Fault compensation effect in fault detection and isolation ACTA IMEKO ISSN: 2221-870X September 2021, Volume 10, Number 3, 45 - 53 ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 45 Fault compensation effect in fault detection and isolation Michał Bartyś1 1 Warsaw University of Technology, Institute of Automatic Control and Robotics, Boboli 8, 02-525 Warsaw, Poland Section: RESEARCH PAPER Keywords: Fault compensation effect; fault masking; fault isolation; diagnostics of processes; fault distinguishability Citation: Michał Bartyś, Fault compensation effect in fault detection and isolation, Acta IMEKO, vol. 10, no. 3, article 9, September 2021, identifier: IMEKO- ACTA-10 (2021)-03-09 Editor: Lorenzo Ciani, University of Florence, Italy Received January 25, 2021; In final form August 29, 2021; Published September 2021 Copyright: This is an open-access article distributed under the terms of the Creative Commons Attribution 3.0 License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Funding: This work was funded by the POB Research Centre for Artificial Intelligence and Robotics of Warsaw University of Technology within the Excellence Initiative Program - Research University (ID-UB). Corresponding author: Michał Bartyś, e-mail: michal.bartys@pw.edu.pl 1. INTRODUCTION The model-based diagnostics of industrial processes intensively makes use of residuals [1], [2], [3]. The residuals express to which extent measurements (observations) and outputs of a diagnosed system differ from expected system behaviour predicted by the reference model of the system. Figure 1 depicts the general block scheme exemplifying the basic workflow in the model-based fault detection and isolation approach (FDI) [1]. It generally consists of three consecutive steps: detection, isolation, and identification of faults. The main goal of fault detection is to detect the diagnosed system's abnormal behaviour, while the isolation (localization) points out the faults that potentially occurred. On the other hand, fault identification allows for recognizing the size of a fault. Frequently, fault identification is not of concern in industrial applications. Therefore, for simplicity, this step is not shown in Figure 1. To react appropriately to faults, the process operator or fault-tolerant control system demands univocal isolation of faults. However, this is not a trivial task. The discrepancies r (residuals) between model �̂� and process 𝐕 outputs are indicative of a potential fault or faults. However, this is true under the condition that residuals are sensitive to the faults [1], [2]. Furthermore, we assume that the diagnostic system is designed so that this postulate is met. Figure 1. A block diagram of the basic workflow in model-based fault detection and isolation approach (FDI). Notions: r - residuals, V - process outputs, V̂ - model outputs, s – diagnostic signals, f – faults. ABSTRACT This paper discusses the origin and problem of the fault compensation effect. The fault compensation effect is an underrated common side effect of the fault isolation approaches developed within the Fault Detection and Isolation (FDI) community. In part, this is justified due to the relatively low probability of such an effect. On the other hand, there is a common belief that the inability to isolate faults due to this effect is the evident drawback of model-based diagnostics. This paper shows how, and under which conditions, the fault compensation effect can be identified. In this connection, the necessary and sufficient conditions for the fault compensation effect are formulated and exemplified by diagnosing a single buffer tank system in open and closed-loop arrangements. In this regard, we also show the drawbacks of a bi-valued residual evaluation for fault isolation. In contrast, we outline the advantages of a three-valued residual evaluation. This paper also brings a series of conclusions allowing for a better understanding of the fault compensation effect. In addition, we show the difference between fault compensation and fault-masking effects. mailto:michal.bartys@pw.edu.pl ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 46 In the fault-free (normal) state of the diagnosed system, the residuals should converge to zero. However, considering the uncertainty of measurements and impreciseness of reference models applied, the residuals take values relatively close to zero. In practice, the residuals are being discretized through the constant or adaptive thresholding approaches [4]. As a result, the continuous or piecewise continuous residuals are converted into bi-, or three-valued crispy or fuzzy values referred to as diagnostic signals [5]-[7]. A set of diagnostic signal values associated with each particular fault creates its specific signature (pattern), typically taking the form of a column vector. The structure of signatures of all faults is referred to as the incidence matrix or structure of residual sets or diagnostic matrix [1]-[3], [5], [6]. The signatures allow for distinguishing faults under the condition that all signatures of all faults are unique. In general, this condition is not satisfied [5]. The main reason is that the number of measurements is lower than the total number of possible faults, including instrumentation and system components faults [6]. Therefore, we should accept the fact that some faults will remain undetectable or indistinguishable. We consider this feature a severe drawback of the model-based FDI approaches. To at least overcome this problem, many approaches were developed that allow for increasing fault distinguishability. However, it was proven in [5] that, in general, this task is unsolvable. With regard to functional safety [8], [9], there is defined tolerable risk. According to a commonly recognized definition [9], tolerable risk is "a level of risk deemed acceptable by society in order that some particular benefit or functionality can be obtained." By analogy, we can claim that by employing a model-based diagnosis, if the risk of either undetectable dangerous or safe faults is deemed acceptable, then the FDI makes sense. However, this involves presuming some simplifications and undertaking some assumptions. For example, frequently, the assumption regarding the infallibility of measurement devices or the credibility of observations is adopted [10]. It is a case in both branches of the model-based diagnostics developed by the FDI and DX research communities [11]-[13]. Later, in this paper, we assume the infallibility of measurement instruments. It may be explained, particularly for diagnosing industrial systems, employing high-reliability instruments exhibiting at least SIL1 safety integrity level. The rationality of this assumption reinforces statistics of failures of industrial equipment [14]. The aforementioned explanations justify to some extent the assumption commonly adopted in the FDI regarding the infallibility of instruments. Also, the assumptions regarding uncertainties of residuals, diagnostic signals, and models are discussed intensively in the context of FDI [2], [5], [7], [15]. The uncertainty of measurements is a fundamental problem of metrology. It has been discussed in series of publications for many years, i.e., in [16]-[18]. In the model-based diagnostics of processes, we have at least five different sources of uncertainties connected with measurements, models, residuals, residual evaluation, and fault- diagnostic signals relation. In fact, the problem of uncertainty is common for metrology and diagnostics. In diagnostics, the measurements are intensively used for residual generation (Figure 1). Therefore, the uncertainty of the measurements impacts the uncertainty of residuals. On the other hand, the residuals' uncertainty also depends on the uncertainty of the reference model of the diagnosed system. The uncertainty of the model indirectly reflects its grade of perfection. Therefore, uncertainties of measurements and models result in the uncertainty of the residuals. Later on, the residuals are evaluated and take the form of so- called diagnostic signals. Hence, the way how residuals are evaluated contributes to the overall uncertainty of diagnostic signals as well. Finally, the diagnosis is based on inference using fault- diagnostic signals relation, or subjective logic, or expert knowledge [2]. Thus, there is also an uncertainty in inferring about faults [15]. It is also important to mention that the complex problem of uncertainty of diagnosing has not been holistically solved yet. This paper deals mainly with the problem of the fault compensation effect and intends to expose some weaknesses of the FDI model-based diagnosing. The deliberations regarding the uncertainty of the fault compensation effect are beyond the scope of this paper. Therefore, keeping in mind the paper's main objective, the uncertainty of measurements will not be considered further. Several FDI methods assume and consider exclusively single faults [6]. This assumption is allowable for diagnosing relatively non-complex systems. According to Occam's scissor rule, the single faults in non-complex systems are more likely than multiple. While the fault compensation effect is not a property of a system with single faults, we focus our attention exclusively on multiple fault cases. In the case of diagnosing complex systems, multiple faults are more likely [20]. Therefore, in these systems, there is to expect occurrences of fault compensation effects. There is to mention that problem of the fault compensation effect is poorly represented in the literature. The fault compensation is the undesired and unpredictable side effect of multiple fault isolation based on signatures of all single faults, constituting multiple faults. This effect appears in all FDI approaches, in which multiple faults' signatures are obtained as the unions of signatures of all single faults constituting multiple ones [2], [6]. The union of bi-valued signatures is defined as a Boolean alternative of signatures of all faults creating multiple ones. By three-valued signatures, the union of single fault signatures is slightly more complex [20]. Developing multiple fault signatures based on single ones has some practical background. As far as the diagnosed system's phenomenological models are not available, the multiple fault signatures are not easy to obtain based on process data or process operators' expertise. Moreover, frequently some multiple faults have never been registered or ought not to appear for process safety reasons, e.g., in the nuclear power stations. However, for clarity, this paper will use an analytical phenomenological model to explain the fault compensation effect. The fault compensation is understood differently even within the FDI research community. Firstly, fault compensation is meant as an approach to sustain the system's nominal operation even when a fault occurs. This understanding of fault compensation is typical for the different Fault Tolerant Control (FTC) approaches [3]. For example, the unique approach towards FTC can be found in [21]. Here, the additional signals are superimposed on the controlled system's inputs to compensate for faults' effects. Over there, fault compensation refers to understanding a fault, preferably in terms of a specific disturbance imposed on the control system. It is important to mention that regular control loops have also embedded inherent compensating abilities for the small size ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 47 faults. The ability to compensate for faults impacts is frequently called the fault masking effect [22], [23]. This paper faces a different understanding of the fault compensation effect. Secondly, the fault compensation in FDI is understood as an effect of zeroing residuals values, despite faults [2], [20]. In other words, then the faults that occurred cannot be detected nor isolated based on residuals. Therefore, in this case, the FDI completely fails and, depending on conditions, the multiple faults cannot be temporarily or permanently isolated. As far as the following conditions hold: • residuals are sensitive to at least two single faults, • multiple fault signatures are unions of all single faults constituting multiple ones, • different single faults act on residuals in opposite directions, then the fault compensation effect may occur. It is to recognize that those conditions are easily satisfied in the majority of industrial FDI approaches. Therefore, we can conclude that fault compensation seems to become a significant practical problem. This statement implies inspiring motivation for a deep-in discussion of this effect in this paper. In conclusion, the FDI approaches to isolating multiple faults should be criticized as they may lead to misdiagnosis in a case of a fault compensation effect. The paper contributes both to the theory and practice. The primary outcome of the paper is the novel formulation of necessary and sufficient conditions for the fault compensation effect and, in turn, formulation of the sufficient condition for excluding this effect. The defined conditions contribute to the FDI theory and practice by proposing a method for seeking potential fault compensation effects by design or analyzing a diagnostic system. We also formulate a set of recommendations that have some practical meaning. They contribute and extend the set of good practices applicable to the design of diagnostic systems. The remainder of this paper is structured as follows. Section 2 describes a nominal model of a single tank system, which we intensively exploit in this paper. Section 3 presents an approach to fault detection and isolation based on an analytical description of the residuals in the inner form. Section 4 illustrates the fault isolation based on bi- and three-valued residuals. Section 5 discusses chosen results of the simulation, while Section 6 outlines the problem of the fault-masking effect. Finally, Section 7 summarizes the achieved results. 2. THE NOMINAL MODEL OF THE SYSTEM The fault compensation problem will be explained based on the example of the model-based diagnosing workflow of a simple open-loop control system shown in Figure 2. Let the diagnostic problem rely on isolating two single faults: leakage in the tank (fault f1) and obliteration of the outlet pipe (fault f2) as well as one double fault {f1 ∧ f2}. The double fault represents the faulty state where the leakage and obliteration take place at the same time. For simplicity, we assume that used instruments are infallible. Firstly, according to the schematic shown in Figure 1, we develop the process's nominal (reference) model in a fault- free state. For this reason, we propose the phenomenological model of the process. This model will be exploited further for the closed-loop control system too. Many other models are imaginable in this stage, including these, based on heuristic knowledge, fuzzy sets theory, fuzzy neural networks, and neural networks [1]-[3], [5], [7]. Next, we assume the availability of measurements shown in Table 1, except optional flow rate F1. In a fault-free state, for incompressible and inviscid liquid, the fluid accumulation in the tank is equal to the difference of inflow and outflow volumes. Hence, the liquid volumetric inflow rate 𝐹0 is equal to 𝐹0 = 𝐴 𝑑𝐿 𝑑𝑡 + 𝛼𝑆√2𝑔𝐿 , (1) where 𝐴 is the cross-sectional area of the tank, 𝐿 is the liquid level in the tank relative to the outlet pipe axis, α is the outflow contraction coefficient, S is the nominal cross-sectional area of the outlet pipe, and g is the gravitational constant. Eq. (1) will be further referred to as the nominal model of the process. 3. FAULT DETECTION Generally, fault detection should indicate whether the fault or faults occurred or not. We assume that a discrepancy between the nominal and process outputs will occur in a faulty state. However, this is true under two essential conditions: • residuals are sensitive to the faults which occurred; • the fault compensation effect does not take place. The paper's objective is principally concerned with the second condition. To obtain residuals, we assume three faults listed in Table 2. Next, we develop the model of the diagnosed system in the so-called inner form [6], i.e., in the way which reflects the impacts of faults. 𝐹0 𝑓 = 𝐴 𝑑𝐿 𝑑𝑡 + 𝛼𝑆√2𝑔𝐿 + 𝑓1𝛼𝑙 𝑆√2𝑔(𝐿 − 𝐿𝑙 ) − 𝑓2𝛼𝑆√2𝑔𝐿 , (2) where 𝐹0 𝑓 is the tank inflow rate in a faulty state; αl is the leakage outflow contraction coefficient; 𝐿𝑙 is the distance from the center of the area of leakage orifice to the axis of outlet pipe; 𝑓1 = 𝑆𝑙 /𝑆; 𝑓2 = 1 − 𝑆𝑜/𝑆; Sl is the cross-sectional area of the leakage orifice; 𝑆𝑜 is the cross-sectional area of the outlet pipe. While residual 𝑟 = 𝐹0 − 𝐹0 𝑓 , then from (1) and (2) we obtain: 𝑟 = −𝑓1𝛼𝑙 𝑆√2𝑔(𝐿 − 𝐿𝑙 ) + 𝑓2𝛼𝑆√2𝑔𝐿 . (3) Figure 2. The schematic of the process considered for diagnosing. ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 48 Therefore, the residual r equals zero if the model and process outputs are identical. However, this cannot be interpreted unambiguously as a fault-free state of the system, while the residual r may also take zero value in a faulty state due to the impact of faults on residuals. Nevertheless, this effect occurs exclusively for multiple faults. From (3), we can easily withdraw a simple condition for fault compensation effect. 𝑓1 𝑓2 = 𝛼 𝛼𝑙 √ 𝐿 (𝐿 − 𝐿𝑙 ) . (4) The probability of the fault compensation effect is relatively low. However, this effect is the reason for false-negative fault isolation, and therefore, it should be avoided as far as possible. This paper shows how it may be possible. The following observation would be helpful here: the effect of fault compensation does not occur for single faults and for those multiple faults for which all residuals are unidirectionally affected, i.e., possess the same sign. From this observation, we can draw some practical conclusions. Conclusion 1. The design of the diagnostic systems in which residuals are sensitive exclusively to single faults is strongly recommended for FDI because it avoids fault compensation effects. Conclusion 2. Consideration of residual signs may help increasing achievable fault distinguishability while bringing additional useful knowledge for diagnostics. Conclusion 1 corresponds well with an idea for developing a family of intelligent single fault detectors [24] and with the concept of the diagonal structure of residual sets proposed in [6]. However, it sounds slightly unrealistic in nowadays world. Therefore, the question arises on how we can avoid fault compensation effects if they are typical even for elementary processes, as shown in Figure 2. There is no good general answer to this question. Nonetheless, we can consider some productive actions. According to Conclusion 1, the excellent solution seems to have an equal number of nominal models with the number of single faults, such that each model would be referred exclusively to one fault. Let us now consider the same system as in Figure 2. The only difference is that we now will use the additional flow rate instrument, i.e., F1. Now, the nominal partial models of the process are { 𝐹0 = 𝐴 𝑑𝐿 𝑑𝑡 + 𝐹1 𝐹1 = 𝛼𝑆√2𝑔𝐿 , (5) The models in the inner form reflecting the impact of faults are { 𝐹0 𝑓 = 𝐹0 + 𝑓1𝛼𝑙𝑆√2𝑔(𝐿 − 𝐿𝑙 ) 𝐹1 𝑓 = 𝐹1 − 𝑓2𝛼𝑆√2𝑔𝐿 . (6) From (6), we obtain residuals: { 𝑟1 = −𝑓1𝛼𝑙 𝑆√2𝑔(𝐿 − 𝐿𝑙 ) 𝑟2 = +𝑓2𝛼𝑆√2𝑔𝐿 (7) As can be easily seen from (7), each residual is sensitive exclusively to a single fault. It promises to avoid the fault compensation effect at the expense of an additional flowrate measurement instrument. In this case, the double fault is easily recognizable (isolable) because both residuals (𝑟1 and 𝑟2) adopt non-zero values and opposite signs. From the above considerations, it follows that: Conclusion 3. There is a trade-off between the quality of diagnoses and the number of sensors (instruments) applied in real-world systems. It should be mentioned that by the limited availability of sensors, the solution of the sensor placement problem would help maximize fault distinguishability and minimize fault compensation effects [25], [26]. 4. FAULT ISOLATION The primary goal of fault isolation is to indicate the faults that occurred in the process. This diagnosing step is frequently called fault location or simply diagnosing. Diagnosing requires a knowledge of the relation between the faults and diagnostic signals. We can express this relation in the analytical form, for example, as in (3) and (7). If the analytical relations are unknown, the process graphs (GP) [27] could be helpful. The process graph is a directed bipartite graph used in workflow modeling. In considered case, vertices of the GP graph represent disjunctive sets of process states and faults. The graph's edges link the faults with the states and between states, thus reflecting the process flow. The GP graph is handy for analyzing the qualitative impact of faults on process states. Physical or virtual quantities represent the process states. In particular, the process states may be represented by measurements. Figure 3 depicts the GP graph developed for the single tank open-loop control system shown in Figure 2. This graph reflects equation (3) and refers to a situation where flow rates F0 and F1 are not available. From this graph, it can be seen that both single faults act in opposite directions on the liquid level. Therefore, both faults may mutually compensate for their impacts. Based on this statement, we will formulate two practical conclusions. Conclusion 4. The possibility of the occurrence of the fault compensation effect is immediately detectable from the directed graph of the process. Conclusion 5. It is necessary for fault compensation if at least one vertex in the GP graph is linked directly with fault vertices by edges labeled with opposite signs. The GP graph derived from equation (7) takes the shape shown in Figure 4. Table 1. List of available measurements. Item Symbol Measured quantity 1 F0 liquid volumetric inflow rate 2 L liquid level 3 F1 liquid volumetric outflow rate (option) Table 2. List of considered faults. Item Symbol Fault 1 f1 leakage from the tank 2 f2 obliteration of the outflow pipe 3 f1 ⋀ f2 leakage and obliteration https://en.wikipedia.org/wiki/Directed_graph https://en.wikipedia.org/wiki/Bipartite_graph https://en.wikipedia.org/wiki/Workflow https://en.wikipedia.org/wiki/Conceptual_model ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 49 In Figure 4, both faults are linked with different graph vertices. Therefore, the necessary condition for fault compensation is not satisfied. In this case, the double fault bi- valued signature based on the union of single fault signatures is correct and may distinguish single and double faults. From the above considerations, it follows the demand for reliable instrumentation. Conclusion 6. Avoidance of fault compensation effect is highly demanding on reliable measurements. The quantitative fault isolation needs to deploy the incidence matrix [6]. The usability of the GP graph in this scope is very limited. It provides only a cause-and-effect qualitative description of the process. The incidence matrix reflects the relation between faults and diagnostic signals. The question is, why are diagnostic signals being used instead of residuals? Principally, fault isolation is the process of inference about faults that uses some logical rules. Usually, Boolean or Lukasiewicz n-valued or fuzzy logic is applied. Therefore, there is necessary to transform continuous residuals into discrete logical values or a finite set of predefined fuzzy membership functions. For these goals, we use the constant or adaptive discrimination thresholds [4]. In this paper, we will limit our considerations exclusively to elementary, however practicable, thresholding of residuals, which introduces some dead zones to residual values. For the binary assessment of residuals, we will further apply the formula: 𝑠 = { 0 ← |𝑟| < 𝑇h 1 ← |𝑟| ≥ 𝑇h , (8) while for the three-valued assessment of residuals, we will use: 𝑠 = { −1 ← 𝑟 ≤ −𝑇h 0 ← |𝑟| < 𝑇h +1 ← 𝑟 ≥ 𝑇h , (9) where: s is the diagnostic signal and Th is an arbitrarily chosen nonnegative threshold. According to (8) and (9), the diagnostic signals are bi- or three-valued. The robustness of fault isolation, among others, can be characterized by the rate of false-positive and false-negative diagnoses. The false-positive diagnoses indicate non-existing faults, while false-negative diagnoses do not indicate existing faults. As one can infer from formulas (8) and (9), the introduction of dead zones immunizes somehow diagnostic signals against uncertainties and noise, however, at the expense of loss in sensitivity and elongation of fault isolation time. This paper will discuss both (8) and (9) residual evaluation approaches in the context of the fault compensation effect. We will show that fault compensation under some conditions may be determined from the incidence matrix. First, let’s refer to the incidence matrix presented in Table 3. Here, the entries are bivalued as in (8). Therefore, this matrix is also referred to as a binary diagnostic matrix (BDM) [6]. It contains reference diagnostic signal values (signatures) expected by the occurrence of a fault or faults. In Table 3, all signatures of all considered faults are identical. Therefore, in a faulty system state, we cannot point out which fault or faults occurred. In other words, all three faults from the Table 3 are indistinguishable. Hence, the quality of obtained diagnosis is unacceptable. Moreover, based on Table 3, we cannot verify the hypothesis regarding the fault compensation effect. This simple example leads to the following conclusion: Conclusion 7. The binary diagnostic matrix itself is useless for the recognition of a fault compensation effect. Next, we discuss the case of the three-valued incidence matrix shown in Table 4. Here, the values of reference diagnostic signals of a double fault are in the set of all reference diagnostic signals of single faults constituting multiple faults, including the fault- free state. For example, diagnostic signal s in Table 4 may have three alternative values -1 or 0 or +1. The complete procedure of synthesizing multiple fault reference signatures based on single fault reference signatures is described in [20]. Now, we can easily distinguish single faults f1 and f2 because reference signatures of both faults are distinctive. However, both single faults are conditionally indistinguishable from a double fault. Moreover, the double fault may not distinguish from the process's fault-free state by diagnostic signal (s = 0). The fault compensation effect, if any, will manifest by (s = 0). Therefore, fault-free state, double fault state, and fault compensation effect are still indistinguishable. However, there is to mention that under some conditions: Figure 3. The GP graph is reflecting the qualitative impact of faults on the values of process variables. A circle coloured in yellow depicts the available measurement. Figure 4. The GP graph for the single tank system reflecting the additional flowrate measurement F1. Table 3. Diagnostic matrix for binary discretized residual (2). F/s fault-free f1 f2 f1 ∧ f2 s 0 1 1 1 Table 4. Trinary diagnostic matrix for residual (2). F/s fault-free f1 f2 f1 ∧ f2 s 0 -1 +1 -1, 0, +1 ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 50 Conclusion 8. The incidence matrix containing three-valued reference diagnostic signals allows for indicating the possibility of fault compensation effect. Based on Conclusion 8, we now formulate a necessary and sufficient condition for the possibility of a fault compensation effect by three-valued reference diagnostic signals. Condition 1. The necessary and sufficient condition for fault compensation. The complete set of diagnostic signals {-1,0,+1} of at least one entry of signature of a multiple fault is necessary and sufficient to indicate the possibility of a fault compensation effect. In the case of bi- and three-valued reference diagnostic signals, we can formulate a sufficient condition for excluding fault compensation. Condition 2. The sufficient condition for excluding fault compensation. It is sufficient for excluding the possibility of fault compensation if a submatrix consisting exclusively of signatures of single faults is diagonal. However, this condition is relatively difficult to meet in practice. Therefore, most diagnostic systems based on either binary or trinary evaluation of residuals are exposed to fault compensation that degrades their diagnostic credibility. However, the degree of degradation is much less by three-valued incidence matrices [20]. The necessary and sufficient condition for excluding fault compensation implies: Conclusion 9. Single row incidence matrices do not allow for unambiguous indication of the possibility of fault compensation effect independently, whether diagnostic signals are bi- or three- valued. Let us now discuss the case of a diagnostic system for which the GP graph is depicted in Figure 4. The appropriate binary and trinary diagnostic matrices are shown respectively in Table 5 and Table 6. Now, the binary diagnostic matrix allows for uniquely distinguishing all considered faults. In this case, the fault compensation effect will not occur. Similarly, the three-valued diagnostic matrix depicted in Table 6 allows for uniquely distinguishing all faults. Here, the fault compensation effect does not take place because Condition 1 does not hold. As can be seen, the submatrices of the diagnostic matrices depicted in Table 5 and Table 6 consisting exclusively of single fault signatures are diagonal. Therefore, all multiple fault signatures, which signatures are the unions of signatures of all single faults constituting the multiple ones, are distinguishable independently whether they are bi- or three-valued. After this, we reinforce Condition 2. Conclusion 10: The diagonal structure of the diagnostic matrix of single faults avoids the fault compensation effect. The condition formulated in the given above conclusion is, however, almost unrealistic to implement in practice. While the bi-valued diagnostic signals are useless for the recognition of fault compensation effects (Conclusion 7), it is strongly recommended to design three-valued incidence matrices because they allow for the indication of possible fault compensation effects (Conclusion 8). The above recommendation is postulated mainly for the newly developed diagnostic systems. Implementing this recommendation for running diagnostic systems is imaginable, although less realizable because of the necessity of installing additional instrumentation. On the other hand, the intensive implementation of intelligent fault diagnosing devices [20] combined with implementing embedded diagnostics ideas [28][28] allows for the successive rejection of fault compensation problems from the area of interests of FDI. 5. SIMULATIONS The simulations were performed to exemplify the fault compensation effect using a model of a single buffer tank depicted in Figure 2. The simulation model was developed in the Matlab-Simulink environment. The resulting flowchart of the simulation of the liquid storing and distributing process is shown in Figure 5. The model generates an output vector whose components include liquid level, inflow and outflow rates, residua, and diagnostic signals. The liquid level depends on inlet and outlet liquid rates, leakages, and obliteration of pipe. Therefore, the tank's liquid level can determine by integrating the dynamic liquid accumulation, i.e., by integrating the difference in the flow rates of liquid entering and leaving the tank. As assumed earlier, only one potential double fault is considered in this case. The simulations of two different double fault scenarios were performed. Each of them exemplifies a fault compensation effect. We designed the first scenario to show a possibility of the permanent inability for the precise diagnosis by reasoning based on the three-valued diagnostic matrix shown in Table 4. It depicts the diagnostic matrix, which meets the necessary and sufficient conditions for a fault compensation effect. This scenario will also consider the three-valued diagnostic matrix shown in Table 6, which meets a sufficient condition for excluding fault compensation effect. In connection with the first one, the second scenario shows the different timed processes of tightening diagnoses even for the same diagnostic matrices. This scenario shows that diagnostic matrices admittedly allow for searching for potential fault compensation effects but do not directly reflect the transients of diagnoses. Scenario 1. Consider two incipient faults: leakage 𝑓1 and pipe obliteration 𝑓2 as in Figure 6. The obliteration starts to grow immediately after the simulation gets started. The leakage begins to grow at the time instant 0.50∙105s. Therefore, the double fault originates in this time moment. The slopes of both faults are selected in such a way as to show the fault compensation effect. In this case, both faults impact residual r bringing its value close to zero for the whole simulation period, as shown in 6. The liquid inflow rate F0 swings around a constant value within ±10% limits. Residuals are three-valued. The diagnostic signal s, (3), and diagnostic signals s1 and s2, (7), are determined based on a fixed arbitrary chosen threshold Th = 5%. Table 5. Diagnostic matrix for binary evaluated residuals (7). F/s fault-free f1 f2 f1 ∧ f2 s1 0 1 0 1 s2 0 0 1 1 Table 6. Diagnostic matrix for trinary evaluated residuals (7). F/s fault-free f1 f2 f1 ∧ f2 s1 0 -1 0 -1 s2 0 0 +1 +1 ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 51 Discussion: Table 7 summarizes the results of simulations, while Table 8 shows the obtained diagnoses. Diagnose D0 is based on the bi-valued diagnostic matrix shown in Table 5. Diagnose D1 is derived from the tri-valued diagnostic matrix shown in Table 4, while D2 is based on the tri-valued diagnostic matrix shown in Table 6. Despite fault compensation, diagnoses D0 and D2 finally isolate correctly double fault, however with a significant time delay. This time will be shorter if choosing a lower value of the threshold Th. Intermediate diagnosis 𝑓2 is not correct; however, it is not false. In turn, the diagnosis D1 is ambiguous, i.e., delivers much less useful information regarding faults, independently of whether the fault occurs or not. Scenario 2. Consider a case like in scenario 1 depicted in Figure 7. The only difference is that in this case, both faults impact residual r, shifting its value far away from zero. Moreover, different slopes of faults cause the reversal of the time sequence of diagnostic signals s1 and s2. It also influences the evolution of double fault diagnosis differently compared to scenario 1. Discussion: Table 9 summarizes the diagnostic signals obtained from simulations while Table 10 contains the obtained diagnoses. Diagnoses D0 and D2 finally isolate correctly double fault, however with a significant time delay. The only difference to scenario 1 is that the single fault f1 is detected before f2. In turn, the D1 diagnosis is slightly more valuable than D1 in the previous scenario. However, it is still far away from the quality of the D0 and D2 diagnoses. The diagnosis D1 is correct here, although pointed out faults are indistinguishable. Analyzing the results of both scenarios, we can draw a practical conclusion. Conclusion 11: It is advantageous to design a three-valued diagnostic matrix such that the elements of multiple fault signatures contain as few alternative values as possible. 6. FAULT MASKING EFFECT As long as the process variable tracks the setpoint within some predefined limits, either the process operator or alarm system does not have any particular reasons to react. In closed-loop systems, the effects of faults are compensated for by controller action as long as the system is controllable. Therefore, the fault- masking effect is frequently understood as an effect of faults' invisibility to process operators or alarm systems [22], [23]. In other words, the difference between the setpoint and process value may not be sensitive nor indicative of faults. Here, the question arises: do the model-based fault diagnostics discussed earlier for the open control system is still valid if we close the loop? Figure 5. Simulation diagram of a single buffer tank process Figure 6. Example of a simulation of a double fault. Notation: F0 - liquid inflow rate - dark blue line; L – liquid level - blue line; f1 – leakage fault - blue line; f2 – obliteration fault – red line; r1– dotted red line; r2 – dotted blue line; r – purple line; diagnostic signals: s1 – blue; s2 – red; s – purple. Interval of the fault compensation effect 0.84 … 2.0∙105 s. Table 7. Diagnostic signals values (scenario 1). Time s ∙ 105 0.00 0.50 0.50 0.84 0.84 1.14 1.14 2.00 s1 0 0 0 -1 s2 0 0 +1 +1 s 0 0 0 0 Interval of the duration of fault compensation effect: 0.84 ... 2.0∙105 s Table 8. Obtained diagnoses (scenario 1). Time s ∙ 105 0.00 0.50 0.50 0.84 0.84 1.14 1.14 2.00 D0 ∅ ∅ 𝑓2 𝑓1 ∧ 𝑓2 D1 ∅, 𝑓1 ∧ 𝑓2 ∅, 𝑓1 ∧ 𝑓2 ∅, 𝑓1 ∧ 𝑓2 ∅, 𝑓1 ∧ 𝑓2 D2 ∅ ∅ 𝑓2 𝑓1 ∧ 𝑓2 Table 9. Diagnostic signals values (scenario 2). Time s ∙ 105 0.00 0.82 0.82 0.90 0.90 1.35 1.35 2.00 s1 0 -1 -1 -1 s2 0 0 +1 +1 s 0 0 0 -1 Interval of the duration of fault compensation effect. 0.82 ... 1.35∙105 s Table 10. Obtained diagnoses (scenario 2). Time s ∙ 105 0.00 0.82 0.82 0.90 0.90 1.35 1.35 2.00 D0 ∅ 𝑓1 𝑓1 ∧ 𝑓2 𝑓1 ∧ 𝑓2 D1 ∅, 𝑓1 ∧ 𝑓2 ∅, 𝑓1 ∧ 𝑓2 ∅, 𝑓1 ∧ 𝑓2 𝑓1, 𝑓1 ∧ 𝑓2 D2 ∅ 𝑓1 𝑓1 ∧ 𝑓2 𝑓1 ∧ 𝑓2 Figure 7. Example of a simulation of a double fault. Interval of the fault compensation effect 0.82 … 1.35∙105 s. Notations as in Figure 6. ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 52 To answer this question, we close the loop of the system shown in Figure 2. The modified control system is presented in Figure 8. The liquid inflow rate into the buffer tank is controlled by a control valve driven by a PI controller. The controller, employing the control valve, adjusts the liquid inflow rate into the tank keeping the liquid level close to the setpoint value. Thus, in case of leakage, the controller increases the inflow to compensate for additional liquid demand. In turn, in the case of obliteration, the controller throttles the liquid inflow to keep demanded liquid level in the tank. The GP graph of the closed-loop control system is shown in Figure 9. This graph contains additional vertices reflecting actuator fault f3, position AV of the control valve stem, and arcs representing controller-in-the-loop. The actuator tracks the controller output CV. For simplicity, we assume the infallibility of the PI controller. Let us assume a trivial static model of an actuator. The nominal model of the actuator is therefore AV=CV. The actuator fault manifests in a discrepancy between AV and CV values. Let us assume now an additive actuator fault. Hence, the model of the actuator in an inner form equals 𝐴𝑉 = 𝐶𝑉 ± 𝑓3 → 𝑟3 = ±𝑓3 . (10) As shown in Figure 9, all faults are associated with observable (measurable) vertices. Hence, the diagnostic matrix of single faults will take the diagonal shape, and in consequence, all single and multiple faults are isolable. The three-valued diagnostic matrix for the modeled control system depicts Table 11. Following Condition 2, we exclude the impact of faults on residual values in this case. Therefore, the fault compensation effect does not take place. Figure 10 depicts the result of a simulation of a triple fault, i.e., slowly increasing obliteration 𝑓2 starting at the time instant 0, slowly increasing leakage 𝑓1 starting at the time instant 0.5∙10 5 s and abrupt actuator fault 𝑓3 appearing at the time instant 1.0∙105 s. Signal s3 represents the diagnostic signal of residual r3. The summary of isolated faults is shown in Table 12. As can be seen, closing the loop does not degrade the system's diagnostic properties as far as Condition 2 holds. 7. FINAL REMARKS There were defined necessary and sufficient conditions for fault compensation effect, allowing for identification of the possibility of appearing of this effect based on analysis of incidence matrix. In addition, a complementary condition of excluding the fault compensation effect was also formulated. In this connection, some practical recommendations and hints regarding the design of diagnostic systems were proposed. Summing up the results of the discussion and performed simulations, we can conclude that: • The fault compensation effect is a common problem for model-based FDI diagnostic approaches. • The fault compensation effect manifests exclusively for multiple faults. • The fault compensation effect is an unwanted side effect originating from adopting an assumption regarding the generation of signatures of multiple faults based on unions of signatures of single fault signatures. • Neglecting fault compensation effect leads to false or temporarily false diagnoses. • Fault compensation problems should be considered, particularly in the case of slowly developing incipient faults. • Application of the three- instead of bi-valued diagnostic signals for reasoning about faults is irrelevant regarding the possibility of fault compensation effect. • Fault compensation effect results from the fault reasoning method applied and should be distinguished from the fault- masking effect. Table 11. Diagnostic matrix for a liquid control system depicted in Figure 8. F/s fault- free f1 f2 f3 f1 ∧ f2 f1 ∧ f3 f2 ∧ f3 f1 ∧ f2∧ f3 s1 0 -1 0 0 -1 -1 0 -1 s2 0 0 +1 0 +1 0 +1 +1 s3 0 0 0 ±1 0 ±1 ±1 ±1 Figure 8. A closed-loop liquid level control system. Notions: SP - setpoint; CV - control value; PI – proportional-and-integral controller; AV - positioner feedback signal. Figure 9. The GP graph of the closed-loop system reflecting the qualitative impact of faults on the values of process variables. Figure 10. Example of a simulation of a triple fault. Notations: f3 – actuator fault - purple line; r3 – purple dotted line; s3 – diagnostic signal – purple line. The remaining notions as in Figure 6. Table 12. Obtained diagnoses for closed-loop liquid level control system. time s ∙ 105 0.00 0.82 0.82 0.85 0.85 1.00 1.00 2.00 D ∅ 𝑓1 𝑓1 ∧ 𝑓2 𝑓1 ∧ 𝑓2 ∧ 𝑓3 ACTA IMEKO | www.imeko.org September 2021 | Volume 10 | Number 3 | 53 Further research will focus on developing a theoretical framework encompassing fault compensation aspects described in this paper. REFERENCES [1] J. Korbicz, J. M. Kościelny, Z. Kowalczuk, W. Cholewa, Fault Diagnosis. Models. Artificial Intelligence. Applications, Springer 2004, ISBN: 3540407677. [2] J. M. Kościelny, Process Diagnostics Methodology, in J. Korbicz, J. M. Kościelny, Z. Kowalczuk, W. Cholewa, W. (eds.), Fault Diagnosis. Models. Artificial Intelligence. Applications, Springer, 2004, ISBN: 3540407677. [3] M. Blanke, M. Kinnaert, J. Lunze, M. Staroswiecki, Diagnosis and Fault Tolerant Control, Springer Verlag, New York, 2015, ISBN: 978-3-540-35653-0. [4] K. Patan, J. Korbicz, Nonlinear model predictive control of a boiler unit: A fault-tolerant control study, International Journal of Applied Mathematics and Computer Science, 22(1) (2012), pp. 225-237. DOI: 10.2478/v10006-012-0017-6 [5] M. Bartyś, Chosen Issues of Fault Isolation, Polish Scientific Publishers, PWN, 2014, ISBN: 9788301178109. [6] J. Gertler, Fault Detection and Diagnosis in Engineering Systems, Marcel Dekker Inc., New York, 1998, ISBN: 0824794273. [7] M. Bartyś, Generalized reasoning about faults based on the diagnostic matrix, International Journal of Applied Mathematics and Computer Sciences, 23(2) (2014), pp. 407-417. DOI: 10.2478/amcs-2013-0031 [8] D. Smith, K. Simpson, Functional Safety, Taylor & Francis Group, London, 2004, ISBN: 9780080477923. DOI: 10.1016/S0019-0578(01)00011-8 [9] E. Marszal, Tolerable risk guidelines, ISA Transactions, 40(3) (2001), pp. 391-399. [10] J. Kościelny, M. Bartyś, A. Sztyber, Diagnosing with a hybrid fuzzy–Bayesian inference approach, Engineering Applications of Artificial Intelligence 104(2021), art. no. 104345, pp. 1-11. DOI: 10.1016/j.engappai.2021.104345 [11] L. Travĕ-Massuyĕs, Bridges between diagnosis theories from control and AI perspectives, in: Intelligent Systems in Technical and Medical Diagnostics, Springer, Heidelberg, 230, 2014, pp. 441–452, ISBN: 9783642398810. [12] J. de Kleer, J. Kurien, Fundamentals of model-based diagnosis, IFAC Proceedings Volumes 36(5) (2003), pp. 25–36. DOI: 10.1016/S1474-6670(17)36467-4 [13] J. Su, W. Chen, Model-based fault diagnosis system verification using reachability analysis, IEEE Transactions on Systems, Man, and Cybernetics: Systems 49(4) (2019), pp. 742–751. DOI: 10.1109/TSMC.2017.2710132 [14] C. Kaidis, Wind turbine reliability prediction, Uppsala University, report (2003), pp. 1-72. [Online] Accessed 27 August 2021 http://www.diva- portal.org/smash/get/diva2:707833/FULLTEXT01.pdfAdditio nally [15] J. M. Kościelny, M. Syfert, Fuzzy diagnostic reasoning that takes into account the uncertainty of the faults-symptoms relation, International Journal of Applied Mathematics and Computer Science 16(1) (2006), pp. 27-35. [Online] Accessed 27 August 2021 http://matwbn.icm.edu.pl/ksiazki/amc/amc16/amc1612.pdf [16] W. Navidi, Statistics for Engineers and Scientists, McGraw Hill, Education, 2014, ISBN: 1259251608. [17] I. Lira, Evaluating the Measurement Uncertainty Fundamentals and Practical Guidance, Taylor & Francis, 2002, ISBN: 9780367801564. [18] M. Catelani, A. Zanobini, L. Ciani, Uncertainty Interval Evaluation Using the Chi-Square and Fisher Distributions in the Measurement Process, Metrology and Measurement Systems 17(2) (2010), pp.195-204. DOI: 10.2478/v10178-010-0017-5 [19] M. Bartyś, Diagnosing Multiple Faults from FDI Perspective, in: Z. Kowalczuk, M., Domżalski, (eds.) Advanced Systems for Automation and Diagnostics, 2015, ISBN: 9788363177003. [20] J. M. Kościelny, M. Bartyś, Z. Łabęda-Grudziak, Tri-valued evaluation of residuals as a method of addressing the problem of fault compensation effect, in J. Korbicz, K. Patan, M. Luzar, (eds.) Advances in Diagnostics of Processes and Systems, Springer, 313 (2021), pp. 31-44, ISBN: 9783030589646. [21] S. Jakubek, H. P. Jorgl, Fault-diagnosis and fault-compensation for nonlinear systems, Proc. of the 2000 American Control Conference, Chicago, IL, USA, 28-30 June 2000, pp. 3198-3202. DOI: 10.1109/ACC.2000.879155 [22] E. Wu, S. Thavamania, Y. Zhang, M. Blanke, Sensor fault masking of a ship propulsion system, Control Engineering Practice 14 (2006), pp. 1337–1345. DOI: 10.1016/j.conengprac.2005.09.003 [23] M. G. Gouda, J. A. Cobb, C-H. Huan, Fault masking in tri- redundant systems, in A. K. Datta, M. Gradinariu, (eds.), LNCS 4280, Springer-Verlag Berlin Heidelberg 2006, pp. 304–313, ISBN 9783540490180. [24] J. M. Kościelny, M. Bartyś, The idea of smart diagnozers for decentralized diagnostics in Industry 4.0, 2019 4th Conference on Control and Fault Tolerant Systems (SysTol), Casablanca, Morocco, 18-20 Sept. 2019, pp. 123-128. DOI: 10.1109/SYSTOL.2019.8864791 [25] M. Krysander, E. Frisk, Sensor placement for fault diagnosis, IEEE Transaction on Systems, Man, and Cybernetics-Part A, 38(6) (2008), pp. 1398-1410. DOI: 10.1109/TSMCA.2008.2003968 [26] S. S. Carlisle, The role of measurement in the development of industrial automation, Acta IMEKO, 3(1)3, 2014. DOI: 10.21014/acta_imeko.v3i1.190 [27] K. Takeda, B. Shibata, Y. Tsuge, H. Matsuyama, The improvement of fault diagnosis algorithm using a signed directed graph, IFAC Proceedings Volumes 27(5) (1994), pp. 351–356. DOI: 10.1016/S1474-6670(17)48052-9 [28] Z. S. Chen, Y. M. Yang, Z. Hu, A technical framework and roadmap of embedded diagnostics and prognostics for complex mechanical systems in prognostics and health management systems, IEEE Transactions on Reliability, 61(2) (2012), pp. 314- 322. DOI: 10.1109/TR.2012.2196171 https://content.sciendo.com/view/journals/amcs/22/1/article-p225.xml https://content.sciendo.com/view/journals/amcs/22/1/article-p225.xml https://doi.org/10.2478/v10006-012-0017-6 https://doi.org/10.2478/amcs-2013-0031 https://doi.org/10.1016/S0019-0578(01)00011-8 https://doi.org/10.1016/j.engappai.2021.104345 https://doi.org/10.1016/S1474-6670(17)36467-4 https://doi.org/10.1109/TSMC.2017.2710132 http://www.diva-portal.org/smash/get/diva2:707833/FULLTEXT01.pdfAdditionally http://www.diva-portal.org/smash/get/diva2:707833/FULLTEXT01.pdfAdditionally http://www.diva-portal.org/smash/get/diva2:707833/FULLTEXT01.pdfAdditionally http://matwbn.icm.edu.pl/ksiazki/amc/amc16/amc1612.pdf http://dx.doi.org/10.2478/v10178-010-0017-5 https://doi.org/10.1109/ACC.2000.879155 https://doi.org/10.1016/j.conengprac.2005.09.003 https://doi.org/10.1109/SYSTOL.2019.8864791 https://doi.org/10.1109/TSMCA.2008.2003968 http://dx.doi.org/10.21014/acta_imeko.v3i1.190 https://doi.org/10.1016/S1474-6670(17)48052-9 https://doi.org/10.1109/TR.2012.2196171