3.3 Analytic Development of Reliability and Performance in Engineering Design 163 Instead of min and max, the product and algebraic sum for intersection and union may be respectively used. The two equations can be verified by substituting 1 for true and 0 for false. Table 3.14 Truth table applied to propositions pqp∧qp∨qp→ qp↔q ∼p TTTT T TF TFFT F FF FTFT T FT FFFF T TT In traditional propositional logic, there are two very important inferencerules as- sociated with implication and proposition, specifically the inferences modus ponens and modus tollens. Modus ponens: Premise 1: ‘x is A’; Premise 2: ‘IF x is A THEN y is B’; Consequence: ‘y is B’. Modusponensis associated with theimplication ‘A implies B’. Interms of propo- sitions p and q , modus ponens is expressed as [p∧(p → q)] →q (3.113) Modus tollens: Premise 1: ‘y is not B’; Premise 2: ‘IF x is A THEN y is B’; Consequence: ‘x is not A’. In terms of propositions p and q, modus tollens is expressed as [(∼q) ∧(p → q)] → (∼p) (3.114) Modus ponens plays a central role in engineering applications such as control logic, largely due to its basic consideration of cause and effect. Modus tollens has in the past not featured in engineering applications, and has only recently been applied to engineering analysis logic such as in engineering de- sign analysis with the application of FMEA and FMECA. Although traditional fuzzy logic borrows notions from crisp logic, it is not ade- quate for engineering applications of fuzzy control logic, because cause and effect is the cornerstone of mod elling in engineering contr ol systems, whereas in traditional propositional logic it is not. Ultimately, this has p rompted redefinition of fuzzy im- plication operators for engineering applications of fuzzy control logic. An under- standing of why the tra ditional appro ach fails in engineering is e ssential. The ex- tension of crisp logic to fuzzy logic is made by replacing the bivalent membership functions of crisp logic with fuzzy membership functions. 164 3 Reliability and Performance in Engineering Design Thus, the IF–THEN statement: ‘IF x is A,THENy is B’wherex ∈ X and y ∈Y has a membership function μ p→q (x,y) ∈ [0, 1] (3.115) Note that μ p→q (x,y) measures the degree of truth of the implication relation be- tween x and y. This m embership function can be defined as for the crisp case. In fuzzy logic, modus ponens is extended to a generalised modus ponens. Generalised modus ponens: Premise 1: ‘x is A ∗ ’; Premise 2 : ‘IF x is A THEN y is B’; Consequence: ‘y is B ∗ ’. The difference between modus ponens and generalised modus ponens is subtle, namely the fuzzy set A ∗ is not the same as rule antecedent fuzzy set A, and fuzzy set B ∗ is not necessarily the same as rule consequent B. d) Fuzzy Implication Classical set theory operations can be extended from ordinary set theory to fuzzy sets. All those operations that are extensions of crisp concepts reduce to their usual meaning when the fuzzy subsets have membership degrees that are drawn from the set {0, 1}. Therefore, extending operations to fuzzy sets, the same symbols are used as in set theory. For example, let A and B be fuzzy subsets of a nonempty (crisp) set X. The intersection of A and B is defined as (A∩B)(t)=T(A(t),B(t)) = A(t) ∧B(t) (3.116) where: ∧ denotes the Boolean conjunction operation (i.e. A(t) ∧B(t)=1ifA(t)=B(t)=1 and A(t) ∧B(t)=0otherwise). Conversely: ∨ denotes a Boolean disjunction operation (i.e. A(t) ∨B(t)=0ifA(t)=B(t)=0 and A(t) ∨B(t)=1otherwise). This will be considered more closely later. and: T is a t-norm. If T = min, then we get: (A∩B)(t)=min{A(t),B(t)} for all t ∈X. 3.3 Analytic Development of Reliability and Performance in Engineering Design 165 If a proposition is of the form ‘u is A’whereA is a fuzzy set—for example, ‘high pressure’—and a proposition is of the form ‘v is B’whereB is a fuzzy set—for example, ‘small volume’—, then the membership function of the fuzzy implication A → B is defined as (A → B)(u,v)= f(A(u),B(v)) (3.117) where f is a specific functio n relating u to v. The following is used (A → B)(u,v)=A(u) → B(v) (3.118) A(u) is considered the truth value of the proposition ‘u is high pressure’, B(v) is considered the truth value of the proposition ‘v is small volume’. e) Fuzzy Reasoning We now turn our attention to the research of Dubois and Prade about representation of the different kinds of fuzzy rules in terms of fuzzy reasoning on certainty and possibility qualifications, and in terms of graduality (Dubois et al. 1992a,b,c). Certainty rules This first kind of implication-based fuzzy rule corresponds to fuzzy reasoning statements of the f orm ‘the more x is A, the more certain y lies in B’. Interpretation of this rule gives: ‘∀u,ifx = u,itisatleast μ A (u) certain that y lies in B’ The degree 1 − μ A (u) is the possibility th at y is outside of B when x = u, since the more x is A, the less possible y lies outside B, and the more certain y lies in B.In this case, the certainty of an event corresponds to the impossibility of the contrary event. The conditional possibility distribution of this rule is ∀u ∈U, ∀v ∈V π y|x (v, u) ≤ max(1− μ A (u), μ A (v)) (3.119) where: π is the conditional possibility distribution that y relates to x. In the particular case where A is an ordinary subset, Eq. (3.119) yields ∀u ∈ A π y|x (v, u) ≤ μ B (v) ∀u /∈ A π y|x (v, u) is completely unspecified . (3.120) This corresponds to the implication-based modelling of a fuzzy rule with a non- fuzzy condition. Gradual rules This second kind of implication-based fuzzy rule corresponds to fuzzy reasoning statements of the form ‘the more x is A,themorey is B’. Statements involving ‘the less’ in place of ‘the more’ are easily obtained by changing A (or B) 166 3 Reliability and Performance in Engineering Design into its complement ¯ A (or ¯ B), due to the equivalence between ‘the more x is A’and ‘the less x is ¯ A’ (with μ ¯ A = 1 − μ A ). More precisely, the intended meaning of a gradual rule can be understood in the following way: ‘the greater the degree of membership of the value of x to the f uzzy set A and the more the value of y is considered to be in relation (in the sense of the rule) with the value of x, the greater the degree of membership the value of y should be to B’, i.e. ∀u ∈U min  μ A (u), π y|x (v, u)  ≤ μ B (v) . (3.121) Possibility rules This kind of conjunction-based fuzzy rule corresponds to fuzzy reasoning statements of the form ‘the more x is A, the more possible B is a range for y’. Interpretation of this rule gives: ‘∀u,ifx = u,itisatleast μ A (u) possible that B is a range for y’ This yields the conditional possibility distribution π y|x (u) to represent the rule when x = u ∀u ∈U, ∀v ∈V min( μ A (u), μ B (v)) ≤ π y|x (v, u). (3.122) The degree of possibility of the values in B is lower bounded by μ A (u). 3.3.2.6 Theory of Approximate Reasoning Zadeh introduced the theory of approximate reasoning (Zadeh 1979). This theory provides a powerful framework for reasoning in the face of imprecise and uncer- tain information, typically such as for engineering d esign. Central to this theory is the representation of propositions as statements, assigning fuzzy sets as values to variables. For example, suppose we have two interactive variables x ∈ X and y ∈ Y and the causal relationship between x and y is known. In other words, we know that y is a function of x,ory = f(x), and then the following inferences can be made (cf. Fig. 3.30): “y = f(x)”&“x = x 1 ” → “ y = f(x 1 )” This inference rule states that if y = f(x) for all x ∈X and we observe that x = x 1 , then y takes the value f(x 1 ). However, more often than not, we do not know the complete causal link f between x and y, and only certain values f (x) for some particular values of x are known, that is R i :Ifx = x i then y = y i , for i = 1 , ,m (3.123) where R i is a particular rule-base in which the values of x i (i = 1, ,m) are known. Suppose that we are given an x ∈ X and want to find a y ∈ Y that corresponds to x 3.3 Analytic Development of Reliability and Performance in Engineering Design 167 Y Xx = x’ y = f(x) y = f(x’) Fig. 3.30 Simple crisp inference under the rule-base R = {R i , ,R m }, then this problem is commonly approached through interpolation. Let x and y be linguistic variables, e.g. ‘x is high’ and ‘y is small’. Then, the basic problem of approximate reasoning is to find a membership function of the consequence C from the stated rule-base R = {R i , ,R n } and the fact A,whereR i is of the form R i :ifx is A i then y is C i (3.124) In fuzzy logic and approximate reasoning, the most important fuzzy implication inference rule is the generalised modus ponens (GMP; Fullér 1999). As previously indicated, the classical modus ponens inference rule states: Premise if p then q Fact p Consequence q This infe rence rule can be interpreted as: If p is true and p → q (p implicates q) is true, then q is true. The fuzzy implication inference → is based on the compositional rule of inference for approximate reasoning, which states (Zadeh 1973): Premise if x is A then y is B Fact x is A  Consequence y is B  In addition to the phrase ‘modus ponens’ (where the term modus ponens ⇒ method of argument), there are other special terms in approximate reasoning for the various featuresofthesearguments.The‘If then’premiseiscalledaconditional,andthe two claims are similarly called the antecedent and the consequent where: Main premise <antecedent> Helping premise if <antecedent> then <consequent> Conclusion <consequent> 168 3 Reliability and Performance in Engineering Design The valid connection between a premise and a conclusion is known as deductive validity. From the classical modus ponens inference rule, the consequence B  is de- termined as a composition of the fact and the f uzzy implication operator B  = A ◦ (A → B). Thus For all v ∈V : B  (v)=sup u∈U min{A  (u),(A → B)(u, v)} (3.125) where sup u∈U is the fu zzy relations compo sition op erator. Instead of the fuzzy sup-min composition op erator, the sup-T composition oper- ator may be used, where T is a t-norm For all v ∈V : B  (v)=sup u∈U T(A  (u),(A → B)(u, v)) (3.126) Use of the t-norm operator comes from the crisp max–min and max–prod com- positions, where both min and prod are t-norms. This corresponds to the product of matrices, as the t-norm is replaced by the product, and sup is replaced by the sum. It is clear that T cannot be chosen independently of the implication operator. Sup- pose that A, B and A  are fuzzy numbers, then the generalised modus ponens should satisfy some rational properties that are given as (cf. Figs. 3.31a,b, 3.32a,b, 3.33a,b): Property 1: basic property if x is A then y is B x is A y is B if pressure is high then volume is small pressure is high volume is small Property 2: total indeterminance if x is A then y is B x is ¬A y is unknown if pressure is high then volume is small pressure is not high volume is unknown where x is ¬A means that x being an element of A is impossible (defined later). ab Fig. 3.31 a Basic property A  = A. b Basic property B  = B 3.3 Analytic Development of Reliability and Performance in Engineering Design 169 Fig. 3.32 a, b Total indeterminance Fig. 3.33 a, b Subset property The t-norms are represented as: Property 3: subset if x is A then y is B x is A  ⊂ A y is B if pressure is high then volume is small pressure is very high volume is small where x is A  ⊂ A means x is an element of the subset of A  with A. 3.3.2.7 Overview of Possibility Theory The basic concept of possibility theory, introduced by Zadeh, is to use fuzzy sets that no longer simply represent the gradual aspect of vague concepts such as ‘high’, but also represent incomplete knowledge subject to uncertainty (Zadeh 1979). In such a situation, the fuzzy variable ‘high’ represents the only information available on some parameter value (such as pressure). In possibility theory, uncertainty is described using dual possibility and necessity measures defined as follows (Dubois et al. 1988): A possibility measure ∏ defined on a finite propositional language, and valued on [0,1], satisfies the following axioms: a) ∏ (⊥)=0; ∏ ()=1 b) ∀p,∀q , ∏ (p∨q)=max[ ∏ (p), ∏ (q)] c) if p is equivalent to q,then ∏ (p)= ∏ (q) 170 3 Reliability and Performance in Engineering Design where: ⊥ and  denote the ever-false proposition (contradiction) and the ever-true proposition (tautology) respectively. ∀p denotes ‘for all p’and∀q denotes ‘for all q’, and ∨ denotes a Boolean dis- junction operation (i.e. p∨q = 0ifp = q = 0andp∨q = 1otherwise) and, conversely, ∧ denotes the Boolean conjunction operation (i.e. p∧q = 1if p = q = 1andp∧q = 0otherwise) Axiom b) means that p ∨q is possible as soon as one of p or q is possible, including the case when both are so. ∏ (p)=1 means that p is to be expected but not that p is sure, since ∏ (p)=1is compatible with ∏ (¬p)=1 as well. On the contrary, ∏ (p)=0 implies ∏ (¬p)=1where¬p means that p is impos- sible. a) Deviation of Possibility Theo ry from Fuzzy Logic It must be emphasised that only the following proposition holds in the general case, since p ∧q is rather impossible ∏ (p∧q) ≤ min  ∏ (p) , ∏ (q)  (3.127) (e.g. if q = ¬p, p∧q is ⊥, which is impossible) while p as well as q may remain somewhat possible under a state of incomplete information. More generally, ∏ (p∧q) is not onlya functionof ∏ (p) and of ∏ (q). Thisdeparts completely from fully truth functional multiple-valued calculi, which is referred to as fuzzy logic (Lee 1972), specifically where the truth of vague propositions is amatterofdegree. In possibility theory, a necessity measure N is associated by duality with a pos- sibility measure ∏ , such that ∀p , N(p)=1 − ∏ (¬p) (3.128) It means that p is all the more certain as ¬p is impossible. Axiom b) is then equiva- lent to ∀p , ∀q , N(p∧q )=min(N(p),N(q)) (3.129) This means that for being certain about p∧q, we should be both certain of p and certain of q, and that the level of certainty of p∧q is the smallest level of certainty 3.3 Analytic Development of Reliability and Performance in Engineering Design 171 attached to p and to q. Note that N(p) > 0 ⇔ ∏ (¬p) < 1 ⇒ ∏ (p)=1 Since: max  ∏ (p), ∏ (¬p)  = ∏ (p∨¬p)= ∏ ()=1 And: N(p∨q) ≥ max(N(p),N(q)) (3.130) This means we may be somewhat certa in of the imprecise statement p∨q without being at all certain that p is true or that q is true. The following conventions are adopted in possibility theory where the possible values of the pair of necessity and possibility measures, (N, ∏ ), are represented ∏ (p)=max ω ∈[p] π ( ω ) (3.131) where: ∏ (p) is the possibility measure of proposition p ω is a representation of available knowledge [p] is the set of interpretations that make p true, i.e. the models of p π ( ω ) is the possibility distribution of available knowledge. Thus, starting with the plausibility of available knowledge represented by the distri- bution π of possible interpretations of such available knowledge, two functions of the possibility measure ∏ and the necessity measure N are defined that enable us to make an assessment o f the uncertainty surrounding the proposition p. Ignorance is represented by a uniform possibility distribution equal to 1. Conversely, given certain constraints i = 1,n N(p i ) ≥ α i > 0fori = 1,n (3.132) where: N(p i ) is the certainty measure of a particular proposition p in the set with con- straints i = 1, n α i is the possibility distribution with the least restrictive constraints. Thus, expressing a level of certainty for a collection o f propositions under certain constraints, we can compute the largest possibility distribution α i that is the least restricted by these constraints. It should be noted that probabilistic reasoning does not allow for the distinction between: the possibility that p is true ( ∏ (p)=1) and the certainty that p is true (N(p)=1), nor between: the certainty that p is false (N(¬p)=1 ⇔ ∏ (p)=0) and the absence of certainty that p is true (N(p)=0 ⇔ ∏ (¬p)=1). 172 3 Reliability and Performance in Engineering Design Possibility theory thus contrasts with probability theory in which: P(¬p)=1−P(p), i.e. the probability that p is impossible is 1 minus the proba- bility that p is possible, and therefore: P(¬p)=1 ⇔ P(p)=0, i.e. the probability that p is impossible is true implies that the probability of p being possible is false, and N(p)=0 does not entail N(¬p)=1. While in possibility theory, if the certainty measure N of the possibility of the propo- sition p is false, then this does not necessarily imply that the certainty measure N of the impossibility of proposition p is true. In this context, the distinction between possibility and certainty is crucial for distinguishing between contingent and sure effects respectively in engineering design analyses such as FMEA and FMECA. The incomplete states of knowledge captured by possibility theory cannot be modelled by a single, well-defined probability distribution. They rather correspond to what might be called ‘higher-orde r uncertainty’, which actually means ‘ill-known probabilities’ (Cayrac et al. 1995). This type of uncertainty is modelled either by second-order probabilities or by interval-valued probabilities, which is complex. Possibility theory offers a very simple substitute to these higher-order uncertainty theories, as well as a co mmon fra mework for th e modelling of u ncertainty and im- precision in reasoning applications such as engineering design analysis. The use of max and min oper ations in this case satisfies the requirement for computational sim- plicity, and for the qualitative nature of uncertainty that can be expressed in many real-world applications. Thus, in possibility theory the modelling o f uncertainty re- mains qualitative (Dubois et al. 1988). b) Rationals for the Choice of Possibility Theory in Engineering Design Analysis The complexity arising from an integration of engineering system s and their inter- actions makes it impossible to gather meaningful statistical data that could allow for the use of ob jective probabilities in engineering design analysis. Even subjective probabilities in design analysis (for example, where all the possible failure modes in an FMECA may be ord e red in a criticality ranking according to prior knowledge) are fundamentally not acceptable to process or systems engineering experts. For example, process design engineers would not be able to compare failure modes involving different equipment, or different operational domains (thermal, electrical, mechanical, etc.) in complex systems integration. At best, a partial prior ordering of failure modes identified for each individual system may be made. In ad- dition, the number of failure modes that are generally represented in an FMECA do not encompass all the possible failures that could arise in reality as a result of a com- plex integration of systems. This complexity makes any engineering design knowl- edge base incomplete. The only intended purpose of the FMECA in engineering design analysis would therefore be primarily as a support tool for the understanding of design integrity, in which failure consequences are initially ranked by decreas- ing compa tibility with their failure modes, and then ranked accordin g to their direct relevance to an a pplicable measure of severity. . as a result of a com- plex integration of systems. This complexity makes any engineering design knowl- edge base incomplete. The only intended purpose of the FMECA in engineering design analysis. consideration of cause and effect. Modus tollens has in the past not featured in engineering applications, and has only recently been applied to engineering analysis logic such as in engineering de- sign. and certain of q, and that the level of certainty of p∧q is the smallest level of certainty 3.3 Analytic Development of Reliability and Performance in Engineering Design 171 attached to p and to q. Note