

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100 100 100 100

r13

r14

r15

r16

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100 100 100 100

r17

r18

r19

r20

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

102
r21

r22

r23

r24

100 100 100 100

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100
10-2 10-2 100 100
r25

r26

r27

r28

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

Fig. 3. Evolution of the residuals (solid lines) and thresholds (dashed lines). Since all the residuals breach their thresholds except for r9 (insensitive to y~ 1 and y~ 5 ), faults in y1
and y5 are isolated.
 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303 301

vector of deviation variables and c¼ 0.2. The state estimate provided by the observer using all
the measured outputs is used to compute the control action for
2 3
55:5740 21:8239 24:8981 45:2042 23:1950 2:2350 nominal operation.
6 21:8239 12:3577 11:7907 18:8019 10:5887 0:9540 7
6 7 To illustrate the proposed actuator and sensor fault isolation
6 7
6 24:8981 11:7907 12:4787 20:0156 10:6130 1:0250 7 method, we design fifteen additional observers using subsets of
P¼6
6 45:2042
7
6 18:8019 20:0156 41:5350 21:8946 1:8652 7
7 the measured outputs. Among these observers, five are designed
6 7
4 23:1950 10:5887 10:6130 21:8946 11:8877 0:9883 5 using four of the outputs, and ten designed using three outputs. It
2:2350 0:9540 1:0250 1:8652 0:9883 0:0937 can be verified that Assumption 3 is satisfied with the chosen

1 0.9

0.9 0.8
CA (kmol/m3)

CB (kmol/m3)
0.8 0.7

0.7 0.6
0 10 20 0 10 20
Time (min) Time (min)

1.1 0.38

0.37
CC (kmol/m3)

CU (kmol/m3)

1
0.36

0.9 0.35
0 10 20 0 10 20
Time (min) Time (min)

0.7 430
CD (kmol/m3)

0.6 425
TR (K)

0.5 420

0.4 415
0 10 20 0 10 20
Time (min) Time (min)
Fig. 4. Evolution of the closed-loop measurements (solid lines), the state estimates (dashed lines), and the actual values of the process states (dashed-dotted lines). A fault
takes place in T R at time tf ¼7.5 min. Since the observer does not use the prescribed values of C A0 and measurements of T R , the state estimates stay close to their actual values
even after the faults take place.

4.5 325

4
CA0 (kmol/m3)

320
T0 (K)

3.5
315
3

2.5 310
0 10 20 0 10 20
Time (min) Time (min)
Fig. 5. Evolution of the closed-loop input (solid lines) and prescribed input (dashed lines) profiles. A fault takes place in C A0 at time tf ¼7.5 min.
302 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303

outputs for the observer design. To illustrate the observer design, but not too far from the majority of the residual values, as shown
consider the one that uses measurements of y1 ¼ C A , y2 ¼ C B , and in Table 2.
y5 ¼ T R . The coordinate transformation for this observer is as We first consider a case where faults in y1 ¼ C A and y5 ¼ T R
follows: ζ 1;1 ¼ C A , ζ 1;2 ¼ C_ A , ζ 2;1 ¼ C B , ζ 2;2 ¼ C_ B , ζ 3;1 ¼ T R , and
1 1 1 1 1
(two sensor faults) take place at time tf ¼7.5 min. The faults are
ζ 13;2 ¼ T_ R . Note that input information is involved in this coordi- simulated as follows (note that the bias fault is used only as an
nate transformation and the design is aided by the enhanced example; the proposed approach can handle other kinds of faults,
applicability of high-gain observers (Du and Mhaskar, 2012). The such as time varying faults as well):
observer design is as follows: (
0; 0 rt o t f
_ a1;1 _ a1;2 ~y 1 ¼
ζ^ 1;1 ¼ ζ^ 1;2 þ ðy1 ζ^ 1;1 Þ ζ^ 1;2 ¼ ðy1 ζ^ 1;1 Þ 0:2; t Z t f
ε ε2
(
_ a2;1 _ a2;2 0 r t o tf
ζ^ 2;1 ¼ ζ^ 2;2 þ ðy2 ζ^ 2;1 Þ ζ^ 2;2 ¼ ðy2 ζ^ 2;1 Þ y~ 5 ¼
0;
ð18Þ
ε ε 2
5; t Z tf
_ a3;1 _ a3;2
ζ^ 3;1 ¼ ζ^ 3;2 þ ðy5 ζ^ 3;1 Þ ζ^ 3;2 ¼ ðy5 ζ^ 3;1 Þ ð17Þ
ε ε2 The evolution of the measurements of the output variables, the
where ε ¼ 0:04, ai;1 ¼ 5, and ai;2 ¼ 100, i ¼ 1, 2, 3. Twenty-eight state estimates provided by the observer that uses measurements
residuals are generated using the procedure presented in Section of C A , C B , and T R , and the true values of the state variables are
3. These residuals are insensitive to unique groups of faults and depicted by solid, dashed, and dashed-dotted lines in Fig. 1,
sensitive to the others, as shown in Table 2. The parameter τ in respectively. It can be seen that the state estimates are close to
Eq. (4) is chosen as 0.05 min. their actual values before the occurrence of the faults since the
The process of Eq. (15) is subject to plant-model mismatch and process starts from the nominal operating point, at which the
measurement noise. Specifically, the actual values of k1A0 and k2A0 observer is initialized. However, the estimates generated using all
are 10% smaller than their nominal values. Furthermore, the the sensors expectedly deviate from their true values after the
flow rate fluctuates with time, with the actual flow rate being faults take place. The evolution of the closed-loop input profiles is
1 þ 0:05 sin ðtÞ times of its nominal value. The concentration and shown in Fig. 2. The evolution of residual profiles is shown in
temperature measurements have combinations of 5 Hz sinusoidal Fig. 3. Since all the residuals breach their thresholds except for r9,
noises. The magnitudes over each 0.5 min follow a normal dis- which is insensitive to y~ 1 and y~ 5 (see Table 2), faults in y1 and y5
tribution with the standard deviations being 0.02 kmol/m3 and are successfully isolated.
0.5 K for concentrations and temperatures, respectively. The noisy We next consider a case where faults in u1 ¼ C A0 and y5 ¼ T R
measurements are processed through a first-order low-pass filter (one actuator fault and one sensor fault) take place at time
with the filter time constant being 3 s. To reduce the rate of false tf ¼7.5 min. The simulated faults are as follows:
alarms due to plant-model mismatch and measurement noise, the (
0; 0 r t ot f
thresholds are chosen by evaluating the values of the residuals u~ 1 ¼
ð1 þ 0:2 sin tÞð1etf t Þ; t Zt f
using normal operating data such that the thresholds are above,

100 100 100 100

r1

r2

r3

r4

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100 100 100 100

r5

r6

r7

r8

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100 100 100 100

r10

r11

r12
r9

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

102 102
100 100 100
100
r13

r14

r15

r16

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

10-2
100 100 100 10-3
r17

r18

r19

r20

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100 100 100 100

r21

r22

r23

r24

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

100 100 100 100

r25

r26

r27

r28

0 10 20 0 10 20 0 10 20 0 10 20
Time (min) Time (min) Time (min) Time (min)

Fig. 6. Evolution of the residuals (solid lines) and thresholds (dashed lines). Since all the residuals breach their thresholds except for r24 (insensitive to u~ 1 and y~ 5 ), faults in u1
and y5 are isolated.
 M. Du et al. / Chemical Engineering Science 104 (2013) 294–303 303

(
0; 0 r t o tf Chilin, D., Liu, J., Muñoz de la Peña, D., Christofides, P.D., Davis, J.F., 2010. Detection,
y~ 5 ¼ ð19Þ isolation and handling of actuator faults in distributed model predictive control
ð4 þ sin tÞð1etf t Þ; t Zt f
systems. Journal of Process Control 20, 1059–1075.
Chow, E.Y., Willsky, A.S., 1984. Analytical redundancy and the design of robust failure
The evolution of the measurements of the output variables, the detection systems. IEEE Transactions on Automatic Control AC-29, 603–614.
state estimates provided by the observer that uses measurements Clark, R.N., 1978. Instrument fault detection. IEEE Transactions on Aerospace and
Electronic Systems AES-14, 456–465.
of C B , C C , and C D , and the actual values of the state variables Clark, R.N., Fosth, D.C., Walton, V.M., 1975. Detecting instrument malfunctions in
are depicted by solid, dashed, and dashed-dotted lines in Fig. 4, control systems. IEEE Transactions on Aerospace and Electronic Systems AES-
respectively. Since this observer does not use the prescribed values 11, 465–473.
De Persis, C., Isidori, A., 2001. A geometric approach to nonlinear fault detection
of C A0 and measurements of T R , the state estimates stay close to
and isolation. IEEE Transactions on Automatic Control 46, 853–865.
their true values even after the faults take place. The evolution of Du, M., Gandhi, R., Mhaskar, P., 2011. An integrated fault detection and isolation and
the closed-loop input and prescribed input profiles are shown by safe-parking framework for networked process systems. Industrial & Engineer-
ing Chemistry Research 50, 5667–5679.
the solid and dashed lines in Fig. 5, respectively. The evolution of
Du, M., Mhaskar, P., 2012. Isolation and handling of sensor faults in nonlinear
residual profiles are shown in Fig. 6. Since all the residuals breach systems. In: Proceedings of the 2012 American Control Conference. Montréal,
their thresholds except for r24, which is insensitive to u~ 1 and y~ 5 Canada, pp. 6661–6666.
(see Table 2), faults in u1 and y5 are successfully isolated. Du, M., Mhaskar, P., 2013. Active fault isolation of nonlinear process systems. AIChE
Journal 59, 2435–2453.
Simulations were also conducted to demonstrate the dependence El-Farra, N.H., Ghantasala, S., 2007. Actuator fault isolation and reconfiguration in
of the choice of the filter parameters and thresholds on the magnitude transport-reaction processes. AIChE Journal 53, 1518–1537.
and frequency of measurement noise for the case of one actuator fault Findeisen, R., Imsland, L., Allgöwer, F., Foss, B.A., 2003. Output feedback stabiliza-
tion of constrained systems with nonlinear predictive control. International
in C A0 and one sensor fault in T R with the same observer design. In Journal of Robust and Nonlinear Control 13, 211–227.
particular, for standard deviations of the magnitudes of noise twice as Frank, P.M., 1990. Fault diagnosis in dynamic systems using analytical and
large as those used before, a reduction in the filter constant by a factor knowledge-based redundancy: a survey and some new results. Automatica
26, 459–474.
of half maintains the functionality of the observers. It was also found Ghantasala, S., El-Farra, N.H., 2009. Robust actuator fault isolation and management
that when the frequencies were half of those used before, residual r15 in constrained uncertain parabolic PDE systems. Automatica 45, 2368–2373.
in the absence of faults increased. With its threshold appropriately Hamelin, F., Sauter, D., 2000. Robust fault detection in uncertain dynamic systems.
Automatica 36, 1747–1754.
increased (an appropriate choice can be made using normal process
Hu, Y., El-Farra, N.H., 2011. Robust fault detection and monitoring of hybrid process
data), similar FDI results were obtained. As stated in Remark 4, a systems with uncertain mode transitions. AIChE Journal 57, 2783–2794.
detailed analysis on the effect of measurement noise is outside the Khalil, H.K., 2002. Nonlinear Systems, 3rd ed. Prentice Hall, Upper Saddle River, NJ.
Li, W., Shah, S.L., Xiao, D., 2008. Kalman filters in non-uniformly sampled multirate
scope of the present work.
systems: for FDI and beyond. Automatica 44, 199–208.
Mahmood, M., Mhaskar, P., 2008. Enhanced stability regions for model predictive
control of nonlinear process systems. AIChE Journal 54, 1487–1498.
5. Conclusions Martini, R.A., Chylla Jr., R.W., Cinar, A., 1987. Fault-tolerant computer control of a
time delay system: sensor failure tolerance by controller reconfiguration.
Computers & Chemical Engineering 11, 481–488.
This work considered the problem of isolating actuator and sensor Mattei, M., Paviglianiti, G., Scordamaglia, V., 2005. Nonlinear observers with H 1
faults in nonlinear process systems. The key idea is to exploit the performance for sensor fault detection and isolation: a linear matrix inequality
design procedure. Control Engineering Practice 13, 1271–1281.
analytical redundancy in the system model through state observer
McFall, C.W., Muñoz de la Peña, D., Ohran, B., Christofides, P.D., Davis, J.F., 2008.
design. To this end, we considered subsets of faults, and designed state Fault detection and isolation for nonlinear process systems using asynchronous
observers that use information of inputs and outputs only subject to measurements. Industrial & Engineering Chemistry Research 47, 10009–10019.
faults in each subset. We then designed residuals using the process Mehra, R.K., Peschon, J., 1971. An innovations approach to fault detection and
diagnosis in dynamic systems. Automatica 7, 637–640.
model and state estimates such that each residual is only sensitive to Mhaskar, P., Gani, A., McFall, C., Christofides, P.D., Davis, J.F., 2007. Fault-tolerant
the corresponding subset of faults. The occurrence of faults in a subset control of nonlinear process systems subject to sensor faults. AIChE Journal 53,
is detected if the corresponding residual breaches its threshold. With 654–668.
Mhaskar, P., McFall, C., Gani, A., Christofides, P.D., Davis, J.F., 2008. Isolation and
the ability of detecting the occurrence of faults in a subset, faults can handling of actuator faults in nonlinear systems. Automatica 44, 53–62.
be isolated using a bank of residuals and a logic rule. The proposed Patton, R.J., Chen, J., 1993. Optimal unknown input distribution matrix selection in
method enables differentiation between and isolation of actuator and robust fault diagnosis. Automatica 29, 837–841.
Perk, S., Shao, Q.M., Teymour, F., Cinar, A., 2012. An adaptive fault-tolerant control
sensor faults while explicitly accounting for system nonlinearity. The framework with agent-based systems. International Journal of Robust and
effectiveness of the fault isolation design subject to plant-model Nonlinear Control 22, 43–67.
mismatch and measurement noise was illustrated using a chemical Pertew, A.M., Marquez, H.J., Zhao, Q., 2007. LMI-based sensor fault diagnosis for
nonlinear Lipschitz systems. Automatica 43, 1464–1469.
reactor example.
Rajamani, R., Ganguli, A., 2004. Sensor fault diagnostics for a class of non-linear systems
using linear matrix inequalities. International Journal of Control 77, 920–930.
Shang, L., Liu, G., 2011. Sensor and actuator fault detection and isolation for a high
Acknowledgments performance aircraft engine bleed air temperature control system. IEEE
Transactions on Control Systems Technology 19, 1260–1268.
Vemuri, A.T., 2001. Sensor bias fault diagnosis in a class of nonlinear systems. IEEE
Financial support from the Natural Sciences and Engineering Transactions on Automatic Control 46, 949–954.
Research Council of Canada is gratefully acknowledged. Venkatasubramanian, V., Rengaswamy, R., Yin, K., Kavuri, S.N., 2003. A review of
process fault detection and diagnosis. Part I. Quantitative model-based meth-
ods. Computers & Chemical Engineering 27, 293–311.
References Yan, X.-G., Edwards, C., 2007. Sensor fault detection and isolation for nonlinear
systems based on a sliding mode observer. International Journal of Adaptive
Control and Signal Processing 21, 657–673.
Ahrens, J.H., Khalil, H.K., 2009. High-gain observers in the presence of measure- Zhang, X., 2011. Sensor bias fault detection and isolation in a class of nonlinear
ment noise: a switched-gain approach. Automatica 45, 936–943. uncertain systems using adaptive estimation. IEEE Transactions on Automatic
Basila Jr., M.R., Stefanek, G., Cinar, A., 1990. A model-object based supervisory Control 56, 1220–1226.
expert system for fault tolerant chemical reactor control. Computers & Zhang, X., Parisini, T., Polycarpou, M.M., 2005. Sensor bias fault isolation in a class of
Chemical Engineering 14, 551–560. nonlinear systems. IEEE Transactions on Automatic Control 50, 370–376.
Bokor, J., Szabó, Z., 2009. Fault detection and isolation in nonlinear systems. Annual Zhang, X., Polycarpou, M.M., Parisini, T., 2002. A robust detection and isolation
Reviews in Control 33, 113–123. scheme for abrupt and incipient faults in nonlinear systems. IEEE Transactions
Chen, J., Patton, R.J., Zhang, H.-Y., 1996. Design of unknown input observers and on Automatic Control 47, 576–593.
robust fault detection filters. International Journal of Control 63, 85–105. Zhang, X., Polycarpou, M.M., Parisini, T., 2010. Fault diagnosis of a class of nonlinear
Chen, W., Saif, M., 2007. Adaptive actuator fault detection, isolation and accom- uncertain systems with Lipschitz nonlinearities using adaptive estimation.
modation in uncertain systems. International Journal of Control 80, 45–63. Automatica 46, 290–299.