Operational modes

Any complex automated system has di erent operational modes, e.g. due to a start-up proce- dure required to get into the nominal operation situation, emergency modes to guarantee secure operation when shutting down, or di erent con gurations to comply with varying demands. In di erent modes components of a system can ful l di erent functions, hence the model representing the nominal operation of the system changes. Sarter and Woods [4] describe the importance of awareness about the mode a system is currently in to draw the right conclusions about possible consequences of a control action. A wrong assumption about the current operation mode can have fatal consequences. [4] In the context of MFM, operational modes have rst been directly discussed by Lind et al. [6] with regards to the representation of stages of the start-up procedure of a nuclear power plant. Lind et al. [6] establish that the MFM representations of di erent stages of the start-up procedure re ects distinct functions and goals of the system. They identify di erent possible types of mode representation, outlined in Table 2.3. Based on that, Zhang [1] further elaborates on the relevance of this classi cation for the assessment of the operability of a plant as indicators for possible or necessary mode shifts. Mode transitions are only possible on the same level, e.g. if the objectives of the plant remain the same, but are unful lled by the currently active set of functions, redundant
functions have to be selected to maintain the objective. Alternatively, the overall objectives have to be adapted to re ect an operable situation based on the current state of functions. This applies analogously to the physical realm of function-structure modes, however, these connections are not directly represented in MFM. [1]

operational_modes

Previous research related to start-up procedures, though not directly to operational modes,
had been described by Lind [5] and Larsen [17]. Both of these works considered the start-up process of a fossil fuel powered thermo-electric power plant in MFM. Most notably, the concept of operational mode transitions was identi ed as con guration management (CM), which can not be directly related to any MFM function. On the other hand, they describe mass (MBM) and energy (EBM) balance management that link to speci c MFM functions. Figure 2.6 shows an extract of the considered start-up procedure and identi ed CM and MBM tasks. Larsen [17] builds upon this notion to derive action plans by considering means to an end as subgoals of an overall goal, thus decomposing the MFM model as a description of prerequisites for a certain task or state to be achieved. Given the sequential nature of an action plan, this approach interprets the MFM decomposition as a representation of possible functions rather than the current nominal function of the overall plant by allowing certain goals to not be achieved before the overall plan is ful lled. However, by the de nition of operational mode described by Zhang [1], a MFM model should always represent a currently valid con guration to take into account the correct systems constraints for the diagnostic reasoning. A similar branch of MFM research that overlaps with the discussion of operational modes
is presented by Inoue et al. [18]. Using MFM to identify plausible operation procedures in un- known emergency situations requires additional knowledge about possible, undesired alternative behaviours of physical components of the system. This is directly related to the function-structure level of modes described in Table 2.3. In order to include such knowledge, operational information that is considered in addition to the MFM model was introduced by Gofuku et al. [19]. This operational information includes [19]:
• Goal-function causality knowledge expressing the qualitative causality between a MFM func- tion and a related goal, e.g. if a goal is “heating coolant”, an increase of energy in a MFM
storage causes an increased goal achievement, but “cooling coolant” would have the inverse causality.
• Component behaviour knowledge describing plausible abnormal behaviour and their func- tional in uence.
• Operation knowledge representing the possible intervention methods and their functional in uence.
• Dangerous situation knowledge connecting undesirable system situations to their functional meaning.
• Sensor information data representing sensor names and locations and the function their measurements relate to.

Some of this operational information has been integrated into the MFM language, e.g. sensors
as attributes to ow functions [1] and intervention opportunities by control functions [20]. The later have been shown to allow reasoning about controllability of a system, but have not been interpreted for the cause and consequence reasoning [20]. However, especially with regards to the goal-function causality, interpretation of the language elements is not as clearly de ned as the additional information described by Gofuku et al. [19]. Since one MFM re ects the nominal behaviour in a speci c con guration, information about alternate behaviours of components is not represented at all [1].

Comments

So empty here ... leave a comment!

Leave a Reply

Your email address will not be published. Required fields are marked *

Sidebar