Controle relacionado à segurança nas indústrias de processos: uma abordagem integrada de modelos de acidentes, defesa em profundidade e diagnosticabilidade segura. / Safety-related control system: an integrated approach of accident models, defense-in-depth and safe diagnosability.

Squillante Junior, Reinaldo

02 June 2017

A questão da segurança funcional das indústrias de processos vem recebendo uma atenção crescente pela comunidade científica mundial, uma vez que se observa a possibilidade de ocorrências de acidentes e as consequências indesejadas que estes acidentes têm provocado. Essas indústrias podem ser consideradas como parte de uma classe de sistemas denominados Sistemas Críticos, que são caracterizados pela possibilidade de ocorrência de falhas críticas, que resultam em acidentes com perdas de vidas humanas, danos ao meio ambiente e perdas financeiras envolvendo custos significativos de equipamentos e propriedades. Estes fatos justificam a necessidade de uma nova abordagem no que se refere ao design de processos, design de controle de processos, análise e controle de riscos e avaliação de riscos. Um dos desafios pertinentes à segurança funcional está associado a como vincular os cenários de acidentes aos requisitos para projetos de sistemas de controle relacionados à segurança das indústrias de processos de forma sistemática. Por sua vez, a possibilidade de ocorrência de eventos críticos e/ou eventos indesejados não observados ou ocultos, como fatores relevantes associados à evolução da sequência de eventos que culmina na ocorrência de um acidente. Neste contexto, o desafio está em aprimorar a eficácia destes sistemas de controle, que envolve o desenvolvimento de uma solução capaz de supervisionar o processo de evolução de falhas críticas, a fim de se garantir um nível de segurança funcional adequado e que esteja em conformidade com as normas internacionais aplicáveis IEC 61508 e IEC 61511. Portanto, estas considerações trazem novos requisitos para o projeto de sistemas de controle desta natureza, capaz de englobar modelos de acidentes e processos de evolução de falhas críticas. Uma solução é a consideração das abordagens de prevenção e mitigação de falhas críticas de forma integrada e interativa. Além disso é necessário abordar novas técnicas e conceitos para que se possa desenvolver um sistema de controle capaz de rastrear e atuar nos processos de evolução de falhas desta natureza. Uma possibilidade consiste em considerar o princípio de defesa em profundidade aliado à propriedade de diagnosticabilidade segura. O atendimento a este novo conjunto de requisitos não é trivial e se faz necessário integrar diferentes formalismos para o desenvolvimento de soluções adequadas. Portanto, este trabalho apresenta uma metodologia para o projeto de um sistema de controle baseado no conceito de segurança funcional para indústrias de processos, e que propõe: (i) uma arquitetura de controle para prevenção e mitigação de falhas críticas, (ii) extensão da classificação de barreiras de segurança focando na automação via sistemas instrumentados de segurança (SIS) (iii) framework para a síntese de sistemas de controle relacionados à segurança baseado em modelos de acidentes e que contempla os seguintes métodos: (a) elaboração do HAZOP, (b) construção de modelos de acidentes, (c) integração dos modelos de acidentes com o HAZOP e (d) geração dos algoritmos de defesa para a prevenção e mitigação de falhas críticas, a partir de técnicas de modelagem usando extensões da rede de Petri: Production Flow Schema (PFS) e Mark Flow Graph (MFG). A metodologia proposta foi verificada, a partir de exemplos de aplicação investigados na literatura. / The issue of the functional safety of process industries has been receiving increasing attention from the world scientific community, since it has stated the possibility of occurrences of the accidents and the related undesired consequences. These industries can be considered as part of a system class called critical systems, which are characterized by the occurrence of critical faults, which can result in accidents involving loss of life, damage to the environment, and financial losses involving equipment and property. These facts justify the need for a new approach that addresses: process design, process control design, risk analysis and control, and risk assessment. One of the challenges related to functional safety is associated with how to integrate accident scenarios to the requirements for the design of safety-related control systems of the process industries in a systematic way. Furthermore, there is the possibility of the occurrence of the unobserved or hidden undesired and / or critical events, as relevant factors associated to the evolution of the sequence of the events that corroborates in the occurrence of an accident. In this context, the challenge is to improve the effectiveness of these control systems, which involves the development of a solution capable of supervising the process of evolution of the critical and / or undesired events, in order to guarantee an adequate level of functional safety, and that complies with the applicable international standards IEC 61508 and IEC 61511. Therefore, these considerations bring new requirements for the design of control systems of this nature, capable of encompassing the accident models and the critical fault evolution processes. One solution is to consider critical fault prevention and mitigation approaches in an integrated and interactive way. In addition, it is necessary to addresses new techniques and concepts in order to develop a control system capable of tracking and acting in the evolution processes of faults of this nature. One possibility is to consider the principle of defense-in-depth coupled with the property of safe diagnosability. The fulfillment of this new set of requirements is not trivial and it is necessary to integrate different formalisms for the development of adequate solutions. Therefore, this work presents a methodology for the design of a safety-related control systems based on the concept of functional safety for the process industries, which proposes: (i) a control architecture for the prevention and mitigation of the critical faults, (ii) an extension of the classification of the safety barriers focusing on automation via safety instrumented system (SIS), (iii) a framework for the synthesis of the safety-related control systems based on accident models and which includes the following methods: (a) elaboration of the HAZOP study, (b) construction of the accident models, (c) integration of the accident models with the HAZOP study, and (d) generation of the defense algorithms for the prevention and mitigation of the critical faults, via modeling techniques using extensions of the Petri net: Production Flow Schema (PFS) and Mark Flow Graph (MFG). The proposed methodology was verified, from application examples investigated in the literature.

Accident model

Acidentes (Controle)

Análise de risco

Controle de processos

Defense-in-depth

Functional safety-related control

Indústrias

Process industries

Safe diagnosability

Sistemas de controle

Diagnosticabilité modulaire appliquée au Diagnostic en ligne des Systèmes Embarqués Logiques / Modular diagnosability applied to on line Diagnosis of Digital Embedded System

Saddem, Ramla

10 December 2012

Aujourd'hui, les systèmes embarqués sont de plus en plus utilisés pour contrôler les systèmes complexes. Dans ce travail de thèse, nous nous intéressons aux systèmes embarqués critiques utilisés pour la commande de systèmes de transport comme les systèmes ferroviaires. Le but de ce travail est de permettre la conception de systèmes tolérants aux fautes pour le contrôle-commande des systèmes de transport. Nous proposons une nouvelle approche de modélisation des systèmes embarqués temporisés pour le diagnostic de leurs fautes. Elle est basée sur une décomposition structurelle du système et sur une extension de la diagnosticabilité modulaire au contexte des systèmes temporisés. On distingue deux approches de base pour le diagnostic de fautes des SED, une approche basée sur les diagnostiqueurs et une approche basée sur les signatures temporelles causales (STC). La principale limite de l’approche diagnostiqueur réside dans la gestion de l’explosion combinatoire. Dans ce travail, notre verrou principal est de combattre cette limite. Nous proposons une nouvelle méthode basée sur l’ingénierie par les modèles pour le diagnostic des systèmes embarqués critiques. D’autre part, la limite majeure de l’approche STC est la garantie de la cohérence d’une base de STC. Un deuxième niveau de difficulté réside dans l’interprétation des événements en entrée du système de diagnostic dans le cadre de l’hypothèse de défaillances multiples. Dans ce travail, nous proposons deux méthodes différentes pour la vérification de la cohérence d’une base de STC et nous proposons un algorithme d’interprétation basé sur le concept de monde qui garantit la correction du diagnostic / Today, embedded systems are increasingly used to control complex systems. In this thesis, we are interested in critical embedded systems used for the control of transport systems such as railway systems. The aim of this work is to enable the design of fault-tolerant systems for the control of transport systems. We propose a new timed embedded systems modeling approach to diagnose their faults. It is based on decomposition of the system and structural extension of diagnosability context of modular timed systems. In DES, there are two basic approaches for diagnosis: diagnoser based approach and chronicles (Causal Temporal Signature (CTS)) based approach. The major limitation of diagnoser approaches rely in the management of the combinatorial explosion related to the formalism of automata. In this work, our main lock is to combat this limit. We propose new engineering models based method for the diagnosis of critical embedded systems. On the other hand, the major limitation of chronicles approach is first to be able to guaranty the consistency of a database. A second level of difficulty is in interpreting some sequences of events at the input of the diagnostic system under the hypothesis of multiple failures. In this work, we propose two different methods to verify the consistency of a set of CTS and we propose an interpretation algorithm based on a concept of worlds which guarantees the correct diagnosis

Diagnostic des fautes

Diagnostiqueur

Diagnosticabilité

Systèmes embarqués

Chronique

Model-cheking

SED

Observateur

Fault diagnosis

Diagnoser

Diagnosability

Embedded systems

Chronicles

Model-cheking

DES

Observer

Study on the integration of controllability and diagnosability of reactive distillation columns as from the conceptual design step. Application to the production of ethyl acetate. / Etude de l’intégration de la contrôlabilité et de la diagnosticabilité des colonnes de distillation réactive dès la phase de conception. Application à la production d’acétate d’éthyle.

Figueiredo-Fernandez, Mayra

15 July 2013

La distillation réactive est un exemple emblématique de l’intensification de procédés. Cependant, le couplage réaction/séparation génère des complexités importantes en termes de dynamique, de contrôle et de supervision qui constituent une barrière pour leur mise en œuvre industrielle. Ces aspects doivent être considérés dès la phase de conception sous peine de concevoir une colonne difficilement contrôlable. Une méthodologie existante est étendue afin d’y intégrer les aspects de contrôlabilité et de diagnosticabilité. L’étape de conception étudie les courbes de résidu et extractives réactives, identifie les paramètres opérationnels et propose des configurations de colonne respectant les spécifications. La meilleure configuration est choisie sur des critères de contrôlabilité par l’analyse de différents indicateurs quantitatifs et qualitatifs identifiés à l’aide de simulations en régime permanent et dynamique. La méthodologie est appliquée à la production industrielle d’acétate d’éthyle. Deux campagnes expérimentales ont permis de fiabiliser le modèle de simulation de la colonne. La méthodologie permet d’identifier les sensibilités et montre que il est possible d’agir sur les trois degrés de liberté de la colonne double alimentation pour atteindre les spécifications industrielles ; les variables contrôlées sont sélectionnées dans des sections spécifiques, similaires pour différentes configurations de colonne. Concernant le diagnostic, l’utilisation de capteurs de composition semble la plus pertinente mais la complexité de leur utilisation industrielle (cout) peut être contournée par la sélection d’un nombre plus important de capteurs de température judicieusement positionnés. Les résultats de contrôlabilité et de diagnosticabilité sont en cohérence et bien intégrés dans la conception des colonnes réactives. / Reactive distillation involves complexities on process dynamics, control and supervision. This work proposes a methodology integrating controllability and diagnosability as from conceptual design. The choice of the most appropriate feasible configuration is conducted though an indices-based method, regarding steady-state and dynamic simulations, for the ethyl acetate production. Experimental campaigns were performed to acquire reliable models. The methodology highlights the process sensitivities and shows that three degrees of freedom of the double-feed column can be manipulated to ensure the industrial specifications; the controlled variables are selected at similar specific locations for all column configurations. Concerning diagnosis, the use of composition sensors seems to be the most appropriate solution, but the same performances can be reached with more temperature sensors judiciously placed.

Distillation réactive

Conception de procédés

Simulation dynamique

Catalyse hétérogène

Contrôlabilité

Diagnosticabilité

Acétate d’éthyle

Reactive distillation

Process design

Dynamic modeling

Heterogeneous catalyst

Controllability

Diagnosability

Ethyl acetate

Controle relacionado à segurança nas indústrias de processos: uma abordagem integrada de modelos de acidentes, defesa em profundidade e diagnosticabilidade segura. / Safety-related control system: an integrated approach of accident models, defense-in-depth and safe diagnosability.

Reinaldo Squillante Junior

02 June 2017

A questão da segurança funcional das indústrias de processos vem recebendo uma atenção crescente pela comunidade científica mundial, uma vez que se observa a possibilidade de ocorrências de acidentes e as consequências indesejadas que estes acidentes têm provocado. Essas indústrias podem ser consideradas como parte de uma classe de sistemas denominados Sistemas Críticos, que são caracterizados pela possibilidade de ocorrência de falhas críticas, que resultam em acidentes com perdas de vidas humanas, danos ao meio ambiente e perdas financeiras envolvendo custos significativos de equipamentos e propriedades. Estes fatos justificam a necessidade de uma nova abordagem no que se refere ao design de processos, design de controle de processos, análise e controle de riscos e avaliação de riscos. Um dos desafios pertinentes à segurança funcional está associado a como vincular os cenários de acidentes aos requisitos para projetos de sistemas de controle relacionados à segurança das indústrias de processos de forma sistemática. Por sua vez, a possibilidade de ocorrência de eventos críticos e/ou eventos indesejados não observados ou ocultos, como fatores relevantes associados à evolução da sequência de eventos que culmina na ocorrência de um acidente. Neste contexto, o desafio está em aprimorar a eficácia destes sistemas de controle, que envolve o desenvolvimento de uma solução capaz de supervisionar o processo de evolução de falhas críticas, a fim de se garantir um nível de segurança funcional adequado e que esteja em conformidade com as normas internacionais aplicáveis IEC 61508 e IEC 61511. Portanto, estas considerações trazem novos requisitos para o projeto de sistemas de controle desta natureza, capaz de englobar modelos de acidentes e processos de evolução de falhas críticas. Uma solução é a consideração das abordagens de prevenção e mitigação de falhas críticas de forma integrada e interativa. Além disso é necessário abordar novas técnicas e conceitos para que se possa desenvolver um sistema de controle capaz de rastrear e atuar nos processos de evolução de falhas desta natureza. Uma possibilidade consiste em considerar o princípio de defesa em profundidade aliado à propriedade de diagnosticabilidade segura. O atendimento a este novo conjunto de requisitos não é trivial e se faz necessário integrar diferentes formalismos para o desenvolvimento de soluções adequadas. Portanto, este trabalho apresenta uma metodologia para o projeto de um sistema de controle baseado no conceito de segurança funcional para indústrias de processos, e que propõe: (i) uma arquitetura de controle para prevenção e mitigação de falhas críticas, (ii) extensão da classificação de barreiras de segurança focando na automação via sistemas instrumentados de segurança (SIS) (iii) framework para a síntese de sistemas de controle relacionados à segurança baseado em modelos de acidentes e que contempla os seguintes métodos: (a) elaboração do HAZOP, (b) construção de modelos de acidentes, (c) integração dos modelos de acidentes com o HAZOP e (d) geração dos algoritmos de defesa para a prevenção e mitigação de falhas críticas, a partir de técnicas de modelagem usando extensões da rede de Petri: Production Flow Schema (PFS) e Mark Flow Graph (MFG). A metodologia proposta foi verificada, a partir de exemplos de aplicação investigados na literatura. / The issue of the functional safety of process industries has been receiving increasing attention from the world scientific community, since it has stated the possibility of occurrences of the accidents and the related undesired consequences. These industries can be considered as part of a system class called critical systems, which are characterized by the occurrence of critical faults, which can result in accidents involving loss of life, damage to the environment, and financial losses involving equipment and property. These facts justify the need for a new approach that addresses: process design, process control design, risk analysis and control, and risk assessment. One of the challenges related to functional safety is associated with how to integrate accident scenarios to the requirements for the design of safety-related control systems of the process industries in a systematic way. Furthermore, there is the possibility of the occurrence of the unobserved or hidden undesired and / or critical events, as relevant factors associated to the evolution of the sequence of the events that corroborates in the occurrence of an accident. In this context, the challenge is to improve the effectiveness of these control systems, which involves the development of a solution capable of supervising the process of evolution of the critical and / or undesired events, in order to guarantee an adequate level of functional safety, and that complies with the applicable international standards IEC 61508 and IEC 61511. Therefore, these considerations bring new requirements for the design of control systems of this nature, capable of encompassing the accident models and the critical fault evolution processes. One solution is to consider critical fault prevention and mitigation approaches in an integrated and interactive way. In addition, it is necessary to addresses new techniques and concepts in order to develop a control system capable of tracking and acting in the evolution processes of faults of this nature. One possibility is to consider the principle of defense-in-depth coupled with the property of safe diagnosability. The fulfillment of this new set of requirements is not trivial and it is necessary to integrate different formalisms for the development of adequate solutions. Therefore, this work presents a methodology for the design of a safety-related control systems based on the concept of functional safety for the process industries, which proposes: (i) a control architecture for the prevention and mitigation of the critical faults, (ii) an extension of the classification of the safety barriers focusing on automation via safety instrumented system (SIS), (iii) a framework for the synthesis of the safety-related control systems based on accident models and which includes the following methods: (a) elaboration of the HAZOP study, (b) construction of the accident models, (c) integration of the accident models with the HAZOP study, and (d) generation of the defense algorithms for the prevention and mitigation of the critical faults, via modeling techniques using extensions of the Petri net: Production Flow Schema (PFS) and Mark Flow Graph (MFG). The proposed methodology was verified, from application examples investigated in the literature.

Acidentes (Controle)

Análise de risco

Controle de processos

Indústrias

Sistemas de controle

Accident model

Defense-in-depth

Functional safety-related control

Process industries

Safe diagnosability

Active Diagnosis of Hybrid Systems Guided by Diagnosability Properties - Application to Autonomous Satellites / Diagnostic Actif pour les Systèmes Hybrides Guidé par les Propriétés de Diagnosticabilité - Application aux Satellites Autonomes

Bayoudh, Mehdi

04 February 2009

Motivée par les besoins du domaine spatial en termes de diagnostic embarqué et d’autonomie, cette thèse s’intéresse aux problèmes de diagnostic, de diagnosticabilité et de diagnostic actif des systèmes hybrides. Un formalisme hybride est proposé pour représenter les deux dynamiques, continues et discrètes, du système. En s’appuyant sur ce modèle, une approche de diagnostic passif est proposée en mariant les techniques des systèmes à événements discrets et des systèmes continus. Un cadre formel pour la diagnosticabilité des systèmes hybrides a également été établi proposant des définitions et des critères pour la diagnosticabilité hybride. Suite à un diagnostic passif ambigu, le diagnostic actif est nécessaire afin de désambiguïser l’état du système. Cette thèse propose donc une approche de diagnostic actif, qui partant d’un état de croyance incertain, fait appel aux propriétés de diagnosticabilité du système pour déterminer la configuration où les fautes peuvent être discriminées. Une nouvelle machine à états finis appelée diagnostiqueur actif est introduite permettant de formaliser le diagnostic actif comme un problème de planification conditionnelle. Un algorithme d’exploration de graphes ET-OU est proposé pour calculer les plans de diagnostic actif. Finalement, l’approche de diagnostic a été testée sur le Système de Contrôle d’Attitude (SCA) d’un satellite de Thales Alenia Space. Le module de diagnostic a été intégré dans la boucle fermée de commande. Des scénarios de faute ont été testés donnant des résultats très satisfaisants. / Motivated by the requirements of the space domain in terms of on-board diagnosis and autonomy, this thesis addresses the problems of diagnosis, diagnosability and active diagnosis of hybrid systems. Supported by a hybrid modeling framework, a passive approach for model-based diagnosis mixing discrete-event and continuous techniques is proposed. The same hybrid model is used to define the diagnosability property for hybrid systems and diagnosability criteria are derived. When the diagnosis provided by the passive diagnosis approach is ambiguous, active diagnosis is needed. This work provides a method for performing such active diagnosis. Starting with an ambiguous belief state, the method calls for diagnosability analysis results to determine a new system configuration in which fault candidates can be discriminated. Based on a new finite state machine called the diagnoser, the active diagnosis is formulated as a conditional planning problem and an AND-OR graph exploration algorithm is proposed to determine active diagnosis plans. Finally, the diagnosis approach is tested on the Attitude Control System (ACS) of a satellite simulator provided by Thales Alenia Space. The diagnosis module is successfully tested on several fault scenarios and the obtained results are reported.

Systèmes hybrides

Diagnostic à base de modèles

Détection et isolation de fautes

Espace de parité

Diagnostiqueur

Diagnostic actif

Satellites autonomes

Système de contrôle d’attitude

Hybrid systems

Model-based diagnosis

Fault detection and isolation

Parity space approach

Diagnoser

Diagnosability

Active diagnosis

Autonomous satellites

Attitude control system

Une approche efficace pour l’étude de la diagnosticabilité et le diagnostic des SED modélisés par Réseaux de Petri labellisés : contextes atemporel et temporel / An Efficient Approach for Diagnosability and Diagnosis of DES Based on Labeled Petri Nets : Untimed and Timed Contexts

Liu, Baisi

17 April 2014

Cette thèse s'intéresse à l'étude des problèmes de diagnostic des fautes sur les systèmes à événements discrets en utilisant les modèles réseau de Petri. Des techniques d'exploration incrémentale et à-la-volée sont développées pour combattre le problème de l'explosion de l'état lors de l'analyse de la diagnosticabilité. Dans le contexte atemporel, la diagnosticabilité de modèles RdP-L est abordée par l'analyse d'une série de problèmes K-diagnosticabilité. L'analyse de la diagnosticabilité est effectuée sur la base de deux modèles nommés respectivement FM-graph et FM-set tree qui sont développés à-la-volée. Un diagnostiqueur peut être dérivé à partir du FM-set tree pour le diagnostic en ligne. Dans le contexte temporel, les techniques de fractionnement des intervalles de temps sont élaborées pour développer représentation de l'espace d'état des RdP-LT pour laquelle des techniques d'analyse de la diagnosticabilité peuvent être utilisées. Sur cette base, les conditions nécessaires et suffisantes pour la diagnosticabilité de RdP-LT ont été déterminées. En pratique, l'analyse de la diagnosticabilité est effectuée sur la base de la construction à-la-volée d'une structure nommée ASG et qui contient des informations relatives à l'occurrence de fautes. D'une manière générale, l'analyse effectuée sur la base des techniques à-la-volée et incrémentale permet de construire et explorer seulement une partie de l'espace d'état, même lorsque le système est diagnosticable. Les résultats des simulations effectuées sur certains benchmarks montrent l'efficacité de ces techniques en termes de temps et de mémoire par rapport aux approches traditionnelles basées sur l'énumération des états / This PhD thesis deals with fault diagnosis of discrete event systems using Petri net models. Some on-the-fly and incremental techniques are developed to reduce the state explosion problem while analyzing diagnosability. In the untimed context, an algebraic representation for labeled Petri nets (LPNs) is developed for featuring system behavior. The diagnosability of LPN models is tackled by analyzing a series of K-diagnosability problems. Two models called respectively FM-graph and FM-set tree are developed and built on the fly to record the necessary information for diagnosability analysis. Finally, a diagnoser is derived from the FM-set tree for online diagnosis. In the timed context, time interval splitting techniques are developed in order to make it possible to generate a state representation of labeled time Petri net (LTPN) models, for which techniques from the untimed context can be used to analyze diagnosability. Based on this, necessary and sufficient conditions for the diagnosability of LTPN models are determined. Moreover, we provide the solution for the minimum delay ∆ that ensures diagnosability. From a practical point of view, diagnosability analysis is performed on the basis of on-the-fly building of a structure that we call ASG and which holds fault information about the LTPN states. Generally, using on-the-fly analysis and incremental technique makes it possible to build and investigate only a part of the state space, even in the case when the system is diagnosable. Simulation results obtained on some chosen benchmarks show the efficiency in terms of time and memory compared with the traditional approaches using state enumeration

Diagnostic de faute

Diagnosticabilité

Système à événement discret

Réseau de Petri labellisé

Analyses à la volée

Approche Incrémentale

Fractionnement des Intervalles de Temps

Sécurité ferroviaire

Fault diagnosis

Diagnosability

Discrete event system

Labeled Petri net

On-the-fly analysis

Incremental Approach

Time interval splitting

Railway safety