Distributed Fault Detection and Isolation Approach for Oil Pipelines

Fault detection and isolation (FDI) in oil pipeline systems (OPS) is a very critical issue because faults in these systems such as leaks or equipment malfunctions may cause significant safety accidents and economic losses. These are the challenging factors, along with the environmental regulations for developing efficient FDI approaches for OPS. This paper proposes a model-based distributed FDI approach, which uses a structural model of the system in conjunction with algorithms to generate diagnostic tests that may be implemented in local diagnosers along the OPS. The proposed approach allows detection and isolation of faults in pipeline sections (pipeline segments), pump stations, as well as process control equipment. In this way, simulation of the obtained diagnostic tests in a benchmark application shows that all faults of interest (pipeline segment faults and sensor faults) are detected and isolated.


Introduction
Oil transport is a vital activity in the petrochemical industry [1]. Pipelines are the most essential devices for transportation of crude oil from production places to refineries, and the refined oil from refineries to demand points [2,3], in this way, the oil pipeline systems (OPS) usually comprise numerous pipeline segments that require multiple pump stations and the necessary process control equipment, all of which are implemented with field instruments. The OPS are large-scale distributed plants that operate at relative high pressure [4]; likewise, during the past few decades, the OPS grew in size and complexity [5,6].
While the OPS are considered to be the safest and most efficient way for oil transportation, there is still a probability of failure, with safety accidents, economic losses, and environmental damage.
In OPS, component (pipeline segment, pump station, control equipment, etc.) malfunction may cause poor performance of transportation and leaks in pipeline segments are one of the major causes of heavy losses, so dependable FDI systems are important to be used [7]. In order to keep safe and reliable OPS, substantial research efforts have been dedicated to the design and implementation of FDI systems, which play the important role of monitoring oil transportation operations to detect, isolate, and identify the magnitude and time-varying behavior of the potential failures, as well as possible design accommodation actions [8][9][10][11].
Different FDI methods have been considered in the last decades to cope with the monitoring OPS, generally these methods are aimed at pipeline leak detection in OPS [12][13][14]. Likewise, in the last few years, for large-scale distributed plants, methods have been proposed that allow FDI in plant components [15][16][17].
For pipeline leak detection, the most common classification is based on the detection technology characteristics and can be divided into hardware-based and software-based methods [18,19]. In hardware-based approaches, different sensing devices are used to detect failures [12]. Likewise, in software-based approaches, diverse soft computing methods have been developed for leak detection in oil pipelines networks [13,20]. However, many of these methods show shortcomings, such as, e.g., long response times and incidence of false alarm reports [21].
On the other hand, FDI of plant components could use data-based methods that exploit available experimental (historical) data [22]; model-based methods that are based on comparing the actual outputs of the monitored system with the outputs obtained from an analytical mathematical model [23]; and knowledge-based methods which generally use the relationships between faults and symptoms in the form of rules [24]. Particularly, FDI in large scale distributed plants is a difficult task due not only to the large amount of components, but also to its interconnected subsystems with coupled variables between them [25], here by using model-based approaches, a centralized or a distributed architecture in the design of the FDI system may be considered. The centralized architecture requires a global model and may be an impractical option (when implementing a global diagnoser) because of the amount of needed communication [23]. Distributed diagnosis using a structural model has been proposed in [26], a distributed diagnosis approach with a set of local diagnosers was presented in [16,17], and, in [27], a decentralized FDI system based on structural analysis of a large distributed plant was designed.
Distributed FDI architecture consists of subsystem models and is implemented with local diagnosers that together guarantee the same diagnosability as a regular centralized architecture, allowing high performance in scalability, reliability, communication, and reduced computation costs [27][28][29]. In this sense, given that oil pipelines are large-scale distributed plants [4,30] with many components, it would be more convenient to apply the distributed FDI approach, in which, unlike centralized approaches, knowing the model of the global plant is not mandatory [17,25,31]. Additionally, the main performance indexes of FDI methods in OPS are positioning accuracy, response time, sensitivity, and false alarm rate [32]. Nevertheless, as Wang et al. [14] pointed out, no single method can always meet all the requirements, and each technique has its advantages and disadvantages in different circumstances. Moreover, recent surveys about existing FDI methods that can be used in oil and gas pipelines [32,33] concluded that the combination of two or more methods is the future course in FDI in OPS.
In this context, the use of a FDI method for OPS components (e.g., pipeline segment fault, sensor fault, valve fault, etc.) in combination with a leak detection method (to localize pipeline leaks) would discern between component fault and leakage occurrence, avoiding, for example, long response times or false alarms, which also would improve OPS performance.
Thus, here it is considered that the FDI be performed by combining two methods. The first method aims to detect and isolate faults in OPS components, so this first method is used to determine in which component a fault occurs; and, in the case of pipeline segment fault (which implies a leak), once the faulty segment is detected and isolated, the second method would aim to localize the leak.
In this paper, in order to detect and isolate faults in an OPS component, a model-based distributed FDI approach is proposed, which uses a structural model of the system in conjunction with algorithms to generate diagnostic tests. The latter would be implemented in local diagnosers along the OPS to ensure detection and isolation of faults in pipeline segments, as well as in process control equipment (e.g., sensor fault, valve fault, etc.). The proposed approach is combined with a second method to localize the leak that occurred in a pipeline segment. For this purpose, a method as described in [4,[34][35][36] may be used (this second method is not addressed in this work).
The major contribution of this research is the extension of the structural analysis approach [17,23,37] to propose a distributed FDI approach for the OPS, considering an optimization process in the selection of tests and the inclusion of neighbors subsystems at different levels to achieve the diagnostic goals. In order to guarantee maximum diagnosability and least exchange of sensor information between subsystems, local diagnosers should be efficiently built for each subsystem, in this sense, two algorithms for the design of local diagnosers are proposed, first only with local information and if necessary with progressive incorporation of information from neighboring subsystems to achieve detection and isolation of a set of faults of interest in OPS.
This paper is organized as follows. In Section 2, the theoretical framework of structural analysis for model base FDI is provided. A model-based distributed FDI approach, which uses a structural model of the process in conjunction with algorithms to generate diagnostic tests, is proposed in Section 3. In Section 4, a case study of FDI for an OPS is presented. Section 5 shows the discussions of the obtained results. Finally, Section 6 gives some conclusions.

Structural Analysis for Model-Based FDI
Structural analysis allows for obtaining structural models that are very useful for the design of model-based FDI systems. These structural models can be represented by bipartite graphs. A graph is bipartite if its set of vertices can be separated into two disjoint sets Σ and X such that each edge has a connection in Σ and another in X.
The main assumption is that each component can be represented by a structural model composed of one or more equations; therefore, violation of at least one equation indicates that the system component is faulty.
Let the system description consist of a set of n e equations involving a set of variables partitioned into a set Z of n Z known (or measured) variables and a set X of n X unknown (or unmeasured) variables. We refer to the vector of known variables as z and the vector of unknown variables as x. The system may be impacted by the presence of n f faults that appear as parameters in the equations. The set of faults is denoted by F, and we refer to the vector of faults as f.

Definition 1 (System).
A system Σ(z, x, f) or Σ, for short, is any set of equations relating z, x and f. The equations e k (z, x) ⊆ Σ(z, x, f), k = 1, . . . , n e , are assumed to be differential or algebraic in z and x. Definition 2 (Structural Model). The structural model of the system Σ(z, x, f) is a bipartite graph G(Σ ∪ X ∪ Z, A), or equivalently to G(Σ ∪ X, A), where A ⊆ A and A is a set of edges such that a(i, j) ∈ A iff variable x i is involved in equation e j .
The structural model of the system Σ(z, x, f), also denoted with some abuse by Σ(z, x, f) or Σ in the following, can be obtained abstracting the functional relations. This abstraction leads to a bipartite graph G(Σ ∪ X ∪ Z, A), or equivalently to G(Σ ∪ X, A), where A ⊆ A and A is a set of edges such that a(i, j) ∈ A iff variable x i is involved in equation e j .
A model Σ is used to illustrate the concepts. This is composed of fifteen equations, e 1 to e 15 , relating the unknown variables x = {x 1 , x 2 , . . . x 10 } and the known variables z = {z 1 , z 2 , . . . , z 5 }. The representation in a bipartite graph for this system is shown in Figure 1.
The set of local variables of Σ i , denoted as X L i , is composed of the subset of vertices of X i that are adjacent only to vertices in Σ i . The set of shared variables of Σ i , denoted as X S , is composed of the subset of vertices of X i that are adjacent to vertices in Σ i and vertices in any other subset Σ j , where j = i. The decomposition of the model Σ into three subsystems, Σ 1 = {e 1 , e 2 , . . . , e 7 }, Σ 2 = {e 8 , e 9 , . . . , e 12 } and Σ 3 = {e 13 , e 14 , e 15 } is also shown in Figure 1 A key tool for fault diagnosis using structural analysis is the concept of matching. A matching is a causal assignment that links an equation with an unknown variable, where this equation can be used to calculate this unknown variable [23].

Definition 4 (Matching).
A matching M between Σ and X is a subset of A of disjoint edges of a bipartite graph G. It is called complete matching with respect to Σ or X if |M| = |Σ| or |M| = |X| keeps, respectively.
It is possible to find different matching for a specific bipartite graph; in Figure 2, a complete matching with respect to X(in bold edges) of the model Σ is shown. Dulmage-Mendelsohn (DM) decomposition provides important structural properties; in particular for bipartite graphs, each graph G(Σ ∪ X, A) can be decomposed in three subgraphs: • Over-determined subgraph G + , with a X-complete matching that is not Σ-complete, • Just-determined subgraph G 0 , with a complete matching, • Under-determined subgraph G − , with a Σ-complete matching that is not X-complete.
As a consequence of this bipartite graph decomposition, the corresponding system Σ can be decomposed into three parts: the structurally overdetermined (SO) part represented by Σ + , which has more equations than unknown ones, the structurally just determined part represented by Σ 0 , and the structurally underdetermined part represented by Σ − .

Definition 5 (Structural redundancy).
Given a bipartite graph, The structural redundancy ρ Σ of a set of equations Σ ⊆ Σ is defined as the difference between the number of equations and the number of unknown variables X.
The incidence matrix I(e i ,x j ) of the bipartite graph is used to represent this graph as a set A of edges in an algebraic manner. The rows of this matrix are associated with the equations e i and the columns with the variables x j with i = 1, . . . , m equations and j = 1, . . . , n j variables. A "1" in the intersection of row e i and column x j indicates the existence of the edge (e i ,x j ) ∈ A.

Structural Diagnosability
Analytical redundancy occurs and analytical redundancy relations are available when there are equations that are not necessary to match unknown variables in a system Σ. Any over-determined subgraph G + contains more equations than variables, and such an equation can be used for residual generation. A residual, derived from ARRs, is generated from a subgraph G + using the excess equations once all unknown variables within G + are expressed in terms of known variables. When an expected value of an ARR is not met, a fault is detected.
is a system taking a subset of the variables z as input, and generating a scalar signal r as output if, for all z consistent with Σ(z, x, f), it holds that lim t→∞ r(t) = 0.
The Minimal Structurally Over-determined Set approach is a way to find ARRs. This is done by calculating the matching M MSO ⊆ Σ + of an over-determined subgraph that has structural redundancy equal to 1.

Definition 8 (MSO sets).
A Minimal Structurally Over-determined Subsystem is a part of G + from which removal of one constraint will make the subsystem to become just-constrained [23].
A minimal structurally overdetermined set, for a short MSO set, can be used to generate an ARR given that the equations number exceeds the unknown variables number by one (structural redundancy 1), which means that only one residual generator can be developed. According to [38], the computation of MSO sets can be exponential according to the structural redundancy and system measurements. One way to reduce this computational cost can be by calculating only the MSO sets of interest, that is, reducing the calculation only to those impacted by faults. Hence, the concept of Fault-Driven Minimal Structurally Overdetermined (FMSO) set is useful. An FMSO set can be defined as an MSO set of Σ(z, x, f) whose fault support is not empty.
Let the FMSO set ϕ, where Z ϕ ⊆ Z is the set of known variables of ϕ, X ϕ ⊆ X is the set of unknown variables of ϕ and F ϕ ⊆ F is the set of fault support of ϕ, below the definition of FMSO [39].
The algorithm of calculation of FMSO sets presented in [17] allows the calculation of all the FMSO sets related to the set of faults of interest, which can be many in the case of large-scale distributed plants. It is possible to optimize the calculation of FMSO sets taking into account some design parameters such as: less number of equations involved, less number of unknown/known variables or forcing the use of a certain subset of variables or equations. With these considerations, a distributed diagnostic algorithm can then be proposed to respond to real constraints on communication, distance, or availability of sensors and actuators among pre-defined subsystems.

Model-Based Distributed FDI
This section proposes a method to design a set of distributed local diagnosers that together guarantee the same diagnosability as a centralized system. To achieve this, each local diagnoser must detect and isolate the set of faults corresponding to its subsystems. To solve this problem, an approach is proposed that builds a select set of FMSO sets for each subsystem that guarantees maximum diagnosability and the least exchange of sensor information between subsystems.
Initially, FMSO sets are built only with local information, and, if it is not enough to detect and isolate all the faults of that subsystem, sensors from neighboring subsystems are added until the possible detectability and isolability are reached. In each iteration of building FMSO sets, a Binary Integer Linear Programming (BILP) optimization problem is solved to select the most appropriate FMSO sets.
The general idea is to incorporate information of additional sensors to minimize the coupling between FMSO sets; this is achieved by adding equations that minimize the number of connections between FMSO sets.
In order to develop a methodology to build and select an efficient set of FMSO sets, it is desirable to build only a useful part of all Global FMSO sets; for this, it is proposed to focus the building process in a reduced subgraph related to a subset of interest faults.
To compute FMSO sets that require information from other subsystems, a classification of neighboring subsystems is performed according to their proximity: if they are directly connected neighbors, they are classified as level 1 neighbors; if they are connected neighbors through 1 subsystem, they are classified as level 2 neighbors and so forth.
Definition 12 (Neighbors of Σ i ). Given two subsystems Σ i and Σ j of Σ, Σ i = Σ j . Σ i is a first level neighbor of Σ j if z i ∩ z j = ∅, which is denoted by Σ 1,j i and Σ 1,i i . The set of all neighbors of the first level of Σ i is denoted by Σ 1,i Classification of the neighbors is illustrated with another example in Figure 3 where the subsystems Σ 10 and Σ 13 are taken as examples. For the subsystem Σ 10 , the first level neighbors are Σ 1, 10 11 , Σ 1,10 3 and Σ 1,10 9 . Then, Σ 1,10 and Σ 2,10 are the sets of first and second level neighbors with respect to Σ 10 .

Local Diagnosers Design
The method proposes the creation of local diagnosers for each subsystem that can operate independently of each other by sharing the minimum possible amount of sensor information. This approach considers predefined subsystems and, in that context, it is designed in a distributed framework. Given a set of faults of interest, known and unknown variables for each subsystem, first, Algorithm 1 calculates FMSO sets for the set of faults of each subsystem starting from the equation (or the set of equations) that contains the fault of interest. This set of equations is called evaluation equations Σ E .

Algorithm 1 Local Diagnoser Design
Σ E ← Set of equations directly impacted by faults of F i ; 4: while |Σ E | < |Σ i | and ARR i = ∅ do; 5: x E ← Set of unknown variables of Σ E ; 6: Execute an optimal selection of computed FMSO sets by solving a BILP problem; 9: Compute ARRs for Σ i from selected FMSO sets; 10: ARR i ← analytical residual generators of Σ i ; 11: end while 12: end for Result: Local optimal FMSO sets for subsystem Σ i , i = 1, . . . , n.
Definition 13 (Subset R). Given a subsystem Σ i and a set of unknown variables under evaluation If there is any fault f ∈ F j,i not detectable or not isolable with the ARRs computed by Algorithm 1, that is, if FMSO sets are not found with the exclusive information of that subsystem, Algorithm 2 is used, which uses a criterion of adding equations of neighboring subsystems, initially of level 1: one-by-one sub-systems are added and, if it is necessary, two by two until the whole set of subsystems of level 1 is brought together. If the diagnostic objectives cannot yet be achieved, subsystems of level 2 are incorporated in addition to the set of subsystems of level 1. while Σ E = Σ L,i do 6: x E ← Set of unknown variables of Σ E ∪ Σ E ; 7:

Brief Description of the Oil Pipeline
The oil pipeline (plant) under study in this paper is located in Peru. It transports oil for delivery to customers. Figure 4 shows a view of this oil pipeline.
This oil pipeline consists of three sections with a pumping station located at the beginning of each section with a total length of 450 km. Detailed data of dimensions and relative heights of each section are shown in Table 1, where L i is the length, D i is the outer diameter of the pipes, d i is the inner diameter of the pipes, δ i is the wall thickness of the pipes, and z 0 , z L i are the relative heights at the beginning and the end of each i section, respectively.    The head discharge (Q − H) characteristics of the pumping station operating in stationary regimes are often approximated by the following equation: where ∆H is the differential head, Q is the flow rate, and a and b are the approximation factors of the (Q − H) characteristic. The characteristics of pumping stations are detailed in Table 2, including the pump types, the head-discharge (Q − H) characteristics, and the positive suction heads (P.s.h.). The temperature of the pumping oil is 30 • C, the maximum admissible pressure in the pipeline is 11.1 MPa, the density of the transported oil is 850 kg/m 3 , and the efficiency of the system is 1500 m 3 /h.

Mathematical Modeling of Oil Pipeline
The mathematical modeling of the processes involved is needed for the design of distributed fault detection and isolation systems [8,9]. This mathematical modeling may differ in complexity depending on the intended applications; see, for example, [40][41][42][43][44]. In general, the oil flow within a pipe is governed by the fundamental laws of mechanics and thermodynamics and constitutes a fluid flow system [4,45].
The mathematical modeling of the oil pipeline under study is developed by applying the basic fundamental equations of fluid flow, which are the continuity equation, the momentum equation, and the energy equation [4,45].
The continuity equation of the transported oil in the pipeline is based on the law of conservation of mass, and it is represented as [45]: where ρ, v are the density, and the velocity of oil, S is the pipeline cross-section area, x is the coordinate along the pipeline axis, and t is the time.
The momentum equation which describes the force balance on the fluid within the pipeline is presented as [18]: where p is the pressure, d is the pipeline internal diameter, g is the gravity acceleration; τ w is the tangential stress at the pipeline internal surface, and α(x) is the slope of the pipeline axis to the horizontal. The equation of mechanical energy balance is written as [46]: where z is the geometric head, i is the hydraulic gradient, and P(ρ) is a function of the pressure such that: dP = dp ρ , P(ρ) = dp (5) and where ν is the kinematic viscosity of the oil flow rate. The equation of total energy balance is represented as [47]: where e in is the internal energy, J = e in + p/ρ is the enthalpy or heat content, q n is the heat flux. Equations (2)-(4) and (6) are the set of one-dimensional, partial differential equations used for mathematical modeling of oil flow within the pipeline.
In stationary flow, all parameters of the transported oil at each cross-sectionof the pipeline remain constant, which is independent of time. Therefore, for the stationary flow, the basic equations describing the oil flow are the following: The continuity Equation (2) leads to the equation [18]: which means that the mass flow rateṀ = ρvS of the transported oil stays constant. The momentum Equation (3) considering that v = const., τ w = λρv|v|/8 and sin α(x) = dz dx gives [48]: The equation of total energy balance (6), considering that e in = C v T + const., 2g and q n = −K(T − T ex ), is written as [45]: where C v is the specific heat, T is the oil temperature, T ex is the temperature outside the pipeline, K is the heat transfer factor, and λ is the hydraulic resistance factor. The expressions (7)-(9) are the basis equations for mathematical modeling of the stationary operating regimes of oil pipelines.
From the combination of the continuity Equation (7) and the differential momentum Equation (8), the following Bernoulli equation in its algebraic form [18,45] is obtained: where x = 0 and x = L are, respectively, the initial and terminal cross-sections of the oil pipeline section with length L. Equation (10) relates the pressure p 0 , p L at the beginning and at the end of a pipeline section, respectively, with the velocity v of the oil flow.
Taking into account that the head is represented as h = p/ρg, Equation (10) becomes [18]: where z 0 and z L are the geometric head at the beginning and at the end of a pipeline section, respectively. The mathematical model of the pumping station is represented by the following algebraic equation [45]: where ∆H is the differential head produced by the pumping station on the oil flow rate Q, p ex , p in are the pressure after, and the pressure before the oil pumping station, respectively, h ex , h in are the head after, and the head before oil pumping station, respectively. The dependence ∆H = F(Q) defines the head-discharge (Q − H) characteristic of the pumping station. The flow rate Q through a pipeline (in m 3 /s) is obtained by the expression [18]: Taking into consideration that the oil pipeline under study consists of three sections with a pumping station located at the beginning of each section, for the mathematical modeling of each of this section, the Bernoulli Equation (10) is used, in which the pressure p 0 = p(0) at the initial cross-section of the pipeline section is replaced with the help of the following condition [45]: p 0 ρg = p in ρg + (a − 1.296 · 10 7 S 2 bv 2 ) (15) where p 0 = p in , the velocity v is measured in (m/s), a and b are the approximation factors of the head-discharge (Q − H) characteristic of the pumping station. After replacing p 0 , it is obtained [45]: Therefore, the mathematical modeling of the system Σ and its respective sub-systems Σ i are represented as: In this model, internal pressure variables h ui (i = 1 − 3, L), flow variables Q i (i = 1 − 3, L), and head gain ∆H i (i = 1 − 3) are related to each pumping station describing the plant; all these signals are considered as unknown variables, flow sensors y Q i (i = 1 − 3, L), and pressure sensors y h ui (i = 1 − 3, L) are considered as known or measured variables. Accordingly, fault variables f h 2 , f h 3 and f h L are related to pressure sensors, fault variables f Q 1 and f Q L are related to flow sensors, and fault variables f i (i = 1 − 3) are related to pipeline segments (through flow balance at each section from the beginning to the end).
To sum up, the structural model describing the plant consists of the system Σ(z, x, f) with a total of 20 equations divided into 4 sub-systems Σ 1 to Σ 4 , 8 known variables in z, 14 unknown variables in x, and 8 fault variables in f.
For subsystem Σ 1 , the set of equations directly impacted by , then the set of unknown variables related is x E = {Q 1 }, and it is found R(x E , Σ 1 ) = {e 2 , e 3 , e 4 }, and this set is assigned to Σ E ; with this set of equations, all FMSO sets possible from Σ E are computed; in this case, no FMSO sets are found. Given that |Σ E | < |Σ 1 |, the process is done once again. The set of unknown variables of Σ E is assigned to x E = {∆H 1 , v 1 , Q 1 } and is found R(x E , Σ 1 ) = {e 1 , e 2 , e 3 , e 4 } and assigned to Σ E ; with this set of equations, all FMSO sets possible from Σ E are computed, in this case, no FMSO sets are found. Since still |Σ E | < |Σ 1 |, the process is done once again. The set of unknown variables of Σ E is assigned to x E = {∆H 1 , v 1 , h u1 , h u2 , Q 1 }, and it is found that R(x E , Σ 1 ) = {e 1 , e 2 , e 3 , e 4 , e 5 } and is assigned to Σ E ; with this set of equations, all FMSO sets possible from Σ E are computed; in this case, no FMSO sets are found. Finally, as |Σ E | = |Σ 1 |, no more loops are computed, and it is concluded then that Local Diagnoser for Σ 1 can not be computed with only equations from Σ 1 .
This procedure is repeated for all subsystems concluding that none of the Local Diagnosers can be computed with only equations from their respective subsystems. Now, the design process is continued with the procedure of Algorithm 2.
Following Algorithm 2, let us detail the steps for the procedure design for the Local Diagnoser for subsystem Σ 1 . First, the set of equations impacted by faults f 1 = { f Q 1 } is assigned to Σ E = {e 4 }, the level variable is defined L = 1 and the variable Σ E is set to ∅. As Σ E = Σ 1,1 , the analysis loop begins. The set of unknown variables of Σ E ∪ Σ E is assigned to x E = {Q 1 }. Then, R(x E , Σ 1,1 ) is assigned to Σ E = {e 9 } and is decomposed in one part Σ 1,1 2 . Then, R(x E , Σ 1 ) is assigned to Σ E = {e 2 , e 3 , e 4 }. With all this, no FMSO sets are found from this selection. As Σ E = Σ 1,1 , the following loop begins, and the set of unknown variables of Σ E ∪ Σ E is assigned to x E = {Q 1 , Q 2 }, Then, R(x E , Σ 1,1 ) is assigned to Σ E = {e 7 , e 8 , e 9 , e 10 } and is decomposed in one part Σ 1,1 2 . Then, R(x E , Σ 1 ) is assigned to Σ E = {e 1 , e 2 , e 3 , e 4 }. With this selection, one FMSO set is found, but no selection is found computing the BILP problem. As Σ E = Σ 1,1 , the following loop begins, the set of unknown variables of Σ E ∪ Σ E is assigned to x E = {h u1 , ∆H 1 , h u2 , ∆H 2 , v 1 , Q 1 , v 2 , Q 2 }, Then, R(x E , Σ 1,1 ) is assigned to Σ E = {e 6 , e 7 , e 8 , e 9 , e 10 , e 11 } and is decomposed in one part Σ 1,1 FMSO sets are found, and the selection by computing the BILP problem is found; with this selection, the related analytical redundancy relations are computed.
Following the same design process in Algorithm 2 for subsystems Σ 2 , Σ 3 , and Σ 4 , it is found that, for Σ 2 , Σ 3 , subsystems from level 1 are needed to build analytical redundancy relations for complete diagnosis isolation; meanwhile, for subsystem Σ 4 , subsystems from level 2 are needed. Table 3 summarizes all sets of FMSO sets found for complete isolation, and the local faults that each local diagnoser detects and isolates are highlighted: Then, from the design of the local diagnosers presented in Table 3, it follows that, according to the sensitivity of faults, both subsystems Σ 1 and Σ 2 require two FMSO sets each to detect and isolate their faults. In the case of subsystems Σ 3 and Σ 4 , they have three FMSO sets each. Next, applying Definitions 6 and 7, an ARR is calculated first and then a residual generator for each of these 10 FMSO sets of Table 3.
Finally, the residual generators, which receive only measured variables as inputs, are designed and programmed in a programmable automation controller (PAC) using the structured text language. For the implementation, a PAC is assigned for each local diagnoser as shown in the architecture of the proposed FDI system in Figure 7. Ultimately, to validate the implementation of the designed distributed FDI system, all the faults of the set of faults of interest are emulated: faults f h 2 , f h 3 and f h L related to pressure sensors, faults f Q 1 and f Q L related to flow sensors and faults f i (i = 1 − 3) related to pipeline segments. Then, in Figure 8, the response of the system to emulations of all the faults simultaneously is presented, and it can be seen that the system detects them for all these signals through the response of the residuals that differ from zero during the duration of the fault. In the same way, isolation is demonstrated by different fault signatures. The results shown in Figure 8 demonstrate that all faults can be detected and that a different fault signature is generated for all faults except for faults f 3 and f Q L that cannot be isolated from each other. Each column of this figure corresponds to each fault with simulation occurring, and each row corresponds to the sensibility to each residual generator r i for each fault with emulation occurring.

Results and Discussion
Given the physical characteristics of the system, it is shown that, only by using Algorithm 1, it is not possible to implement local diagnosers. On the other hand, by means of Algorithm 2, the local diagnosers for subsystems Σ 1 , Σ 2 and Σ 3 are constructed, including level 1 subsystems. In the case of the local diagnoser for subsystem Σ 4 , level 2 subsystems are considered. In addition, by applying Algorithm 2, it is shown that local diagnosers were built with the minimum possible amount of FMSO sets necessary to minimize communication among subsystems. Figure 8 shows that the seven faults raised in the OPS model can be effectively detected and isolated from each other (since they have different fault signatures) according to the distributed construction of the four local diagnosers. Additionally, Figure 8 highlights the local faults that each local diagnoser detects and isolates; this shows the correspondence of the simulations with the sensibility shown in Table 3. It is shown that, using Algorithm 2, it is possible to implement a distributed diagnosis system for a large and complex process without the need to use the global model, this, unlike other studied methods, allows for optimizing the system design as well as the communication between subsystems.

Conclusions
In this paper, a distributed FDI approach based on structural analysis for OPS is proposed; likewise, the design of a distributed FDI system of an OPS located in Peru is developed. This FDI system is composed of four local diagnosers with a total of eight analytical redundancy relations obtained from a set of FMSO sets. Through the proposed algorithms, local diagnosers are efficiently built for each subsystem by progressively incorporating information from neighboring subsystems to achieve the previously defined fault detection and isolation objectives. The FDI system developed was tested by simulation validating that the eight faults of the set of interest, which include five sensor faults and three pipeline segment faults, can be detected and isolated. The main advantage of this approach is that it allows a distributed diagnosis design without the need to use the global model of the process, which makes it much more feasible to implement for complex and large processes.

Data Availability Statement:
The data presented in this study is available on request from the corresponding author.

Conflicts of Interest:
The authors declare no conflict of interest.