WO2002071359A1 - Method and apparatus for reduction of alarm signals in order to present a simplified alarm situation - Google Patents

Method and apparatus for reduction of alarm signals in order to present a simplified alarm situation Download PDF

Info

Publication number
WO2002071359A1
WO2002071359A1 PCT/SE2002/000382 SE0200382W WO02071359A1 WO 2002071359 A1 WO2002071359 A1 WO 2002071359A1 SE 0200382 W SE0200382 W SE 0200382W WO 02071359 A1 WO02071359 A1 WO 02071359A1
Authority
WO
WIPO (PCT)
Prior art keywords
alarm
signals
alarms
primary
alarm signals
Prior art date
Application number
PCT/SE2002/000382
Other languages
French (fr)
Inventor
Jan Eric Larsson
Fredrik Dahlstrand
Bengt ÖHMAN
Original Assignee
Goalart Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from SE0100767A external-priority patent/SE0100767D0/en
Application filed by Goalart Ab filed Critical Goalart Ab
Priority to EP02701858A priority Critical patent/EP1377949A1/en
Publication of WO2002071359A1 publication Critical patent/WO2002071359A1/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0267Fault communication, e.g. human machine interface [HMI]
    • G05B23/027Alarm generation, e.g. communication protocol; Forms of alarm
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0259Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the response to fault detection
    • G05B23/0262Confirmation of fault detection, e.g. extra checks to confirm that a failure has indeed occurred

Definitions

  • the present invention relates to analysis of sensors and sensor signals 5 detecting the status of components in a flow system, and especially to a system, an apparatus, a method and a computer program product for analysis of sensors comprised in a process or a plant.
  • the alarms are important sources of information for the operators and it is important that the alarms are correct. This means that the alarms must be reliable and should not be raised when there is no real error. However, there are several reasons why an alarm goes off when it should not and why it does not go off
  • the sensors themselves can break down or start to drift.
  • the alarm limits can be badly tuned from the beginning or the particular limits used may not be applicable in certain operating modes. There is thus a need for continually monitoring the quality of the alarms in the process in order to detect these situations.
  • the US patent US 6,104,965 refers to workstations for executing one or more operations on workpieces in assembly lines, and especially to workstations for placing components onto workpieces in assembly lines.
  • the US patent US 5,914,875 discloses a method and an apparatus for diagnosing a plant using a plant model in an abstract function level based on a human cognitive process, whereby a cause to a detected plant anomaly can be found.
  • US 5,914,875 does neither disclose a method or an apparatus for sensor analysis nor a method or an apparatus evaluating a sensor signal or status signal received from a sensor of the plant.
  • the present invention relates to analysis of sensors using status signals carrying information about the status of components in a flow system. Further, the invention relates to analysis of the status signals.
  • An embodiment of the invention comprises that qualitative descriptions of the status of the components are achieved by generating alarm signals dependent on limit values for the status signals, which limit values are defined by predetermined functions. Another embodiment of the invention further comprises that the qualitative descriptions are analyzed dependent on a set of predetermined rules, such as a set of consequence propagation rules, and on a single functional model describing the functionality of said flow system.
  • the functional model is a multilevel flow model of the plant. Further, according to an embodiment of the invention only one model of the plant is required to perform the inventive sensor analysis.
  • An embodiment of the invention comprises means for defining a condition between a goal and a function, and means for checking the consistency between an alarm state of the function and the condition.
  • the invention comprises further a validation or evaluation apparatus, comprising means for condition checking arranged to detect an inconsistency between two alarm signals indicating to for example an operator of the plant that the alarm signals are not reliable.
  • the means for condition checking is in one embodiment of the invention arranged to determine the alarm state of a function connected via a condition or a condition relation to a goal when the goal is not achieved.
  • the validation unit can further comprise means for checking for normal/failed situations arranged to determine if the alarm signals are reliable or if any of the sensors is out of order.
  • the means for checking for normal/failed situations is arranged to check a function in an alarmed state next to a function in a normal state using consequence propagation rules, and means for full consequence irregularity analysis.
  • the validation unit can comprise means for full consequence irregularity analysis arranged to reduce the number of primary alarms, whereby a more simplified alarm situation can be presented to for example an operator of the plant.
  • the means for full consequence irregularity analysis is in one embodiment of the invention arranged to assume that one of the alarm signals is erroneous, to check the alarm states using consequence propagation rules and to present the simplified situation if the number of primary alarms are decreased.
  • FIG. 1 schematically shows an embodiment of the sensor analysis system according to the present invention
  • Fig. 2 shows the steps of an embodiment of the validation method according to the present invention
  • Fig. 3 shows the steps of embodiments of the methods according to a) condition checking, b) checking for normal/failed situations and c) full part consequence irregularity analysis;
  • Fig. 4 shows a fluid conduit system and sensors, which are comprised in an example of a sensor analysis system according to the invention
  • Fig. 5 shows an MFM model with two networks Nl and N2, wherein the lower network N2 describes a flow of electricity, and the upper network Nl describes a flow of water;
  • Fig. 6a shows that the functions F5 and F2 have low flow alarms
  • Fig. 6b shows that the function F5 has a low flow alarm, and the function F2 has a high flow alarm;
  • Fig. 7a shows an alarm situation with no suspicious alarms;
  • Fig. 7b shows an alarm situation with no explanation according to the consequence rules in the MFM model;
  • Fig. 8 shows two alarm situations, which will be indicated as suspicious
  • Fig. 9 Shows an MFM flow with two primary alarms, which can be simplified by assuming that one of the alarms is incorrect;
  • Fig. 10 shows the network in fig. 9, wherein the function F2 is assumed to be in a high flow state instead of a low flow state
  • Fig. 11 shows the network in fig. 9, wherein the function F3 is assumed to be in a high volume state instead of a low volume state;
  • Fig. 12 shows the network in fig. 9, wherein the function F4 is assumed to be in a low flow state instead of a high flow state;
  • Fig. 13 shows an alarm situation, which cannot be reduced to comprise fewer primary alarms by assuming that a single measurement is incorrect.
  • Flow system refers to a system of components in operation having a flow of entities between them, and the capabilities of the components concerning the flow, such as the capabilities to store, transport, provide, consume, and control the flow of entities.
  • These entities could virtually be anything that obeys conservation laws, e.g., mass, energy, cash, or information flows.
  • the components can be pumps, tanks, conveyor belts, chemical reactions, biological processes, or other components that are used to maintain flows of mass.
  • the components can be radiators, batteries, electrical outlets, cords for transmission of electrical energy, or radioactively decaying material.
  • the components can be PID-regulators, sensors, and actuators, but also more abstract components such as information storage on an Internet server, network switches, document delivery systems, and means for verbal communication.
  • a cash flow system can comprise components such as bank accounts, financial transactions, and investments.
  • the wording component will also refer to a component comprising or constituted of at least two other components, so-called subcomponents.
  • Process or flow process refers to the interaction between components of a flow system.
  • a process comprises at least one flow system but it can also comprise a plurality of flow systems, which can be independent or interdependent.
  • An example can be a heat exchanger comprising both a flow of water (a mass flow) and a flow of heat (an energy flow), which flows are required for proper operation of the heat exchanger.
  • Another example can be a chemical process, which uses heat (an energy flow) to enable a chemical reaction (a mass flow).
  • Yet another example is the air supply system (a mass flow) of a space vessel, which is required to allow the astronauts to make decisions (an information flow).
  • Goal refers to the purpose of a process or a flow system and is the outcome towards which certain activities of the process are directed.
  • a goal could for example be to keep the level in a tank high enough and a sub-goal could be to provide electrical power to a pump, which is pumping water to the tank, wherein the sub-goal has to be fulfilled for the main goal to be fulfilled.
  • Function refers to the capabilities of the components, which are used to fulfill the goals.
  • a source function can for example be used to model the capability of a tray, i.e., to provide an infinite amount of mass, or the capability of a power plant to provide an infinite amount of energy.
  • a transport function can, for example be used to model the capability of a pump, i.e., to move an amount of mass, or the transfer of cash from one account to another, i.e., move an amount of cash.
  • a function can also be used to describe the capability to control the fulfillment of a goal.
  • the manager function can be used to model the capability of the operators of a power plant to control the production of energy, and thereby fulfilling the goal of the power plant.
  • Multilevel Flow Model describes the goals and functions of a target system/plant or of a process.
  • Multilevel flow models are graphical models on which it is possible to base several different methods for diagnostic reasoning.
  • the multilevel flow model of a plant can be divided into several smaller model parts each one having a goal to fulfill. These goals are the above-mentioned sub-goals.
  • Network or flow refers to a set of connected functions which models a part of the plant or process and which functions co-operates to fulfill a goal connected to the network. The relationship between a network and a goal can be described by means of an achieve relation, indicated as an arrow in the figures.
  • Target system or plant is the system that is monitored, observed, analyzed or diagnosed by the invention, possibly including at least one flow system and/or a monitoring or control system.
  • Signals or parameters are, in a physical flow system generated analog or digital waveforms used to carry information. Sensors arranged at the components can for example register the signals. In a non-physical flow system, such as a business or a management system, specific parameters are used to carry information about the components.
  • a status signal is the comprehensive term for a signal that provides information about the status of the process, wherein the information comprises both quantitative status signals, such as measurements, and qualitative status signals, such as alarms, alarm signals and events.
  • Measurement signals or measurements are quantitative descriptions of the status of process components, e.g. the level in a tank or the flow rate through a pipe or the like in a flow system.
  • the measurements are recorded for example by sensors, which are typically comprised in a target system, for example in an instrumentation and control system.
  • Alarms are qualitative descriptions of the status of components and are generated when the measurements are not acceptable according to a predetermined function defining limit values of operation, e.g., the level in a tank is too high or the flow rate through a pipe is too low.
  • the alarms can be generated in a target system, for example in an instrumentation and control system comprised in or connected to the target system.
  • Alarm signals, alarm values, and alarm states are qualitative descriptions of the status of the components and typically indicates qualitative classification of quantitative values according to limit values defined by predetermined functions.
  • the alarm signals, alarm values and alarm states typically include the qualitative values high, normal, or low.
  • the alarm signals, alarm values, and the alarm state comprise the qualitative value normal as well, as distinguished from the alarms which do not comprise the qualitative value normal.
  • Events are qualitative information about those events, other than the events that give rise to alarm signals or alarms that occur in the process e.g., control actions such as closing a valve, or changes in the mode of operation, such as startup or shutdown.
  • the events are generated in a target system, e.g., an information and control system.
  • Calculated or generated status information is information calculated or generated by the validation means comprised in the system according to the present invention.
  • the calculation is based on the status signals received from a target system or from an instrumentation and control system.
  • the calculation is further dependent on the functional model of the target system or the process and on a predetermined set of rules, for example a predetermined set of consequence propagation rules.
  • Consequence propagation rules comprise a set of predetermined causality rules describing the relationship between different parts and/or components in a flow/network of the target system or the plant, i.e. describing how the parts and/or components comprised in the flow/network affect each other.
  • the consequence propagation rules comprise also a set of conditional relations between networks, which relations are called condition relations.
  • the condition relations can describe the relationship between a goal and a network, e.g. "in order to fulfill a function of a second network a goal of a first network has to be fulfilled".
  • the rules can be described by simple if-statements or by more complex logical expressions.
  • the present invention refers to a system, an apparatus, a method and a computer program product for sensor analysis, and especially such a system, an apparatus, a method and a computer program product that can detect alarm signals that are possibly erroneous. Further, an embodiment of the invention refers to a system, an apparatus, a method and a computer program product that can give an indication to an operator that the indicated alarm signal or alarm signals can not be reliable.
  • An embodiment of the invention is arranged to automatically detect false sensor measurements by comparing information from many sensors and applying knowledge of the flow process or the plant, and then detecting when the measurements are not in agreement. If a suspect measurement is found, the system is also able to provide an alternative measurement value that would fit the alarm situation.
  • the system 1 comprises at least a part of a flow system or process 10 comprising a set of components 15, which process 10 is communicatively connected to an alarm unit 20.
  • the system 1 comprises a sensor analysis apparatus 5, which can be a computer-based apparatus or a computer such as a personal computer.
  • the computer-based apparatus would typically comprise a data processing unit that is loadable with program code realizing functions and procedures of the invention.
  • a data processing unit would comprise a processor, data storage memory and data input/output interfaces.
  • the data input/output interfaces can comprise in different embodiments an input stage and an output stage realized as inputs or outputs for physical signals or computer program parameters.
  • the apparatus 5 comprises a validation unit 30 and a data storage means 40, such as a database 40 or another means for storing information.
  • the sensor analysis apparatus 5 comprises for example the alarm unit 20 and/or a display unit 50.
  • the validation unit 30 is communicatively connected to the alarm unit 20, to the database 40 and can also be communicatively connected to a display unit 50.
  • the validation unit 30 comprises at least one validation means, e.g. means for condition checking 31, means for normal/failed checking 32 and/or means for full part consequence irregularity analysis 33, which validation means 31-33 will be described in more detail below.
  • the validation unit 30 can also comprise other suitable validation means for sensor analysis and/or means for another kind of analysis.
  • the database 40 is configured to store or 5 comprise a set of rules relating to the plant, such as a set of consequence propagation rules, i.e. a set of causality rules and a set of condition relations.
  • rules and relations can be predetermined by using knowledge about the components 15 of the plant or process, e.g. the kind of components 15, the interactions between the components 15, and by using knowledge about the interactions between
  • networks which networks comprises the functions modeling the components 15.
  • the display unit 50 is a monitor, but it can also be a printer or another unit arranged to display or present the result of the validation unit 30 to an operator of the plant.
  • Sensors 16 comprised in the system 1 measure different parameters of the
  • the alarm unit 20 determines the causal relationship between the received or generated alarms or alarm signals, by means of enumeration of all possible alarm combinations, logical expressions, or alarm analysis.
  • the alarm unit 20 according to an embodiment of the invention is arranged to determine which
  • the 30 calculates new status information based on the alarm signals and dependent on the consequence propagation rules. Then the calculated new status information can be presented to an operator on the display unit 50.
  • 35 10 comprises a fluid flow system comprising conduits cl-c4 and three sensors sl-s3.
  • the sensors sl-s3 can be arranged to register or measure different parameter values of flow such as the flow of mass, the flow of energy, and the flow of information. Referring to figure 4, the invention will be described using the flow of fluid and the flow directions are illustrated in the figure 4 using arrows.
  • the values/signals registered by the sensors sl-s3 can be expressed as qualitative descriptions such as a low flow, a normal flow, and a high flow.
  • the construction of the flow system is known beforehand as well as the physical laws concerning the motion of the flow.
  • the sensor analysis system 1 is thus capable, by using the sensor signals, the set of consequence propagation rules relating to the physical properties and the physical laws between the components 15 and the networks, to analyze the alarm signals.
  • an embodiment of the invention comprises three different validation means 31-33, but it can comprise one, two or a plurality of the validation means.
  • the validation means 31 and 32 i.e., the means for condition checking 31 and the means for checking for normal/failed situations 32, are arranged to detect simple inconsistencies telling that "something must be wrong here.”
  • the third validation means 33 i.e., the means for full part consequence irregularity analysis 33, is arranged to simplify the detected alarm situation by assuming that one alarm signal is incorrect whereby another alarm situation can be found which would make fewer primary alarms according to the consequence propagation rules.
  • the sensor analysis method according to an embodiment of the present invention comprises the steps of (cf. figure 2):
  • step 100 receiving in an alarm unit 20 a plurality of sensor signals or status signals
  • step 200 generating, in the alarm unit 20, alarm signals dependent on limit values for the status signals and determining the causal relationship between the alarm signals, i.e., separating the alarm signals into primary and secondary alarms (step 200);
  • step 300 - receiving, in a validation unit 30, said primary and secondary alarms and the causal relationship between them (step 300);
  • step 500 - calculating or generating, in the validation means 31-33, new status information based on said primary and secondary alarms (step 400) and dependent on the set of consequence propagation rules, i.e. dependent on the set of causality rales and the set of condition relations; and - possibly, presenting said generated or calculated new status information to an operator by means of the display unit 50 (step 500).
  • the flow in the conduit c4 depends on the construction of the conduit system and on the flow in conduit cl. If the sensor s2 is associated with an alarm state indicating a low flow and the sensor s3 is associated with an alarm state indicating a high flow, there is an inconsistency between these two alarm signals. The inconsistency is due to the fact that it is unlikely that a low flow in conduit cl causes a high flow in conduit c4. Thus the means for condition checking 31 comprised in an embodiment of the invention will detect this inconsistency and indicate to e.g., an operator that the alarms can not be relied on.
  • the alarm signals can be indicated as primary alarms or as secondary alarms by means of the alarm unit 20. Further, by means of the means for full part consequence irregularity analysis 33 assumptions are done about the alarms, using the set of consequence propagation rules, to decrease the number of primary alarms. The solution with the smallest number of primary alarms can then be presented to the operator on the display unit 50. Preferably, the number of primary alarms is decreased to only one primary alarm since it is more probable that single faults occur than multiple faults.
  • MFM Multilevel Flow Model
  • the sensor fault detection is implemented using an abstract functional model, such as a Multilevel Flow Model (MFM), of the entire flow process or plant, or of parts of the flow process or the plant.
  • MFM model comprises a plurality of networks, each of which networks comprises a plurality of flow functions modeling components 15 of the plant 10 and interactions between them.
  • the functions comprised in the network co-operate to achieve the goal of the network.
  • This implementation also comprises a set of consequence propagation rules, i.e. a set of causality rules and a set of condition relations between the components 15 and the networks, respectively.
  • Embodiments of the validation means 31-33 implemented in an MFM model of the plant will now be described.
  • the mean ⁇ is arranged to compare measurements from two different flows/networks with knowledge about how one flow affects the other flows comprised in the model of the plant. If the measurements are inconsistent with the knowledge, an erroneous sensor measurement has been discovered.
  • each condition relation in the model has an associated property, which indicates in which way the failure of the connected goal will affect the connected function. This property can tell if the failure of a goal will mean that the function goes to a "fail high" -state, such as high flow or high volume or if it will go to a "fail low”-state, such as low flow or low volume.
  • Figure 5 shows an example of an MFM model of a plant comprising two networks Nl and N2.
  • the lower network N2 describes a flow of electrical energy from a power supply, described by the function F4, via a cord, described by the function F5, to a pump, described by the function F6. Together these functions, F4, F5, F6, achieve the goal G2, which can be explained as "Supply electrical power to the pump”.
  • the upper network Nl describes a flow of water from a source, described by the source function FI , via the pump, described by the transport function F2, to a sink, described by the function F3. Together, these functions, FI, F2, F3, achieve the goal Gl. In order for the pump to transport water, as described by function F2, it needs electrical power.
  • condition or a condition relation Cl between the goal G2 of the network N2 and the function F2 of the network Nl, indicating this requirement. If the goal G2 is not fulfilled, i.e., the power supply is not fulfilled, the pump will not be able to pump water and consequently the function F2 will be in a low flow state. Thus, the water flow will stop if the pump does not receive any electrical energy, so the properties of the condition Cl indicates that if the goal G2 is not achieved the function F2 will go to a low flow state.
  • Figure 6 shows the same model as figure 5.
  • FIG 6a there is a low flow alarm on the function F5, indicated by a vertically and downwardly directed arrow. This low flow alarm indicates a low flow of electricity to the pump.
  • a low flow alarm on the function F2 also indicated by a vertically and downwardly directed arrow. This indicates a low flow of water through the pump.
  • the alarm state of the function F2 matches the information from the condition Cl, i.e., the function F2 should go to a low flow state if the goal G2 is not achieved.
  • FIG 6b there is a low flow alarm on the function F5, just as before, but a high flow alarm on the function F2.
  • the alarm state of the function F2 does not match the expected value computed from the fact that the goal G2 is failed, and the properties of the condition Cl as mentioned before.
  • the topmost network Nl is pointed out as having a possibly suspect alarm situation.
  • the method of condition checking comprises, for calculating or generating new status information, the steps of (cf. figure 3a):
  • step 402a determining if an alarm signal of a function, connected via a condition to a non- achieved goal in the MFM model, is not in the expected failure state (step 402a); and - indicating that alarm signal as inconsistent (step 404a).
  • emb ⁇ dimen of . tte sitaations.32 is arranged to compare sensor measurements within a flow/network and compares them with knowledge about how the flow is connected, i.e. how the functions comprised in the flow are connected to each other. If the compared measurements are inconsistent an erroneous measurement has been detected.
  • the previous method for checking for normal/failed situations i.e. the method for condition checking, is designed to cover inconsistencies between networks, via the condition relations. There is however, another kind of simple inconsistency that can occur within an MFM network, and which might indicate suspicious alarm signals.
  • Figure 8 shows parts of two networks comprising two storage functions connected to each other via a transport function. Further, the topmost network shows that a reasonable guess by an operator might be that there is an absence of an alarm and in the lower network that the single alarm is a false alarm. Both of these statements would of course require that this situation remains for some time to rale out the possibility that it is only a matter of transitional effects.
  • the method for checking for normal/failed situations comprises, for calculating or generating new status information, the steps of (cf. figure 3b):
  • one embodiment of complaint ⁇ e ⁇ i ⁇ e . gularitj .. ana ysis . 33 is arranged to use sensor measurements from a single flow/network and to use knowledge about how the flow is connected, i.e. how the functions comprised in the flow are connected to each other. If the assumption of a fault in a sensor measurement can decrease the number of observed faults in the flow and thus simplifying the fault situation, the method will present that sensor measurement as possibly wrong. Thus the method for full consequence irregularity analysis is designed to find any kind of situation where the alarm situation would make more sense according to the set of consequence propagation rales and under the assumption that one alarm signal is incorrect.
  • the MFM network in question is reported as having a suspicious alarm situation, and the simpler solution or solutions are presented together with the function that was assumed to have an incorrect alarm state to for example an operator of the plant.
  • every MFM function has an associated measurement or alarm signal.
  • an MFM flow is shown, wherein six of the seven functions have active alarms, and wherein the function F7 is in a normal state.
  • the dark dots indicate the functions having primary alarms according to the alarm unit 20, and the lighter dots indicate functions having secondary alarms. In order to see whether this situation can be simplified or not, each measured function will be checked to see if the number of primary alarms will decrease if the inspected function is assumed to have an incorrect alarm state.
  • a source function S has only two alarm states, normal and low capacity. Thus, if the measurement for FI in figure 9 is . incorrect, it must be normal. If FI is assumed to be in a normal state, there will be no decrease in the number of primary alarms, since the functions F2 and F5 will become primary. So there is nothing gained from assuming that FI is incorrect and the alarm for FI is thus not reported as suspect. If the transport function F2 is assumed to be in a normal state instead of a low flow state nothing is gained either, since the functions FI and F5 will still be primary alarms.
  • FIG 13 an MFM flow/network with an alarm situation is shown, wherein three of the functions are considered as primary alarms.
  • the number of primary alarms cannot be reduced by assuming that one single measurement is incorrect. Thus at least two measurements must be changed in order to reduce the number of primary alarms.
  • the method of full consequence irregularity analysis comprises, for calculating or generating new status information, the steps of (cf. figure 3c):
  • step 402c finding a network with at least two primary alarms
  • step 404c changing the alarm state of a function to another state in the network, step 404c;
  • step 406c storing the achieved situation and indicating the investigated alarm signal as inconsistent, if the number of primary alarms in the network decreases, step 406c;
  • step 402c repeating from step 402c for each additional network with at least two primary alarms, 408c.
  • the system and the apparatus for sensor analysis according to the invention comprise means for performing the steps and the functions of the method. All means can be realized as hardware units and most of them are advantageously implemented as computer programs, executing on hardware parts of the arrangement.
  • a computer program product, for use with a sensor analysis system, for carrying out an embodiment of the inventive sensor analysis method and realizing an embodiment of the inventive sensor analysis structure comprises a recording medium and means for performing said method and realizing said sensor analysis structure recorded on the recording medium.

Abstract

The present invention relates to analysis of sensors and sensor signals using status signals carrying information about the status of components in a flow system. The invention can comprise means for condition checking (31) arranged to determine the alarm state of a function connected via a condition to a goal when the goal is not achieved or means for checking for normal/failed situations (32) arranged to check a function in an alarmed state next to a function in a normal state using consequence propagation rules. Further, the invention can comprise means for full consequence irregularity analysis (33) arranged to assume that one of the alarm signals is erroneous, to check the alarm states using consequence propagation rules and to present the simplified situation if the number of primary alarms are decreased.

Description

METHOD AND APPARATUS FOR REDUCTION OF ALARM SIGNALS IN ORDER TO PRESENT A SIMPLIFIED ALARM SITUATION
Technical field of the invention
The present invention relates to analysis of sensors and sensor signals 5 detecting the status of components in a flow system, and especially to a system, an apparatus, a method and a computer program product for analysis of sensors comprised in a process or a plant.
Background of the invention
10 Supervision and control of an industrial plant often relies on measured values from sensors installed in different locations in the plant. In order to be able to apply fine-grained control and supervision of the whole plant, there are often a very large number of sensors, wherein one or more alarms can be associated to each sensor. These alarms are used to tell the operator of the plant that something has happened,
15 or is about to happen, that may require manual intervention or other appropriate measures. Thus the alarms are important sources of information for the operators and it is important that the alarms are correct. This means that the alarms must be reliable and should not be raised when there is no real error. However, there are several reasons why an alarm goes off when it should not and why it does not go off
20 when it should. For example, the sensors themselves can break down or start to drift. The alarm limits can be badly tuned from the beginning or the particular limits used may not be applicable in certain operating modes. There is thus a need for continually monitoring the quality of the alarms in the process in order to detect these situations.
25 There are several methods for sensor analysis, which can be separated into two groups, those that operate on single sensors, and those that utilize information from many sensors in order to find aberrations in the measurements. In the first group, very simple methods can be used, for example methods that assigns a range of valid measurements to a sensor and assumes that a value outside this range
30 always is faulty. To increase the accuracy, information about for example operating mode and/or time dependencies can be included. In the second group, redundant sensors can be used, whereby different sensor measurements are compared. If the sensors do not measure the same value, but the information they give is related in some way, various statistical methods can be used.
35 However, simple methods are often too simple, i.e., they can miss failures, and more advanced statistical methods can be too computationally complex to be performed on each sensor. The method of using several identical (redundant) sensors, as in said second group, is very expensive and methods using analytical redundancy often need complex models, which are costly to develop and difficult to maintain.
The US patent US 6,104,965 refers to workstations for executing one or more operations on workpieces in assembly lines, and especially to workstations for placing components onto workpieces in assembly lines. The US patent US 5,914,875 discloses a method and an apparatus for diagnosing a plant using a plant model in an abstract function level based on a human cognitive process, whereby a cause to a detected plant anomaly can be found. However, US 5,914,875 does neither disclose a method or an apparatus for sensor analysis nor a method or an apparatus evaluating a sensor signal or status signal received from a sensor of the plant.
Object of the invention
An object of the present invention is to provide a system, an apparatus, a method and a computer program product that is capable to detect alarm signals that are possibly erroneous. Another object is to provide a system, an apparatus, a method and a computer program product for sensor analysis that is accurate, easy to implement, and computationally simple. Yet another object of the invention is to provide a system, an apparatus, a method and a computer program product that gives an indication to an operator that an indicated alarm signal is or as the case may be a plurality of alarm signals are not reliable. A further object of the invention is to provide a simplified alarm situation to for example an operator of the plant.
Summary of the invention
The present invention relates to analysis of sensors using status signals carrying information about the status of components in a flow system. Further, the invention relates to analysis of the status signals.
An embodiment of the invention comprises that qualitative descriptions of the status of the components are achieved by generating alarm signals dependent on limit values for the status signals, which limit values are defined by predetermined functions. Another embodiment of the invention further comprises that the qualitative descriptions are analyzed dependent on a set of predetermined rules, such as a set of consequence propagation rules, and on a single functional model describing the functionality of said flow system. In one embodiment of the invention, the functional model is a multilevel flow model of the plant. Further, according to an embodiment of the invention only one model of the plant is required to perform the inventive sensor analysis.
An embodiment of the invention comprises means for defining a condition between a goal and a function, and means for checking the consistency between an alarm state of the function and the condition. The invention comprises further a validation or evaluation apparatus, comprising means for condition checking arranged to detect an inconsistency between two alarm signals indicating to for example an operator of the plant that the alarm signals are not reliable. The means for condition checking is in one embodiment of the invention arranged to determine the alarm state of a function connected via a condition or a condition relation to a goal when the goal is not achieved.
The validation unit can further comprise means for checking for normal/failed situations arranged to determine if the alarm signals are reliable or if any of the sensors is out of order. In an embodiment of the invention, the means for checking for normal/failed situations is arranged to check a function in an alarmed state next to a function in a normal state using consequence propagation rules, and means for full consequence irregularity analysis.
Further, the validation unit can comprise means for full consequence irregularity analysis arranged to reduce the number of primary alarms, whereby a more simplified alarm situation can be presented to for example an operator of the plant. The means for full consequence irregularity analysis is in one embodiment of the invention arranged to assume that one of the alarm signals is erroneous, to check the alarm states using consequence propagation rules and to present the simplified situation if the number of primary alarms are decreased.
Short description of the drawings
The present invention will be described in more detail with reference to the accompanying drawings, in which Fig. 1 schematically shows an embodiment of the sensor analysis system according to the present invention;
Fig. 2 shows the steps of an embodiment of the validation method according to the present invention;
Fig. 3 shows the steps of embodiments of the methods according to a) condition checking, b) checking for normal/failed situations and c) full part consequence irregularity analysis;
Fig. 4 shows a fluid conduit system and sensors, which are comprised in an example of a sensor analysis system according to the invention;
Fig. 5 shows an MFM model with two networks Nl and N2, wherein the lower network N2 describes a flow of electricity, and the upper network Nl describes a flow of water;
Fig. 6a shows that the functions F5 and F2 have low flow alarms;
Fig. 6b shows that the function F5 has a low flow alarm, and the function F2 has a high flow alarm; Fig. 7a shows an alarm situation with no suspicious alarms; Fig. 7b shows an alarm situation with no explanation according to the consequence rules in the MFM model;
Fig. 8 shows two alarm situations, which will be indicated as suspicious; Fig. 9 Shows an MFM flow with two primary alarms, which can be simplified by assuming that one of the alarms is incorrect;
Fig. 10 shows the network in fig. 9, wherein the function F2 is assumed to be in a high flow state instead of a low flow state; Fig. 11 shows the network in fig. 9, wherein the function F3 is assumed to be in a high volume state instead of a low volume state;
Fig. 12 shows the network in fig. 9, wherein the function F4 is assumed to be in a low flow state instead of a high flow state; and
Fig. 13 shows an alarm situation, which cannot be reduced to comprise fewer primary alarms by assuming that a single measurement is incorrect.
Definitions
In the description text of the present invention, the following definitions will be used:
Flow system refers to a system of components in operation having a flow of entities between them, and the capabilities of the components concerning the flow, such as the capabilities to store, transport, provide, consume, and control the flow of entities. These entities could virtually be anything that obeys conservation laws, e.g., mass, energy, cash, or information flows. In a mass flow system the components can be pumps, tanks, conveyor belts, chemical reactions, biological processes, or other components that are used to maintain flows of mass. In an energy flow, the components can be radiators, batteries, electrical outlets, cords for transmission of electrical energy, or radioactively decaying material. In an information flow the components can be PID-regulators, sensors, and actuators, but also more abstract components such as information storage on an Internet server, network switches, document delivery systems, and means for verbal communication. A cash flow system can comprise components such as bank accounts, financial transactions, and investments. In this text the wording component will also refer to a component comprising or constituted of at least two other components, so-called subcomponents. Process or flow process refers to the interaction between components of a flow system. A process comprises at least one flow system but it can also comprise a plurality of flow systems, which can be independent or interdependent. An example can be a heat exchanger comprising both a flow of water (a mass flow) and a flow of heat (an energy flow), which flows are required for proper operation of the heat exchanger. Another example can be a chemical process, which uses heat (an energy flow) to enable a chemical reaction (a mass flow). Yet another example is the air supply system (a mass flow) of a space vessel, which is required to allow the astronauts to make decisions (an information flow). Goal refers to the purpose of a process or a flow system and is the outcome towards which certain activities of the process are directed. A goal could for example be to keep the level in a tank high enough and a sub-goal could be to provide electrical power to a pump, which is pumping water to the tank, wherein the sub-goal has to be fulfilled for the main goal to be fulfilled. Function refers to the capabilities of the components, which are used to fulfill the goals. A source function can for example be used to model the capability of a tray, i.e., to provide an infinite amount of mass, or the capability of a power plant to provide an infinite amount of energy. Further, a transport function can, for example be used to model the capability of a pump, i.e., to move an amount of mass, or the transfer of cash from one account to another, i.e., move an amount of cash. A function can also be used to describe the capability to control the fulfillment of a goal. The manager function can be used to model the capability of the operators of a power plant to control the production of energy, and thereby fulfilling the goal of the power plant. Multilevel Flow Model (MFM) describes the goals and functions of a target system/plant or of a process. Multilevel flow models are graphical models on which it is possible to base several different methods for diagnostic reasoning. The multilevel flow model of a plant can be divided into several smaller model parts each one having a goal to fulfill. These goals are the above-mentioned sub-goals. Network or flow refers to a set of connected functions which models a part of the plant or process and which functions co-operates to fulfill a goal connected to the network. The relationship between a network and a goal can be described by means of an achieve relation, indicated as an arrow in the figures.
Target system or plant is the system that is monitored, observed, analyzed or diagnosed by the invention, possibly including at least one flow system and/or a monitoring or control system.
Signals or parameters are, in a physical flow system generated analog or digital waveforms used to carry information. Sensors arranged at the components can for example register the signals. In a non-physical flow system, such as a business or a management system, specific parameters are used to carry information about the components.
A status signal is the comprehensive term for a signal that provides information about the status of the process, wherein the information comprises both quantitative status signals, such as measurements, and qualitative status signals, such as alarms, alarm signals and events.
Measurement signals or measurements are quantitative descriptions of the status of process components, e.g. the level in a tank or the flow rate through a pipe or the like in a flow system. The measurements are recorded for example by sensors, which are typically comprised in a target system, for example in an instrumentation and control system.
Alarms are qualitative descriptions of the status of components and are generated when the measurements are not acceptable according to a predetermined function defining limit values of operation, e.g., the level in a tank is too high or the flow rate through a pipe is too low. The alarms can be generated in a target system, for example in an instrumentation and control system comprised in or connected to the target system.
Alarm signals, alarm values, and alarm states are qualitative descriptions of the status of the components and typically indicates qualitative classification of quantitative values according to limit values defined by predetermined functions. Thus the alarm signals, alarm values and alarm states typically include the qualitative values high, normal, or low. Thus the alarm signals, alarm values, and the alarm state comprise the qualitative value normal as well, as distinguished from the alarms which do not comprise the qualitative value normal.
Events are qualitative information about those events, other than the events that give rise to alarm signals or alarms that occur in the process e.g., control actions such as closing a valve, or changes in the mode of operation, such as startup or shutdown. The events are generated in a target system, e.g., an information and control system.
Calculated or generated status information is information calculated or generated by the validation means comprised in the system according to the present invention. The calculation is based on the status signals received from a target system or from an instrumentation and control system. The calculation is further dependent on the functional model of the target system or the process and on a predetermined set of rules, for example a predetermined set of consequence propagation rules.
Consequence propagation rules comprise a set of predetermined causality rules describing the relationship between different parts and/or components in a flow/network of the target system or the plant, i.e. describing how the parts and/or components comprised in the flow/network affect each other. The consequence propagation rules comprise also a set of conditional relations between networks, which relations are called condition relations. The condition relations can describe the relationship between a goal and a network, e.g. "in order to fulfill a function of a second network a goal of a first network has to be fulfilled". The rules can be described by simple if-statements or by more complex logical expressions.
Detailed description of the invention The present invention refers to a system, an apparatus, a method and a computer program product for sensor analysis, and especially such a system, an apparatus, a method and a computer program product that can detect alarm signals that are possibly erroneous. Further, an embodiment of the invention refers to a system, an apparatus, a method and a computer program product that can give an indication to an operator that the indicated alarm signal or alarm signals can not be reliable.
An embodiment of the invention is arranged to automatically detect false sensor measurements by comparing information from many sensors and applying knowledge of the flow process or the plant, and then detecting when the measurements are not in agreement. If a suspect measurement is found, the system is also able to provide an alternative measurement value that would fit the alarm situation.
The system according to an embodiment of the invention will now be described with reference to figure 1, wherein one embodiment of the invention is shown. The system 1 comprises at least a part of a flow system or process 10 comprising a set of components 15, which process 10 is communicatively connected to an alarm unit 20. Further, the system 1 comprises a sensor analysis apparatus 5, which can be a computer-based apparatus or a computer such as a personal computer. The computer-based apparatus would typically comprise a data processing unit that is loadable with program code realizing functions and procedures of the invention. A data processing unit would comprise a processor, data storage memory and data input/output interfaces. The data input/output interfaces can comprise in different embodiments an input stage and an output stage realized as inputs or outputs for physical signals or computer program parameters.
In one embodiment of the invention, the apparatus 5 comprises a validation unit 30 and a data storage means 40, such as a database 40 or another means for storing information. However, in another embodiment the sensor analysis apparatus 5 comprises for example the alarm unit 20 and/or a display unit 50. The validation unit 30 is communicatively connected to the alarm unit 20, to the database 40 and can also be communicatively connected to a display unit 50.
The validation unit 30 according to one embodiment of the invention comprises at least one validation means, e.g. means for condition checking 31, means for normal/failed checking 32 and/or means for full part consequence irregularity analysis 33, which validation means 31-33 will be described in more detail below. However, the validation unit 30 can also comprise other suitable validation means for sensor analysis and/or means for another kind of analysis.
In one embodiment of the invention, the database 40 is configured to store or 5 comprise a set of rules relating to the plant, such as a set of consequence propagation rules, i.e. a set of causality rules and a set of condition relations. These rules and relations can be predetermined by using knowledge about the components 15 of the plant or process, e.g. the kind of components 15, the interactions between the components 15, and by using knowledge about the interactions between
10. networks, which networks comprises the functions modeling the components 15.
In an embodiment of the invention, the display unit 50 is a monitor, but it can also be a printer or another unit arranged to display or present the result of the validation unit 30 to an operator of the plant.
Sensors 16 comprised in the system 1 measure different parameters of the
15 components 15 of the process 10, whereby quantitative measurement signals are compared with predefined limit values by means of for example the alarm unit 20 or the like. Qualitative alarm signals are generated, and if the sensor signals are outside the range of predefined limit values, alarms or alarm signals are generated. These alarms and alarm signals are qualitative descriptions of the status of the component 0 15.
Further, the alarm unit 20 determines the causal relationship between the received or generated alarms or alarm signals, by means of enumeration of all possible alarm combinations, logical expressions, or alarm analysis. Thus, the alarm unit 20 according to an embodiment of the invention is arranged to determine which
25 of the alarms or alarm signals that are primary alarms and which are secondary alarms. Said alarm signals and their causal relationships are transmitted from the alarm unit 20 and received in the validation unit 30. More specifically, the alarm signals and the causal relationship are received in each of the validation means 31- 33 comprised in the validation unit 30. Whereby said validation means 31-33 . . .
30 calculates new status information based on the alarm signals and dependent on the consequence propagation rules. Then the calculated new status information can be presented to an operator on the display unit 50.
The sensor analysis system 1 according to an embodiment of the invention will now be described with reference to figure 4. In this simple example the process
35 10 comprises a fluid flow system comprising conduits cl-c4 and three sensors sl-s3. The sensors sl-s3 can be arranged to register or measure different parameter values of flow such as the flow of mass, the flow of energy, and the flow of information. Referring to figure 4, the invention will be described using the flow of fluid and the flow directions are illustrated in the figure 4 using arrows. The values/signals registered by the sensors sl-s3 can be expressed as qualitative descriptions such as a low flow, a normal flow, and a high flow. In the sensor analysis system according to an embodiment of the invention the construction of the flow system is known beforehand as well as the physical laws concerning the motion of the flow. Since the flow of fluid in the system is known, it is possible to predetermine a set of rales, comprising a set of consequence propagation rules, i.e. a set of causality rules and condition relations, valid for this flow system or process 10. The sensor analysis system 1 according to the invention is thus capable, by using the sensor signals, the set of consequence propagation rules relating to the physical properties and the physical laws between the components 15 and the networks, to analyze the alarm signals.
As mentioned above, an embodiment of the invention comprises three different validation means 31-33, but it can comprise one, two or a plurality of the validation means. The validation means 31 and 32, i.e., the means for condition checking 31 and the means for checking for normal/failed situations 32, are arranged to detect simple inconsistencies telling that "something must be wrong here." The third validation means 33, i.e., the means for full part consequence irregularity analysis 33, is arranged to simplify the detected alarm situation by assuming that one alarm signal is incorrect whereby another alarm situation can be found which would make fewer primary alarms according to the consequence propagation rules.
The sensor analysis method according to an embodiment of the present invention comprises the steps of (cf. figure 2):
- receiving in an alarm unit 20 a plurality of sensor signals or status signals (step 100);
- generating, in the alarm unit 20, alarm signals dependent on limit values for the status signals and determining the causal relationship between the alarm signals, i.e., separating the alarm signals into primary and secondary alarms (step 200);
- receiving, in a validation unit 30, said primary and secondary alarms and the causal relationship between them (step 300);
- calculating or generating, in the validation means 31-33, new status information based on said primary and secondary alarms (step 400) and dependent on the set of consequence propagation rules, i.e. dependent on the set of causality rales and the set of condition relations; and - possibly, presenting said generated or calculated new status information to an operator by means of the display unit 50 (step 500).
An embodi ent.gf .the will now be described with reference to the simple example illustrated in figure 4. The flow in the conduit c4 depends on the construction of the conduit system and on the flow in conduit cl. If the sensor s2 is associated with an alarm state indicating a low flow and the sensor s3 is associated with an alarm state indicating a high flow, there is an inconsistency between these two alarm signals. The inconsistency is due to the fact that it is unlikely that a low flow in conduit cl causes a high flow in conduit c4. Thus the means for condition checking 31 comprised in an embodiment of the invention will detect this inconsistency and indicate to e.g., an operator that the alarms can not be relied on.
An embodiment of .the m^ also be described with reference to figure 4. If the sensor si is associated with an alarm state, indicating e.g., a high flow in the conduit cl and the sensor s2 is associated with a normal state there is an inconsistency between the alarm signals. The inconsistency is due to the fact that the two sensors si, s2 are located side-by- side in the conduit cl and thus the same flow is passing both of them. The means for checking for normal/failed situations 32 comprised in an embodiment of the invention will thus indicate that the alarm signals can not be relied on and that one of the sensors si and s2 may be out of order.
An ernb„o.dm.ent o.f the m^ will now be described. As described above the alarm signals can be indicated as primary alarms or as secondary alarms by means of the alarm unit 20. Further, by means of the means for full part consequence irregularity analysis 33 assumptions are done about the alarms, using the set of consequence propagation rules, to decrease the number of primary alarms. The solution with the smallest number of primary alarms can then be presented to the operator on the display unit 50. Preferably, the number of primary alarms is decreased to only one primary alarm since it is more probable that single faults occur than multiple faults.
Multilevel Flow Model (MFM)
In one embodiment of the present invention, the sensor fault detection is implemented using an abstract functional model, such as a Multilevel Flow Model (MFM), of the entire flow process or plant, or of parts of the flow process or the plant. The MFM model comprises a plurality of networks, each of which networks comprises a plurality of flow functions modeling components 15 of the plant 10 and interactions between them. The functions comprised in the network co-operate to achieve the goal of the network. This implementation also comprises a set of consequence propagation rules, i.e. a set of causality rules and a set of condition relations between the components 15 and the networks, respectively. Embodiments of the validation means 31-33 implemented in an MFM model of the plant will now be described.
In one embgdiment of .the invention the mean^ is arranged to compare measurements from two different flows/networks with knowledge about how one flow affects the other flows comprised in the model of the plant. If the measurements are inconsistent with the knowledge, an erroneous sensor measurement has been discovered. When building an MFM model for use with the alarm unit 20, each condition relation in the model has an associated property, which indicates in which way the failure of the connected goal will affect the connected function. This property can tell if the failure of a goal will mean that the function goes to a "fail high" -state, such as high flow or high volume or if it will go to a "fail low"-state, such as low flow or low volume.
Figure 5 shows an example of an MFM model of a plant comprising two networks Nl and N2. The lower network N2 describes a flow of electrical energy from a power supply, described by the function F4, via a cord, described by the function F5, to a pump, described by the function F6. Together these functions, F4, F5, F6, achieve the goal G2, which can be explained as "Supply electrical power to the pump". The upper network Nl describes a flow of water from a source, described by the source function FI , via the pump, described by the transport function F2, to a sink, described by the function F3. Together, these functions, FI, F2, F3, achieve the goal Gl. In order for the pump to transport water, as described by function F2, it needs electrical power. Therefore there is a condition or a condition relation Cl between the goal G2 of the network N2 and the function F2 of the network Nl, indicating this requirement. If the goal G2 is not fulfilled, i.e., the power supply is not fulfilled, the pump will not be able to pump water and consequently the function F2 will be in a low flow state. Thus, the water flow will stop if the pump does not receive any electrical energy, so the properties of the condition Cl indicates that if the goal G2 is not achieved the function F2 will go to a low flow state.
Figure 6 shows the same model as figure 5. In figure 6a, there is a low flow alarm on the function F5, indicated by a vertically and downwardly directed arrow. This low flow alarm indicates a low flow of electricity to the pump. Furthermore, there is a low flow alarm on the function F2 also indicated by a vertically and downwardly directed arrow. This indicates a low flow of water through the pump. In this case, the alarm state of the function F2 matches the information from the condition Cl, i.e., the function F2 should go to a low flow state if the goal G2 is not achieved. In figure 6b there is a low flow alarm on the function F5, just as before, but a high flow alarm on the function F2. In this case, the alarm state of the function F2 does not match the expected value computed from the fact that the goal G2 is failed, and the properties of the condition Cl as mentioned before. In this case, the topmost network Nl is pointed out as having a possibly suspect alarm situation.
There is another situation, which the means for condition checking 31 will identify. If the function F2 in figure 6a does not have an alarm, i.e., the function F2 is in a normal state, this will also be recognized and indicated.
The method of condition checking according to one embodiment of the invention comprises, for calculating or generating new status information, the steps of (cf. figure 3a):
- determining if an alarm signal of a function, connected via a condition to a non- achieved goal in the MFM model, is not in the expected failure state (step 402a); and - indicating that alarm signal as inconsistent (step 404a).
In one emb^dimen of.tte sitaations.32 is arranged to compare sensor measurements within a flow/network and compares them with knowledge about how the flow is connected, i.e. how the functions comprised in the flow are connected to each other. If the compared measurements are inconsistent an erroneous measurement has been detected. The previous method for checking for normal/failed situations, i.e. the method for condition checking, is designed to cover inconsistencies between networks, via the condition relations. There is however, another kind of simple inconsistency that can occur within an MFM network, and which might indicate suspicious alarm signals. In figure 7a, the alarm situation can be explained with the consequence propagation rules in the MFM model, since a low flow alarm in a transport function, as indicated in the figure as a downwardly directed arrow, will not cause any low capacity alarm in a connected source function. Thus no conflicts exist. On the other hand, in figure 7b the situation cannot be explained by the consequence propagation rules. Two consequence propagation rules can come in question in this example. Firstly, " low flow in a transport to the left, of a storage will cause a low volume in the storage" and secondly, "a normal situation in a storage to the right of a transport will cause a normal situation in the transport". The situation in the figure 7b does not match either of these consequence propagation rales, and therefore the network containing the functions is indicated as having a suspicious alarm situation.
Figure 8 shows parts of two networks comprising two storage functions connected to each other via a transport function. Further, the topmost network shows that a reasonable guess by an operator might be that there is an absence of an alarm and in the lower network that the single alarm is a false alarm. Both of these statements would of course require that this situation remains for some time to rale out the possibility that it is only a matter of transitional effects.
The method for checking for normal/failed situations according to one embodiment of the invention comprises, for calculating or generating new status information, the steps of (cf. figure 3b):
- checking the alarm signals for each pair of connected functions (step 402b); and
- indicating the alarm signal as inconsistent, if their alarm signals do not agree with the consequence propagation rales (step 404b).
fe one embodiment of„ώe ^ iκe .gularitj..ana ysis.33 is arranged to use sensor measurements from a single flow/network and to use knowledge about how the flow is connected, i.e. how the functions comprised in the flow are connected to each other. If the assumption of a fault in a sensor measurement can decrease the number of observed faults in the flow and thus simplifying the fault situation, the method will present that sensor measurement as possibly wrong. Thus the method for full consequence irregularity analysis is designed to find any kind of situation where the alarm situation would make more sense according to the set of consequence propagation rales and under the assumption that one alarm signal is incorrect. If such a situation is found, this is taken as an indication of the fact that this specific alarm signal may be faulty. This kind of situation, whereby assuming a single faulty alarm signal a simpler alarm situation is obtained, is characterized by the fact that the number of primary alarms decreases. This fact is used to determine which MFM networks will be inspected by the means for full consequence irregularity analysis 33.
In a trivial case with an MFM network having a single failed function, such as the lower network in figure 8, the alarm situation can always be simplified by changing the single failed function to a normal state, so this situation will not be described further. Instead, consider the case having two primary alarms within an MFM network. In this case, it might be possible to find a solution with only one primary alarm by assuming that one of the given alarms is erroneous. The solution with only one primary alarm is then considered to simplify the given alarm situation and is therefore more probable as a consequence of the assumption that single faults occurs more frequently than multiple faults in the process. Therefore, the MFM network in question is reported as having a suspicious alarm situation, and the simpler solution or solutions are presented together with the function that was assumed to have an incorrect alarm state to for example an operator of the plant. In figure 9, it is assumed that every MFM function has an associated measurement or alarm signal. Thus in figure 9 an MFM flow is shown, wherein six of the seven functions have active alarms, and wherein the function F7 is in a normal state. The dark dots indicate the functions having primary alarms according to the alarm unit 20, and the lighter dots indicate functions having secondary alarms. In order to see whether this situation can be simplified or not, each measured function will be checked to see if the number of primary alarms will decrease if the inspected function is assumed to have an incorrect alarm state.
Consider first the source function FI. A source function S has only two alarm states, normal and low capacity. Thus, if the measurement for FI in figure 9 is . incorrect, it must be normal. If FI is assumed to be in a normal state, there will be no decrease in the number of primary alarms, since the functions F2 and F5 will become primary. So there is nothing gained from assuming that FI is incorrect and the alarm for FI is thus not reported as suspect. If the transport function F2 is assumed to be in a normal state instead of a low flow state nothing is gained either, since the functions FI and F5 will still be primary alarms. But if the transport function F2 is assumed to be in a high flow state, the situation will look like the one shown in figure 10, wherein there is only one primary alarm namely the function F5. All the other alarms have become secondary alarms and thus the situation has been simplified. Therefore, the alarm on the function F2 is presented as possibly suspect together with the simplified situation to the operator. Thus the operator has to decide whether to make further investigations into this particular sensor measurement or not.
By assuming that function F3 in figure 9 should be in a normal state does not simplify the situation, since the functions FI and F5 still will be considered as primary alarms. By assuming that the function F3 should be in a high volume state will not simplify the situation either. Instead the situation will become worse, as shown in figure 11. Here the functions FI, F3 and F5 are considered as primary alarms, thereby increasing the number of primary alarms from two to three. Assuming that the function F4 in figure 9 should be in a normal state instead of a high flow state, the situation does not improve. But, if the function F4 assumed to be in a low flow state instead, the situation in figure 12 is obtained, wherein there is only one primary alarm, and the situation has thus been simplified.
By doing the same analysis for the functions F5, F6, and F7, no further situation with only one primary alarm is found. Thus the result of the analysis of this situation is that it can be simplified from comprising two primary alarms to one in two different ways. Firstly, by assuming that the measurement for the function F2 is wrong, and should have been in a high flow state instead of a low flow state. Secondly, by assuming that the measurement for the function F4 is wrong, and should have been in a low flow state instead of a high flow state.
In figure 13 an MFM flow/network with an alarm situation is shown, wherein three of the functions are considered as primary alarms. In this example the number of primary alarms cannot be reduced by assuming that one single measurement is incorrect. Thus at least two measurements must be changed in order to reduce the number of primary alarms.
The method of full consequence irregularity analysis according to one embodiment of the invention comprises, for calculating or generating new status information, the steps of (cf. figure 3c):
- finding a network with at least two primary alarms, step 402c;
- changing the alarm state of a function to another state in the network, step 404c;
- storing the achieved situation and indicating the investigated alarm signal as inconsistent, if the number of primary alarms in the network decreases, step 406c; and
- repeating from step 402c for each additional network with at least two primary alarms, 408c.
The system and the apparatus for sensor analysis according to the invention comprise means for performing the steps and the functions of the method. All means can be realized as hardware units and most of them are advantageously implemented as computer programs, executing on hardware parts of the arrangement. In particular, a computer program product, for use with a sensor analysis system, for carrying out an embodiment of the inventive sensor analysis method and realizing an embodiment of the inventive sensor analysis structure comprises a recording medium and means for performing said method and realizing said sensor analysis structure recorded on the recording medium.
The system, apparatus, method and the computer program product for sensor analysis according to the present invention have been described with reference to simple examples. However it should be understood that this was only done to increase the understanding of the present invention and not to delimit the scope of the invention, which is only delimited by the accompanying claims.

Claims

Claims
1. An apparatus for sensor analysis of a flow system (10) having components (15) and sensors registering at least two status signals comprising information about the status of at least one of the components (15), comprising:
- a data storage means (40) configured to store a functional model describing the functionality of said flow system (10) and to store a set of predetermined rules describing the causal relationship between components (15) of said flow system (10); and - a validation unit (30) communicatively coupled to said data storage means (40) and arranged to receive at least two alarm signals relating to at least one component (15) of said flow system (10), to receive the causal relationship between said alarm signals, and arranged to generate new status information based on said alarm signals and dependent on said set of predetermined rales and on said functional model.
2. The apparatus according to claim 1, wherein said alarm signal is arranged to comprise a qualitative description of said component (15).
3. The apparatus according to claim 1 or 2, further comprising an alarm unit (20) communicatively coupled to said flow system (10) and arranged to generate alarm signals based on status signals received from said flow system (10) and dependent on limit values for said status signals, and arranged to determine the causal relationship between two alarm signals, i.e. to separate the alarm signals into a primary alarm and a secondary alarm.
4. The apparatus according to claim 3, wherein said validation unit (30) is arranged to receive said primary and secondary alarms and said causal relationship, and arranged to generate said new status information based on said primary and secondary alarms and dependent on said set of predetermined rales and on said functional model.
5. The apparatus according to claim 1 or 2, wherein said validation unit (30) is arranged to determine an inconsistency between two alarm signals.
6. The apparatus according to claim 1 or 2, wherein said validation unit (30) is arranged to determine if the alarm signals are reliable.
7. The apparatus according to claim 4, wherein said validation unit (30) is arranged to reduce the number of primary alarms.
8. The apparatus according to claim 1 or 2, wherein said validation unit (30) comprises means for condition checking (31) arranged to determine the alarm state of a function connected via a condition relation to a goal and to indicate that alarm signal as inconsistent, when said goal is not achieved.
9. The apparatus according to claim 1 or 2, wherein said validation unit (30) comprises means for checking for normal/failed situations (32) arranged to check a function in an alarmed state next to a function in a normal state using said set of predetermined rales and arranged to indicate said alarm signal as inconsistent if their alarm signals do not agree with said set of predetermined rales.
10. The apparatus according to claim 4, wherein said validation unit (30) comprises means for full consequence irregularity analysis (33) arranged to find a network of said functional model comprising at least two primary alarms, and arranged to change the alarm state corresponding to one of the functions comprised in said network, and to check the alarm states of the functions comprised in said network using said set of predetermined rules and if the number of primary alarms is decreased present that simplified situation.
11. The apparatus according to any of the preceding claims, wherein said set of predetermined rules is arranged to be a set of predetermined consequence propagation rales comprising a set of causality rales describing the causal relation between functions and a set of condition relations describing the causal relation between networks.
12. The apparatus according to any of the preceding claims, further comprising means for presenting said generated new status information on a display unit (50).
13. A method for sensor analysis of a flow system (10) having components (15) and sensors registering at least two status signals comprising information about the status of at least one of the components (15), comprising the steps of:
- receiving at least two status signals relating to at least one component (15) of said flow system (10) (step 100);
- generating alarm signals based on said status signals and dependent on limit values for said status signals and determining the causal relationship between two alarm signals, i.e. separating the alarm signals into primary and secondary alarms (step 200);
- receiving said primary and secondary alarms and the causal relationship between them (step 300); - generating new status information based on said primary and secondary alarms (step 400) and dependent on a set of predetermined rales and on a functional model of said flow system (10) (step 400).
14. The method according to claim 13, wherein the step of generating new status information (step 400) comprises the step of determining an inconsistency between two alarm signals.
15. The method according to claim 13, wherein the step of generating new status information (step 400) comprises the step of determining if the alarm signals are reliable.
16. The method according to claim 13, wherein the step of generating new status information (step 400) comprises the step of reducing the number of primary alarms.
17. The method according to claim 13, wherein the step of generating new status information (step 400) comprises the steps of:
- determining if an alarm signal of a function, connected via a condition to a non-achieved goal, is not in the expected failure state (step 402a); and - indicating that alarm signal as inconsistent (step 404a).
18. The method according to claim 13, wherein the step of generating new status information (step 400) comprises the steps of:
- checking the alarm signals for each pair of connected functions (step 402b); and
- indicating the alarm signal as inconsistent, if their alarm signals do not agree with said set of predetermined rales (step 404b).
19. The method according to claim 13, wherein the step of generating new status information (step 400) comprises the steps of:
- finding a network of said functional model with at least two primary alarms (step 402c);
- changing the alarm state to another state for one of the functions of said network (step 404c); and - storing the achieved situation and indicating the investigated alarm signal as inconsistent if the number of primary alarms in said network decreases (step 406c).
20. The method according to any of the claims 13-19, further comprising the step of presenting said generated new status information to an operator by means of a display unit (50) (step 500).
21. A method for sensor analysis of a flow system (10) having components (15) and sensors registering at least two status signals comprising information about the. status of at least one of the components (15), comprising the steps of:
- receiving at least two alarm signals relating to at least one component (15) of said flow system (10);
- receiving the causal relationship between said alarm signals; and - generating new status information based on said alarm signals and dependent on a set of predetermined rules and on a functional model of said flow system (10) (step 400).
22. The method according to claim 21, further comprising the steps of: - generating said alarm signals based on said status signals received from said flow system (10) and dependent on limit values for said status signals; and
- determining the causal relationship between two alarm signals, i.e. to separate the alarm signals into a primary alarm and a secondary alarm.
23. The method according to claim 22, further comprising the step of generating said new status information based on said primary and secondary alarms and dependent on said set of predetermined rales and on said functional model.
24. The method according to claim 21, wherein the step of generating new status information comprises the step of determining an inconsistency between two alarm signals.
25. The method according to claim 21, wherein the step of generating new status information comprises the step of determining if the alarm signals are reliable.
26. The method according to claim 23, wherein the step of generating new status information comprises the step of reducing the number of primary alarms.
27. The method according to claim 21, wherein the step of generating new status
PCT/SE2002/000382 2001-03-06 2002-03-06 Method and apparatus for reduction of alarm signals in order to present a simplified alarm situation WO2002071359A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP02701858A EP1377949A1 (en) 2001-03-06 2002-03-06 Method and apparatus for reduction of alarm signals in order to present a simplified alarm situation

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
SE0100767A SE0100767D0 (en) 2001-03-06 2001-03-06 System and method for analysis of critical situations
SE0100767-3 2001-03-06
SE0101525-4 2001-04-29
SE0101525A SE522549C2 (en) 2001-03-06 2001-04-29 An apparatus and method for sensor analysis of a flow process, for detecting erroneous alarms and indicating the reliability of alarm signals to an operator

Publications (1)

Publication Number Publication Date
WO2002071359A1 true WO2002071359A1 (en) 2002-09-12

Family

ID=26655404

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2002/000382 WO2002071359A1 (en) 2001-03-06 2002-03-06 Method and apparatus for reduction of alarm signals in order to present a simplified alarm situation

Country Status (3)

Country Link
EP (1) EP1377949A1 (en)
SE (1) SE522549C2 (en)
WO (1) WO2002071359A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023183001A1 (en) * 2022-03-25 2023-09-28 Rakuten Symphony Singapore Pte. Ltd. Recurring alarm detection system and method of using

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4022954A1 (en) * 1990-07-19 1992-01-23 Bodenseewerk Geraetetech Fault detector, using redundant signal emitter outputs - user to determines fault probabilities to eliminate stochastic faults
EP0482523A2 (en) * 1990-10-24 1992-04-29 Osaka Gas Co., Ltd. Multiple aspect operator interface for displaying fault diagnostics results in intelligent process control systems
US5127005A (en) * 1989-09-22 1992-06-30 Ricoh Company, Ltd. Fault diagnosis expert system
GB2255838A (en) * 1991-05-13 1992-11-18 Gen Electric Filtered signal validation.
US5408218A (en) * 1993-03-19 1995-04-18 Telefonaktiebolaget L M Ericsson Model based alarm coordination
US5548597A (en) * 1993-10-13 1996-08-20 Hitachi, Ltd. Failure diagnosis apparatus and a method thereof
US5914875A (en) * 1996-01-11 1999-06-22 Kabushiki Kaisha Toshiba Method and apparatus for diagnosing plant anomaly

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5127005A (en) * 1989-09-22 1992-06-30 Ricoh Company, Ltd. Fault diagnosis expert system
DE4022954A1 (en) * 1990-07-19 1992-01-23 Bodenseewerk Geraetetech Fault detector, using redundant signal emitter outputs - user to determines fault probabilities to eliminate stochastic faults
EP0482523A2 (en) * 1990-10-24 1992-04-29 Osaka Gas Co., Ltd. Multiple aspect operator interface for displaying fault diagnostics results in intelligent process control systems
GB2255838A (en) * 1991-05-13 1992-11-18 Gen Electric Filtered signal validation.
US5408218A (en) * 1993-03-19 1995-04-18 Telefonaktiebolaget L M Ericsson Model based alarm coordination
US5548597A (en) * 1993-10-13 1996-08-20 Hitachi, Ltd. Failure diagnosis apparatus and a method thereof
US5914875A (en) * 1996-01-11 1999-06-22 Kabushiki Kaisha Toshiba Method and apparatus for diagnosing plant anomaly

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023183001A1 (en) * 2022-03-25 2023-09-28 Rakuten Symphony Singapore Pte. Ltd. Recurring alarm detection system and method of using

Also Published As

Publication number Publication date
SE0101525D0 (en) 2001-04-29
SE522549C2 (en) 2004-02-17
SE0101525L (en) 2002-09-07
EP1377949A1 (en) 2004-01-07

Similar Documents

Publication Publication Date Title
US7062358B2 (en) System apparatus and method for diagnosing a flow system
Dunia et al. Subspace approach to multidimensional fault identification and reconstruction
Henry et al. The self-validating sensor: rationale, definitions and examples
US10018979B2 (en) Device and method for detection and/or diagnosis of faults in a processes, equipment and sensors
EP2423768B1 (en) Sensor validation and value replacement for continuous emissions monitoring
KR20100054816A (en) Fuzzy classification approach to fault pattern matching
Angeli Online expert systems for fault diagnosis in technical processes
JP5025776B2 (en) Abnormality diagnosis filter generator
EP2853972A2 (en) Device and method for detection and/or diagnosis of faults in a process, equipment and sensors
Barros et al. A maintenance policy for two-unit parallel systems based on imperfect monitoring information
US20120150334A1 (en) Integrated Fault Detection And Analysis Tool
Sarrate et al. Optimal sensor placement for model-based fault detection and isolation
US20090089112A1 (en) Service Resource Evaluation Method and System
Botelho et al. Perspectives and challenges in performance assessment of model predictive control
Du et al. Active fault isolation of nonlinear process systems
Yeh et al. An automaton-based approach to evaluate and improve online diagnosis schemes for multi-failure scenarios in batch chemical processes
EP1377949A1 (en) Method and apparatus for reduction of alarm signals in order to present a simplified alarm situation
KR102470112B1 (en) Intelligent condition monitoring method and system for nuclear power plants
Singer et al. A pattern-recognition-based, fault-tolerant monitoring and diagnostic technique
Coquempot et al. Hybrid dynamical systems monitoring using structured analytical redundancy relations
Kościelny et al. The idea of smart diagnozers for decentralized diagnostics in Industry 4.0
Ali et al. Multiscale monitoring of industrial chemical process using wavelet-entropy aided machine learning approach
KR102573254B1 (en) System for predicting and analyzing trouble of mechanical equipment using federated learning
EP4276560A1 (en) Abnormality sign detection system and abnormality-sign detection-model generation method
Fickelscherer VARIOUS PROCESS FAULT DIAGNOSTIC METHODOLOGIES

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2002701858

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2002701858

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 2002701858

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP