1. Field of Invention
This invention relates to what is generally known in the process industry as alarm management problem. Process alarms are integral part of process operation in every type and size of operation ranging from the simplest of the process to the complex refinery operation involving process alarms relating to tens of thousands if not more. Alarm management is an important aspect of ensuring environmental, equipment and personnel safety including product quality assurance. It pertains to the very essence of operating a modern day plant operation. Therefore, it is not surprising to find that alarm management ranks the top priority for the management in the entire chemical, refinery and other process industry. The more integrated and the more complex a process operation, the more demanding and challenging are the alarm management problem. The alarm management problem is invariably described in terms of “nuisance” alarms, “avalanche” of alarms, “flooding” of alarms etc. To redress these problems of alarm management, many approaches involving what is generally known in the industry as rationalization of alarms, proper configuration of alarms at the distributed control system (DCS), good documentation, operator training and in-depth root cause analysis off-line (post incidence) and on-line have been tried to a varying degree of success. Ironically, one of the common practice used is what is generally know as “alarm suppression” in the event of a serious plant situation to assist the operator in dealing with the problems at hand. On one hand this approach has validity whereas on the other hand it has the potential of suppressing an alarm or a group of alarm that might compromise safe operation and recovery. None of these various techniques and their combination has solved the problem of alarm management in its entirety. Everyone sees the problem with alarms but nobody knows how to approach it. In every attempt to tackle this multi-faceted alarm management problem, everyone is looking for a magic bullet, but none to be found. The present invention offers an innovative basic tool which has the potential to provide_a basis for tackling this otherwise_challenging problem area.
In almost all process operations, there is a process control system of some kind and there is an alarm system of some kind. Both these systems interrelate minimally. Alarm systems are considered strictly for safety albeit in a reactive and a rather too late condition whereas process control system is considered primarily for control of process operations as it relates to production of products. This is borne out from the fact that invariably when an unsafe operating condition arises in a plant, the advanced control system is taken off and the operator would intervene to bring the process back to safe condition. It is indeed ironic that the advanced control system with all its model predictive control capability as practiced in the prior art is not capable of alarm avoidance. Hereon the word alarm avoidance will be used strictly in the meaning of that is to keep alarm from happening or stay clear of alarm, and not suppressing. Therefore, in this invention alarm reduction is sought by alarm avoidance other than by alarm suppression. In other meaning, alarm avoidance herein means to prevent alarm limit violations by other than suppression. As disclosed in this invention, this shortcoming of the prior art advanced control system stems from the lack of inherent ability to perform what is described herein as dynamic model predictive control. A closer examination of the prior advanced level control system would reveal that there is no explicit consideration of when and how to control a process so as to avoid alarms from happening in the first place and secondly how to control a process so as to get out of or away from an alarm condition in an explicit and direct way. That is to prevent alarm violations in an explicit manner so as to affect the control actions and also to move the process to a safe condition when required by the operator. That is to say, an advanced process control that can solve a multivariable optimization problem of a large number of problems lacks a rudimentary capability to forestall an alarm conditioning from happening. On the other hand, even more elaborate and expensive alarm management system is incapable of assisting an operator in dealing with a true unsafe operating condition. In attempt to make an alarm management system to assist an operator under unsafe operating condition, a separate system such as in the guise of what is described in the industry as “intelligent” alarm management system are increasingly being deployed with limited success. This result in two systems each of immense complexity with minimal direct interconnections is given to the operator to control and manage the process with not much success.
The present invention offers a practical solution that would enable both normal process control and alarm management to be dealt in an integral manner in which alarm control (as against alarm management) becomes a control problem albeit with different characteristics and requirements than the control actions pertinent to optimization and control of production. Another way to state this is to say that the advanced control system based on the present invention would ensure safe operation of the unit no matter how hard the production is optimized. Doing so would enable the advanced control system to function as an alarm-preventing tool as well as alarm management system while it controls the process optimally. Thus, incorporating alarm control would alleviate many aspects of the alarm management problem. For instance, as disclosed later herein the invention offers a method whereby alarm reduction of up to 95-98 percent can be achieved that would eliminate the need for “deviation alarms” entirely while improving the controllability of the process under alarm conditions.
2. Background of the Invention
Since its inception in early 1980, the basic formulation of Model Predictive Control (MPC) has evolved as a bulwark of advanced control involving multi-variables, involving a number of manipulated variables, a number of controlled variables and a number of feed forward/disturbance variables as disclosed in U.S. Pat. No. 4,349,869. In its basic design, the prior art MPC, the controlled variables are controlled to low/high limits. By design, in the prior art, a MPC would certainly include safety related variables along with the product quality variables; for instance, it would have maximum skin temperature for a furnace or maximum reactor bed temperature for a reactor etc. However, due to the limitations of control actions, most of this safety related variables limits are safe-sided for the obvious reason that the advanced control system (ACS) is not capable of controlling the process to the limits reliably and robustly. Thus, the limits set in the advanced control system are invariably safe-sided to provide an operating safe margin. But, ironically, in many instances, unknown to the operator, the advanced control system actions would set up the process vulnerable to violate the true limits either by effects of its own actions or disturbance effects. Here there are two important issues, firstly the control limits used by the ACS are not the true limits and therefore can not be reliably used except with safe-siding; secondly even the most advanced of ACS lack capability to control a process so as to avoid the limit violations dynamically. For these two reasons, it is understandable that in the prior art; the true limits are seldom used. This renders the ACS not relevant to either preventing the alarms or affecting controls to get away from the violations once that happening.
Since MPC forms the bulwark of the advanced control in the industry hereon, we will use it to disclose the invention but not limiting to it in any way, however, what is disclosed herein is applicable to any other forms of control as well. Those skilled in the art would appreciate that the issues, the problems and the solutions are equally relevant to other types of advanced control system lacking what is disclosed herein.
In the prior art, the alarm limits are not taken into account at all except by way of safe siding in setting the controlled variables limits. In many instances, due to lack of robustness and stable closed operation, this safe siding from the true alarm limits is done purposely to avoid the limit violation which then conflicts with the objective of pushing the process to the production limits. This trade off between being able to be safe at all time and yet push the production to the limits at all time is compromised, either too much safe siding is done leading to inefficient operations or pushing the production too hard to expose the process to unsafe operating conditions. Therefore as disclosed herein later, in many instances, the prior art MPC would not perform optimally and robustly safely. In fact, as disclosed further herein, this safe siding from the alarm limit in itself does not really help, in fact in many instances it may hinder the controller ability to recover from the violation or in approach to it.