Fault Detection and Isolation System Based on Structural Analysis of an Industrial Seawater Reverse Osmosis Desalination Plant

Currently, the use of industrial seawater reverse osmosis desalination (ISROD) plants has increased in popularity in light of the growing global demand for freshwater. In ISROD plants, any fault in the components of their control systems can lead to a plant malfunction, and this condition can originate safety risks, energy waste, as well as affect the quality of freshwater. This paper addresses the design of a fault detection and isolation (FDI) system based on a structural analysis approach for an ISROD plant located in Lima (Peru). Structural analysis allows obtaining a plant model, which is useful to generate diagnostic tests. Here, diagnostic tests via fault-driven minimal structurally overdetermined (FMSO) sets are computed, and then, binary integer linear programming (BILP) is used to select the FMSO sets that guarantee isolation. Simulations shows that all the faults of interest (sensors and actuators faults) are detected and isolated according to the proposed design.


Introduction
Currently, to satisfy the growing global demand for freshwater, seawater desalination technologies are being widely applied due the significant reduction in desalination cost, as well as the technological improvements incorporated within the desalination process [1,2]. These technologies have increased the security of water supplies for millions of people, and thus, seawater has become the only consistent available water source to cope with the growing shortage of freshwater [3,4]. Consequently, the seawater desalination industry has emerged as a vital sector to meet the demand of freshwater in different regions of the globe [5,6]. This industry will play a progressively vital role in guaranteeing the worldwide water supply [7].
Basically, desalination is any process that separates salt water into two flows: one with a low concentration of dissolved solids and other minerals and the other containing the remaining dissolved solids and minerals (concentrated or brine flow) [8]. Two basic commercially available technologies have been widely used for seawater desalination: thermal evaporation and membrane separation [5].
In the last few years, membrane based separation technology has dominated the market, and consequently, the reverse osmosis (RO) membrane separation technique has been increasingly implemented in industrial seawater desalination plants due to its better performance in terms of less energy consumption, higher water recovery rate, and low operational costs [9].
represented by bipartite graphs. A graph is bipartite if its set of vertices can be separated into two disjoint sets Σ and X such that each edge has a connection in Σ and another in X.
The main assumption is that each component can be represented by a structural model composed of one or more equations; therefore, the variation of the behavior of at least one equation means that that component of the system is in a state of fault.
Definition 1 (System). A system Σ(z, x, f) is a set of n e equations relating z known variables, x unknown variables, and f faults.
The equations e k (z, x) ⊆ Σ(z, x, f), k = 1, . . . , n e , can be differential or algebraic in z and x.
Definition 2 (Structural model). The structural model of the system Σ(z, x, f) is a bipartite graph G(Σ ∪ X ∪ Z, A), or equivalently G(Σ ∪ X, A), where A ⊆ A and A is a set of edges such that a(i, j) ∈ A iff variable x i is involved in equation e j [28].
To show these concepts, an academic model Σ is presented. Σ = {e 1 , e 2 , ..., e 15 }, and these fifteen equations relate x = {x 1 , x 2 , ...x 10 } unknown variables and z = {z 1 , z 2 , ..., z 5 } known variables. The representation in a bipartite graph for this system is shown in Figure 1. A key tool for fault diagnosis using structural analysis is the concept of matching. A matching is a causal assignment that links an equation with an unknown variable, where this equation can be used to calculate this unknown variable [19].

Definition 3 (Matching).
A matching M between Σ and X is a subset of A of disjoint edges of a bipartite graph G. It is called complete matching with respect to Σ or X if |M| = |Σ| or |M| = |X| remains, respectively.
It is possible to find different matching for a specific bipartite graph; in Figure 2, a complete matching with respect to X (in bold edges) of the model Σ is shown. Dulmage-Mendelsohn (DM) decomposition provides important structural properties, in particular for bipartite graphs. Each graph G(Σ ∪ X, A) can be decomposed into three subgraphs [19]: Just-determined subgraph G 0 , with a complete matching, • Underdetermined subgraph G − , with a Σ-complete matching that is not X-complete.
Definition 4 (Structural redundancy). Given a bipartite graph, the structural redundancy ρ Σ of a set of equations Σ ⊆ Σ is defined as the difference between the number of equations and the number of unknown variables X [26].
The incidence matrix I(e i ,x j ) of the bipartite graph is used to represent this graph as a set A of edges in an algebraic manner. The rows of I(e i ,x j ) are the set of equations e i , and the columns are the set of the variables x j with i = 1, ..., m equations and j = 1, ..., n j variables. The edge (e i ,x j ) ∈ A is associated with a "1" in the intersection of row e i and column x j .

Structural Diagnosability
Analytical redundancy relations (ARRs) can be calculated when there are equations that are not necessary to match unknown variables in a system Σ. Any overdetermined subgraph G + contains more equations than variables, and such an equation can be used for residual generation. A residual, derived from ARRs, is generated from a subgraph G + using the excess equations once all unknown variables within G + are expressed in terms of known variables. When an expected value of an ARR is not met, a fault is detected.

Definition 5 (ARR).
An ARR is a constraint calculated from the system Σ(z, x, f) that contains only measured variables and can therefore be used for residual generation. ARRs can be obtained from Σ(z, x, f) by eliminating the unknown variables.
Definition 6 (Residual generator). A residual generator creates residuals by using the model Σ(z, x, f) and the known variables z. A residual is a signal that is zero when the system is fault free, and not zero when faults are present.
A minimal structurally overdetermined set (MSO set) can be used to generate an ARR given that the equation number exceeds the unknown variable number by one (structural redundancy of one), which means that only one residual generator can be developed. According to [27], the computation of MSO sets can be exponential according to the structural redundancy and system measurements.
One way to reduce this computational cost can be by calculating only the MSO sets of interest, that is reducing the calculation only to those impacted by faults. Hence, the concept of the fault-driven minimal structurally overdetermined (FMSO) set is useful.
Let the FMSO set ϕ, where Z ϕ ⊆ Z is the set of known variables of ϕ, X ϕ ⊆ X is the set of unknown variables of ϕ, and F ϕ ⊆ F is the set of fault support of ϕ, be defined as below. (2) no proper subset of ϕ is overdetermined [28].
As an example, for the academic model in Figure 1, if a fault f 1 is included in Equation (1), using Definition 7, there are 53 FMSO sets. Figure 3 shows the bipartite graph of the first FMSO set With this definition, given a fault f ∈ F, it is defined as a detectable fault if an FMSO set ϕ with f ∈ F ϕ exists. Given two detectable faults f i and f j of F (i = j), it is said that f i is isolable from f j if there exists a set ϕ such that f i ∈ F ϕ and f j / ∈ F ϕ . Then, a group of FMSO sets can be properly chosen to detect and isolate each detectable and isolable fault, respectively. It is clear that not all faults in F are necessarily detectable or isolable.
The algorithm for the calculation of FMSO sets presented in [28], allows the calculation of all the FMSO sets related to the set of faults of interest, which can be many in the case of large and complex systems, and as a result, the fault detection and isolation (FDI) system can be designed.

Brief Description of the Industrial Seawater RO Desalination Plant
The ISROD plant under study in this paper is located in Lima province (Peru), one of the extreme arid areas on the South American continent with an average annual rainfall of about 6.5 mm [30]. Therefore, the water supply to this region depends on the hydraulic resources from the catchments of the Chillón, Rímac, and Lurín rivers [30].
This plant has a freshwater production capacity in nominal operation of about 34,560 m 3 /day and provides new water supplies for industrial and domestic sectors. The technology applied in this plant is RO. The daily processed seawater volume by the plant is 76,800 m 3 ; of this volume, 42,240 m 3 of brine is sent back into the sea in a dispersive way. Thus, the conversion rate of the plant is 45%; this means that 45 L of guaranteed high quality freshwater are obtained from every 100 L of seawater.
The plant has the following subsystems: (1) seawater catchment, (2) pre-treatment, (3) RO, (4) post-treatment, (5) storage, and (6) brines management. The RO system is the most complex and the one that has the greatest importance in the production of quality fresh water [5]. Figure 4 shows a diagram of this industrial seawater RO desalination plant. The pretreatment subsystem is made up of the following items: feed pumps, flocculation/sedimentation to eliminate suspended material, dissolved air flotation (DAF) to eliminate potential algal biomass or potential hydrocarbons, granular media filtration (GMF), low-pressure ultrafiltration (UF) or microfiltration (MF) to eliminate suspended particulate matter, and additives tanks. The resulting permeate stream undergoes a post-treatment procedure consisting of the addition of conditioning chemicals and residual disinfection. The obtained brine flow is carefully dispersed into the sea. This plant has four membrane RO racks with a production capacity per racks of 8640 m 3 /day. Each membranes rack consists of 140 pressure vessels, and each one has seven aromatic polyamide membranes. Figure 5 shows a view of the RO racks, and Figure 6 exhibits a schematic of one of the pressure vessels of these RO racks.  This plant is equipped with the following sensors and actuators: pH sensors, pressure sensors, temperature sensors, flow sensors, conductivity sensors, ultrasonic level sensors, additive dosing pumps, high-pressure feed pumps, and control valves. The nominal operation pressure of each RO membranes rack is 69 bar. The retentate valve is used to adjust the retentate flow and the membrane rack pressure.
Each RO membrane rack is controlled by a PAC (programmable automation controller). The plant has also a SCADA (Supervisory Control And Data Acquisition) that performs the supervision of the overall desalination plant.

Modeling of the Seawater RO Desalination Process
For the design of fault tolerant controllers, mathematical models that adequately describe the performance of the processes to be controlled are needed [19]. These models can differ in complexity according to the intended applications [20].
Different mathematical models for the solvent and solute transport through the RO membrane have been proposed by researchers; see, e.g., [31][32][33]. The most widely applied model is the one based on a solution-diffusion transport mechanism [34]. Figure 7 shows the diagram of the RO process used to obtain the model. The mathematical modeling of the seawater RO desalination process presented in this section is based on first principles (mass, momentum, and energy balances), as well as on physical and chemical equations [22,27]. These equations have a set of parameters that need to fit in order to describe each specific RO process [22].
The osmotic pressure is represented by the equation [31]: where π is the osmotic pressure, R g is the universal gas constant, T is the temperature, and ∑ C i is the molar concentration of all constituents in a solution.
The overall fluid and solute (salt) mass balance equations are represented by [35]: where Q f is the feed stream, Q p is the permeate (solvent) stream, Q c is the brine (retentate) stream, C f is the salt concentration in the feed stream, C p is the salt concentration in the permeate stream, and C c is the salt concentration in the brine stream. The diffusion of water across a semi-permeable RO membrane is described as [32]: where J w is the water (permeate) flux, A w is the water permeability coefficient, ∆P is the pressure difference between the high concentration side and low concentration side of the membrane, and ∆π is the osmotic pressure difference across the surface of the membrane. The total permeate flow rate is obtained by: where A m is the area of each RO membrane and n m is the number of membranes. The diffusion of salt across a semi-permeable RO membrane is attained as follows [32]: where J s is the salt flux and B is the solute permeability constant. The performance of the RO membranes is evaluated by the following parameters [33]: the salt rejection ratio (SR): and the recovery ratio (R r ): The permeate concentration is obtained from Equation (6) as: The permeate flow and the salt flow are obtained from Equations (2) and (8) as: The evolution of the retentate stream velocity is obtained as [33]: where v r is the retentate stream velocity, A p is the pipe cross-sectional area, K m is the overall mass transfer coefficient, V is the system volume, v f is the feed stream velocity, ρ is the fluid density, and e vr is the retentate valve resistance.
The permeate stream velocity (v p ) is attained as [34]: where P sys is the system pressure, which is obtained as: The concentration polarization equation based on the film theory at the feed side membrane is expressed as [34]: where C m is the salt concentration at the feed side membrane surface. Equations (1)-(15) describe the steady-state performance of an RO process in a membrane module.

FDI System for the RO Desalination Plant under Study
As seen in Section 3, Equations (1)-(15) describe the steady-state performance of an RO process in a membrane module. To apply the structural analysis concepts presented in Section 2, it is necessary, first, to identify the known variables, the unknown variables, as well as the fault variables to be monitored and sum up the relations chosen for the FDI system design. The representation in a bipartite graph for this system is shown in Figure 8.  Applying Definition 1 to case study, the system Σ is composed of twenty equations, e 1 to e 20 , relating to unknown variables x = {Q f , Q p , Q c , C f , C p , C c , v f , v p , v r , J w , ∆P, ∆π, J s , P sys , C m }, which are internal plant variables, and the known variables z = {y Q f , y Q p , y Q c , y C f , y C p , y C c , y v f , y v p , y v r , }, which are sensors and actuators.

FMSO Sets' Calculation
As presented in Section 2, computing MSO sets, it is possible to find analytical redundancy relations (ARR) with minimal structural redundancy, that is the equation number exceeds the unknown variable number by one. However, it cannot be guaranteed that these sets are related to any of the faults of the set of interest [36].
In this sense, FMSO sets are calculated using Definition 7 and its calculation algorithm. With this, a total of 19 FMSO sets can be found following the search algorithm presented in [28].
These FMSO sets are shown in Table 1.

Fault Detection and Isolation
By definition, it can be stated that a fault f is detectable if there is an FMSO set ϕ whose set of faults F ϕ includes the fault under study f ∈ F ϕ .
Besides, as mentioned in Section 2, given two different detectable faults f i and f j , it is said that f i is isolable from f j if there exists a set ϕ such that f i ∈ F ϕ and f j / ∈ F ϕ . By applying these concepts to the fault signatures of all the FMSO sets found for the process under study, it is determined that each of the faults in the set of faults of interest belongs to one of the FMSO sets found, so it can be stated that all faults are detectable. However, not all faults can be isolated with the available known variables. To complete the design of the FDI system and select the FMSO sets, three faults that are not isolatable between them are grouped together in a mixed fault.
Faults that cannot be isolated from each other are displayed in Figure 9. It can be seen that from all 10 faults, seven are completely detectable and isolable, but three of them are not isolable from each other; these faults are considered as one mixed fault { f 7 , f 8 , f 9 }.

FMSO Sets' Selection by the BILP Method
Given the set of local FMSO sets calculated for the RO desalination plant, the BILP method, proposed in [27], is used for selecting FMSO sets to guarantee the maximum possible isolation for subsystem Σ. Applying this algorithm, a set of five FMSOs is selected for full detection and possible isolation of considered faults. The set of FMSO sets selected is shown in the following equation:

Residual Generation
Applying Definitions 5 and 6, all FMSO sets of Equation (16) are used to generate the five residual generators arr of the FDI system designed; for each FMSO ϕ, a complete matching M ϕ is selected; by definition, ϕ has exactly one equation out of the matching as its structural redundancy is one.
In this way, the extra equation within ϕ is used as a residual generator arr ϕ , and its expected value is null during nominal operation (fault free). The fault signature matrix of the FDI system designed is shown in Table 2.

Results and Discussion
The fault detection and isolation system for the four membrane RO racks was programmed in an industrial PAC controller that had the computational capacity to calculate the residual signals in real time from the signals of the known variables (sensors and actuators). See Figure 10. For simulation purposes, each fault of the set of faults of interest was introduced during operation for a time interval (t = 500-800 s) to evaluate the FDI system performance. In Figure 11, the residuals selected arr 1 , arr 6 , arr 7 , arr 9 , and arr 16 are shown in the presence of all faults considered. According to Figure 11, it follows that faults f 7 , f 8 , and f 9 are detected and isolated together with arr 1 directly because the corresponding equations that contain these faults (e 18 , e 19 , e 20 ) are contained only within the FMSO set ϕ 1 , as seen in Table 1, and the occurrence of any of these faults directly impacts only the residual arr 1 ; therefore, they are detectable, but not isolable; these faults are related directly to sensors y v f , y v p , and y v r . These sensors are used only for monitoring and fault diagnosis purposes; hence, with the occurrence of any of these faults, the control loop and therefore the operability of the plant are not critically compromised. However if it is required to isolate them individually, there are two possible solutions. One of them is hardware redundancy; this means adding sensors and consequently adding more known variables with which to calculate new FMSO sets to calculate extra residuals for isolation. The other solution is using software redundancy; this means designing observers whose observed variables are considered as known variables and, in this way, generating more FMSO sets to calculate extra residuals for isolation. For all other faults, a specific fault signature is required to detect and isolate them. For example, to detect fault f 1 , the ARRs arr 7 and arr 16 are monitored; however, to isolate fault f 1 from fault f 3 , which is also sensitive to ARRs arr 7 and arr 16 , it is necessary to additionally check the ARRS arr 6 and arr 9 ; in the same way, to isolate fault f 1 from fault f 10 , it is necessary to additionally monitor arr 9 .
Therefore, it was demonstrated that the designed FDI system based on structural analysis constitutes a useful tool to perform fault detection and isolation in industrial seawater RO desalination plants.
Finally, the FDI system designed was incorporated into the SCADA of the process that performs the supervision of the overall ISROD plant.

Conclusions
The design of a fault detection and isolation system based on structural analysis of an ISROD plant located in Lima (Peru) was developed. This FDI system is composed of five analytical redundancy relations obtained from five diagnostic tests. The latter were selected from a set of 19 candidate FMSO sets using the BILP method. The FDI system was tested by the simulation of the diagnostic tests obtained, validating that the 10 faults of the set of interest, which include 9 sensor faults and 1 actuator fault, can be detected. Our future work will focus on solving the problem of sensor placement in order to isolate the set of three faults that cannot be isolated from each other with the current ISROD plant instrumentation.
Author Contributions: All the authors contributed to the development of the experiments, the result analysis, and the writing and review of the paper. Specifically, J.S.-M. and R.R.-P. were in charge of the Introduction and state-of-the-art, G.P.-Z. and V.S.-Z. of the modeling and design of the FDI system, and G.P.-Z. and R.R.-P. of the overall ideas of the exposed research and the general conception of the paper. All authors read and agreed to the published version of the manuscript.
Funding: This research received no external funding.