Microsoft Word - 025.docx
CHEMICAL ENGINEERING TRANSACTIONS
VOL. 48, 2016
A publication of
The Italian Association
of Chemical Engineering
Online at www.aidic.it/cet
Guest Editors: Eddy de Rademaeker, Peter Schmelzer
Copyright © 2016, AIDIC Servizi S.r.l.,
ISBN 978-88-95608-39-6; ISSN 2283-9216
New Visualizations in the Development of Function and
Failure in Process Design and Operations
Ian T. Cameron*a, Erzsébet Németha, Benjamin J. Seligmannb
aSchool of Chemical Engineering, The University of Queensland, Brisbane, Queensland, Australia 4072
bDepartment of Chemical Engineering, Curtin University, Perth, Western Australia, Australia 6102
itc@uq.edu.au
Visualization can improve insights into choices made in early stages of design, particularly in relation to the
impact of system related failures. Improved decision making can lead to higher commitment to inherently safer
designs, more fault tolerant systems and increased operational resilience.
This paper considers useful ways to visualize the function of a design in terms of the state space defined by
multiple capabilities possessed by the individual components that constitute the system. Capability is related
to the abilities of the component to affect the states of the system, primarily the properties of mass and energy
streams that flow through the system. A representation that is constructed from these capability vectors,
defines the potential space in which the system can normally operate. It can also quickly show the impact on
that state space when selected capabilities are degraded or lost. It can be used in conjunction with process
design tools to show in real-time the evolution of the design and the impacts of component failures on the
operations.
An industrial case study drawn from crude oil processing illustrates the visualization insights and benefits of
the proposed methodology.
1. Introduction
New insights into the implications of design decisions at both the front-end engineering design (FEED) and
operational stages of the process life cycle are needed for improved risk management practices. This work
proposes new geometric representations of the evolving system function that permits real-time analysis of
function, failure and performance degradation as the design takes place. The methodology can also be used
for existing operations through extraction of information from existing Piping and Instrumentation Diagrams
(P&IDs).
Describing and understanding function is critical in hazard identification, risk management and fault diagnosis.
Function arises from the individual capabilities possessed by plant components (Seligmann et al., 2012). A
capability is defined as an action on a system property, such as <increase><pressure>. Here increase is the
action and pressure is the property. As the pressure is increased, the state of the system is altered, since the
state is described by a set of properties that are principally associated with process streams. Certain sets of
capabilities deliver the overall function of the system. Affecting the values of these properties is what a
process system is designed to do, in order to meet its operational goals. As such, if the desired capabilities
are not activated to the required extent to provide the desired functions, the production, safety, environmental
and/or economic goals of a process system will most likely not be met.
The full set of component capabilities defines the Capability State Space (CSS) within the Lawful State Space
(LSS), where thermodynamic and physical feasibility applies. See Figure 1. Since system function is related to
certain activated component capabilities, the Functional State Space (FSS) of the design is then contained
within the CSS. In operating the process system, the Operating State Space (OSS) depends on both the
process stream properties and component function. This space can be visualized within the FSS.
Failure and/or degradation of capabilities change the CSS and FSS respectively. Such changes show whether
the designed OSS remains feasible, or if latent capabilities might be activated to retain feasible operation.
DOI: 10.3303/CET1648111
Please cite this article as: Cameron I., Németh E., Seligmann B., 2016, New visualizations in the development of function and failure in
process design and operations., Chemical Engineering Transactions, 48, 661-666 DOI:10.3303/CET1648111
661
Alternatively, changes in the actual OSS can suggest process design changes for improved operational
performance.
2. System concepts
Figure 1 shows the following state space concepts:
• The Lawful State Space (LSS), which constitutes a space where the laws of physics, chemistry and
thermodynamics are valid (Bunge 1977).
• The Capability State Space (CSS), which is the space defined by the ‘activated’ and ‘non-activated’,
or ‘latent’, capabilities of the components that make up the designed entity. It encompasses all
possible capabilities of components and the system.
• The Functional State Space (FSS), which is the space defined by the purposely ‘activated’
capabilities of the system components so that the system possesses the requisite functions to deliver
the design and operational goals.
• The Operational State Space (OSS), which is defined by the stream properties reflecting the space
mapped out by the desired region of operations. This normally is bounded by the functional state
space.
It is important to realise that the OSS is directly determined by the FSS. This is because the FSS provides the
desired capabilities to affect the properties of the streams. However, it is possible that the boundaries between
the FSS and OSS can coincide, or even be breached under abnormal operational conditions which include
system disturbances and component failures.
Figure 1. State space regions
There are important additional features such as resilience that can be identified by such a set of state space
representation particularly as the capability sets related to components are clearly defined.
2.1 Capability sets and the evolution of sub-system function
As the components and streams of a process system interact, different capabilities are activated to deliver the
function of the system. Tables 1 and 2 describe the capability sets for some basic flowsheet components.
Table 1. Capability sets for basic flowsheet components
Component Capability Set
Gate valve {<contain><m>,<permit><Ff>,<stop><Ffr>}
Centrifugal pump {<contain><m>,<permit>< Ff>,<increase><P>, …}
Control valve {<contain><m>,<permit><Ff>,<regulate><Ff>, …}
In-line flow meter {<contain><m>,<permit><Ff>,<observe><Ff>, …}
Non-return valve {<contain><m>,<permit><Ff>,<stop><Fr>, …}
Pipe section {<contain><m>,<permit><Ff>, …} or {<contain><M>,<permit><Ff>, …}
Pressure relief valve {<contain><m>,<permit><Ff>,<stop><Fr>}
Dry oil tank {<contain><m>,<permit><F>,<separate><Ø>}
Lawful State Space: LSS
Capability State Space: CSS
Functional State Space: FSS
Operational State Space: OSS
All capabilities
All activated capabilities
Determined by stream
properties
662
Table 2. Symbol definitions for basic flowsheet components
Symbol Definition Symbol Definition
F Flow m Component mass:{m(i), i=1(1)n}
Ff Forward flow x Composition:{x(i), i=1(1)n}
Fr Reverse flow M Total mass
Ffr Forward and reverse flow Xs Solids fraction
P Pressure Ø Phase
T Temperature
2.2 Operation modes
Operational modes of the system are important. A gate valve has two main operational modes: ‘open’ or
‘closed’. Different sets of capabilities need to be activated for each operational mode. If the mode of a gate
valve switches to “open” instead of “closed”, then the capabilities that should be activated are
<contain><mass> and <permit><flow> instead of <contain><mass> and <stop><flow>.
2.3 Geometric representation of capability sets
Capabilities have two parts: action and property. The action part affects the range of the capability, such as
<increase><pressure> in a pump. The action, ‘increase’, acts on the nominated stream property ‘pressure’
causing an increase in the fluid pressure. Visually a capability can be represented as a line interval with
various constraints. Three capabilities are shown in Figure 2. The marking points are used for indicating the
range(s) or specific values, like zero datum or a hard constraint. In keeping with normal mathematical set
theory, we adopt the square brackets […] to signify a closed interval.
Various types of capabilities can be represented on a single diagram. Grouping and ordering arrangements
can provide different meanings and/or better understanding. We examine the value of utilising this approach
for visualising function.
3. Case study
Figure 3 shows the system under consideration. Crude oil, gas and residual sand enter into a dry oil tank
(DOT101) from bulk oil treatment. In the vessel, gas and oil are separated, sand is retained by a weir. Crude
oil is pumped downstream under level control through the LACT booster pumps and other processing
facilities. Gas is discharged to compression facilities. A purge and LP blanket gas feed maintains the operating
pressure. The design pressure of DOT101 is 1050kPag at 120ºC. Multiple pressure safety valves are
incorporated. Figure 3 shows the capability sets and the dashed, highlighted plant section under study.
Figure 2. Example of linear representation of a set of capabilities
Some capabilities are ‘latent’, but they play a vital role in system integrity. Most components have two key
latent capabilities: <withstand><pressure> and <withstand><temperature>. Note that in Figure 3 the
capabilities are described as the triplet: <component><action><property>, e.g. DOT101.p.F. Figure 4 shows
the numeric capability intervals. Mass holdup, pressure and flow are key system properties and Figure 5
shows the shape and profile of these key properties.
The charts show the capability profiles across the subsystem from L101 to L112. The functional state space
(FSS) can be seen in relation to the OSS. It is now possible to observe the effect of failures in any component
and the resultant impact on the FSS and OSS.
663
3.1 Visualizing component failure
To see how a component failure influences the FSS and the OSS representations we look at a failure mode in
the emergency shutdown valve ESDV2 of ‘failed closed’ when operating in ‘open’ mode. Figure 6 shows that
the ESDV2 closure leads to significantly reduced inventories downstream of the closed ESDV2 component,
and a rise in the operating liquid inventory within the dry oil tank.
Figure 3. Dry oil tank and crude oil transfer system with component capability sets
Figure 4. Capability ranges for oil transfer section
DOT101
P1 P2 P3
FM1 FM2 FM3
V1 V2 V3
L102
S1
L106
S2
L107
S3
L108
L101
Oil-gas-sand feed
PRV3
PRV 2
PRV1
NRV1 NRV2 NRV3
V4 V5 V6
L111L110L109
LP flare
Sales oil
L112
ESDV2
Recycle crude
L104
VRU
NRV4
ESDV1
V7
CV1 CV2 CV3
V8 V9 V10
NRV7NRV6NRV5
L113 L114 L115
L103
L105
L1
01
.c
.m
L1
01
.p
.F
V1
.c
.m
V1
.p
.F
(‘
op
en
’)
V1
.s
.F
(‘
cl
os
ed
’)
ES
D
V1
.c
.m
ES
D
V1
.p
.F
(‘
no
t a
ct
iv
at
ed
’)
ES
D
V1
.s
.F
(‘
ac
tiv
at
ed
’)
L101 V1ESDV1
D
O
T1
01
.i.
P
D
O
T1
01
.c
.m
D
O
T1
01
.p
.F
DOT101
ES
D
V2
.c
.m
ES
D
V2
.p
.F
(‘
no
t a
ct
iv
at
ed
’)
ES
D
V2
.s
.F
(‘
ac
tiv
at
ed
’)
ESDV2
FM
1.
c.
m
FM
1.
p.
F
FM
1.
o.
F
FM1
S1
.c
.m
S1
.p
.F
S1
.r
d.
Xs
S1
L1
06
.c
.m
L1
06
.p
.F
L106
P1
.i.
P
P1
.c
.m
P1
.p
.F
P1
N
RV
1.
c.
m
N
RV
1.
p.
F
N
RV
1.
s.
Fr
NRV1
L1
09
.c
.m
L1
09
.p
.F
L109
V4
.c
.m
V4
.p
.F
(‘
op
en
’)
V4
.s
.F
(‘
cl
os
ed
’)
V4
L1
12
.c
.m
L1
12
.p
.F
L112
L1
02
.c
.m
L1
02
.p
.F
L102
Zero datum
lower upper lower upper lower upper lower upper
ID Description k g k g k Pag k Pag C C k g/s k g/s
L101 pipeline segment: 30m DN750, Class 150 0 9278 -100 1700 -29 150 -10 250
ESDV1 emergency shutdown valve, Class 150 0 93 -50 1700 -29 150 -20 250
DOT101 dry oil tank, 85m3 capacity, Class 150 0 84673 -20 1870 0 150 -4 250
L102 pipeline segment: 15m DN400, Class 150 0 1319 -100 1700 -29 150 -10 250
ESDV2 emergency shutdown valve, Class 150 0 26 -50 1700 0 150 -2 250
V1 isolation gate valve, Class 150 0 15 -5 1700 0 150 0 250
S1 line strainer, Class 150 0 15 -50 1700 -29 150 -20 250
L106 pipeline segment: 3m DN300, Class 150 0 148 -100 1700 -29 150 -20 250
P1 centrifugal pump, Class 300 0 25 -20 3500 -29 150 -20 250
FM1 flow meter, Class 300 0 15 -50 3500 -29 150 0 250
NRV1 non-return valve, Class 300 0 15 -50 3500 -29 150 -20 250
L109 Class 300 pipeline segment: 3m DN250 0 103 -100 3500 -29 150 -20 250
V4 line isolation valve, Class 300 0 10 -50 3500 -29 150 -20 250
L112 pipeline segment: 10m DN400, Class 300 0 880 -100 3500 -29 150 -20 250
Capability state space
Mass Pressure Temperature Flow
664
Figure 5. Functional State Space and Operational State Space for mass, pressure and flow
Figure 6. FSS-OSS mass holdup (kg) across system after ESDV2 ‘fails closed’
In Figure 7 we see that the ESDV2 ‘failed closed’ situation has impacted significantly on the downstream
pressure reducing this to almost zero. The ESDV2 component is now unable to fulfil the capability of
<permit><flow> and the pump P1 is starved of liquid feed and hence cannot generate a pressure head.
Likewise in Figure 8 we see that no liquid flow proceeds from the DOT101 liquid discharge but the tank can
still fill with liquid as seen in Figure 6.
The visualizations are informative and reflect the implications from component failures. These can be linked to
other causal representation such as directed graphs as discussed by Németh and Cameron (2013).
665
Figure 7. FSS-OSS pressure change across system after ESDV2 ‘fails closed’
Figure 8. FSS-OSS flow (kg/s) across system after ESDV2 ‘fails closed’
4. Conclusions
This work has shown that it is feasible to take component capability sets related to flowsheet equipment and
represent them by three primary state spaces that can then be easily visualized. These state spaces can then
be used by designers and operators to inform them of the implications of process component choices. This is
particularly the case when failures occur that disrupt the functional state space through loss of component
capabilities.
The ability to augment traditional design tools such as process simulators and CAD tools with real-time
visualizations of the capability, functional and operating state spaces can provide immediate insights into
design decisions and would lead to concurrent engineering practices that would enhance design efficiencies
and provide early indications of the failure scenarios within a design. The visualization capabilities can be
enhanced to consider the role of latent capabilities within the design that can be activated to enhance
resilience in the system against system failures and major disturbances on the system. These insights should
help towards enhancement of process safety at both design and operational phases of the process life cycle.
References
Bunge M., 1977, Ontology 1: The Furniture of the World. Vol. 3, Treatise on Basic Philosophy, Springer
Netherlands.
Seligmann B. J., Németh E., Hangos K. M., Cameron I. T., 2012, A blended hazard identification methodology
to support process diagnosis, Journal of Loss Prevention in the Process Industries, 25(4), 746-759. DOI:
10.1016/j.jlp.2012.04.012
Németh E., Cameron I. T., 2013, Cause-implication diagrams for process systems: their generation, utility, and
importance, Chemical Engineering Transactions, 31, 193-198. DOI: 10.3303/CET1331033
666