Testing Diagnosis Strategy based on Equivalent Fault Tree for

Offshore Oil Platforms

Wang Hongdong, Shanghai Jiao Tong University
Yi Hong, Shanghai Jiao Tong University
Yu Ping, Jiangnan Shipyard Co., Ltd.
Liang Xiaofeng, Ph.D., Shanghai Jiao Tong University

Keywords: offshore oil platform, equivalent fault tree (EFT), minimal cut set, test point, diagnostic strategy

SUMMARY AND CONCLUSIONS essential in fault diagnosis and testing for offshore oil
platforms.
Offshore oil platform testing is still in its initial stages.
Testing technology research now mainly concentrates on
Owing to the complexity and maintainability of offshore oil
electronic equipment [1]-[3], and studies on the testing of
platform systems, testing diagnostic strategies at the system
complex mechanical systems like an offshore oil platform
level have not yet been established. In this paper, such a
consisting of multiclass equipment, such as a mechanical
complex system is simplified using an equivalent fault tree
electric hydraulic system, are rare. Furthermore, fault
with only three levels. The concept of critical importance of a
diagnosis mainly focuses on the device or component level
minimum cut set (MCS) is also defined to determine the
because of the complexity of offshore oil platform systems,
MCSs with larger importance to establish the fault diagnosis
which consist of various equipment and encounter complex
strategy. The fault diagnosis sequence for MCSs is determined
faults. An offshore oil platform system is not considered as a
by their critical importance. The test sequence for the bottom
starting point in implementing diagnostic strategies [4].
events in the MCSs is decided by the critical importance
Global fault diagnosis and testing on offshore oil
values of units and the mean time to detection (MTTD). If a
platforms are both difficult and unnecessary, whereas
bottom event has been diagnosed to be normal, the minimum
expedient fault isolation in replaceable units, such as
cut set it belongs to can be evaluated based on the critical
equipment or components, can be achieved through fault
importance of the unit and MTTD; otherwise, this MCS can be
diagnosis strategies. Significant research has been conducted
excluded for testing diagnosis and the next MCS is diagnosed.
on this field. For example, Guangyao et al. [5] found the
Three factors, namely, unit critical importance, MTTD, and
optimal fault isolation node with the use of a fault isolation
test cost, should be considered when installing online test
weight number for complex electronic systems and determined
devices. At the end of this paper, the power system of
the best test point and the optimal fault diagnosis strategy
ChengDao No. 1 Center offshore oil platform in Shengli oil
through node information. Shaoxu et al. [6] employed a ship
field is used as the research object to establish the testing
power system as an example to determine the optimal fault
diagnosis strategy through the developed method. Results
diagnosis program, which is based on the unit’s critical
show that this method can not only establish a systematic
importance calculated by a fault tree and the mean time to
diagnosis strategy but can also provide a basis for the
failure detection (MTTD). A test point arrangement plan can
systematic placement of test devices.
be reasonably optimized based on fault analysis results; the
1 INTRODUCTION plan provides the basis for test equipment installation. Test
points are optimized on the basis of factors such as fault
Offshore oil platform systems and structures have become
information and test cost. For example, Junyou et al. [7]
increasingly complex; coupled with the harsh working
proposed a system-level test point optimization method and
environment at sea, the possibility of system failures gradually
two diagnosis strategies (i.e., least test steps and saving test
increases. These failures will inevitably result in considerable
cost) for avionic systems by considering comprehensive
economic losses and environmental disasters.
testability measurements, fault probability, test costs, and
Through the accurate placement of test equipment, the
other factors.
operating condition of each system can be timely, accurately
The current study establishes the equivalent fault tree
and dynamically validated to implement preventive
based on failure mode, effects, and criticality analysis
maintenance. Quickly locating faults to guide maintenance
(FMECA) and fault tree analysis (FTA), and then calculates
work by employing diagnostic strategies has practical
the importance of the minimum cut set (MCS) [8].
significance for offshore oil platform systems and is thus
Consequently, the test point arrangement strategy and the

‹,(((
minimum cut-set diagnosis strategy can be established. Fi (t )
Subsequently, the bottom event diagnosis strategy can be I iCR (t ) [ Rs (t; Ri (t) 1)  Rs (t; Ri (t) 0)] u , (2)
Fs (t )
determined by three measure principles, namely, unit critical
importance, test cost, and MTTD. where I iCR (t ) represents the critical importance of unit i,
Rs (t ; Ri (t ) 1) represents the system reliability when unit i
2 TESTING DIAGNOSIS STRATEGY BASED ON works correctly, Rs (t ; Ri (t ) 0) represents the system
EQUIVALENT FAULT TREE reliability when unit i fails, Fi (t ) represents the
2.1 Equivalent fault tree model failure probability of unit i at time t, and Fs (t ) is the
failure probability of the system at time t. Thus, the critical
A fault tree model can be established through FMECA. importance of the minimum cut set can be described as
Owing to the complex characteristics of offshore oil platforms, Fk (t ) wRs (t) Fk (t )
the corresponding fault tree is extremely large; thus, I kCR (t ) I kB (t )
Fs (t ) wRk (t) Fs (t ) , (3)
simplifying the fault tree is necessary for more convenient test F (t )
diagnosis. If the K MCSs are analyzed by FTA, then the [ Rs (t; Rk (t) 1)  Rs (t; Rk (t) 0)] u k
Fs (t )
structure function of the fault tree, \ ( x) , can be described as
K where I kCR (t ) represents the critical importance of the k th
\ ( x) G (x ) , (1)
k 1
k i (1 d k d K ) MCS, I kB (t ) represents the Birnbaum reliability
where Gk ( x) represents the k th MCS. When the k th importance [9], Fk (t ) represents the unreliability of the k th
minimum cut set contains M units, xi ( 1 d i d M ) represents (1 d k d K ) MCS, Rs (t ) represents the system reliability at
the bottom event vector corresponding to the k th MCS
time t, Rk (t) represents the reliability of the k th MCS at time
equivalently represents the fault tree [8]. The relationship of
each bottom event affiliated with the MCS is “and,” and the t, Rs (t ; Rk (t ) 0) represents the system reliability when the
relationship between each MCS is “or.” Therefore, the fault reliability of the k th MCS is equal to 0 at time t, and
tree can be transformed to the equivalent fault tree as shown in Rs (t ; Rk (t ) 1) represents the system reliability when the
Figure 1.
reliability of the k th MCS is equal to 1 at time t.
According to the concept of minimum cut set, the top
event is known to occur when the minimum cut set occurs.
The minimum cut set occurs when all the bottom events
contained in the minimum cut set occur.
Rs (t ; Rk (t ) 0) 0 (4)
Rs (t ; Rk (t ) 1) Rs (t ; R( xi ) 1) (5)
1d i d M

Therefore, equation (3) is transformed into

Fk (t )
I kCR (t ) Rs (t; R ( xi ) 1) u (6)
1d i d M Fs (t )
The failure time of the bottom event can be obtained by
Figure 1 - Model of Equivalent Fault Tree sampling simulation through Monte Carlo method. If the
According to Figure 1, the complex fault tree can be sampled value of the failure time of xi unit [10] is equal to
transformed to an equivalent fault tree, which has three levels. ti Fi 1 ([) , where [ is the random number with uniform
In this way, the fault tree can be simplified considerably, and distribution between [0,1], Fi ([) is the distribution function
fault testing diagnosis work can be designed clearly. of the failure time of the i th unit, and the unreliability of the i
th unit at time t can be represented as Fi (t ) , then the MCS
2.2 Test point arrangement and diagnostic strategy occurs when the failure of all the M units occur so that the
establishment occurrence time of the k th MCS is
According to the equivalent fault tree model, both the tk max Fi 1 ([),1 d k d K . (7)
1d i d M
minimum cut set level and bottom event level should be
investigated when placing test points and establishing a If the simulation time is equal to N s , then the system
diagnostic strategy. The concept of unit critical importance failure time t j at j ( 1 d j d N s ) is
represents the degree of the contribution of a unit to system
tj min t j , k min[ max Fi 1 ([ j )], 1 d j d Ns . (8)
failure [9]. In other words, the larger the critical importance of 1d k d K 1d i d M

a unit is, the larger is the possibility of system failure resulting If the system runtime is t, then the unreliability of the k th
from the failure of the unit. minimum cut set at time t is
 M M
MCS is “and.” Therefore, when diagnosing bottom events,
Fk (t ) 1  – Ri 1  – (1  Fi (t )) . (9)
once a certain event is determined to be working properly, the
i 0 i 0
corresponding MSC can be ruled out, and the diagnostic test
The value of M(t j ) , which is a state variable, is expressed can proceed to the next cut set, thereby reducing the time
as needed for fault diagnosis. Thus, the fault diagnosis strategy
°1ˈt j  t
­ can be determined using a fault tree. In fault analysis, I iCR (t ) ,
M (t j ) ® . (10) MTTDi , and economic factors (test fee Ci ) are considered as
°̄0ˈt j t t
the bases for placing test points. Consequently, the measure
In the N s simulation, the times when the system failure indicator is
time t j is less than the runtime t can be accumulated; thus, the Qi I iCR (t) ( MTTDi u Ci ) . (16)
reliability of the system can be calculated as
Ns The larger Qi is, the more important it is to place the test
Fs (t ) ¦ M(t ) j Ns . (11) point. Thus, the arrangement of test points in an offshore oil
j 1 platform system can be determined.
For equation (5), when the reliability of all the M units 3 ANALYSIS OF THE TESTING DIAGNOSIS STRATEGY
contained in the k th MCS is equal to 1, the failure time of the FOR POWER SYSTEM OF OFFSHORE OIL PLATFORM
minimum cut set MCSk except k is 3.1 Introduction to the power system of ChengDao No. 1
­ max Fi 1 ([ ), xI  MCS k Center offshore oil platform
°1di d M
tk ® . (12) The basic function of the ChengDao No. 1 Center
°1dmax Fi 1 ([ ), xI  MCS k offshore oil platform (Figure 2.) is to continuously produce
¯ idM ˆI
electricity for the other satellite platforms. The power system
Equation (12) expresses that, when the unit xI is not in of the offshore oil platform consists of two T40-type
MCSk , the failure time of MCSk is the maximal value of the generating units; two natural gas compressors; an indirect-
failure time of the units contained in this MCS; when the unit fired heater; and five 190T-type generating units, which are
xI is in MCSk , the failure time of MCSk is the maximal the power starters of the T40-type generating units; and a
value of the failure time of the units contained in this MCS, standby power system. This system provides the basic
except for xI . Thus, the system failure time is functionality of uninterruptable power supply to other
tj min t j , k ˈ1 d j d N s . (13) platforms.

In this simulation, when the state variable M(t j ) is 3.2 Equivalent fault tree of the offshore oil platform power
system
introduced, and its value is equal to 1 when t j  t or equal to
To conduct a reliability analysis of the system, the setup,
0 when t j t t , the times when the system failure time t j is less task characteristics, working environment, and typical failure
than runtime t can be accumulated as follows: model of the system should be determined initially based on
Ns
the system design and schematic diagram. Second, the fault
Rs (t; R( xi ) 1) 1  ¦ M(t j ) N s . (14) tree can be built through the FMECA on the power system.
1d i d M j 1 Third, the relationship between the mission time and reliability
Thus, equation (6) is transformed into is derived via numerical simulation based on MCS, and then
M
the mission times for different reliability values can be
Ns 1  – (1  Fi (t )) obtained. Lastly, the critical importance of the components
I kCR (t ) [1  ¦ M(t j ) N s ] u i 0
. (15) can be determined.
Ns
Analysis of the available materials on offshore oil
j 1
¦ M(t )
j 1
j Ns
platform power system design, principle diagram of functions,
system startup, operation, control, and maintenance, among
After the critical importance values of the MCSs I kCR (t ) others is necessary in the FMECA to find the potential failure
are acquired, the less important MCSs are filtered out. Then, mode of a power system and gradually establish a system fault
the diagnosis order of the remaining MCSs is determined tree model. The minimum cut sets are identified using the
according to the order of critical importance. For the bottom Fussell algorithm [11]. Finally, the offshore oil platform
events in the MCSs, with unit reliability factors (critical power system failure fault tree model is built. Owing to space
importance I kCR (t ) ) and maintainability factors (mean time to limitations, the specific process of the FMECA is not
failure detection, MTTDi ) considered, the value of presented in this paper; however, Figure 3 shows the fault tree
Pi I iCR (t ) MTTDi is used as the measure indicator of the model. Table 1 shows the specific fault tree code in which M
diagnosis order. The fault with a larger value is given priority means medial event and B means bottom event. A fault tree
in the diagnosis. An MCS exists only when all the bottom model is established based on the MCS results. The model is
events fail because the relationship of the bottom events in an presented in Figure 1 and the MCS results are provided in
Table 2.

Figure 2 - Operation Diagram of the ChengDao No. 1 Center Offshore Oil Platform Power System
Table 1 – Codes and Descriptions of the Events

Code Fault description Code Fault description

Power system failure in which the system cannot supply
Top Event M16 #1 T40-type gas turbine generating unit failure
power to the platform
M1 Power system failure M17 #2 T40-type gas turbine generating unit failure
M2 Standby power system failure M18 #1 T40-type gas turbine line monitoring system failure
M3 Main power system failure M19 #2 T40-type gas turbine line monitoring system failure
M4 #1 190T-type gas turbine generating unit failure B1 6 kV high-voltage power distribution system failure
M5 #2 190T-type gas turbine generating unit failure B2 190T-type generator system low-voltage power distribution system failure
M6 #3 190T-type gas turbine generating unit failure B3 190T-type generator system failure
M7 #4 190T-type gas turbine generating unit failure B4 T40-type power distribution system failure
M8 #5 190T-type gas turbine generating unit failure B5 DC control panel failure
M9 #1 T40-type gas turbine generating unit failure B6 Generator control panel failure
M10 #2 T40-type gas turbine generating unit failure B7 Relay protection work failure
M11 #1 190T-type gas turbine line-monitoring system failure B8 T40-type generator system failure
M12 #2 190T-type gas turbine line-monitoring system failure B9 Main power system generator control panel failure
M13 #3 190T-type gas turbine line-monitoring system failure B10 Main power system DC power system control panel failure
M14 #4 190T-type gas turbine line-monitoring system failure B11 Main power system generator control panel failure
M15 #5 190T-type gas turbine line-monitoring system failure B12 Main power system relay protection work failure

Figure 3 - Fault-Tree Model of ChengDao No. 1 Center Offshore Oil Platform Power System
 Bottom Bottom
MCS I kCR (t ) MCS I kCR (t )
event event
MCS2 B8, B3 0.397205 MCS13 B10, B5 0.003048
MCS31 B1 0.163919 MCS18 B11, B5 0.003048
MCS27 B4, B3 0.052009 MCS22 B12, B3 0.002909
MCS1 B8, B2 0.041042 MCS9 B99, B6 0.002444
MCS7 B9, B3 0.039169 MCS14 B10, B6 0.002444
MCS12 B10, B3 0.039169 MCS19 B11, B6 0.002444
MCS17 B11, B3 0.039169 MCS5 B8, B7 0.002295
MCS3 B8, B5 0.030909 MCS21 B12, B2 0.000301
MCS4 B8, B6 0.024789 MCS30 B4, B7 0.000301
MCS26 B4, B2 0.005374 MCS10 B9, B7 0.000226
MCS6 B9, B2 0.004047 MCS15 B10, B7 0.000226
MCS11 B10, B2 0.004047 MCS20 B11, B7 0.000226
MCS16 B11, B2 0.004047 MCS23 B12, B5 0.000226
MCS28 B4, B5 0.004047 MCS24 B12, B6 0.000182
MCS29 B4, B6 0.003246 MCS25 B12, B7 0.000168
MCS8 B9, B5 0.003048

Table 2 – Order of MCS Importance

3.3 Monte Carlo simulation and diagnosis strategy
establishment
The fault tree model is analyzed using Monte Carlo
simulation method described in Section 2.2. The specific
flowchart is shown in Figure 4.
We used the Simulink tool box of MATLAB to run the
program and adopted 95% as the confidence coefficient with
2000 samples for each bottom event. The MCS critical
importance values derived from the simulation analysis are
shown in Table 2, and Table 3 presents the critical importance
values of the bottom event units and the test costs. The test
costs are categorized into five grades, i.e., 1, 2, 3, 4, and 5, as
test cost data are unavailable. Among the five grades, 1 stands
for the minimum test cost and 5 indicates the maximum test
cost.
The test diagnosis strategy for the offshore oil platform
power system can be designed according to the simulation
results. At the MCS level, the test according to the order given
in Table 2 is performed. Once a bottom event in the MCS is
working, the MCSs that include this bottom event is
eliminated. The test then directly proceeds to the test program
for the next MCS. At the level of bottom event in the
minimum cut set, bottom events are tested according to their
P i values, which are presented in Table 3. For example, for
MCS2, B3 and B8 are tested accordingly. Once B3 is detected
to be working normally, the MCSs that contain B3 can be
eliminated. The optimization of test point arrangement is
conducted in the order of Q i , the values of which are shown in
Table 3. For example, in the power platform electric system,
the first test point should be established at the 6 kV high-
voltage power distribution system and the second test point at
the solar-powered 190T-type distribution systems. Test
methods can use either built-in test equipment or automatic
test equipment depending on the specific testing
circumstances.

Figure 4 - Simulation Flowchart

 Table 3 – Fault Data and Results of Each Bottom Event

Serial number Bottom event MTBF/h Critical importance MTTD/h Cost Pi Qi

B1 6 kV high-voltage power distribution system failure 60000 0.215897 0.017 4 12.69982 3.174956
B4 T40-type generator system failure 60000 0.120947 0.017 4 7.114529 1.778632
190T-type generator system low-voltage power
B2 60000 0.046768 0.017 4 2.751059 0.687765
distribution system failure
B3 190T-type generator system failure 5240 0.612311 0.6 5 1.020518 0.204104

B8 T40-type generator system failure 6940 0.471913 0.5 5 0.943826 0.188765

B12 Main power system relay protection work failure 1089778 0.002694 0.015 1 0.1796 0.1796
B7 Relay protection work failure 1089778 0.002545 0.015 1 0.169667 0.169667

B9 Main power system generator control panel failure 80000 0.037019 0.12 2 0.308492 0.154246
Main power system DC power system control
B10 80000 0.037019 0.12 2 0.308492 0.154246
panel failure
B11 Main power system generator control panel failure 80000 0.02956 0.1 2 0.2956 0.1478
B5 DC control panel failure 80000 0.034966 0.12 2 0.291383 0.145692
B6 Generator control panel failure 100000 0.02792 0.1 2 0.2792 0.1396

Tree Analysis, Philadelphia: Siam, 1975

REFERENCES
BIOGRAPHIES
1. Tian Zhong. Shi Junyou, System engineering: System
testing analysis and verification of the design, Beihang Wang Hongdong
University Press, 2003. No.800, Dongchuan Road, Minhang District
2. Williams T W, Parker K P, “Design for testability—A Shanghai, 200240, China
survey,” Proceedings of the IEEE, 1983, 71(1): 98-112.
e-mail: whd302@sjtu.edu.cn
3. Nagle H T, Roy S C, Hawkins C F, et al., “Design for
testability and built-in self-test: a review,” Industrial Wang Hongdong received M.S. degree in Naval Architecture
Electronics, IEEE Transactions on, 1989, 36(2): 129-140. and Ocean Engineering from Shanghai Jiao Tong University
4. Zhang Haiyan, Xia Fei, “A survey of marine power in 2011, and is studying for doctor’s degree now. His research
system fault diagnosis,” Ship Science and Technology, interests are system reliability of ships and offshore platforms,
2010 (004): 134-137. hydrodynamics and automatic control.
5. Lian Guangyao, Huang Kaoli, Zhao Changliang,
Yi Hong, Ph. D.
“Efficient algorithm for test node and diagnosis strategies
No.800, Dongchuan Road, Minhang District
of a complex electronic system,” System Engineering and
Shanghai, 200240, China
Electronics, 2004, 26(11): 1739-1742.
6. Ni Shaoxu, Zhang Yufang, Yi Hong, et.al., “Intelligent Email: yihong@sjtu.edu.cn
Fault Diagnosis Method Based on Fault Tree,” Journal of
Prof. Yi Hong worked in Wuhan Institute of Ship Design from
Shanghai Jiaotong University, 2008, 42(8): 1372-1375.
1983 to 1988, and is teaching at Shanghai Jiao Tong
7. Shi J, Tian Z, “Efficient algorithm for fault diagnosis
University (SJTU) from 1991. He received doctor's degree in
strategy,” Acta Aeronautica ET Astronautica Sinica,
Naval Architecture and Ocean Engineering from SJTU in
2003, 24(3): 212-215.
2003. As IEEE Reliability Society member, He is a leading
8. Yi Hong, “Research on ship general reliability model and
expert in the field of reliability of ships and offshore platform
reliability engineering method,” Ph.D. dissertation,
in China.
Shanghai Jiao Tong University, 2003.
9. Birnbaum Z W, “On the importance of different Yu Ping
components in a multicomponent system,” Tech. Rep. No.988, Jiangnan Road,
Washington Univ. Seattle Lab of Statistical Research, Changxing Island
1968. Shanghai, China
10. Liang X F, Yi H, Zhang Y F, et al., “Reliability and safety
Email: yuping4532266@126.com
analysis of an Underwater Dry Maintenance Cabin,”
Ocean Engineering, 2010, 37(2): 268-276. Yu Ping received M.S. degree in Naval Architecture and
11. RE Barlow, FND Singpurwalla, Reliability and Fault Ocean Engineering from SJTU in 2015 and is now working
for Jiangnan Shipyard Co., Ltd.. His research interest is testing
diagnosis on large complex system.
Liang Xiaofeng
No.800, Dongchuan Road, Minhang District
Shanghai, 200240, China
Email: liang_xiaofeng@sjtu.edu.cn
Liang Xiaofeng received doctor's degree in Naval Architecture
and Ocean Engineering from SJTU in 2010 and is now
teaching at SJTU. His research interest is marine engineering
equipment and has published several dissertations in Ocean
Engineering indexed by SCI.