The Fault Tolerant Control Design of an Intensified Heat-Exchanger/Reactor Using a Two-Layer, Multiple-Model Structure

The heat-exchanger/reactor (HEX reactor) is a kind of plug-flow chemical reactor which combines high heat transfer ability with good chemical performances. It was designed under the popular trend of process intensification in chemical engineering. Previous studies have investigated its characteristics and developed its nominal model. This paper is concerned with its fault tolerant control (FTC) applications. To avoid the difficulties and nonlinearities of this HEX reactor under chemical reactions, a two-layer, multiple-model structure is proposed for designing the FTC scheme. The first layer focuses on representing the nonlinear system with a bank of local linear models while the second layer uses model banks for approaching faulty situations. Model banks are achieved by system identification, and the corresponding controller banks are designed using model predictive control (MPC). The unscented Kalman filter (UKF) is introduced to estimate the states and form the fault detection and isolation (FDI) section. Finally, the FTC simulation and validation results are presented. The idea of a two-layer, multiple-model structure presents a general framework for FTC design of complex and highly nonlinear systems, such as the HEX reactor, whose mathematical model has been created. It implements the design process in an unusual way and is also worth trying on other cases.


Introduction
Recently, process intensification [1][2][3], which aims at replacing the traditional batch reactors with novel ones by combining two or more traditional operations in a hybrid unit, is getting more and more popular. The heat-exchanger/reactors mentioned in this paper fall under this trend of process intensification. The heat-exchanger (HEX) reactors are well-known for their thermal and hydrodynamic performances [4], and they are also widely studied for highly exothermic reactions [5]. Characteristics and mathematical models of the HEX reactor have been investigated before. This paper focuses on its fault tolerant control design.
As is known to all, automatic facilities are used widely and are also getting advanced and complicated. Developing security schemes for them is always a demanding task. Among all the techniques, fault tolerant control (FTC) receives more and more attention because it can guarantee the control performance in faulty situations [6,7]. Generally, FTC strategies are classified into active and passive ones [8]. Passive FTC strategies perform more like robust control, which could be pre-designed and run without the need for either real-time fault detection and diagnosis (FDD) or control reconfiguration [9]. Active FTC, on the other hand, automatically adjusts the control law using the information given by a fault detection and isolation module. Additionally, it tries to satisfy the control objectives with minimum performance degradation [10] after the fault's occurrence. The active FTC approach is more flexible when dealing with different types of faults, while the passive approach is easy to implement since it does not need an FDD unit or a reconfiguration mechanism [11].
Among these active FTC approaches, studies on multiple-model based reconfigurable control have drawn increasing attention [12]. The idea of multiple-model approach was originally proposed in [13] and is systematically described in [14]. Due to the development of computing devices, doing parallel calculations of multiple models is not longer a problem to hardware; that change intensively boosted the growth of the multiple-model approach. It is not only used for controller design (see [15,16]) but is also applied in the domain of system reliability for things such as fault diagnosis and fault tolerant control; see [17,18]. Multiple model approaches deal with fault diagnosis problems in a way to avoid the complicated process of observer and controller design of the real system. However, complexities still exist in integrated controller design for sub-models, especially when the considered system is complex and highly nonlinear.
This paper uses a strategy which combines a model-based method and a data-driven method to finish the job of FTC design for the HEX reactor. During this process, the multiple-model approach is applied in two dimensions to form a two-layer, multiple-model structure for the precise system representation and FTC strategy implementation. The construction of the multiple-model banks utilizes a system identification approach. Model predictive control is applied in each sub-controller using parameters of the two-layer multiple models. Before implementing the controller banks, adjustments toward them are done in the second layer to unify the performances. To monitor the real plant and have it give out its fault information for the following control compensation, an fault detection and isolation (FDI) section was designed using the unscented Kalman filters. Simulations under the assumptions of heat transfer coefficient faults and input utility temperature faults were carried out to show the performance of the proposed FTC strategy for the HEX reactor.
This paper is organized as follows. Section 2 introduces the targeting HEX reactor. Section 3 constructs the two-layer model banks of the HEX reactor step by step. Section 4 presents the model predictive control (MPC)-based controller design and tuning. Section 5 states the FDI design and FTC strategies and gives out the simulation results with discussions. In the last section, a conclusion of this paper is given.

Modeling and Problem Statement
The HEX reactor is designed under the concept of a plate heat exchanger in a module. As is shown in Figure 1, there are two kinds of plates which build up the targeting HEX reactor of this paper, namely, the process plate and the utility plate. Chemical reactions would take place in process channels while utility fluids would be injected into utility channels to bring in or take away heat. Detailed parameters can be found in our previous research [19]. When modeling this reactor, channels, which are engraved in the thin metal plate, are virtually considered to be an independent plate, leaving the metal plate to be a kind of component called plate wall. Thus, we have three types of components: process channels, utility channels and plate wall. The reactor is then represented by a series of perfectly stirred tank reactors (called cells). In this way, the flow modeling method [21] could be introduced in the modeling part. To investigate the characteristics of the HEX reactor, the reaction of sodium thiosulfate oxidation with hydrogen peroxide, which is a strong exothermic reaction, is introduced both in the experiments and modeling sections.
Chemical equation of this reaction is: Thus, dynamics of the HEX reactor with the reaction can be given [20]: where T p , T u , T w , C 1 , C 2 are temperature of the process channel, temperature of the utility channel, temperature of the plate-wall, concentration of Na 2 S 2 O 3 , and concentration of H 2 O 2 respectively. F p1 , F p2 and F u are the input flow rate of process and utility channels. V, A, h, ρ and C stand for volume, heat exchange area, heat transfer coefficient, density and specific heat capacity. k 0 j is a pre-exponential factor of the reaction; E a is the activation energy; R is the perfect gas constant and ∆H is the unit heat generated by the reaction. Detailed values of these parameters can be found in [20].
Apparently, studies on fault detection, isolation and identification for the HEX reactor are the prerequisite for further implementations. An FTC system is able to recover and continue to operate as in normal conditions or to maintain the stability to the desired level when a fault occurs. Developing suitable FTC strategies becomes a must to ensure the reliability.
For simplicity, we set the flow-rate of utility fluid F u as the only input and the temperature of process channel T p as the only output of the system to start from a SISO case. This hypothesis is consistent with the reality that the inputs of reactants would generally have a fixed optimal proportion, while no restrictions would be set on utility flow-rate. As for the output, the temperature of the reactants is always an important index of the reaction. Thus, F u and T p in (2) are suitable to set as the input and output of the system.

The First Layer of the Multiple Model Structure
The two-layer, multiple-model structure proposed here is generally an expansion of the classical multiple-model approach. As is known, multiple-model approaches use the divide-and-conquer strategy to deal with complexity in engineering systems [14]. For a complex nonlinear system, local models, which are valid for certain ranges of workspace, are combined to describe the complete workspace.
Since the original nonlinear model (2) is available, virtual experiments could be done by simulations to generate enough data for local model identification. As the HEX reactor is considered as a SISO system first, the input F u could be a suitable candidate of decision variable [22] which indicates the validity of local models.
The first layer of multiple models is then created using the system identification method. For the given HEX reactor, assume that the input F u ranges from 0 to 200 L/h. First, interval inputs could be generated by adding white noise to base signals (see Figure 2: Fu).

Figure 2. The interval inputs and outputs from virtual experiments (the color indicates the IO pair).
By applying the interval inputs to model (2) one by one, corresponding outputs could be generated (see Figure 2: Tp). Thus, several sets of IO data are prepared and we come to the second step: local model identification. The following ARX structure is chosen for local models.
where j denotes the number of local models; a ij , b ij are parameters of the regressors; c j is an offset; and d is the time delay. After investigating, the residence time of process fluid would be a key parameter for estimating the time delay. In this work, we suppose that F p1 and F p2 are equal to 4.7 L/h and 2.3 L/h respectively. The residence time is then around 10 s. Thus, the time delay is 2 steps when sample time is set to 5 s. Orders of the local model could be found using a modified Lipschitz-quotient method proposed in [23].
When local models are identified by the classical least square approach, they are combined by a switching function to generate an overall output according to current input. A multiple-model bank in the first layer is given by: where y is the overall estimation of T p given by the model bank; f is a switching function whose decision variable and candidate outputs are the input u and outputs of local models x j respectively; u is F u in (2). For verifying the accuracy, a set of input signals, which vibrates in a wide range, is sent to both the original nonlinear model and the first layer model bank (see Figure 3). According to Figure 3, the behavior of the nonlinear system is well captured by the model bank with five local models. It also shows that the switching strategy is used and a different local model is activated when input F u goes into its corresponding interval. The number of local models is a parameter which should be investigated. Figure 4 shows the accuracies of model banks with different quantities of local models. Apparently, for the case of our HEX reactor, five local models are enough to constitute a model bank to describe the original system in a highly economical and accurate way.

Construction of the Second Layer Model Bank
The construction of the second layer, which concerns faults, is a simple extension of the same steps to the second dimension. In this paper, we mainly focus on dynamic faults, i.e., the changes of plant parameters. For simplicity, a single fault is considered here. Thus, as defined in biographies, a fault would be caused by the deviation of a parameter from its nominal value [6]. When the reactor works, there is a possibility that materials in the fluids may stay at the inner surfaces of the channels, which would affect the performance of the heat exchange process. It is a typical fault of this reactor and could be considered as the change of heat transfer coefficient h. Therefore, the value of this parameter is chosen to set faulty intervals for the construction of the second layer model banks. Virtual experiments were carried out to generate IO data with these intervals. We set four faulty situations (80%h, 60%h, 40%h, 20%h) along with one nominal case (100%h). By repeating the identification process of the first layer model bank, a two-dimension multiple-model matrix was given (see Figure 5).

Two-Layer Controller Bank Design
Controller design for the complex HEX reactor is easy now because the highly nonlinear system is described by equivalent model banks using linear local models. The task becomes designing controllers for these homogeneous local linear models where nearly all kinds of controllers can be competent. Thus, several controller banks, which are considered for the second layer, are constructed according to the model banks. Inside each controller bank, multiple controllers are defined as in the first layer.

Controller Bank Design
Model predictive control [24,25], for its popularity and capability of handling hard constraints in the process control domain, was chosen for constructing the corresponding controller banks. To achieve that, some transformations should be done on the local models. First, we transform them from ARX (3) to state-space-like form by defining a new state vector and input vector in the following way: where u(k) and x j (k) stand for the input and the local estimation of state at step k. The lengths of the two vectors are dependent on the order and time delay of the local model.
In that way, the following state-space-like model is given: . . .
where A m and B m are matrices calculated from the transformation of the ARX model and the item containing c j concerns about the offset in (3). Model (7) could be written in (8) for short: By making a difference on state and input vectors, offset vector c j could be eliminated: Define a new state vector: Then, an augmented system is given by combining (7)- (10): Additionally, (12) is written in (13) for short: Therefore, a standard MPC design [24] is carried out in the following steps based on (13). First, we assume that the future control signal is known. Then, the future states and outputs are predicted according to current data in step k: where Y j (k) and X j (k) are predictions of states and outputs computed at step k; ∆U j is the future incremental control input. Elements in (14) are constructed in the following way: . . .
where N p and N c are prediction horizon and control horizon respectively. For a given reference signal R s , prediction error can be defined: The following cost function is given based on the prediction error: whereR is a positive penalty parameter concerning about the magnitude of control input. By letting the first derivative of J j (22) be equal to zero, the optimal control value (23) can be calculated: For each calculation step, only the first element of ∆U j will be implemented. Calculations would be done again for the next step to carry out the dynamic optimization strategy of MPC.
All local controllers could be created in the same way according to their corresponding local models. A similar switching strategy using input as the decision variable is implemented to manage the controllers to give out an overall output of the controller bank. In this way, controller design of the complex nonlinear system is solved by designing sub-controllers for simple linear local models. Controller design for the second layer is carried out the same way using the information of the second layer model banks.

Tuning of the Second Layer Controller Banks
The key problem is that the performances of all the controller banks should be tuned to be similar. Only that way can the FTC strategy behave well when the controller bank is switched during faulty situations.
Among the three parameters which could be adjusted in MPC, penaltyR is the most sensitive one. After setting a standard performance in the nominal controller bank, other controller banks could achieve similar performances by adjustingR. Here we choose the convergence time as the index, and introduce binary search to finish the job to have a result as shown in Figure 6. The corresponding vector forR of each controller bank in Figure 6 is 0.0300 0.0149 0.1453 0.0755 0.0093 .

UKF Based FDI Strategy
The unscented Kalman filter was proposed by Julier and Uhlman in the context of state-estimation for nonlinear systems [26]. To avoid the linearization process in the famous extended Kalman filter (EKF), a finite set of weighed sigma points will be generated by the UKF to compute the predicted states and measurements and the associated covariance matrices [27]. Generally, the UKF estimates the states of nonlinear systems according the flowing steps.
Step 1: Determine the set of sigma points and calculate the corresponding weights.
where L is the dimension of state vector of the original system, Q and R are tuning parameters of the filter, λ is the scaling factor denoting the distance for choosing sigma points and W is the weight.
where f (·) and h(·) are the nonlinear system function and output function respectively.
Since the nonlinear system function is available in this paper, state estimation using UKF is easy to apply by giving the parameters of noise. To detect the fault, one can simply define the residual e as the difference between the system output and the estimated output and check if it exceeds a certain threshold.
To achieve the FTC using the proposed two-layer, multiple-model structure, a bank of unscented Kalman filters could be created to form a set of interval observers, which has the ability to isolate the fault and determine the faulty interval by checking the corresponding residuals.
where UKF denotes the unscented Kalman filter and f θi is a system function with the faulty parameter θ i . One thing should be noticed is that the isolation of the fault should be carried out when the effect of the fault is getting relatively stable. Otherwise, the result given in the transient period may not be trustworthy. For this reason, one defines an index z which equals to the absolute value of the derivative of residuals to determine if it is the time to do interval checking.
The FDI strategy would be implemented first by checking elements of z k,i to see if at least one of them exceeds the detection threshold. If it holds, a fault is detected while it is happening. Next would be checking z i step by step when all of its elements are not higher than the fault isolation threshold, which means estimations are stable and it is time to determine the fault interval. At this moment, residuals e k would behave with interval features. It is easy to find the two filters who hold the zero residual by checking if e k,i · e k,i+1 ≤ 0.
As is illustrated in Figure 7, a fault is introduced at 560 s. It is detected several seconds when one of z i beyond the threshold. After about 20 s, all of z i are reduced and below the threshold. At this moment, behaviors of the residuals become stable and it is easy to see that e 2 and e 3 cover the zero axis, indicating the fault value is in the assumed second interval. Thus the fault is isolated.

FTC Implementation with the Two-Layer, Multiple-Model Structure
After the preparation of the former sections, we have unified controller banks designed from homogeneous two-layer model banks. As the second layer model banks are concerned about faults, their corresponding controller banks have the ability to maintain system performance in particular faulty situations. The entire FTC strategy is shown in Figure 8. In the strategy, FDI section would monitor the real process using estimations given by interval UKFs and generate diagnostic information to guide the controller bank scheduler. When a fault is detected and isolated, there are two possible situations: the fault is in the assumed intervals or the fault is beyond the edges of the intervals. The first situation is the majority cases according to our design purpose. Like the case in Figure 7, the fault is diagnosed between the second and the third intervals.
It is determined from checking the indication term e 2 · e 3 that is less than zero, meaning the two values have different signs and thus cover the zero residual. To compensate the fault, the corresponding two controller banks are selected to give a weighted control output fro the faulty system. The weights are calculated using values of the residuals.
where w indicates the weight the controller bank, i is the index of the second layer controller bank and u denotes the control output. One special case in this "within-interval" situation is the one when e i · e i+1 = 0. It means the current system behaves exactly the same as one assumed faulty situation. Using (41) and (42) to calculate a new control signal is also valid because the corresponding weight will equal 1 to have suitable assignment.
For the "beyond-interval" situation, the term e i · e i+1 ≤ 0 does not hold, meaning the faulty system behaves beyond the worst situation. It is very rare and one can only activate the controller bank of the closest assumed faulty case to compensate the fault to some extent.

Simulation Results with Faults Affecting Heat Transfer Coefficient
The FTC strategies described in the former sections are simulated here. Key information about the HEX reactor, exothermic reaction and initial states of the simulation are listed in Table 1. Besides, concentrations of sodium the two reactants are both set to 9% in mass just as the experiments did. The input temperature of process fluid The input temperature of utility fluid 59.4 • C Four simulations are presented here. In Figures 9 and 10, faults are introduced at 1600 s. Heat transfer coefficient drops to 65% and 45% of its nominal value respectively. Control reference changes at 2400 s. Figures 9a and 10a show three independent simulation outputs of the HEX reactor, FTC on, FTC off and fault free cases. Figures 9b and 10b present corresponding control signals given by the controller banks. It can be seen from Figure 9 that when the fault occurs, no matter whether the FTC strategy is turned on or off, controller banks could bring the faulty system to the desired output. However, it performs slightly better when the FTC strategy is turned on. When the reference changed at 2400 s, all the controller banks reacted to that. The one in which FTC was turned on also behaved a little bit better than that when FTC was turned off. It was really close to the performance of the controller bank corresponding to the fault-free situation. That means the FTC strategy works and provides proper compensation to the faulty system. To demonstrate the effectiveness of the proposed design strategy, simulations with serious faults are presented. More obvious results are shown in Figures 10 and 11. One thing that should be noticed is that the faulty values were chosen randomly. They were used to do simulations to show that the proposed design strategy should work as soon as the faulty range is covered by the two-layer, multiple-model structure.   From Figures 10 and 11, we can see that more aggressive controls are given by the controller banks under the FTC strategy. It helps the faulty system to recover fast. Figure 11 belongs to the third case of the former section: the fault is severe and the faulty system behaves beyond the interval of the second layer model banks. Therefore, when the fault is detected, controller banks corresponding to the model bank with a preset-fault at 20%h are activated to handle the problem. Though it may not be the perfect FTC strategy, it is the optimal one under all the assumptions. Figure 12 presents a simulation result considering measurement noise for the case in Figure 10. It shows that the proposed FTC strategy also works well in a noisy situation. Other cases have the similar results under measurement noise.

Simulation Results with Faults Affecting the Temperature of Input Utility Fluid
Another simulation about the faults affecting the temperature of utility input was done the same way as in the former sub-section. According to previous assumptions, we measured only T p and manipulated only F u of the system. Other parameters were seen as constants. In this case, we considered that there was a fault, for instance, the failure of heater in utility source tank or the damage of the insulation material of that tank, which would affect the temperature of utility input.
In this simulation, we kept all the conditions as in Table 1. For the targeting parameter T uin , besides its nominal value 59.4 • C, four faulty situations were set at 57.2 • C, 55.0 • C, 52.8 • C, 50.6 • C. A fault, the temperature of the utility input dropping from its nominal value to 93% of that value (55.242 • C), was introduced at 3200 s.
Simulation results are presented below. In Figure 13, interval residuals calculated from UKF estimations show us the state of the system at each time point. It is clear that before the fault occurs at 3200 s, residuals of UKF1 are around zero, which means the system is in a normal state. When the fault comes, all UKFs have reactions. After the transient period, the intervals become stable and it is easy to see that residuals corresponding to UKF2 and UKF3 cover the zero axis, indicating the fault is in this interval. One thing interesting is that there are big fluctuations around 5000 s. Though their magnitudes are much higher than the changes before, the interval covering the zero axis stays unchanged before and after. This is because they are not caused by a fault, but the controller effect from a change in the reference input; see Figure 14.  Like the cases in Figures 9 and 10, the controller bank of the nominal model has the ability to maintain the system in a faulty situation to some extent. However, when the FTC strategy is applied, it switches to a suitable controller bank in faulty situations and presents better performance than the case when FTC strategy is turned off, which also illustrates the effectiveness of the proposed method.

Conclusions
In this paper, an intensified heat-exchanger/reactor is introduced and a fault tolerant control strategy using a two-layer, multiple-model structure is proposed for this system.
The HEX reactor points out a new direction for the development of classical batch reactors. However, its dynamics under chemical reactions are complex and of highly nonlinear. Traditional methods for its controller design are complicated and difficult. It is even more difficult when considering FTC applications. To handle this problem, a multiple-model approach and its divide-and-conquer strategy were used to construct a two-layer, multiple-model structure. Among this structure, the first layer considers a simple description of the nonlinear system and the second layer concerns faults. As the mathematical model is already available, virtual experiments could be done to generate enough IO data for the creation of multiple-model banks by using system identification method. Additionally, then, the model predictive control approach was used to design controllers by using the information of model banks. A switching strategy combines local models and local controllers to give out unified outputs of each model bank and controller bank respectively. The FDI section uses the unscented Kalman filter to estimate the states of the reactor and forms indexes to show the intervals of faults. For the FTC implementation, both switching and linear merging schemes are used according to the faulty situations. After the tuning of controller banks, the fault tolerant control of the HEX reactor was simulated in two kinds of faults. Simulation results proved the validity of the proposed FTC strategy. The complexity of handling the FTC design for the nonlinear systems is greatly reduced under the proposed method. However, an accurate nominal model of the system is still a pre-condition for applying it.

Acknowledgments:
The authors gratefully acknowledge financial support provided by China Scholarship Council (CSC).

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: