Computers" chem. Engng, Vol. 21, Suppl., pp.

$655-$660, 1997
Pergamon © 1997 Elsevier Science Ltd
All fights reserved
Printed in Great Britain
PII:S0098-1354(97)00124-5 0098-1354/97 $17.00+0.00

Signed Digraph Based Multiple Fault

Diagnosis
Hiranmayee Vedam
Venkat Venkatasubramanian*
Laboratory for Intelligent Process Systems
School of Chemical Engineering
Purdue University
W. Lafayette, IN 47906 - 1283, U.S.A

Abstract. Abnormal Situation Management (ASM) has received considerable attention from industry and academia
recently. The first step towards better ASM is the timely detection and diagnosis of the abnormal situation, Most of
the existing methods for fault diagnosis assume that only a single fault occurs at any given time. However, multiple
faults do occur in processes, albeit less frequently than single faults. When multiple faults occur, existing methods
either lead to incorrect diagnosis or complete lack of diagnosis.
Multiple fault diagnosis (MFD) is a difficult problem because the number of combinations grows exponentially
with the number of faults. In this paper, a signed directed graph (SDG) based algorithm for MFD is developed. The
computational complexity is efficiently handled by assuming that the probability of occurrence of a multiple fault
scenario decreases with an increasing number of faults involved. SDG based diagnosis, like any other qualitative
method, has poor resolution. This poor resolution is overcome by using a knowledge base consisting of knowledge
about the process constraints, maintenanceschedules etc. The proposed algorithm is implemented in Gensym's expert
system shell, G2. The application of the algorithm is illustrated using an industrial scale simulation of the standard
FCCU called TRAINER.

1 Introduction 1990), and process history based methods like neu-

Abnormal situation management (ASM) involves the
timely detection, diagnosis and correction of abnor-
mal process conditions. An estimated $20 B is lost an-
nually by the petrochemical industry in the US due to
insufficient ASM. It is also estimated that there were
240 plant shutdowns during a one year period that
could have been prevented (Nimmo, 1995). The iden-
tification of the root causes for the abnormal situation
from process measurements is known as fault diagno-
sis. 1
During an abnormal situation, the operators are typ-
ically flooded with dozens of alarms. An operator
is expected to make a quick decision about the root
causes and take corrective action in a very short span
of time making ASM a difficult task. An automated
framework to support operator decision-making in
performing fault diagnosis and suggesting possible
corrective actions can improve the situation signifi-
cantly. Significant attention has been given by the re-
search community in the recent years to automate fault
diagnosis. These automated fault diagnosis methods
can be classified into model based methods like signed
directed graphs (SDG) (Iri et al., 1979; Wilcox and
Himmelblau, 1994), observer based methods (Frank,
1990) and assumption based methods (Petti et al.,
Author to whom all correspondenceshould be addressed,
Email: venkat@ecn, purdue, edu Fax: 1-317-494-0805
1The termsrootcauseand faultare usedinterchangeablyin this
paper.
ral networks (Thompson and Kramer, 1994; Kavuri
and Venkatasubramanian, 1994), principal component
analysis (Nomikos and MacGregor, 1994), and quali-
tative trends analysis (Rengaswamy and Venkatasub-
ramanian, 1995). Qualitative methods have an advan-
tage that they donot require detailed knowledge about
the process and are relatively easier to develop. The
disadvantage of such methods is their lack of reso-
lution i.e., the number of root causes the diagnostic
method notifies as possible root causes is very large.
Also, most of the diagnostic methods assume that the
abnormal situation is due to a single root cause. Hence
these methods would lead to either wrong diagnosis or
complete lack of diagnosis when multiple faults occur.
Multiple fault diagnosis is a difficult problem be-
cause the problem has a combinatorially explosive
search space. The probability of multiple faults oc-
curing in a process is often small, but when multi-
ple faults do occur, these multiple faults make it dif-
ficult for the operator to identify the root causes and
reduce the number of possible corrective actions. Op-
erators receive little or no training in identifying mul-
tiple faults. This can significantly hamper the abil-
ity of the operator to cope with the abnormal situation
when multiple faults occur. DeKleer and Williams
(1987) developed an assumption based algorithm to
diagnose multiple faults in digital circuits. The dis-
advantage of their approach is that the computational
complexity increases exponentially with the number

$655
$656 PSE '97-ESCAPE-7 Joint Conference
of faults. Morales and Garcia (1990) modified their
development by using group propagation technique to
reduce the computational complexity. They applied
their modular approach to diagnose multiple faults in
digital circuits. However, the above approaches are
not directly applicable to chemical processes because
of the dynamic nature of chemical processes. Further-
more, the diagnosis in chemical processes for ASM
should be performed on-line in a short period of time.
Hence, computational efficiency is a crucial factor.
Chung et.al (1994) developed a SDG- neural network
based method for identifying multiple incipient faults
in a nuclear power plant. They developed SDGs for
subsystems of the nuclear plant. Each SDG operates
under a single fault assumption. The root causes from
individual SDGs are combined to arrive at multiple
faults.
In this paper, we will discuss algorithms to perform
multiple fault diagnosis (MFD) using a SDG for the
whole process. The computational complexity arising
due to combinatorics is reduced by an assumption that
the probability of occurrence of a multiple fault sce-
nario decreases with the number of faults in a given
scenario. The resolution of SDG based diagnosis is
significantly enhanced by using a knowledge base to
screen out root nodes which have very little proba-
bility. The proposed algorithms will be illustrated on
a simulation of a standard FCCU called TRAINER
(SACDA, 1995). Section 2 will discuss the develop-
ment of signed digraphs, the knowledge base devel-
opment and the algorithm for SDG based single fault
diagnosis. In Section 3, the shortcomings of existing
algorithm in the context of MFD are elaborated and
the algorithms to perform MFD are presented. In Sec-
tion 4, the case study is briefly discussed and results of
MFD for the case study are presented. We will con-
clude with a discussion of the present work and sug-
gestions for future work.
2 Signed Directed Graphs
A signed directed graph is a representation of the pro-
cess causal information, in which the process vari-
ables (and parameters) are represented as graph nodes
and causal relations are represented by directed arcs.
Nodes in the SDG assume values of (0), (+) and (-
) representing the nominal steady state value, higher
and lower than steady-state values respectively. Di-
rected arcs point from a cause node to its effect node.
Arc signs associated with each directed arc can take
values of (+) and (-) representing whether the cause
and effect change in the same direction or opposite di-
rection respectively. A SDG may also include condi-
tional arcs which become active only if certain condi-
tions are satisfied. For example, the arc connecting a
manipulated variable to the controlled variable is ac-
tive only if the controller is not in manual mode.
A SDG for the process can be developed from
model equations representing the process or from
the operator's knowledge of the process. An au-
tomated framework for the development of SDGs
based on model equations was developed by My-
laraswamy(1996). For many processes, however,
model equations may be available only for some of the
units. Hence, a combination of model equation based
approach and operator' s knowledge is required to de-
velop the SDG for the entire process. Process data for
various abnormal situations is used as the operator's
knowledge in this work. Partial digraph for the pro-
cess can be built using model equations for the units,
where ever available. The operator's knowledge is
then used to infer the cause-effect relations in the units
where model equations are not available. This pro-
cedure is elucidated while developing the SDG for
TRAINER FCCU in Section 4.
One of the serious limitations of qualitative meth-
ods like SDG is their lack of resolution. The rea-
son can be attributed to the qualitative ambiguities in-
volved in this kind of an approach (Kuipers, 1986).
However, SDGs have a distinction of finding all pos-
sible fault candidates. In this work, the resolution of
SDG based fault diagnosis is improved using a knowl-
edge base which would screen out physically impos-
sible root nodes. This knowledge base can consist of
knowledge about reliability of equipment, infeasible
root nodes and information about equipment mainte-
nance. If an equipment has been recently serviced and
its reliability is high then the root node pertaining to
that equipment has very little probability of being a
possible root node. The heat exchanger transfer coef-
ficient decreases with time due to fouling and if a re-
cent maintenance was not performed, then a positive
change in heat exchanger transfer coefficient can be
ruled out as a root node. Using such a knowledge base,
we will show how the resolution of SDG based fault
diagnosis has on an average improved more than 52%
for the TRAINER FCCU in Section 4.
Iri et.al(1979) proposed an algorithm for using SDG
for fault diagnosis. The inherent assumption in their
approach was that a single root cause which can ex-
plain the given abnormal situation can be found. They
also assume that there exists a valid causal path be-
tween the root node and the observed abnormal mea-
surements. A root node is any node in the digraph
which has atleast one consistent arc connecting it to
an effect node and no consistant arc connecting it
to a cause node. An arc is said to be consistant if
sign(cause) * sign(arc) * sign(effect) = (+). Wilcox
and Himmelblau (1994) presented a new digraph-
based diagnosis reasoning called possible cause-effect
graph. This approach reduces the search space and
hence the number of root causes generated. Based on
these approaches the basic algorithm for performing
single fault diagnosis using SDG can be summarized
in Figure 1. The basic steps involved in performing
SDG based single fault diagnosis are :
1. Propagate the deviation in the nodes representing
process measurements (measured nodes) from
effect to cause node via consistant arcs till the
root nodes are identified.
2. Use the knowledge base to screen out physically
 PSE '97-ESCAPE-7 Joint Conference $657

in the SDG receive values of (+) and (-) respectively.

ho!~ga~ nodedevia~, from
effectno~ to causenode These deviations are propagated from effect to cause
nodes via consistant arcs till root nodes are identified.
The root nodes identified for the present abnormal
situationare {F3,T1,QI .... UAL, 17 5
set,Ttm}. The
knowledge base is used to screen out root node with
J very little probability, Ttm. A breadth-first search is
performed on each of the remaining root nodes. How-
ever, there exists no valid causal path from any of the
root nodes to both T2 and T3. Hence, no root cause is
identified using the above algorithm. In Section 3, we
will show how the MFD algorithm identifies the cor-
rect root cause, namely {F3 and UA] }.

Perform breadth-first sea~h

with the root node as origin
t node to all the abnormal / ~ /
umd nodes ? j J
Root Cause Identitied!![ 1
Figure 1: Algorithm for SDG based single fault diag-
nosis
impossible root nodes.
3. If a conflict exists in assigning a sign to any node
then a voting scheme is used.
4. For each of the root nodes a breadth-first search
is performed to check if a valid causal path exists
between the root node and the observed abnormal
measurements.
5. A root node is identified as the root cause for the
abnormal situation if such a causal path exists.
Consider, for example, the SDG for the preheater
section in Model IV FCCU (McFarlane et al., 1993) in
Figure 2. The variables T2 and T3 are measured. If
T2 increases and T3 decreases, then T2 and T3 nodes
3 Multiple Fault Diagnosis Using
SDG
The algorithm described in Section 2 for performing
single fault diagnosis will lead to either lack of diagno-
sis or wrong diagnosis when multiple faults occur in a
process. The algorithm tries to find a single consistant
path from the root node to all the abnormal measure-
ments. Since no such path exists when multiple faults
occur, the algorithm might find a wrong root cause or
might not find any root node that can explain the ab-
normal measurements. Hence, the above algorithm
needs to be modified to perform multiple diagnosis.
A simplistic approach would be to change the single
fault diagnosis algorithm as follows:
1. Perform Steps 1-3 as in the single fault diagnosis
discussed in Section 2.
2. All combinations of root nodes which can ex-
plain all the observed measured node deviations
are identified.
3. Minimal cut sets of such combinations are iden-
tified as possible multiple root causes for the ob-
served abnormal situation. A minimal cut set is
defined as the minimal number of root causes re-
quired to explain the given abnormal situation.
4. A combination of root nodes which can explain
all the observed measured node deviations and is
minimal is called a root cause.

The MFD algorithm discussed above, called MFD 1

© is computationally expensive and the computational
time increases exponentially with the number of root
~ 1 nodes. For example, if the number of root node af-
ter Step 1, is say 20. Then the worst case estimate of
QIos
(/......... number of combinations explored in Step 2 above is
of the order of 10 l°. In order to perform MFD in a
reasonable period of time MFD1 is modified based on
the assumption that the probability of occurrence of
multiple faults decreases with the number of faults in
~s,tU ",,\/,:/ a given scenario. We call this algorithm MFD2. For
example, if the number of root nodes is 20, assume all
root nodes are equally likely for the given abnormal
Figure 2: SDG for Preheater Section of ModellV situation. The probability that one of them can explain
FCCU the abnormal situation is 0.05, that two root nodes can
$658 PSE '97-ESCAPE-7 Joint Conference

explain the scenario is 0.0025 and so on. Hence the

probability that a single fault can occur is 8000 times
more likely than the occurrence of a four fault scenario
that can explain the same abnormal situation. The al-
gorithm can be described as follows:

1. Perform Steps 1-3 as in the single fault diagnosis

discussed in Section 2.

2. Arrange the root nodes in decreasing order ac- ~ ir "/

cording to the number of measured node devia-
tions each root node can explain.

3. Combinations of root nodes are called root node

lists (RNLs). RNLs with fewer number of root
nodes are explored before exploring RNLs with
larger number of root nodes. For example, single
root nodes which can explain the observed ab-
normal situation are first explored before RNLs
consisting of two root nodes that can explain the
same abnormal situation.
4. Whenever a RNL can explain the observed ab-
normal situation all other combinations involv-
ing that RNL are removed from the search space,
thus reducing the search space dramatically. The
rationale behind this step is that if a RNL, say
RNL1 can explain a given abnormal situation
then, every other RNL consisting of all the nodes
in RNL1 are supersets of RNL1, hence RNL1 is
the minimal cut set of all such RNLs.
5. If the number of root node in any RNL exceeds a
maximum number, Nma~, and if that RNL is still
unable to explain the abnormal situation, then
such RNLs are also eliminated, further reduc-
ing the search space. This is a valid procedure
because of the assumption that the probability
of occurrence of an RNL that can explain the
observed abnormal situation decreases with the
number of nodes in that RNL.
6. An RNL that which can explain the measured
node deviations and is minimal is called a root
cause.
Single fault diagnosis is a special case of this al-
gorithm when Nma~ is set equal to 1. For the exam-
ple with 20 root nodes, if Nrna~ is set to 3, then the
number of combinations explored in the worst case
is 1350. The reduction in computational load for 20
nodes with N,,~a~ equal to 3, is of the order of 108,
making the algorithm an attractive one. Revisiting the
SDG for the preheater section of Model IV FCCU,
each of the root nodes is examined to see if it can ex-
plain the deviation in T2 and T3. Since no such root
node exists, two node combinations of the root nodes
form two node RNLs. Each RNL is examined to see if
the root nodes in the RNL can explain the deviation in
T2 and T3. An RNL consisting of {Fa, Qto,~} can ex-
plain the deviations and hence becomes a root cause.
Then the RNL is removed from the search space. Sim-
ilarly an RNL consisting of {F3, UA I } also becomes
a root cause and hence removed from the search space.
Figure 3: Signed Digraph for Slurry PA of TRAINER
FCCU
However, an RNL consisting of {F3, T1} cannot ex-
plain the observed deviations and hence retained in the
search space. If Nma~ is set to 3, then combinationsof
three nodes are formed from the two node RNLs that
cannot explain the observed measured node deviation
and the root nodes. One such RNL is {Fa, T1, Qtos~}.
Eventhough this RNL can explain the observed mea-
sured node deviation, this RNL doesnot become a root
cause because, its subset {Fa, Qtoss} is already a root
cause. Hence this RNL is discarded. If any RNLs with
three nodes still remain in the search space after all the
combinations are explored, the search is stopped be-
cause the Nma~: is set to 3. If none exists, then the al-
gorithm stops because, the search space has been ex-
plored completly. This algorithm differs from MFD1
in that, MFD1 explores all the combinations possible
before finding the minimal cutsets. The approach to
root cause identification in MFD1 is similar to iden-
tifying minimal cut sets in Fault Tree Analysis. The
performance of MFD2 algorithm alone on TRAINER
FCCU is discussed in Section 4, since MFD1 never
converged for all the abnormal situations examined.
4 MFD for TRAINER FCCU
In this Section, MFD2 is applied to an industrial sim-
ulation of a standard FCCU called TRAINER. This
simulation was provided to us by Honeywell Tehnol-
ogy Center in the form of executables. No model
equations for any part of the FCCU are available. The
FCCU simulated is a stacked regenerator/disengager
design with the regenerator on the bottom and oper-
ating at a higher pressure. The convertor consists of
an external riser standpipe and single stage stripper.
A waste heat boiler is used to extract heat from the
hot flue gas that emerges from the regenerator. It pro-
vides steam required for the air blower steam turbine
and a number of steam driven pumps. A centrifugal
 PSE '97-ESCAPE-7 Joint Conference
air blower provides the regenerator air. A main frac-
tionator with several pumparounds and a single stage
wet gas compressor form the down stream processing
units. The feed to the riser is preheated using the slurry
pumparound (PA) from the main fractionator. Addi-
tional heating of the feed is provided using a feed fur-
nace before the feed enters the riser. A slide valve con-
trois the catalyst flow from the regenerator to the riser.
The flow and temperature of the feed, catalyst, steam
and air are controlled using low level PID controllers.
The level controllers are cascaded around the flow
controllers where necessary. Field operated devices
and override controllers are also provided. The heat-
ing of feed using slurry PA and the waste heat boiler
make the system highly coupled. This makes decom-
position into subsystems a difficult task. Over 300
different abnormal scenarios can be simulated (My-
laraswamy, 1996; SACDA, 1995)
Table 1: Increase in Resolution Using a knowledge
base
Fault Number Number Improvement ( % )
No. Before KB After KB
1 42 23 45
2 33 10 70
3 33 10 70
4 33 7 79
5 34 11 68
6 8 5 37
7 4 4 0
The SDG for TRAINER is developed using a com-
bination of model based and operator' s knowledge as
discussed in Section 2. Model equations are available
for equipment like controllers, shell and tube heat ex-
changers, fan type heat exchangers and valves. Model
equations for large equipment like main fractionator,
air blower, riser/regenerator and wet gas compressor
are not available. The knowledge base consists of
the data obtained from the simulation for ten different
faults.The partial SDGs for equipments with known
model equations are combined with the data from the
operator's knowledge to construct the SDG for the
TRAINER FCCU. The SDG consists of 69 measured
nodes and 224 unmeasured nodes. The SDG has the
capability to diagnose 88 different faults and their
combinations. It took about 100 (wo)man hours to
build the SDG. The SDG for slurry PA is shown in Fig-
ure 3
Knowledge based systems to perform both single
fault diagnosis and multiple fault diagnosis are imple-
mented in Gensym' s real time expert system shell, G2.
The single fault diagnosis algorithm has been imple-
mented as a part of AEGIS (Abnormal Event Guid-
ance and Information System), Honeywell's prototype
for ASM (ASM Home Page). The original SDG
algorithm had very poor resolution as shown in Ta-
ble 1.The actual abnormal situations used cannot be
discussed due to proprietary reasons. Significant im-
$659
provements in the algorithm has been achieved by us-
ing a knowledge base which can sieve out physically
impossible faults. The number of root causes identi-
fied after using the knowledge base (KB) is shown in
Table 1. A sample of the rules used in the knowledge
base is shown in Table 2.
Table 2: Sample Rules Used in the Knowledge base
Pump efficiency has values (-) or (0)
UAF has values (-) or (0)
Power is (-) or (0)
Fans are (-) or (0)
MFD2 has been implemented on several combina-
tions of the faults. In all the cases, the actual fault
combination is correctly identified. The computa-
tional time is less than a minute on a Sparc 10 ma-
chine for all the abnormal situations studied. The al-
gorithm can correctly identify the fault combination
even in cases when the effect of one fault annuled the
effect of the other on some of the measured variables.
It can also identify multiple faults that occur both se-
quentiallyand simultaneously. Only one abnormal sit-
uation is discussed in detail here due to spatial con-
straints.
The abnormal situation is a combination of loss in
slurry PA due to decrease in pump efficiency and a
positive drift in the controller transmitter that controls
the the air inflow to the regenerator. The simulation
starts at steady state. After 1 minute the air controller
transmitter begins to drift. The slurry PA pump effi-
ciency starts decreasing at t=5 minutes. The algorithm
identifies air flow controller transmitter failure as one
of the root causes between t=l minute and t=5 min-
utes. After t=5 minutes, both the faults are identified.
The output of the.algorithm after t=5 minutes in the
final form presented to the operator is shown in Fig-
ure 4. Some of the other root causes that can show
similar deviations in the process measurements like
transmitter drifts in slurry PA controllers, reduction in
airblower capacity are also identified.
5 Discussion and Future work
This paper discusses algorithms for performing MFD
using SDGs. The algorithm differs from the earlier ap-
proaches in that, the multiple faults are explored only
on an as needed basis, reducing the computational
load significantly. The lack of resolution in SDG is
improved significantly using a knowledge base. This
algorithm is illustrated using TRAINER FCCU. The
multiple faults identified need to be presented coher-
ently to the operator. An approach for presentation
is as shown in Figure 4. Better ways to present the
results are being explored. From Figure 4 it can be
seen that the resolution in the case of multiple faults
is still inadequate. We are currently investigating sev-
eral methods to improve the resolution and to perform
conflict resolution.
$660 PSE '97-ESCAPE-7 Joint Conference
H
Figure 4: Diagnosis output of MFD2 for Failure of
Slurry PA pump and Bias in air flow controller trans-
mitter. F5 - Air flow controller transmitter bias;F1-
Slurry PA pump failure
References
ASM Home Page, The abnormal situation ma-
nagement joint research and development
consortium. URL Ref.:http://www.iac.honey-
well.com/Pub/Tech/asmwww.html.
Chung, H., Z. Bien, J. Park, and P. Seong, Incipient
multiple fault diagnosis in real time with applica-
tion to large-scale systems. IEEE Trans. Nuclear
Science, 41(4), 1692-1703 (1994).
Frank, P. M., Fault diagnosis systems using analyti-
cal and knowledge-based redundancy - a survey.
Automatica, 26, 459-474 (1990).
Iri, M., K. Aoki, E. O' Shima, and H. Matsuyama,
An algorithm for diagnosis of system failures in
chemical processes. Comput. Chem Engng., 3,
489-493 (1979).
Kavuri, S. and V. Venkatasubramanian, Neural net-
work decomposition strategies for large-scale
fault diagnosis. Int. J. Control, 59(1994), 767-
792 (1994).
Kleer, J. D. and B. C. Williams, Diagnosing multiple
faults. Artificiallntelligence, 32, 97-130 (1987).
Kuipers, B., Qualitative simulations. Artificial Intelli-
gence, 29, 289-338 (1986).
McFarlane, R., R. Reineman, J. Bartee, and G. Geor-
gakis, Dynamic simulator for a model iv fluid
catalytic cracking unit. Comput. Chem. Engng,
17(3), 275-300 (1993).
Morales, E. and H. Garcia, Artificial Intelligence in
Process Engineering, chapter 5. Academic Press
(1990).
Mylaraswamy, D., DKIT: A Blackboard-based, dis-
tributed, multi-expert environmentfor Abnormal
Situation Management. PhD thesis, Purdue Uni-
versity (1996).
Nimmo, I., Adequately address abnormal situation op-
erations. Chem. Eng. Prog., 91(9), 36-45 (1995).
Nomikos, E and J. E MacGregor, Monitoring of batch
processes using multiway principal component
analysis. AIChEJ., 40, 1361-1375 (1994).
Petti, T., J. Klein, and P. Dhurjati, Diagnostic model
processor, using deep knowledge for process
fault diagnosis. AIChE J., 36(4), 565-575
(1990).
Rengaswamy, R. and V. Venkatasubramanian, A syn-
tactic pattern-recognition approach for process
monitoring and fault diagnosis. Engng Applic.
Artif. Intell., 8(1), 35-51 (1995).
SACDA, Process Model Description : Fluidized Cat-
alytic Cracking Unit Standard Model. SACDA
Inc. (1995).
Thompson, M. and M. A. Kramer, Modeling chemi-
cal processes using prior knowledge and neural
networks. AICHE Journal, 40(8), 1328-1338
(1994).
Wilcox, N. A. and D. M. Himmelblau, The possible
cause-effect graph model for process fault diag-
nosis - i. methodology. Comput. Chem. Engng.,
18(2), 103-116 (1994).
Acknowledgement
The authors would like to thank Honeywell Technol-
ogy Center and the CIPAC consortium member com-
panies which provided the financial support for this re-
search. We also would like to thank the ASM consor-
tium members for their valuable feedback and insights
into FCC operations.