KR100479227B1 - Method for composing fault tree by digraph - Google Patents

Abstract

Disclosed is a method for automatically synthesizing a fault tree using a digraph. In the method for automatically synthesizing defects using a diagram of the present invention, a node is included in a given process diagram and a defect is generated, a node is divided into information about the defects, and the node is selected and normal nodes are selected. Is in a loop and, if so, whether it is in any one of a positive feed forward loop (PFFL), a negative feed forward loop (NFFL), a positive feed backward loop (PFBL), or a negative feed backward loop (NFBL) According to the present invention, the defect number corresponding to the generated graph is generated by applying different defect number generation rules according to a situation in which the selected top event exists. According to the present invention, it does not rely heavily on the user's manual, inexperienced or logical error, so that the cause of the objective defect can be derived quickly. In addition, the user can create the desired number of defects if the user changes his or her top event.

Description

Automatic Method of Defect Number Synthesis Using a Graph [Method for composing fault tree by digraph}

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for automatically synthesizing a defect number using a die graph, and more particularly, to a method for automatically synthesizing a defect number by using a graph for synthesizing a defect number by mapping the created die graph to a database structured defect number generation rule.

The international trend is that chemical plants produce small quantities of multiple varieties in order to meet the needs of various consumers, or produce large quantities of basic materials in order to increase competitiveness. In order to satisfy both cases, automation is accelerated to increase efficiency and to consider safety and environment. Since the automation of all the driving in the past with the help of computer technology rather than humans, most of the production system is complicated, and how to cope with an accident is also complicated. In order to evaluate the safety of such a system, the safety of the system is accurately measured and based on a sophisticated and systematic method such as Fault Tree Analysis (FTA) rather than conventional qualitative risk analysis methods such as Checklist and HAZOP. It is necessary to analyze the causes of accidents and determine investment priorities. However, the existing FTA results, which were performed manually based on the analyst's experience, could not maintain objectivity in the safety analysis results due to the logical error or subjectivity of the analyst. Therefore, it is necessary to automate the FTA so that it can be easily performed by non-experts and maintain objectivity in the result.

Quantitative Risk Analysis, such as the FTA, is increasingly used as a method for overall safety management in the chemical industry. Although qualitative methods based on the experience of experienced engineers, such as codes, conventions or checklists, are widely used as important safety technologies and contribute to the improvement of safety, they still have a significant loss of lives and property worldwide. Many accidents are bringing about. Quantitative risk assessment techniques can be used effectively to identify potential incidents and provide preventive measures in addition to many other qualitative assessment techniques that assess and analyze risk.

Quantitative risk assessment methods quantify risks and suggest strategies for reducing them. It also allows us to find each individual risk that affects the safety of the overall process, suggests the extent to which the overall risk can be reduced by improving each risk, and enables cost-effective analysis in the process.

Many researches on automated FTAs have been conducted. Efficient tools have been developed by various scholars and used to construct fault trees (FTs). Transfer function by Fussel in 1973 [Fussel, J. B., Rep ANCR 1098, Nat. Reactot Testing Station (1973)], Decision table [Salem., S. L., Apostolakis. G. E. and Okrent, D., Comput. Chem. Eng., Vol. 4 (1977)], in 1977 by Lapp and Powers researchers [Lapp, S. A and Powers, G. J., IEEE Trans. Rel., Vol. 29, (1977), Powrer GJ and Lapp SJ, "A Short Course On Risk and Reliability Assessment by Fault Tree Analysis", CMU (1989), 1978 by Camarda et al. Reliability graph [Camarda, P., Corsi, F. and Trentadue, A., IEEE Trans. Rel., Vol. 27, (1978)], 1986 by Kelly and Lee, Mini fault tree [Kelly, B. E. and Lees, F. P., Rel., Eng., Vol. 16, (1986)] are suggested tools for FTA automation.

However, the method to use the above tools efficiently for complex chemical processes has not been suggested, and due to the complex methodology of the FTA itself, only automation in the analysis of defect number (FT) has progressed and commercialized. . These commercial programs have only the editor and calculation functions, while the FT component, which is the most important step of the FTA, is hand-crafted. The number of defects that were the biggest problem of manual FTAs, except that the computer uses the number of defects (FT) that were created manually by the user and automatically calculates the probability and calculates the minimum cut set. There were limitations that the problems in the logic of the (FT) configuration could not be overcome.

Accordingly, an object of the present invention is to express a complex chemical process using a diagram, and to develop a graph-defect function automatic conversion algorithm based on this information to automate the generation of defects, to perform a risk assessment systematically and scientifically The present invention provides a method for automatically synthesizing a defect number using a die graph.

In order to achieve the above object of the present invention, a method for automatically synthesizing a defect number using a diagram of the present invention includes: a first step in which a process diagram (PFD & P & ID) is given; A second step of creating a diagram including a node representing a process variable such as temperature, pressure, flow rate, etc., which are operating conditions of the process, a defect of an apparatus, and a defect indicating an operator error for a given process diagram (PFD & P &ID); Node data including start node name, end node, gain, start fault name, end defect name, gain, fault name, fault data including type, and node / defect name, description A third step of dividing the node / defect description data and storing information about the node and the defect; A fourth step of selecting a normal image in which the controllable change and the uncontrollable change of the process variable at the node are numerically limited; A fifth step of identifying and classifying whether a node on the diagram is in a loop and, if it is in the loop, whether the node is in any one of PFFL, NFFL, PFBL, and NFBL; And a sixth step of generating a number of defects corresponding to the drawn graph by applying different defect number generation rules according to a situation in which the selected normal image exists.

Hereinafter, with reference to the accompanying drawings will be described a preferred embodiment of the present invention.

First, let's look at the components of the graph and how to express them.

1 is a diagram illustrating an example of a die graph. Referring to FIG. 1, a diagram is a set of nodes S1, S2, S3, S4, S5, S6, and S7 connecting edges having directions. The nodes of the graph used for the defect count (FT) synthesis represent various types of defects and process variables. The variable here refers to the operating variable in the process and the signal in the control system can be the target. In chemical processes, these nodes include temperature, pressure, flow rate, and so on. If a variation in one variable causes a change in another variable, the directed edge is drawn from the node representing the first variable to the node representing the second variable. The gain displayed on the frankincense edge depends on the magnitude of the change in the variable relative to the first variable. If the change of the second variable is appropriate compared to the change of the first variable, "1" is given to the edge, and if the change of the second variable is very large compared to the first, "10" is given. If the change in the second variable is very small compared to the first, no edges are assigned between the nodes. Indicative of the direction of change involved is indicated by the sign of Gain. If the direction of change is the same, the figure is positive and vice versa [Narsingh, D., "Graph theory with applications to engineering and computer science", Prentice-Hall ( 19614).

S1 to S7 indicated in the circle in Fig. 1 represent the operating conditions in the process. This is called a node. The numbers on the arrows between the circles represent gains that indicate the relationship between process variables [Powrer GJ and Lapp SJ, "A Short Course On Risk and Reliability Assessment by Fault Tree Analysis", CMU (1989). ].

From the above equation, the gain is determined as 0, (± 1), (± 10). Gain determination is based on the user's process information.

2A to 2D are diagrams showing types of loops used in a diagram. 2A to 2D, two types of loops are important for instrumenting a defect count analysis (FTA) system using a graph, which are fedforward loops (FFLs) and feedback loops (FBLs). An FFL is a loop in which two or more paths exist from one node to another node in a diagram, and an FBL is a loop having paths starting at one node and ending at that node. Divide the PFFLs, NFFLs, PFBLs, and NFBLs, respectively, according to whether the gain of the loop is negative or positive.

These loops are distinguished by their functions: one is the control loop and the other is the process loop. The former is a loop that can be defined in the process of searching for nodes representing variables in the control system, and the latter is a loop caused by complex relationships between variables in the system. In the case of a control loop, the FFLs come from the representation of the feedforward control process and the FBLs come from the feedback control process. In order to ensure the efficiency of the method using the diagram, all disturbances entering these control loops and process loops must be clearly assessed [Seborg, DE, Edgar, T. F, and Mellichamp, DE, "Process dynamics and control. John Wiley & Sons (1995).

If there is only a simple device, it is easy to distinguish between FFLs and FBLs. In practice, however, the complex interactions between the devices result in a large number of loops. The more complex the process, the more time-consuming this task becomes and the more likely it is to be miscalculated. For this reason, identifying and distinguishing all loops given in the diagram is an essential step in the safety analysis using the diagram (Weiss, M. A., "Data structures and algorithm analysis in C", Addison Wesley (1997)).

3 is a conceptual flowchart of a defect number automatic synthesis method. As shown in Fig. 3, first, a user creates a diagram for a given process diagram (PFD & P & ID) S10 (S20). In the graph, a node representing a process variable, which is an operation condition of a process, and a defect representing a device defect, an operator error, and the like are represented. Process variables for the process are based on temperature, pressure, and flow rate, but are added arbitrarily when variables other than the process you want to analyze are needed.

Next, the graph data is converted and stored (S30). The information of the user configured graph for a given process is then converted into information of a suitable form and stored. In this case, the necessary information may include node data (Start node name, End node, Gain), and fault data (Start failure name). ), End failure name, Gain, Failure name, Type, Node / Failure description data (Node / Failure name), description, and the like. The reason for entering the information of the graph in the information about the node and the information about the defect as above is that the path analyzed in the step of identifying and distinguishing the loop of the graph is under normal circumstances (assuming that failure does not occur). Because it is done, it depends only on the information that consists of nodes. After the classification results for the loops (PFFLs, NFFLs, PFBLs, NFBLs), the FT autosynthesis step requires information about defects as well as information about nodes. Therefore, it is possible to improve the efficiency of the system by dividing the information about the node and the fault.

After that, the user selects an accident (normal thought) to be analyzed in the process from the information of the graph (S40). This normal idea consists of the node representing the process variable and the departure of the process variable. For example, if you want to analyze a case where there is a risk of fire due to a sudden rise in temperature in the exhaust stream, Must be selected. The deviation of process variables is limited to (0), (± 1), and (± 10), just like gains representing the relationship between nodes in the diagram.

The degree of deviation or change from the above equation is determined according to the criteria determined by the user of the process information. In other words, if the change in the process variable is a negligible change, it is (0). If the change in the process variable is a change of moderate magnitude, it is (± 1). In this case, the change of the process variable (± 1) is called a controllable change, and in case of (± 10), it is called an uncontrollable change.

Subsequently, a loop check and classification operation is performed (S50). The complex interactions of the elements that make up a chemical process lead to loops in the process diagram. In order to automatically convert the graph to the number of defects (FT), the process variable under analysis, ie, whether the node on the graph is in a loop, and if so, in which type of loop (PFFLs, NFFLs, PFBLs, NFBLs) Should be identified.

The FT automatic synthesis method presented in this embodiment is characterized by classifying only loops related to the normal thought selected by the user. In the past, all loops on the diagram were identified and classified. By improving this, only the loops for the node currently being analyzed can be identified to improve the efficiency of the system.

Finally, the number of defects is generated. The number of defects (FT) is automatically generated from the graph by applying different defect number (FT) generation rules according to the situation where the user selects the top event. To be generated (S60).

4 is the logic of the diagram-defect function conversion algorithm of the present invention. Referring to FIG. 4, the algorithm of the present embodiment is constructed based on a recursive method. Determining the situation in which the user's first selected normal image is placed on the graph, and forming the defect number FT by applying the defect number generation rule developed accordingly. After that, the next node of the graph that is related to the normal idea is recognized as a new normal idea in the algorithm, and iterative technique is used to construct the defect number (FT) according to the situation where the node is placed again. If the node under consideration is a basic idea, the FT configuration is terminated.

The process of FIG. 4 shown on the basis of the basic principles described above will be described in detail. First, a diagram is formed by connecting the graphs configured in the process of FIG. 3 (S20), and a normal image is selected from the basic images constituting the graph (S40). Thereafter, after checking and classifying all loops (S50), variable coupling is performed such that normal thought is X0 (S601). At this time, it is determined whether X0 is in non-primary thought (S602). This is a step to determine whether the node under consideration is a basic idea with no input. In the case of a basic idea with no more inputs, there is no need to consider any more variables because there are no variables that affect it. If the input node continues to exist, it is not a basic idea, so the FT configuration continues. As a result of this determination, when X0 is in non-primary thought, it is next judged whether X0 exists in NFBL (S603). This is a step to determine if the node under consideration exists in NFBL. NFBL is not affected by the node under consideration by the regulatory action of the loop itself when controllable disturbance is input to the node on the loop. However, when an uncontrollable disturbance is input, it is out of the range of the control function of the loop itself, so the disturbance influences the node under consideration. Based on this concept, we develop a rule for generating the number of defects (FT) that applies when the node under consideration is in NFBL. As a result of determining the NFBL of X0, if it is not NFBL, it is next determined whether X0 exists in the terminal node of NFFL (S604). This step determines whether the node under consideration is the terminal node of the NFFL. In the case of NFFL, unlike NFBL, start node and end node are different loops. In case of start node, it is not influenced by nodes on the loop but only by external input. In the case of end node, not only external input but also nodes in loop Will be affected. Therefore, even if the node under consideration exists in the NFFL, it is the same as the case in which the non-end node does not exist in the loop. Therefore, the FT generation rule when the node is not in the loop is followed. In the case of the NFFL terminal node, we develop a rule for generating the number of defects (FT) considering the effects from the nodes constituting the loop and the effects of external inputs. As a result of determining whether the NFFL terminal node is present in X0, if X0 is not present in the terminal node of NFFL, it is determined as the first structure (Structure I) (S605), otherwise it is determined as the second structure (Structure II). (S606).

On the other hand, when X0 exists in NFBL as a result of the determination in step S603, it is next determined whether X0 exists in the end node of NFFL (S607). As a result of determining whether the NFFL terminal node exists in X0, when X0 does not exist in the terminal node of NFFL, it is determined whether X0 is 0 (S608). When X0 is not 0, it is next determined whether X0 is (± 10) (S609). If X0 is not (± 10), it is determined as a third structure (Structure IIIA) (S610). On the other hand, when X0 is (± 10) in the step S609, it is determined as the third B structure (Structure IIIB) (S611), and when X0 is 0 in the step S608, it is determined as the third C structure (Structure IIIC) ( S612).

On the other hand, it should be considered whether X0 exists at the end nodes of NFFL and NFBL. This is a step of determining whether the node under consideration is present in the NFBL at the same time as the end node of the NFFL. In this case, since the characteristics of NFBL and NFFL must be considered at the same time, a new defect number (FT) generation rule is required. Therefore, we consider the characteristics of the two loops at the same time and develop a generation rule to generate the number of defects (FT). If X0 exists in the end node of NFFL in step S607, it is then determined whether X0 is 0 (S613). When X0 is not 0, it is next determined whether X0 is (± 10) (S614). If X0 is not (± 10), it is determined as the fourth A structure (Structure IVA) (S615). On the other hand, when X0 is (± 10) in step S614, it is determined as structure 4B (S616), and when X0 is 0 in step S613, it is determined as structure 4C (Structure IVC) ( S617).

Here, in the case where X0 is not a non-primary thought in step S602, and after it is determined as the first structure in step S605, the mismatched or repeated event is removed (S618). During the composition of the defect number (FT), the cause of the situation that is different from the normal thought under consideration serves to exclude the risk that the defect number may be generated. For example, the normal thought you are considering In case of (+10), (-10) may be configured in the defect number FT. In this case, it is a violation of the normal thought to be analyzed and needs to be omitted. In the same case, if the same thought is repeated in the lower level of the top event, it may fall into an infinite loop, so it is omitted when the normal thought appears in the lower layer. After that, the normal thought is changed (S619). At this time, it is determined whether the normal thought has been changed (S620). If there is a changed normal thought, the process proceeds to step S608, and if there is no changed normal thought, it is determined whether to repeat the process (S621). If the process is repeated, the process proceeds to the step S601. (S622).

5A to 5C are diagrams illustrating types of failures by classification. Referring to Figs. 5A to 5C, defects in the process can be broadly divided into human errors indicating defects in devices and devices, mistakes of operators, and the like. There are many ways to classify this. In this study, three kinds of defects that can occur in the process are classified according to the type represented in the diagram. This is because in order to implement the Digraph-FT automatic conversion algorithm, the classification according to the type represented in the graph is more effective than the classification according to the characteristics of the defect.

end. Type A failure

Failure propagation is already defined by external disturbances, and then the disturbances are component failures that propagate further along with existing defects to nodes. Type A defects are those in which process variables are affected by defects as well as normal process variables due to partial defects in the elements that make up the process. In Figure 6, process variable C is affected by defect f, as well as by B.

I. Type B failure

It is a defect that makes the relationship between process variables zero by a defect of an external factor (device). Type B defects are those in which the relationship between process variables disappears due to defects in the elements that make up the process. For example, when a sensor stuck occurs, the relationship between the input and output variables in the sensor becomes (0). If this type B defect is present in the loop, the loop itself will not function as originally intended.

All. Type C failure

It is a defect of a component that reverses the relationship between process variables due to an external factor defect. C type defects refer to component defects that reverse the relationship between process variables. For example, if the A / C Valve is installed by mistake at the location designed as the A / O Valve in the design stage, the relationship between the process variables in the normal situation is reversed. This is a defect that can be fatally damaged in the process and should be thoroughly verified at the installation stage.

By simplifying the classification of defects as described above, the efficiency of the automatic synthesis of the number of defects (FT) can be increased.

6 is a structural diagram of a first structure (Structure I) of the defect number generation rule, and FIG. 7 is a structural diagram of a second structure (Structure II) of the defect number generation rule. 8 is a structural diagram of a third structure (Structure 3) of the defect number generation rule, and FIG. 9 is a structural diagram of a fourth structure (Structure 4) of the defect number generation rule.

FT generation rule is composed as follows according to the situation of node to analyze.

The first structure I is the case where the node is in PFFL, PFBL, the node is in the NFFL and not the end node, and the node is not in the loop.

The second structure (Structure II) is a case where the node is an end node of the NFFL.

The third structure III is a case where the node is in the NFBL.

The fourth structure (Structure IV) is a case where the node is in the NFBL while being the terminal node of the NFFL.

6A to 6C, the first structure I lists changes of input nodes affecting a node under consideration by connecting to an OR gate. An example of applying the first structure I is illustrated in FIG. 6B. In FIG. 6C, the number of defects FT configured according to the algorithm developed by selecting S4 (+1) as the top event is as follows. Since the loop related to S4 is PFFL, the first structure I may be applied. From the above results, it can be seen that S4 (+1) is affected by S1 and S3.

7A to 7C, the second structure (Structure II) is a generation rule in consideration of influences from a start node and a non-start node when the node under consideration is an end node of the NFFL. Since the start node of the NFFL has a relationship with a node representing a normal event by an intermediate node, the top node is affected only when a type B failure exists. An example using this is shown in FIG. 7B. In FIG. 7C, when S1 (+1) is selected as a top event, S1 is in the NFFL, and thus the second structure (Structure II) is applied. In this example, when F1 (0) occurs, if S3 changes by (-1), S1 (+1) occurs. The defect number (FT) result of this example is shown in FIG. 7C.

8A to 8C are structures 3A, 3B, and 3C, and FIGS. 8D and 8E are examples and results. Referring to FIGS. 8A to 8E, the third structure III is a defect number (FT) generation rule considering the adjustment function of the loop itself when the node to be considered is in the NFBL. The third structure (Structure III) is largely divided into three parts.

First, consider when NFBL doesn't work properly. If a type B failure occurs in NFBL, the change of one node does not affect the subsequent nodes, so the control of NFBL cannot be performed. In this case, even if controllable disturbance is input from the outside of the loop, it cannot be properly adjusted.

Second, it takes into account when NFBL is working properly, that is, when a Type B Failure has not occurred. In this case, only disturbances outside the uncontrollable loop can affect the node.

Third, it is the part that considers the influence from the node in NFBL. Nodes on NFBL are affected by nodes in the loop as well as external inputs. At this time, if the existence of type C failure and the influence from the node of the loop itself occur at the same time, it does not affect the normal idea, so it is processed by using an exclusive OR (hereinafter referred to as EOR) gate. The EOR gate is a logic symbol that is true if only one of all events occurs when two or more events are connected. In FIG. 8D, when S1 (+1) is selected as a normal thought, S1 may be present on the NFBL. S1 is affected by external input S5 and also by another node S4 in NFBL. The result of the number of defects FT formed by applying the third structure III is shown in FIG. 8E. In the result of the number of defects (FT), S1 (+1) is affected when the change of external input S5 is large, and control of S5 when F (0) which is a type B failure on NFBL occurs. It is also affected by possible changes (± 1). It can also be seen that it is also affected by S4, a node on NFBL.

9A to 9C are structure 4A, 4B, 4C, and FIGS. 9D and 9E are examples and results. 9A to 9E, Structure IV is a rule for generating a defect number (FT) applied when the node under consideration exists in the NFBL at the same time as the NFFL terminal node. In this case, a new rule is needed that considers the characteristics of NFBL and NFFL. Therefore, a new defect number (FT) generation rule is constructed by combining the second structure (Structure II) and the third structure (Structure III). Applying this to the example of FIG. 9D, when S1 (+1) is selected as the normal image in FIG. 9D, the fourth structure (Structure IV) should be applied. That is, S1 is an end node of NFFL and exists on NFBL. The result of applying this according to the generation rule is shown in FIG. 9E. 9E shows that S1 (+1) is {S3 → S2 → S1. It can be seen that the number of defects (FT) can be obtained considering the effect of NFFL along the path of S3 → S4 → S1} and the effect of NFBL along the path of {S1 → S5 → S6 → S7 → S1}.

As described above, the method for automatically synthesizing the defect number using the die graph according to the present invention has the following advantages.

1. The user can automatically synthesize the number of defects in a short time without writing by hand.

2. It is possible to write objective defects that do not rely heavily on user's inexperience or logical errors.

3. The user can create the desired number of defects if the user changes his or her top event. When calculating the minimum cut set, it is possible to analyze the number of defects (FT) as well as to analyze the number of defects (FT) as well as to count by the type of counting and priority ranking of the basic ideas that make up the cut set. By the method, the number of defects (FT) can be known.

The present invention is not limited to the above-described embodiments, and it will be apparent that many modifications are possible by those skilled in the art within the technical spirit of the present invention.

1 is a view showing an example of a diagram;

2a to 2d is a view showing the type of loop (loop) used in the diagram;

3 is a conceptual flowchart of a defect number automatic synthesis method;

Figure 4 is the logic of the graph-defect function conversion algorithm of the present invention,

5A to 5C are diagrams illustrating types of failures by classification,

6 to 9 are structural diagrams of the defect number generation rule structures.

Claims (11)

delete delete A first step in which a process diagram (PFD & P & ID) is given; A second step of creating a diagram including a node representing a process variable such as temperature, pressure, flow rate, etc., which are operating conditions of the process, a defect of an apparatus, and a defect indicating an operator error for a given process diagram (PFD & P &ID); Node data including start node name, end node, gain, start fault name, end defect name, gain, fault name, fault data including type, and node / defect name, description A third step of dividing the node / defect description data and storing information about the node and the defect; A fourth step of selecting a normal image in which the controllable change and the uncontrollable change of the process variable at the node are numerically limited; A fifth step of identifying and classifying whether a node on the diagram is in a loop and, if it is in the loop, whether the node is in any one of PFFL, NFFL, PFBL, and NFBL; And A sixth step of generating the number of defects corresponding to the drawn graph by applying different defect number generation rules according to the situation where the selected normal idea exists; It is made, including In step 5, only the loop associated with normal thought is classified. The sixth step, a. Variable coupling so that the normal thought is X0, which is a basic thought to complete the defect number construction; b. Determining whether X0 is in a non-primary image with input to the node under consideration to determine whether the defect number configuration continues; c. If X0 is a non-primary thought as a result of the discrimination in b, then determining whether X0 is present in the NFBL; d. As a result of the determination of c, if X0 is not NFBL, next, it is determined whether X0 is present in the NFFL terminal node. If X0 is not present in the NFFL terminal node, it is determined as the first structure. If is present at the end node of the NFFL, determining the second structure; e. If X0 is present in the NFBL as a result of the determination of c, then determining whether X0 is present in the end node of the NFFL; f. As a result of the determination of e, when X0 is not present at the NFFL end node, it is next determined whether X0 is 0, and then whether X0 is (± 10), and then X0 is 0. If X0 is not (± 10), it is determined as a 3A structure; if X0 is not 0 and X0 is (± 10), it is determined as a 3B structure; if X0 is 0, it is determined as a 3C structure. and, When X0 is present in the NFFL terminal node, it is next determined whether X0 is 0 and whether X0 is (± 10). Then, X0 is not 0 and X0 is (± 10). Otherwise, determining as a 4A structure, when X0 is not 0 and X0 is (± 10), determining as a 4B structure, and when X0 is 0, as a 4C structure; g. After b0 is not a non-primary thought in b, and is determined to be the first structure in d, a violation of normal thought is performed to prevent the generation of a defect number due to a situation different from the normal thought under consideration. Removing the event, or removing the event that is repeated to prevent the normal idea from being repeated in the lower layer to form an infinite loop; h. As a result of performing g, it is determined whether the normal ideology has changed, and if there is a changed normal ideology, the process proceeds to a process of determining whether X0 of f is 0. If there is no changed normal ideology, it is determined whether to repeat the normal ideology. Go to a to repeat or end Defect number automatic synthesis method using a diagram characterized in that consisting of. The method of claim 3, wherein the first structure, Component defects in which disturbances are further propagated to nodes along with existing defects; And Changes in input nodes that affect the node under consideration Automatic synthesis method using a number of defects, characterized in that by connecting to the OR gate. The method of claim 3, wherein the second structure, The defects in which the relationship between process variables disappears due to the defects of the elements in the NFFL process and the change of the input node affecting X0 when a defect in the NFFL occurs are connected and listed by AND gate, and the output is output from this AND gate. An influence related to a start node when an element defect occurs to an OR gate, and an influence of a start node in the case of an end node of NFFL which is an output value of the OR gate; And Changes in input nodes affecting nodes other than the start node of NFFL Automatic synthesis method using a number of defects, characterized in that by connecting to the OR gate. The method of claim 3, wherein the third A structure, An OR gate connects the disturbance of X0 that is not in NFBL and propagates to the node with the existing fault, and the change of the input node that is affecting X0 without being in NFBL to OR gate, Input the defect that the relationship between process variables disappears due to the defects of the elements constituting the process in NFBL affecting X0 and the output value of this OR gate to AND gate, and NFBL which is the output value of this AND gate does not operate normally. The influence of a controllable input node in a case; Disturbance that affects X0 without being in NFBL is a component defect that is propagated additionally to node with existing defect, or input node change that affects X0 without being in NFBL is inputted to OR gate. The influence of an uncontrollable input node when the output NFBL operates normally; And Exclusive OR gates are connected to the Exclusive OR gates by connecting the defects of the components that reverse the relationship between the input nodes in NFBL that affect X0 and the process variables in NFBL that affect X0. Of changes caused by NFBL output from Automatic synthesis method using a number of defects, characterized in that by connecting to the OR gate. The method of claim 3, wherein the third B structure, Disturbance that affects X0 without being in NFBL is a component defect that is propagated additionally to node with existing defect, or input node change that affects X0 without being in NFBL is inputted to OR gate. The influence of an uncontrollable input node when the output NFBL operates normally; And Exclusive OR gates are connected to the Exclusive OR gates by connecting the defects of the components that reverse the relationship between the input nodes in NFBL that affect X0 and the process variables in NFBL that affect X0. Of changes caused by NFBL output from Automatic synthesis method using a number of defects, characterized in that by connecting to the OR gate. The method of claim 3, wherein the third C structure, Defects that cause relationships between process variables to disappear due to defects in the components of the process in NFBL that affect X0 Automatic synthesis method using a number of defects, characterized in that by connecting to the OR gate. The method of claim 3, wherein the 4A structure, Disturbance that propagates to X0 without being in NFBL or NFFL is caused by a defect in a component that is propagated further to the node with an existing defect, or by a change in the input node that is affecting X0 without being in NFBL or NFFL. A first output value; Disturbance that affects X0 without being in NFBL is a component defect that is propagated additionally to node with existing defect, or input node change that affects X0 without being in NFBL is inputted to OR gate. Influence of an uncontrollable input node when the output NFBL operates normally, Exclusive OR gates are connected to the Exclusive OR gates by connecting the defects of the components that reverse the relationship between the input nodes in NFBL that affect X0 and the process variables in NFBL that affect X0. Connecting the effect of the change generated by the NFBL output from the OR gate to an OR gate, and the second output value of the OR gate; The first output value and the second output value are connected to an OR gate, and a defect in which the relationship between the process variable due to a defect of the output value and the element of the OR gate disappears is input to the AND gate, and the NFBL which is the output value of the AND gate is normally operated. If not, the effect of the controllable input node is: OR that changes the input node that affects X0 without being in NFBL, NFFL, or any component faults that propagate additionally to nodes with existing defects that are not in NFBL or NFFL. A third output value caused by the influence of an uncontrollable input node when the NFBL inputted to the gate and outputted normally operates; An OR gate connects the disturbance of X0 that is not in NFBL and propagates to the node with the existing fault, and the change of the input node that is affecting X0 without being in NFBL to OR gate, Input the defect that the relationship between process variables disappears due to the defects of the elements constituting the process in NFBL affecting X0 and the output value of this OR gate to AND gate, and NFBL which is the output value of this AND gate does not operate normally. The influence of controllable input nodes, Disturbance that affects X0 without being in NFBL is a component defect that is propagated additionally to node with existing defect, or input node change that affects X0 without being in NFBL is inputted to OR gate. The influence of an uncontrollable input node when the output NFBL operates normally, and Exclusive OR gates are connected to the Exclusive OR gates by connecting the defects of the components that reverse the relationship between the input nodes in NFBL that affect X0 and the process variables in NFBL that affect X0. The effect of the change generated by the NFBL outputted from the circuit is connected to the OR gate, and the fourth output value of the OR gate, Influence of an uncontrollable input node when NFBL operates normally by connecting the third output value and the fourth output value with an OR gate: Exclusive OR gates are connected to the Exclusive OR gates by connecting the defects of the components that reverse the relationship between the input nodes in NFBL that affect X0 and the process variables in NFBL that affect X0. Of changes caused by NFBL output from Automatic synthesis method using a number of defects, characterized in that by connecting to the OR gate. The method of claim 3, wherein the fourth B structure, OR that changes the input node that affects X0 without being in NFBL, NFFL, or any component faults that propagate additionally to nodes with existing defects that are not in NFBL or NFFL. A third output value caused by the influence of an uncontrollable input node when the NFBL inputted to the gate and outputted normally operates; An OR gate connects the disturbance of X0 that is not in NFBL and propagates to the node with the existing fault, and the change of the input node that is affecting X0 without being in NFBL to OR gate, Input the defect that the relationship between process variables disappears due to the defects of the elements constituting the process in NFBL affecting X0 and the output value of this OR gate to AND gate, and NFBL which is the output value of this AND gate does not operate normally. The influence of controllable input nodes, Disturbance that affects X0 without being in NFBL is a component defect that is propagated additionally to node with existing defect, or input node change that affects X0 without being in NFBL is inputted to OR gate. The influence of an uncontrollable input node when the output NFBL operates normally, and Exclusive OR gates are connected to the Exclusive OR gates by connecting the defects of the components that reverse the relationship between the input nodes in NFBL that affect X0 and the process variables in NFBL that affect X0. The effect of the change generated by the NFBL outputted from the circuit is connected to the OR gate, and the fourth output value of the OR gate, Influence of an uncontrollable input node when NFBL operates normally by connecting the third output value and the fourth output value with an OR gate: Exclusive OR gates are connected to the Exclusive OR gates by connecting the defects of the components that reverse the relationship between the input nodes in NFBL that affect X0 and the process variables in NFBL that affect X0. Of changes caused by NFBL output from Automatic synthesis method using a number of defects, characterized in that by connecting to the OR gate. The method of claim 3, wherein the fourth C structure, Defects that cause relationships between process variables to disappear due to defects in the components of the process in NFBL that affect X0 Automatic synthesis method using a number of defects, characterized in that by connecting to the OR gate.