SD-000752

An Efficient Algorithm for Intelligent Instrumentation System

Ghaleb Hoblos Houcine Chafouk, Nicolas Langlois

Institut de Recherche en Systemes Electroniques EMbarques-IRSEEM

Ecole Superieure d'Ingenieurs en G6nie ELECtrique - ESIGELEC
I, rue du Mar6chal Juin - BP 14, 76131 Mont Saint Aignan Cedex - France
Tel: (33) (2) 35 52 80 20- Fax: (33) (2) 35 52 80 80.
Email: (ghaleb.hoblos, houcine.chafouk, nicolas.lalnglois4)esiQgelec.fr

Abstract-The reconfiguration of sensor svstems to solve
estimation or control problem is one of the most important
tasks in the design of process instrumentation. This paper
proposes an algorithm, which guarantees the availability of all
state variables even in the case of lost sensors. The v-ariable
observabilitv is considered to be necessary for the process
supervision of the svstem. Minimal and redundant sensor sets
are organized into an oriented graph, which contains all the
possible reconfiguration paths for which those variables
remain observable. Based on redundancv degrees criteria, an
optimal reconfiguration will be used to observe and
reconstruct lost information. An example illustrates the
proposed algorithm.
system state. Then, redundancy and minimality properties
are defined to build a lattice containing all reconfiguration
paths. Every node is evaluating using redundancy degrees
criteria. In section 4, we propose an efficient algorithm for
keeping some fault tolerance criteria using reconfiguration
and maintenance operations. An illustrative example is
provided in section 5.
II. PROBLEM POSITION
Consider the static linear model given by:

Index Ternns-intelligent instrumentation, fault tolerance. fMx=o

reconfiguration, redundancy.
I. INTRODITCTION
Control and monitoring of industrial processes, like
chemical or power plalnts, is based on huge sensor systems
for which data reconciliation and system reconfiguration
issues are of prime interest. Direct measurements of a
variable for which a value is required can be avoided, since
many can be estimated using analytical redundancy. The
possibility of variables estimation depends on the topology
of the process and the fault tolerance of sensor systems.
Previous work concerning fault tolerance with respect to
sensor failures in static linear systems was stemmed from
[1]. Graph theory based algorithms and a classification of
the system variables have been proposed in [1, 2, 3]. For
dynamic systems, fault tolerant observer based approaches
have been proposed in [4, 5].
Recently, reliability and structural criteria based on
redundancy degrees has been used for fault tolerance
analysis [8]. Indeed, the evolution of observability or
controllability properties is strongly related to
accommodation and reconfiguration possibility, when
component faults occur.
This paper addresses the fault tolerant estimation by
increasing the life of a sensor set, in which sensors can be
lost as the result of failures. Reconfiguration and
maintenance operations are necessary to carry out such
requirements. The paper is organized as follows. First, the
problem position is described in section 2 and the objective
of this work is defined. Section 3 provides the background
necessary for the statement of the observability problem of
{Y=HX(+e
where Me)' represents the analytical redundancy
relation of the model, He.)t'O" the observation matrix,
Xe:!?' the state vector, Ye) the measurement vector and c
the measurement errors. If H=Ii,, all state variables are
measurable.
We suppose that Fault Detection and Isolation (FDI)
procedures provide information on the sensor situation, 0
safe sensor and 1 faulty sensor. The problem consists in
finding the estimated value of variable, if its corresponding
sensor is lost. The proposed algorithm is made in two steps:
* Analysis of fault tolerance capability of any sensor
subsets: in this step, we propose an oriented graph
contained all sensor subsets. The evaluation of fault
tolerance is based on redundancy degrees properties,
* Reconflguration and maintenance operations on
faulty instrumentation system: in this step, we select
a safe sensor subset to estimate lost information. The
algorithm can provide several possible solutions to
estimation problem.
III. GRAPH REPRESENTATION AND FAUTLT TOLERANCE
EVALUTATING
In this paragraph, we propose a graphical representation
for all sensor subsets. Each subset is characterized by the
possibility or not to solve estimation problem. First, we
define conditions for which the solution of estimation
problem exists. Then, we build our graph by associating to
each node some structural criteria (redundancy degrees) for
fault tolerance evaluating.

0-7803-8304-4/04/$20.00 @2004 IEEE 141

SD-000752

A. Ohservahilitv This form leads to the following interpretations:

The static linear system (1) is completely7 observable, if
starting from the measurement knowledge and the equation
of the linear model, one can determine state X in a unique
way; as observability property and measurement errors are
independent, the necessary and sufficient condition of
observability is:
- The bloc b4 corresponds to the analytical redundancy
relations, because it uses only measured variables,
- If b2 contains lines with null coefficients then the
corresponding lines in b gives an idea about the
indices of deductible variables,
- The measured variables correspond to the indices of
non-null columns in bloc 4.

r.=rankM]0=n (2) Lennia

For any sensor subset J included in the instrumentation
system L such that the measurement equation is given by
else, the system is unobservable. Y=H.X, the unknown variables are estimable if and only if:
If (2) is available, we can estimate unknowing variables
as following:
Let X,1 and X7,- be respectively the measured and r=rank{4 ]='1 (7a)
unmeasured variables. The system (1 ) can be partitioned as:
where the sub matrix
fM n1M1 ] xLQj=(0 Mr712 is regular. (7b)
(3:)
This observability condition given by 7 is very important
to reconfigure instnrmentation system in order to keep
nominal performances.
with, DefLinitions
8<< 0 Let Xbe the state vector, I= bv,v,... j,-p/ the sensor set on
din(XK,,) nm measured part the process, and J a subset included in I (JcIf).
Redu-danit Setnsor Set. A set of sensors J is a RSS, if and
diin(XT ) n-ni unmeasured part
only if there exists at least one sensor] eJ that may be lost
dimuM11) qxtn while continuing to estimate X, i.e. the observability
diim( M7- ) qx(ni-n9) conditions (7) hold for the subset Jj.
Minimiial Sensor Set. A set of sensors J is said to be a
Let r be the rank of the bloc Mn,. A permutation of lines MSS, if and only if the loss of any sensor jeJ makes
condition (7) not holding for the subset flj
and columns of Mn, permits us to isolate the regular sub
matrix Mi712, which gives the following representation: B. Graph representation ofRSS atd MSS
RSS, MSS and non-MSS can be organized in a subset
M=rMThl Mmil1 Mm1I2 (4) lattice, using the following representation:
iMm2 MRT21 Mi722 j - A node is a subset of I,
- A level contains all the nodes with the same
As M-P? 1 2 is regular, an equivalent form is: cardinality
- An edge is an oriented link between a node at level i
FM IMnil M I Mr M11 I(1 (subsets containing p - i sensors) and a node at level
L Mnw2 MmT21 Mwl-') j (5) i+l.
- An edge represents the set-inclusion relation. It is
labeled with the sensor, which was present at level i,
Finally, by linear combinations, M is also equivalent to: and is no more present at level i+1.
Figure 1 illustrates two levels of a lattice:
M= b, bi b
(6) Lacd _2
.m.

-b4 b5 b6 a = (

with,

bl =Mm12Mml b =M-,12MM11 ladi

b3 =I b4 =Mm2-MFf22M-1l2Mmi Fig. 1 The lattice of the sensors subsets
&s =Mm21-MF22M!> 2MM3Wl b6 =

142
SD-000752

The strong redundancy degree associated with (J, X)

Le i-l is the length of the shortest path between .1 and any
of its niont-RSS successors minus onie.

Obviously one has:

Lewl i
V JC--I DF(J, X) .Df, X)
Fig. 2 Example of a RSS sub-graph and DF U, X) (yJ*, X)= 0 for any terminal node.J*
(remember that terminal nodes in F are MSS).
Now, consider only subsets of I which keep X
observable, and let F be the corresponding sub-graph IV. INTELLIGENT INSTRUTMENTATION SYSTEM AND
(illustrated with gray nodes and dotted edges on figure 2). ALGORITHMS
It is clear that F is not a sub-lattice. Indeed, it is possible
that two subsets S, and S, are RSS included in F but their Let I be the set of sensors. of cardinal p, which can
intersection does not keep X observable. possibly be implemented on the considered process. It is
primordial to know the variable evolution (measured or no)
C. E'aluating theJfault toleranice capabilit at each time of production system. In this section, we
propose an algorithm based on observability properties and
Redundancy degrees associated with one variable have
been introduced in [6], and further contributions have been redundancy degree criteria, which are able to reconfigure
given in [7]. Two notions have been defined, namely the instrumentation system while continuing to estimate state
even in the case of sensor losses.
"principal redundancy of degree 1< and the "weak
redundancy degree". Staroswiecki et al [9] have Two main steps are necessary:
generalized these criteria by associating them with the
observability of a linear functional. Two another notions - A bottom-up exploration of the lattice 22P permits us
has been defined, called the "strong redundancy degree" to color all nodes and to compute corresponding
and "weak redundancy degree". In this paragraph, we used redundancy degrees,
these structural criteria for optimal reconfiguration in the - Reconfiguration and maintenance of sensor svstems.
case of sensor failures. A. Remnarks, symnbols and notations
Let I be the set of the system sensors, J be any subset of
I and Xthe variables to estimate. For a level k,
Weak Redundancy Degree (WRD) - the cardinal of any subset is p-k,
The weak redundancy degree D,/J, X) associated with - the number of corresponding nodes nI is given by
the pair (J,X) is the maximal number of sensors of J that jj., = P P!
(8)
may be lost while continuing to estimate X. P-k (p-k)!k!'
Considering the graph F. The weak redundancy degree - each node receives k edges from level k-i.
associated with (J, X) can be interpreted as the length of the
longest path between node .J and any terminal successor of To given node N(k,j) (k is the level and j is the
a
J. position in level kI <1, ..., nkl we associate,
c

Strong Reduindlancy Degree (ERD,'

- a sensor subset J(k,]j)
The strong redundancy degree DFUJ, X) associated with - F(k,j), set of its gray predecessors at level k+],
the
the pair (J, X) is the maximal number of indirffetrtiate
sensors of Jthat may be lost while continuing to estimate X.
- F(Qk,) Iis the number of edges issued from gray
nodes at level k+l,
Comparison between weak and strong redundancy can
be illustrated as follows. For any sensor subset J with
- Min(kj), the minimal strong redundancy degree on
redundancy degrees Df (4, X) and DF(J, X), one has: F(k.,j),
- Max(k,j), the maximal weak redundancy degree on
3KczJsuchthat IKI =Df (.JX) andJ\KisaMSS F(kt,j),
- DIk,ljj and Dp 1j4), are the strong and weak
VKczJsuchthat KI=DF(J,X)thenJ\KisaRSS redundancy degrees,
Consider the graph F: -(J(k, /)) =LH4J(kj))] for a sensor subset J

- The weak redundancy degree associated with (JJ X)

is the length of the longest path between J and any of
its MSS successors,

143
SD-000752

Whien a level k node is white, apvpr1X? operty 2.

B. PJopertties Cominpute strong an-d weak redundancy degrees of each
Different properties are related to the marking between niodle by apqpvln1g properties 3, 4, anld 5.
levels and the computation of redundancy degrees. These
properties permit us to: The stopping condition is k = 0 to explore all the levels
* minimize the execution time of the computation, of the F graph.
* avoid combinatorial explosion.
*. The second step, Reconfiguradon-Maintenance
Pr opei7rl I consists in:
All the predecessors of a gray node are gray nodes.
- Holding a sensor subset for Estimation/Control (E/C)
Property 2 in nominal case,
- Reconfiguration of instrumentation system by
The predecessor N(k-l1,f) of a white node N(k,j), is isolating faulty sensor, while continuing to keep
gray if and only if. performances,
- Maintenance if necessary, when some conditions of
Rank(CJl?J(k, j))) = t (9:) Fault Tolerance Capability (FTC) are lost.

Propetyhe 3 With sensor loss

if DF(kj) >Dd,
The strong redundancy degree of a gray node N(k,/ ') s.t.
1treconfigutration1 of sensor sVstem, for E/C]
F( k, ':) =p - k is given by: else
('reconfiguration/lor E/C with miiain tenance/obr FTC]
D(-k-1,,j')=Min(k-l,j')+l ('10)
Dd is a desired strong redundancy degree to secure/twlit
If F(k, j') < p-k, then the strong redundancy degree is tolerance capability.
zero. The main flowchart of the algorithm is shown on fig. 3:
Properh 4
The weak redundancy degree of a gray node N(k, j') is
given by:

Df( k-A ,_)=Max(k-1,j')+l (11)

Proper/v S
The weak and strong redundancy degrees of a white
node N(kJ) are -1. i Ies

C. Algorithm No
... .. -------

1'esTes
----

The proposed algorithm is based on two main steps.

*. The first one, Marking-computation, consists in:

Reconfiguration Recon figuration a
- performing the graph initialisation, which consists in with repair without repair :'
marking the bottom level. For each possible sensor
i E {l,...,PI _._........._.__._._.._.. ..._._._._._._._._._._._!.

if Rank(fzij = n, node fi,j is grai; else it is white. Fig. 3 Flowchart of the proposed algorithm
- marking a level k-I when the marking of level k is In the reconfiguration case with maintenance, the sensor
known. The computation of redundancy degrees is subset to be repaired is indicated according to computation
carried out in parallel. Several cases can be provided in phase one.
distinguished in this step:
When a level k node is gre..y, then all its predecessors in
level k-i are also grey (poperty 1).

144
SD-000752

Table 1 Nodes of the instrumentation state graph

V. EXAMPLE
S ~
J J _

Consider a static linear system, with 6 states and 5 1 a,b,c,d,e, 9 a,b,e 1 7 a 25 c,e1
possible sensors a, h, c, d and e, given by: 2 a,b,c,d} 10 a,c,d, 18 a,c 26 Id,e
3 a,b,c.e 11 a,c,e- 19 a,d; 27 {al
1 0 )0 O 4 a,b,de} 12 a,d,e} 20 a,e 28 ibt
0 1 0 0 0 1 -1 0 0 -1 0 r a,c.d,e 13 b,c.d 21 {b,c4 29 Jc
H= 0 0 1 0 0 0 andM= 0 1 -1 0 0 -1 . 6 lb,c,d,e 14 b c 22 lb,d" 30 Id,
0 00 1 0 (0 0 1 -1 -1 0
0 0 0 0 1 0) 7 {a,b,c 15 lb,d,e 23 {b,e} 31 e'
8 a,b,dS 16 'c,d,eJ 24 {c,d 32 {___
To simplify the graph representation, the nodes will be The execution of our algorithm gives the next results.
labeled such that: * The first step, Marking-conmputation, permits us to
generate the following graph and to compute weak
and strong redundancy degrees of all nodes.
The graph containing all sensors subsets is given by:

Fig. 4 The lattice of the instrumenltation system

The redundancy degree results are resumed in the Initially, the whole sensor set, node 1, ta, b, c, d, e I is
following table: used to estimate state. The strong redundancy degree is
equal to one, i.e., any sensor a, b, c, d or e can be lost while
Table 2 weak and strong redundancy degrees of all nodes continuing to estimate state.
If sensor e is lost, the new reconfigured instrumentation
S I (DDF) S (D{DF) S (D{ DF) IS I(DfDF) system, node 2, a, b, c, d} keeps the same structural
(2, 1) 9 (-1,I-) 17 (-1,-i) 25 (-1, -1) criterion concerning strong redundancy degree, which is
(1,1) 10 (0, 0) 18 (-1,F-) 26(-16-1) equal to 1. Then maintenance operation is not necessary.
( 1, 0) 11 (0',) 19 (- '-I) 27 (-1,- ) But, from initial state, if we lose a, b, c or d sensor, the
(1,0 ) 1- (0, 0) 20 (-1, -1 ) 28 (-1,-i strong redundancy degree change from I to 0 (table 2). In
(1, 0) 13 (0,0) 21 (-1,-)) 29 (-1, -I this case, we can continue to estimate the state vectorX, but
(1, 0) 1 (0 0) 22 -1, -1) 30 -1,-1) the maintenance operation is very urgent to keep fault
(0, 0 ) 1 (0, 0 ) 23 (-1, -1 3 ) tolerant capability. It means the loss of any sensor is not
(0, 0) 16 (-1, -1) 24 (-1,-i) 32-2(-1, acceptable to solve estimation problem.

The second step, Reconfiguration-Maintenance, VI. CONCLUSION

permits us to distinguish several cases. We suppose An algorithm for intelligent fault tolerant sensor
that desired strong redundancy degree is equal to networks has been developed, in the case of static linear
one, Dd = 1.

145
SD-000752

system. The objective is to improve the robustness of the

observability property in the case of sensor losses. The RSS
graph considered in [9], is constructed from bottom to top
to compute the redundancy degree criteria of each node,
which give the fault tolerant capability of each sensor
subsets. These criteria are used to solve accommodation
and reconfiguration problem on line. The maintenance
operation is sometimes necessary to keep some predefined
structural criteria.
In the case of dynamical or non-linear systems, the
proposed algorithm is always efficient. But, only the
observability properties must be refomiulated.
VII. REFERENCES
[1] V. Vaclavek. "Studies on system engineering III. Optimal Choice of
the Balance Measurements in Complicated Chemical Engineering
Systems," Chlemlical Engineering Systems., vol. 24, 1969, pp. 947-
955.
[2] R.S.H. Mah. (3M. Stanley. D.M. Downing. "Reconciliation and
Rectification of Process Flow and Inventory Data," Inzduisntial
Engineerinag C'hemistr' Process Design development. vol. 15. no. 1.
1976. pp. 175- 1 831.
[3] C.M. Crowe. "Observability and Redundancy of Process Data for
Steady State Reconciliation." C'hemnical Eigineering S.cience. vol.
12, 1989, pp. 2909-2917.
[4] J. Levine and R. Marinno. "On Fault-Tolerant Obserers." IEEE
TDans. Autonmat. Con/tr. vol. AC-35, 1990. pp. 623-627.
[5] B. Gaddounia. S. Giuliani. J. Ragot. "Sensor faults detection using,
observers."' Wforkshops on Qualitative Quantitative Approaches to
MIodelBasedDiagnosis. Hamburg. 8-9 September. 1994. pp. 87-96.
[6] H.C. Turbatte. D. Maquin. B. Cordier, C.T. Huynh. "Analytical
Redundancy and Reliability of Measurement System."
SAFEPROCESS 91, Baden-Baden. vol. 1199 1. pp.49-54.
[7] M. Luong. D. Maquin. C.T. Huynh. J. Ragot. "Obserxvability.
Redundancy. Reliability and Integrated designi of Measurement
System,"SICICA 94. Budapest, Hungry. 1994.
[8] G. Hoblos. M. Staroswiecki, A. Aitouche. "Sur la Tolerance aux Fautes
de Capteurs et &Actionneurs," Jooirnal Europeden des Svsthnes
Automatisds. vol. 35. n3. 2-001. pp. 331-352.
[9] M. Staroswiecki. G. Hobbos A. Aitouche, "Fault tolerance analysis of
sensor systems." 39' IEEE Conference oni Decision an:d Control Phoenix,
AZ/ USA, vol. 3 1999, pp. 3581-3586.

146