- Email: [email protected]
Reliability modelling of repairable systems using Petri nets and fuzzy Lambda–Tau methodology
Reliability Engineering and System Safety 73 (2001) 1±17
www.elsevier.com/locate/ress
Reliability modelling of repairable systems using Petri nets and fuzzy Lambda±Tau methodology J. Knezevic a, E.R. Odoom b,* a
Research Centre MIRCE, Harrison Building, School of Engineering and Computer Science, University of Exeter, Exeter EX4 4QE, UK b Department of Automotive and Marine Engineering, College of Technological Studies, P.O. Box 42325, Shuwaikh 70654, Kuwait Received 20 May 2000; accepted 6 February 2001
Abstract A methodology is developed which uses Petri nets instead of the fault tree methodology and solves for reliability indices utilising fuzzy Lambda±Tau method. Fuzzy set theory is used for representing the failure rate and repair time instead of the classical (crisp) set theory because fuzzy numbers allow expert opinions, linguistic variables, operating conditions, uncertainty and imprecision in reliability information to be incorporated into the system model. Petri nets are used because unlike the fault tree methodology, the use of Petri nets allows ef®cient simultaneous generation of minimal cut and path sets. q 2001 Elsevier Science Ltd. All rights reserved. Keywords: Reliability; Repairable systems; Petri nets; Lambda±Tau methodology; Fuzzy set; Linguistic variables
1. Introduction This paper outlines a novel approach for determining the reliability of repairable technical systems making use of Petri nets (PN) and fuzzy Lambda±Tau methodology. The PN methodology of reliability modelling is similar to that of fault tree modelling using graphical representation of the relations between conditions and events. The application of PN to reliability engineering has been limited, but few examples can be found for reliability evaluation [1±4], fault-tolerant analysis [5], safety analysis [6] and reliability growth [7]. The proposed approach makes use of PN modelling and qualitative analysis instead of the fault tree analysis and utilises the Lambda±Tau methodology in conjunction with fuzzy set theory to obtain quantitative results. The Lambda±Tau method of solution is a technique for dealing with repairable systems in fault tree analysis [8,9]. The use of fuzzy set theory and fuzzy arithmetic to determine component or system reliability can be found in the literature [10±18]. However, all of these publications deal with non-repairable systems. It is well known that most databases, on which most of reliability analyses depend, are either out of date or collected under different operating and environmental conditions. Furthermore, the two most important concepts for quantifying system availability are * Corresponding author. Fax: 1965-481-0730. E-mail address: [email protected] (E.R. Odoom).
the failure and repair rates of hardware and human errors. Unfortunately, current failure and repair rates are not suf®cient to account for the complex interactions that human action, such as operator's tasks and maintenance work, may have on the hardware. To add to the problems just mentioned above, it is a common knowledge that large amount of data is required in order to estimate (either by quantitative methods or Monte Carlo simulation) more accurately, the failure, error or repair rates. However, it is usually impossible to obtain such a large quantity of data in any particular plant due to rare events of components, human errors and economic restraints. Thus, experts usually base their estimation on previous engineering experiences. From this point of view, fuzzy probabilities or possibilities are better suited to model such judgements in a ¯exible and ef®cient manner. For example, the use of fuzzy sets to describe subsystem and component reliability and availability will allow input from a wide range of data sources collected under many different conditions. Additionally, the use of expert opinions and other linguistic options can be logically incorporated and used in determining reliability, maintainability and availability of systems. The proposed methodology involves qualitative modelling using PN and quantitative analysis using Lambda±Tau method of solution with the basic events represented by fuzzy numbers of triangular membership function. In the sections that follow, the basic theories leading to the proposed approach are presented.
0951-8320/01/$ - see front matter q 2001 Elsevier Science Ltd. All rights reserved. PII: S 0951-832 0(01)00017-5
2
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Nomenclature A, B ~ B~ A; XA(x) mA~ x
crisp sets fuzzy sets binary membership function of a crisp set A degree of membership of element x in fuzzy set A~ l~ ij fuzzy failure rate of component i with j 1; 2; 3 being lower limit, mean (crisp) and upper limit of the triangular membership function, respectively t~ ij fuzzy repair time of component i with j 1; 2; 3 being lower limit, mean (crisp) and upper limit of the triangular membership function, respectively l (a ) the crisp set (interval) of the fuzzy failure rate l~ ; called the alpha-cut of the fuzzy set, where l a {xuml~ x $ l} (a ) t the crisp set (interval) of the fuzzy repair time t~ ; called the alpha-cut of the fuzzy set, where t a {xumt~ x $ t} A~ ij triangular membership function of a fuzzy number A~ with linguistic expression given to event i, by expert j ~i M average of a group of fuzzy numbers for event i m out(u) the output of a fuzzy triangular number after fuzzy arithmetic operation ui points on the base of the output fuzzy triangular number with i 1; 2; 3 being the lower limit, the upper limit and the crisp value, respectively up defuzzi®ed value of the output fuzzy triangular
2. Petri nets theory C.A. Petri proposed PN about four decades ago for modelling the dynamic behaviour of sequential asynchronous automations [19]. It is now widely used in many ®elds including reliability engineering. PN has been subjected to a lot of mathematical works in the literature, for example, see Ref. [3]. In the ®eld of reliability modelling, it is quite easy to understand and apply. PN modelling is basically a graphical method utilizing some basic symbols for describing relations between conditions and events. PN has a static part as well as a dynamic part. The static part is made of only three objects: places, transitions and arrows. The dynamic part is the marking of the graph and it is made of various `tokens' which are present, or not present in the various places and evolves dynamically according to the `®ring' of the various valid transitions. The marking of PN model at a given moment represents the state of the system. In order to make the markings evolve, the valid transitions have to be ®red. The rules of validation of a transition are very simple:
a transition is said to be valid if, and only if, each input place contains at least one token. In PN model, places (events) correspond to discrete states represented by circles while and the transitions (gates) are represented by bars. The execution of a PN is controlled by the position of the token. The ®ring of transitions moves tokens. However, for a token to be moved, a transition must be enabled (i.e. by having the required number of tokens on the input side). During ®ring, the enabling tokens are removed from the input places and new tokens are generated and placed in the output places. PN can be used to analyse the dynamic behaviour of systems and it is most useful in modelling state transitions in complex systems because they provide an easy way to understand the model of information ¯ow. The description given above is the basic PN theory. However, some improvements can be added in order to make PN more powerful and ¯exible, for example: ² Stochastic Petri nets (SPN), are modi®cations of the conventional PN, with the difference that they allow random sojourn times in markings with exponential waiting distribution. ² Generalised stochastic Petri nets (GSPN) provide the capability to model two types of transitions: 1. Timed transitions. These represent exponential ®ring delays. 2. Immediate transitions. These ®re in zero time and have higher priority than timed transitions. 2.1. Representing systems with Petri nets models Similar to fault tree model, graphical models based on PN model can be constructed to represent cause-and-effect relationship among events. The two nodes of PN model (the places and transitions) are connected by arc (arrows). The number of places is ®nite and not zero. Likewise, the number of transitions is also ®nite and not zero. An arc is directed and connects either a place to a transition or a transition to a place. In this paper, only the static part of PN is used, i.e. the tokens are omitted and it is assumed that transitions are not timed (i.e. they are immediate transitions). Fig. 1 illustrates the basic logic gates of fault tree model with its equivalent logic transitions of PN model. 2.2. Minimal cut and path sets generation in Petri nets model A cut set is a set of components whose failure will result in a system failure and a minimal cut set is one in which all the components must fail in order for the system to fail. Similarly, a path set is a set of components whose functioning ensures that the system functions and a minimal path set is one in which all the components within the set must
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
3
Fig. 1. Basic fault tree logic gates and their representation in PN model.
function for the system to function. Minimal cut and path sets can be derived from a PN model more ef®ciently than from an equivalent fault tree model. It was demonstrated through a matrix method in Ref. [4] that the determination of minimal path sets could be achieved in PN model without transforming the PN to its dual. This means, the minimal cut and path sets can be determined at the same time. In the same reference, it was proved that for the same model, it takes about twice as much instructional steps to generate minimal cut sets in a fault tree model as in equivalent PN model. The matrix method for the determination of minimal cut and path sets in PN model is demonstrated in the example below. 2.3. An illustrative example for cut and path sets generation Fig. 2 illustrates a fault tree model for a hypothetical system. The corresponding PN model is illustrated in Fig. 3. When the matrix method for generating the minimal cut and path sets of a PN model is applied to this model, the resulting minimal cut and path sets are as shown in Fig. 4.
Fig. 2. Fault tree model.
3. Lambda±Tau methodology for determining reliability of repairable systems The Lambda±Tau methodology is a solution technique for dealing with repairable systems of the fault tree model. The method requires redundant-free expressions from the model, i.e. the basic events of the model must not be repeated events. In many cases, this requirement can be met by Boolean substitution reduction techniques. The basic expressions for failure rate and repair time associated with the logical AND- and OR-gates of fault tree model are derived in Ref. [8] and presented here in Table 1. From these expressions, various parameters such as those shown in Table 2 could be obtained. The constant rate model as required in this method is the most commonly used distribution in reliability engineering because most technical systems exhibit constant failure and repair rates after the initial burn-in period. A wellknown characteristic of this distribution, which is not
Fig. 3. PN model of Fig. 2.
4
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Fig. 4. Minimal cut and path sets generation using matrix method.
shared by other failure distributions, is its lack of memory. That is, the time to failure of a component or system is not dependent on how long the component or system has been operating. In general, the assumption of the constant rate model is viable if any of the following applies [20]: ² the system is in its `prime of life'; ² the system is made of solid-state electronic devices; ² the system is a large one with many sub-systems or components which have different failure rates or ages; ² the data are so limited that elaborate mathematical treatments are unjusti®ed.
The Lambda±Tau method incorporates many other restrictions. The main restrictions on its application of the Lambda±Tau method are: ² the ratio of the basic event repair times, t , to the mission time, T, must be small (preferably #0.1); ² the basic event failure rates, l , are very small (preferably #10 23 h 21); ² the product of t and l is very small (preferably #0.1); ² the product of l and T is very small (preferably #0.1); ² t and l must be constant (i.e. the negative exponential distribution must be applied in the quantitative analysis), and failures occur independently.
Table 1 Basic expressions of the Lambda±Tau method Gate
2-Inputs
3-Inputs
l AND
l 1´l 2´[t 1 1 t 2]
l1 ´l2 ´l3 ´[t 2´t 3 1 t 1´t 3 1 t 1´t 2]
n-Inputs 2
3
6n 7 n 6X Y 7 Y 6 7 lj 6 tj 7 6 7 j 4i1 n 5 j 1; i±j
t AND
t1 ´t2 t1 1 t2
t1 ´t2 ´t3 t2 t3 1 t1 t3 1 t1 t2
n Y
2i1
ti 3
6 7 n 6 Y 7 X 6 7 ti 7 6 6 n 7 j1 4 5 i 1; i±j
l OR
l1 1 l2
l1 1 l2 1 l3
n X j1
t OR
l1 t1 1 l2 t2 l1 1 l2
l1 t1 1 l2 t2 1 l3 t3 l1 1 l2 1 l3
lj
n X
lj tj
j1 n X j1
lj
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
5
Table 2 Some reliability parameters for repairable system with constant repair rate model [15] Parameters
Expressions
Mean time to failure
MTTFS
Mean time to repair
MTTRS
Z1 0
Z1 0
tlS e2lS t dt
1 lS
tmS e2lS t dt
1 tS mS
Mean time between failure
MTBFS MTTFS 1 MTTRS
Availability
AS t
mS lS 1 e2 lS 1mS t lS 1 mS lS 1 mS
Unavailability
QS t
lS 1 2 e2 lS 1mS t lS 1 mS
Expected number of failures
WS 0; t
lS mS l2S t1 1 2 e2 lS 1mS t lS 1 mS lS 1 mS 2
Reliability
RS t e2lS t
Unreliability
FS t 1 2 e2lS t
4. Relevant concepts of fuzzy set theory to reliability analysis The failure probabilities of certain components and error probabilities of human operators are usually dependent on experts' engineering judgement rather than on databases that might be insuf®cient and sometimes `obsolete'. However, the judgements of these experts are usually related to their subjectivity. The subjectivity means that the experts cannot estimate these probabilities precisely, exactly and objectively. It is a fact that hardware reliability and human reliability are dependent on environmental conditions and therefore the failure probability and the error probability cannot be physical constant properties. For all practical purposes, they should be modi®ed depending on the environmental conditions. However, it may be dif®cult or even impossible to establish a database to accommodate all the various environmental conditions. It is, therefore, necessary to evaluate the condition in order to modify the failure probabilities and the error probabilities. Usually, the modi®cation is performed by multiplying the probabilities by numerical factors, which often depend on the evaluation of environmental conditions by experts. Hence, the failure and error probabilities, which are estimated by considering the environmental conditions, may not be objective any longer. It may be that subjectivity and fuzziness are latent behind the numerical factors used in modifying the failure and error probabilities. The use of fuzzy methodology in reliability engineering
can be traced back to Kaufmann's [21] work. He introduced the notion of component possibility as a reliability index to replace the notion of component probability. However, he did not explain why the notion of component possibility could be effective and what it exactly meant in engineering and in mathematics. The main work of fuzzy methodology in reliability engineering appeared in 1980s and thereafter. Recently, fuzzy methodology has been widely applied in reliability engineering, e.g. in human reliability [22], hardware reliability [23], software reliability [24], structural reliability [25], etc. In this section, we improve on the existing fuzzy methodology in reliability that is normally based on non-repairable system, to include repairable systems with human components. Zadeh [26] ®rst introduced the fuzzy set theory and used this word to generalise the mathematical concept of the set to one of the fuzzy set. He then theorised that if the available information is such that the uncertain value can be located inside a closed interval, which he called interval of con®dence, then a membership function that maps each element of the interval of con®dence to a value in the interval {0, 1} can be de®ned. 4.1. Fundamentals of fuzzy sets and membership function Classical sets contain objects that satisfy precise properties of membership. Fuzzy sets, on the other hand, contain objects that satisfy imprecise properties of membership, i.e. membership of an object in a fuzzy set can be partial. For classical sets, an element x in a universe U is either a
6
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
member of some crisp set A or it is not. This binary issue of membership can be represented mathematically by the indicator function: ( 1; x [ A; 1 XA x 0; x Ó A:
a -cut of a fuzzy set A~ denoted as A a is the crisp set comprised of all the elements x of a universe of discourse X for which the membership of A~ is greater than or equal to a , that is,
Zadeh [26] extended the notion of binary membership to accommodate various degrees of membership on the real continuous interval {0, 1}, where the endpoints of 0 and 1 conform to no membership and full membership, respectively. Just as the indicator function does for crisp sets, the in®nite number of values in-between the end points can represent various degrees of membership for an element x in some set of the universe U. The sets of the universe U that can accommodate degrees of membership were termed by Zadeh as fuzzy sets. Hence, a fuzzy set can be represented by a functional mapping as
where a is a parameter in the range 0 # x # 1; the vertical bar in Eq. (4) is shorthand for `such that'.
mA~ x [ 0; 1;
2
where mA~ x is the degree of membership of element x in ~ The value fuzzy set A~ or simply membership function of A: mA~ x is on the unit interval that measures the degree to ~ equivalently, we which element x belongs to fuzzy set A; can write ~ mA~ x the degree to which x [ A:
3
The larger mA~ x is, the stronger the degree of belongingness ~ In other words, a fuzzy subset A~ of a universe of for x in A: discourse U {x} is de®ned as a mapping by which x is assigned a number in {0, 1}. This indicates the extent to ~ which x belongs to A: 4.2. The extension principle In order to extend mathematical laws of crisp numbers to fuzzy numbers, it is necessary to use the extension principle. The extension principle was developed by Zadeh [27] and later elaborated by Yager [28] to enable the extension of the domain of a function on fuzzy sets. The extension principle provides the theoretical warranty that fuzzifying the parameters or arguments of a function results in computable fuzzy sets. It plays a fundamental role in translating setbased concepts into their fuzzy set counterparts. Typical examples include arithmetic operations with fuzzy numbers, discussed later. Detailed formulations of the principle may be found in Refs. [27,29]. 4.3. The use of a -cuts ~ we can associate a collection of With any fuzzy set A; ~ An crisp sets known as a -cuts (alpha-cuts) or level sets of A: a -cut is a crisp set consisting of elements of A~ which belong to the fuzzy set at least to a degree a . The concept of a -cuts offers a method for resolving any fuzzy set in terms of constituent crisp sets. Alpha-cuts are indispensable in performing arithmetic operations with fuzzy sets. The
A a {x [ XumA~ x $ a};
4
4.4. Fuzzy numbers and interval arithmetic Fuzzy numbers can be used for handling imprecise information such as `about 5', `high reliability', `low failure rate', etc. Many different membership functions such as the triangular, trapezoidal, normal, gamma, etc. [16] can be used in representing fuzzy numbers. For example, a fuzzy set with triangular membership function may be adequate for representing a term such as `about 5', whereas a fuzzy number with trapezoidal membership function may be used to represent `between 5 and 7'. The basic operations on fuzzy numbers, extended through the extension principle using a -cuts and interval arithmetic, which is the basis for the proposed approach, are discussed next. The roots of computing with fuzzy numbers originated from a branch of mathematics called interval analysis developed to deal with the calculus of tolerances [30]. Brief descriptions of trapezoidal and triangular fuzzy numbers are given below. Let x; a1 ; a2 ; a3 ; a4 [ R (real line) with a1 # a2 # a3 # a4 ; then a fuzzy number is trapezoidal fuzzy number if its membership function mA~ : R ! {0; 1} is equal to 8 x 2 a1 > > ; a1 # x # a2 ; > > a2 2 a1 > > > > < 1; a2 # x # a3 ; mA~ x 5 > a4 2 x > > ; a # x # a ; > 3 4 > a4 2 a3 > > > : 0; otherwise: The quadruplet a1 ; a2 ; a3 ; a4 de®nes a trapezoidal fuzzy number where the interval a2 ; a3 is the most likely values of mA~ x: `a1' and `a4' are the lower and upper bounds of the available area for the evaluation of data. A triangular fuzzy number is a fuzzy number A in R, if its membership function mA~ : R ! {0; 1} is 8 x 2 a1 > > ; a1 # x # a2 ; > > a 2 a1 > < 2 a3 2 x mA~ x 6 > ; a2 # x # a3 ; > > a3 2 a2 > > : 0; otherwise: A triplet a1 ; a2 ; a3 de®nes the triangular fuzzy number where the parameter `a2' gives the maximal grade of mA~ x; i.e. mA~ a2 1; with `a1' and `a3' being the lower and upper bounds of the available area for the evaluation data. A triangular fuzzy number is a special case of
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
7
Fig. 5. A fuzzy triangular number A~ with alpha-cut a .
trapezoidal fuzzy number with a2 a3 : These two fuzzy numbers are the most used in reliability calculations because under certain weak assumptions, they are suitable for the description of the imprecision, vagueness and subjectivity of the data requirements of the hardware failures and human errors. They are also intuitively easy for preparation, evaluation and interpretation of engineering data. A triangular fuzzy number de®ned by a triplet a1 ; a2 ; a3 with a -cuts, A (a ), is de®ned below and shown in Fig. 5:
It should be noted that the multiplication or division of two fuzzy triangular numbers would result in a new fuzzy number whose shape will be considerably changed and no longer having a triangular membership function with linear sides but rather with parabolic sides. From the above basic discussions, the logical AND- and OR-transitions of the PN model using the Lambda±Tau expressions can be formulated.
A a a 1a ; a 3a :
Fuzzy numbers of basic places of PN model over interval of con®dence can be used to account for imprecision and uncertainties in data. Using the extension principle coupled with a -cut and interval arithmetic operations on fuzzy triangular numbers (Eq. (8)), the fuzzy system reliability can be determined through iteration. The application of this approach to the failure rate (l ) and repair time (t ) of the AND- and OR-transition expressions given in Table 2 can be established [31].
7
The a -cut de®nes the interval of con®dence of the triangular number and can be written as A a a2 2 a 1a a 1 a 1a ; 2 a 3a 2 a2 a 1 a 3a :
8
The arithmetic of fuzzy numbers depends on the arithmetic of the interval of con®dence. The four main arithmetic operations on two fuzzy triangular numbers A~ and B~ described by the a -cuts are shown in Table 3 with the following de®nitions: A a A 1a ; A 3a ;
B a B 1a ; B 3a ;
a [ 0; 1:
4.5. Fuzzy expressions for logical AND- and OR-transitions of PN model
4.5.1. AND-transition The interval expressions for the fuzzy triangular number
Table 3 Basic operations of fuzzy numbers, extended through the extension principle Operation
Crisp
Fuzzy
Addition
A1B
A~ 1 B~ A1 a 1 B1 a ; A3 a 1 B3 a
Subtraction
A2B
A~ 2 B~ A1 a 2 B3 a ; A3 a 2 B1 a
Multiplication
A´B
~ B~ A a ´B a ; A a ´B a A´ 1 1 3 3
Division
A4B
A~ 4 B~ A1 a 4 B3 a ; A3 a 4 B1 a
if 0 Ó B1 a ; B3 a
8
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
of the basic places for the failure rate l~ and repair time t~ to AND-transition expressions can be determined from the following: 2
n Y
l a 4
{ li2 2 li1 a 1 li1 }´
i1
n X
2
n Y
4
j1
n Y i1 n X
i1 i±j
n Y
4
j1
i1 i±j
3
i1
{ ti2 2 ti1 a 1 ti1 }5; 9
33
i1 i±j
3
10
7 7 7 7 i1 37 2 7: 7 n n X Y 7 4 { ti2 2 ti1 a 1 ti1 }5 7 5 { 2 ti3 2 ti2 a 1 ti3 }
j1
"
l
n X i1
n X i1
{ li2 2 li1 a 1 li1 }; #
{ 2 li3 2 li2 a 1 li3 } ;
i3
i2
i3
#3
"
{ 2 li3 2 li2 a 1 li3 }´{ ti3 2 ti2 a 1 ti3 } 7 7 7 7 n X 7 5 { li2 2 li1 a 1 li1 }
(12):
i1
4.6.1. Formalisation of linguistic variables The notion of linguistic variable may be regarded as a variable whose values are fuzzy numbers. Linguistic variables can be envisaged in a wider context since they assume values consisting of words or sentences in a language. Zadeh [27] de®ned linguistic variable as being characterised by a quintuple denoted by kY; P Y; X; G; Ml
i1 i±j
4.5.2. OR-transition Similarly, the interval expressions for the fuzzy numbers with triangular membership function of the basic places for the OR-transition can be determined from the following:
a
#
The concept of a linguistic variable is very useful in dealing with situations, which are too complex or ill-de®ned to be reasonably described in conventional quantitative expressions. A linguistic variable is a variable whose values are words or sentences in natural or arti®cial language. For example, `high reliability' is a linguistic variable. Experts' subjective assessments of human error and recovery rates using linguistic variables can be combined with hardware failure rates and repair time in a fuzzy PN model to determine the failure rate and repair time of the TOP place of a system [31].
{ 2 ti3 2 ti2 a 1 ti3 }55:
n 6 Y 6 6 { ti2 2 ti1 a 1 ti1 } 6 6 3; 2 i1 6 6X n 6 n 4Y 6 { 2 ti3 2 ti2 a 1 ti3 }5 4
n Y
"
4.6. Estimating human error and vague information through linguistic variables
2
j1
n X
6 { li2 2 li1 a 1 li1 }´{ ti2 2 ti1 a 1 ti1 } 6 6 ; t a 6 i1 n X 6 4 { 2 l 2 l a 1 l } n X
;a [ [0,1] and
t a
2
i1
{ 2 li3 2 li2 a 1 li3 }´ 2
and
11
13
where Y is the name of the variable, P(Y) the term set of Y whose elements are labels of linguistic values of Y, G generally a grammar for generating Y, M a semantic rule for associating with each label L [ P Y its meaning M(L), which is a fuzzy set on the universe P whose base variable is p and X the universe whose base variable is x. For example, consider a linguistic variable named probability, that is, Y probability; with P {0; 1} and base variable p [ P: The term set associated with probability could be P(probability) {very low, low, fairly low, medium, fairly high, high, very high} where each term in P(probability) is a label of a linguistic value of probability. The meaning M(P) of a label P [ P probability is de®ned to be the constraint P(p) on the base variable p imposed by the name of P. Therefore, M(P) is a fuzzy set of P whose membership function P(p) conveys the semantics of name P. Fig. 6 is a graphical illustration of this concept.
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
9
Fig. 6. Example of a linguistic variable called `probability'.
4.6.2. Aggregation of experts' fuzzy opinions In conducting linguistic assessments for human and vague events such as environmental events, it is normal to obtain a number of experts' opinions. This is necessary because the data on human performance or environmental condition are more or less subjective. These opinions are usually aggregated using mean, median, maximum, minimum or mixed operators. In our work, the average (mean) method of aggregation was used because it is the most commonly used, understandable and appropriate method to use in this case. If we let Aij aij ; bij ; cij represent the triangular fuzzy numbers where i 1; 2; ¼; m; j 1; 2; ¼; n; are the linguistic expressions given to event i, by expert j, then the average equation for aggregating the n experts' opinions in fuzzy number can be de®ned as Mi
1 ^ Ai1 % ¼ % Aim ; n
i 1; 2; ¼; m;
14
where Mi is the resulting average fuzzy number of the event i. Examples utilising the concept of linguistic variables is given in Appendices A and B. 4.7. Defuzzi®cation of fuzzy process output In many engineering applications of fuzzy set theory, it is often required that the output from fuzzy process be represented as crisp value since most of the actions or decisions implemented by humans or machines are crisp or binary. In order to obtain a crisp result from a fuzzy process, it is necessary to convert the fuzzy output to a crisp value. The process of converting a fuzzy quantity to a precise quantity is called defuzzi®cation. There exist many defuzzi®cation techniques such as max-membership principle, centre of area (COA), weighted average, mean±max membership, centre of sum, centre of largest area, etc., which can be used depending on the application. The COA method was selected for this study because it is equivalent to the mean of
data appropriate for reliability calculations. If a fuzzy set mout u can be described with its minimum and maximum interval as u1 ; u2 ; then COA defuzzi®cation u p of mout u can be de®ned as [32] Zu2 u´mout u du u up Z1u2 : 15 mout u du u1
Fig. 7 illustrates the defuzzi®cation u p of the output of a fuzzy number mout u: 5. An illustrative example An example of a fault tree with it data taken from Ref. [9] is converted into a PN model as shown in Fig. 8. The data for the components are: lA lB lC lD 1023 failure h21 ; tA tB tC tD 5 h and mission time t 100 h: We required to determine the reliability parameters for the TOP place. The minimal cut and path sets generated using the matrix method described in Section 2.2 are {AC, AD} and {A, CD}, respectively. 5.1. Developing fuzzy numbers from reliability data Reliability data in most databases are reported on a con®dence interval basis together with the mean (crisp) value. If this is the case, the mean value is said to be the most probable representation of the measured or observed event. When such data is reported for a basic event (place), it is simply a matter of representing the triplet of the fuzzy triangular number (a1, a2, a3) with the lower, mean and upper values of the data at 0, 1.0, and 0 membership values. When the lower and upper limits are not given, the analyst may have to choose the lower and upper limits of the fuzzy triangular numbers from his/her engineering experience. In this case, a bias could be introduced by the designer or engineer with
10
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Fig. 7. Defuzzi®cation of a fuzzy set m out(u) by the COA method.
regard to the type of use and component operating environment. For this example, we chose a ^15% spread of the crisp values to obtain the lower and upper limits at 0 membership value and the crisp value at 1.0 membership of the triangular fuzzy number. Other percentages values such as ^25 and ^50% were applied to the crisp values to obtain the lower and upper limits of the fuzzy triangular numbers.
given above (see Fig. 9), the various intervals of the input fuzzy triangular number corresponding to the a 's can be determined utilising the method of similar triangles and Eq. (8). After the input fuzzy triangular numbers are determined, they can be used in Eqs. (9)±(12) to determine the TOP place utilising the minimal cut set principle. First, we determine the failure rate (l ) as follows:
5.2. Hand calculating the Lambda and Tau values of the TOP place
1. li1(0) (AND) (8.5 £ 10 24)(8.5 £ 10 24)(4.25 1 4.25) 6.141 £ 10 26 using Eq. (9) for the two components of minimal cut set {AC} and {AD}, hence,
Using a 0; 0:1; and 1 with ^15% spread of the crisp values as the lower and upper limits for the l and t values
For a 0; we have for lower limit l 0 i1 ;
l1(0)(OR) 6.141 £ 10 26 1 6.141 £ 10 26 1.2283 £ 1025
Fig. 8. PN model, for example.
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
11
Fig. 9. Input data represented as fuzzy triangular numbers.
using Eq. (11) for the union of both minimal cut sets {AC} and {AD}, i.e. the TOP place. Similarly, for the crisp value, li2 li1 hence, for the two components (A and C), with a 1; we have for the crisp value l 1 i2 ; 2.
li2(1)(AND)
23
23
similarly for {AD}, hence, 6:141 £ 1026 1:5706 1 6:141 £ 1026 1:5706 1:521 £ 1025 1 1:521 £ 1025
t 0 1 OR
0:6341 TOP place:
25
(10 )(10 )(5 1 5) 10 (cut sets), l 1 OR 1025 1 1025 2:0 £ 1025 (TOP place). 2
For a 0; we have for the upper limit l 0 i3 ; 3. li3(0) (AND) (1.15 £ 10 23)(1.15 £ 10 23)(5.75 1 5.75) 1.521 £ 1025 (cut sets), l3(0) (OR) 1.521 £ 10 25 1 1.521 £ 1025 3.042 £ 10 25 (TOP place). 4. l i1(0.1) (AND) (8.65 £ 10 24 )(8.65 £ 10 24 )(4.325 1 4.325) 6.472 £ 10 26 (cut sets), l1(0.1) (OR) (6.472 £ 10 26 1 6.472 £ 1026) 1.2944 £ 1025 (TOP place). 5. li3(0.1) (AND) (1.135 £ 10 23)(1.135 £ 10 23)(5.675 1 5.675) 1.4621 £ 1025 (cut sets), l 3(0 . 1) (OR) (1.4621 £ 10 2 5 1 1.4621 £ 10 2 5 ) 2.924 £ 1025 (TOP place).
7. t 1 i2 AND 5:0 5:0= 5:0 1 5:0 2:5 (cut sets),
t 1 2 OR
2:5 TOP place: AND 5:75 5:75= 4:25 1 4:25 3:8897 (cut 8. sets),
t 0 i3
t3 0 OR
1:521 £ 1025 3:8897 1 1:521 £ 1025 3:8897 6:141 £ 1026 1 6:141 £ 1026
9:6336 TOP place: 9. t 0:1 AND 4:325 4:325= 5:675 1 5:675 1:648 i1 (cut sets),
Similarly, we determine the repair time (t ) as follows: 6. ti1(0) (AND) (4.25)(4.25)/(5.75 1 5.75) 1.5706 using Eq. (10) for two components of minimal cut set {AC} and
1025 2:5 1 1025 2:5 1025 1 1025
t1 0:1 OR
6:472 £ 1026 1:648 1 6:472 £ 1026 1:648 1:4621 £ 1025 1 1:4621 £ 1025
0:7295 TOP place:
12
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Table 4 Fuzzy TOP place parameters Degree of Membership
Failure rate (failures h 21) Left spread
Right spread 25
1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
Repair time (hour)
2.0000 £ 10 1.9114 £ 10 25 1.8253 £ 10 25 1.7420 £ 10 25 1.6612 £ 10 25 1.5829 £ 10 25 1.5071 £ 10 25 1.4338 £ 10 25 1.3629 £ 10 25 1.2944 £ 10 25 1.2283 £ 10 25
Left spread 25
2.0000 £ 10 2.0914 £ 10 25 2.1855 £ 10 25 2.2823 £ 10 25 2.3820 £ 10 25 2.4846 £ 10 25 2.5901 £ 10 25 2.6985 £ 10 25 2.8099 £ 10 25 2.9243 £ 10 25 3.0418 £ 10 25
2.5000 2.1802 1.9074 1.6653 1.4533 1.2677 1.1052 9.6295 £ 10 21 8.3846 £ 10 21 72952 £ 10 21 6.3422 £ 10 21
Right spread 2.5000 2.8610 3.2737 3.7455 4.2851 4.9025 5.6093 6.4189 7.3468 8.4111 9.6328
1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
MTBF (h) 5.0002 £ 10 4 4.7818 £ 10 4 4.5759 £ 10 4 4.3817 £ 10 4 4.1982 £ 10 4 4.0249 £ 10 4 3.8610 £ 10 4 3.7059 £ 10 4 3.5590 £ 10 4 3.4197 £ 10 4 3.2876 £ 10 4
5.0002 £ 10 4 5.2322 £ 10 4 5.4787 £ 10 4 5.7410 £ 10 4 6.0203 £ 10 4 6.3180 £ 10 4 6.6357 £ 10 4 6.9749 £ 10 4 7.3378 £ 10 4 7.7263 £ 10 4 8.1426 £ 10 4
ENOF 1.9999 £ 10 23 1.9112 £ 10 23 1.8252 £ 10 23 1.7418 £ 10 23 1.6610 £ 10 23 1.5827 £ 10 23 1.5069 £ 10 23 1.4336 £ 10 23 1.3627 £ 10 23 1.2941 £ 10 23 1.2279 £ 10 23
1.9999 £ 10 23 2.0913 £ 10 23 2.1854 £ 10 23 2.2823 £ 10 23 2.3820 £ 10 23 2.4845 £ 10 23 2.5900 £ 10 23 2.6984 £ 10 23 2.8098 £ 10 23 2.9242 £ 10 23 3.0417 £ 10 23
1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
Availability 9.999500 £ 10 21 9.999402 £ 10 21 9.999285 £ 10 21 9.999145 £ 10 21 9.998980 £ 10 21 9.998782 £ 10 21 9.998547 £ 10 21 9.998268 £ 10 21 9.997936 £ 10 21 9.997540 £ 10 21 9.997070 £ 10 21
9.999500 £ 10 21 9.999583 £ 10 21 9.999652 £ 10 21 9.999710 £ 10 21 9.999759 £ 10 21 9.999799 £ 10 21 9.999834 £ 10 21 9.999862 £ 10 21 9.999886 £ 10 21 9.999906 £ 10 21 9.999922 £ 10 21
Unavailability 4.999751 £ 10 25 2.69759 £ 10 24 1.61901 £ 10 24 9.73823 £ 10 25 5.86701 £ 10 25 3.53813 £ 10 25 2.13311 £ 10 25 1.28234 £ 10 25 7.64597 £ 10 26 4.47547 £ 10 26 2.52352 £ 10 26
4.999751 £ 10 25 5.983224 £ 10 25 7.154279 £ 10 25 8.548192 £ 10 25 1.020693 £ 10 24 1.218042 £ 10 24 1.452811 £ 10 24 1.732089 £ 10 24 2.064327 £ 10 24 2.459622 £ 10 24 2.930041 £ 10 24
1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
Reliability 9.980020 £ 10 21 9.979109 £ 10 21 9.978169 £ 10 21 9.977202 £ 10 21 9.976208 £ 10 21 9.975185 £ 10 21 9.974133 £ 10 21 9.973052 £ 10 21 9.971941 £ 10 21 9.970800 £ 10 21 9.969628 £ 10 21
9.980020 £ 10 21 9.980905 £ 10 21 9.981763 £ 10 21 9.982595 £ 10 21 9.983402 £ 10 21 9.984183 £ 10 21 9.984940 £ 10 21 9.985672 £ 10 21 9.986380 £ 10 21 9.987064 £ 10 21 9.987725 £ 10 21
Unreliability 1.998007 £ 10 23 1.909494 £ 10 23 1.823664 £ 10 23 1.740456 £ 10 23 1.659811 £ 10 23 1.581669 £ 10 23 1.506031 £ 10 23 1.432836 £ 10 23 1.362026 £ 10 23 1.293600 £ 10 23 1.227498 £ 10 23
1.998007 £ 10 23 2.089143 £ 10 23 2.183080 £ 10 23 2.279758 £ 10 23 2.379179 £ 10 23 2.481520 £ 10 23 2.586722 £ 10 23 2.694845 £ 10 23 2.805889 £ 10 23 2.919972 £ 10 23 3.037155 £ 10 23
10. t 0:1 AND 5:675 5:675= 4:325 1 4:325 i3 3.7232 (cut sets), t 0:1 OR 3
1:4621 £ 1025 3:7232 1 1:462 £ 1025 3:7232 6:672 £ 1026 1 6:472 £ 1026
8:4111 TOP place:
The rest of the a -cuts can be determined similarly. The complete computer solution to this example is tabulated in Table 4. Eq. (15) was used for defuzzifying the failure rate and repair time with the results as: l 2:0678 £ 1025 failure h21 and l 3:8191 h: The crisp results are l 2:0 £ 1025 failure h21 and t 2:5 h: From the expressions of Eqs. (9)±(12), it is obvious that
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
13
Fig. 10. Fuzzy reliability parameters of the TOP place.
hand calculation for few basic events within a cut set with different failure rates and repair times could be very tedious and error prone. It is practically impossible to do hand calculations for several basic events within cut sets with different failure rates and repair times. Hence, software was developed to do all the calculations including the generation of the minimal cut and path sets, and the defuzzi®cation of the fuzzy failure rate and repair time values of the TOP place. 5.3. Determination of reliability parameters After defuzzifying failure rate and repair time values for the TOP place of the system, they can be used in determin-
ing a number of quanti®able parameters such as the unavailability, expected number of failures (ENOF), etc. of the TOP place. In this example, the mean time between failures (MTBF), availability, unavailability, ENOF, reliability and unreliability were determined for the system's TOP place using the given mission time of 100 h. The results of the generated minimal cut and path sets together with the quantitative solution can be used in setting up condition monitoring and maintenance planning of the system or plant. 5.4. Results The results of the fuzzy reliability parameters based on
14
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Table 5 Output values of reliability parameters for the TOP place of the PN model Reliability parameters
Crisp value
Defuzzi®ed value of the 15% spread on the crisp value
Defuzzi®ed value of the 25% spread on the crisp value
Defuzzi®ed value of the 50% spread on the crisp value
Repair time (h) Failure rate (h 21) MTBF Unavailability Availability ENOF Reliability Unreliability
2.50000 2.00000 £ 10 25 5.00015 £ 10 4 4.99975 £ 10 24 9.99950 £ 10 21 1.99990 £ 10 23 9.98002 £ 10 21 1.99801 £ 10 23
3.81913 2.06781 £ 10 25 4.83642 £ 10 4 7.89660 £ 10 25 9.99921 £ 10 21 2.06765 £ 10 23 9.97934 £ 10 21 2.06567 £ 10 23
7.33372 2.18877 £ 10 25 4.56951 £ 10 4 1.60493 £ 10 24 9.99840 £ 10 21 2.18842 £ 10 23 9.97814 £ 10 21 2.18638 £ 10 23
7.65884 £ 10 1 2.76250 £ 10 25 3.62757 £ 10 4 2.11129 £ 10 23 9.97241 £ 10 21 2.75666 £ 10 23 9.97241 £ 10 21 2.75868 £ 10 23
^15% spread on the crisp input data and their corresponding lower and upper limits are shown in Table 4 and plotted in Fig. 10. The crisp and the defuzzi®ed values of the three different spreads on the crisp values are tabulated in Table 5. The crisp value does not change irrespective of the spread chosen. As is evident in Table 5, the defuzzi®ed value increases as the percentage of the spread increases for MTTR, MTTF, unavailability, ENOF, and unreliability. At the same time, the defuzzi®ed value decreases as the percentage of spread increases for MTBF, availability and reliability. This means that the values obtained through the fuzzy methodology are conservative in nature, which may be bene®cial for plant maintenance managers in terms of performing maintenance. For example, maintenance may be based on the defuzzi®ed MTBF value instead of the crisp MTBF value. In this case, maintenance can be performed any time on or after the defuzzi®ed MTBF and before the crisp MTBF. Depending on the percentage of spread used (above ^50%), an overestimation of the parameters may result. Hence, selection of the spread on the crisp value for fuzzy input data should be used with great care and knowledge of the system, its available data and environment of operation. 6. Conclusions The methodology proposed in this paper can be applied to any repairable technical system or plant. The development of fuzzy numbers from available data on components and using fuzzy possibility theory to de®ne membership functions can greatly increase the relevance of the reliability study. The use of fuzzy arithmetic in the PN model increases the ¯exibility for application to various systems and conditions. In addition, it allows the use of fewer data, if data is scarce, or use many data range from many sources as is possible for the systems being studied. A bias can also be introduced by the designer or engineer when assigning membership function values to more accurately re¯ect the environment in which the system will operate. This fuzzy reliability methodology has important implications for
management with respect to plant maintenance and operation. With reduced MTBF, a safe interval between maintenance is established and inspections may be conducted long before the crisp estimation is reached. Similarly, with increased repair time, a reduced availability that is more conservative than that of the crisp value can be realised. The overall bene®ts for the methodology, however, include (i) the ability to model and deal with highly complex systems (because fuzzy sets can deal easily with approximations), (ii) the ability to model systems involving multiple experts (since fuzzy sets are well suited to representing multiple cooperating, collaborating and even con¯icting experts), (iii) improve handling of uncertainties and possibilities (because fuzzy logic provides a better, more consistent, and more mathematically sound method of handling uncertainties in data than conventional methods, such as, Bayesian statistics). The most important bene®t of all is, one can obtain both the crisp, fuzzy and the defuzzi®ed results for even the most highly complex integrated systems with few data. Acknowledgements The authors would like to thank the editor-in-chief and the referees whose valuable comments have in¯uenced the quality of this paper. The authors would also like to thank the MIRCE Akademy for its support on this project. Appendix A. Computing human error and recovery rates with linguistic variables The triangular and trapezoidal membership functions of the linguistic fuzzy numbers for the human error and recovery rates can be expressed as shown below and illustrated in Fig. 11. The crisp human error and recovery time data used were taken from Ref. [33] and is presented in Table 6 with the subscripts of the membership functions indicated.
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
15
Fig. 11. Fuzzy numbers representing linguistic values.
1. Recovery time (t ): 8 1; > > > < 0:06 2 t mENS t ; > 0:02 > > : 0;
2. Error rate (l ):
0:04 , t # 0:06; otherwise:
8 t 2 0:05 > > ; > > > < 0:05 mINS t mEUS t 0:15 2 t > ; > > 0:05 > > : 0; 8 t 2 0:075 > > ; > < 0:075 mIUS t 1; > > > : 0;
8 1; > > > < 0:1875 2 l mENS l ; > 0:0625 > > : 0;
0 , t # 0:04;
8 l 2 0:250 > > ; > > > < 0:250 mINS l 0:750 2 l > ; > > 0:250 > > : 0;
0:05 , t # 0:10; 0:10 , t # 0:15; otherwise:
8 l 2 1:650 > > ; > < 1:650 mIUS l 1; > > > : 0;
0:075 , t # 0:15; 0:15 , t # 0:25; otherwise:
Table 6 Human error rates and recovery time estimate Human performance
Error rate, l (h 21)
Recovery time, t (h)
Experienced and under no stress (ENS) Inexperienced and under no stress (INS) Experienced and under stress (EUS) Inexperienced and under stress (IUS)
0.125 0.500 2.000 3.300
0.04 0.10 0.10 0.15
0 , l # 0:125; 0:125 , l # 0:1875; otherwise: 0:250 , l # 0:500; 0:500 , l # 0:750; otherwise:
1:650 , l # 1:650; 3:300 , l # 5:000; otherwise:
16
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Fig. 12. The aggregation process for the human recovery time.
Appendix B. Numerical illustration of aggregation of experts' fuzzy opinions Consider, for example, the basic event (place), `operator fails to operate an emergency lever'. The established membership functions in Appendix A, are used for determining the aggregated values for the human error (failure) rate and recovery (repair) time to be used in the PN model. Let say, for example, ®ve experts suggested the performance of the human operator as follows: EUS, EUS, IUS, IUS and INS. Using the membership functions de®ned in Appendix A, we determine the recovery time (t ) aggregation as shown below: 8 t 2 0:05 > > ; > > > < 0:05 mINS t mEUS t 0:15 2 t > ; > > 0:05 > > : 0;
0:05 , t # 0:10; 0:10 , t # 0:15; otherwise:
and the linguistic value IUS is 8 t 2 0:075 > > ; 0:075 , t # 0:15; > < 0:075 mIUS t 1; 0:15 , t # 0:25; > > > : 0; otherwise: After converting each expert's linguistic ratings into fuzzy numbers, the aggregated fuzzy number of the recovery time for operator fails to operate emergency equipment
is
8 t 2 0:055 > > ; > > 0:055 > > > < 1; mM t > 0:170 2 t > > ; > > 0:040 > > : 0;
0 , t # 0:110; 0:110 , t # 0:130; 0:130 , t # 0:170; otherwise:
This process is shown diagrammatically in Fig. 12. The error rate can be obtained in a similar fashion. After obtaining the fuzzy human error rate and the recovery time (in trapezoidal membership function), it can approximated into a triangular membership function and use with the other triangular numbers in the PN model just as if they are hardware failure rates and repair times. References [1] Kumar V, Aggarwal KK. Petri net modelling and reliability evaluation of distributed processing systems. Reliability Engineering and System Safety 1993;41:167±76. [2] Hura GS, Atwood JW. The use of Petri nets to analyze coherent fault trees. IEEE Transactions on Reliability 1988;375:469±74. [3] Bobbio A. System modelling with Petri nets. In: Colombo AG, Saiz de Bustamante A, editors. System reliability assessment, Proceedings of the ISPRA Course held in Madrid, 1988. [4] Liu TS, Chiou SB. The application of Petri nets to failure analysis. Reliability Engineering and System Safety 1997;57:129±42. [5] Viswanadham N. Reliability of computer and control system. New York: Elsevier, 1987. [6] Leveson NG, Stolzy JL. Safety analysis using Petri nets. IEEE Transactions on Software Engineering 1987;133:386±97.
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17 [7] Shabalin AN. Generation of models for reliability growth. Proceedings of the Annual Reliability and Maintenance Symposium, New York: IEEE Press, 1992. p. 299±302. [8] Misra KB. Reliability analysis and prediction: a methodology oriented treatment. Amsterdam: Elsevier, 1992. [9] Dhillon BS, Singh C. Engineering reliability: new techniques and applications. New York: Wiley, 1981. [10] Cai KY. Fuzzy reliability theories. Fuzzy Sets and Systems 1991;40:510±1. [11] Chen SM. Fuzzy system reliability analysis using fuzzy number arithmetic operations. Fuzzy Sets and Systems 1994;64:31±38. [12] Cheng CH, Mon DL. Fuzzy system reliability analysis by interval of con®dence. Fuzzy Sets and Systems 1993;56:29±35. [13] Singer D. Fuzzy set approach to fault tree and reliability analysis. Fuzzy Sets and Systems 1990;34:145±55. [14] Sugeno M, Onisawa, T, Nishiwaki Y. A new approach based on fuzzy sets concepts to fault tree analysis and diagnosis of failure at nuclear power plants. In: Proceedings of the IAEA Symposium on Diagnosis of Failure and Response to Abnormal Occurrences at Nuclear Power Plants, 1984 June 12±15; Dresden. [15] Tanaka H, Fan LT, Lai FS, Toguchi K. Fault tree analysis by fuzzy probability. IEEE Transactions on Reliability 1983;R-32:453±7. [16] Mon DM, Cheng CH. Fuzzy system reliability analysis for components with different membership functions. Fuzzy Sets and Systems 1994;64:145±57. [17] Cai KY. Introduction to fuzzy reliability. Boston: Kluwer Academic Publishers, 1996. [18] Lin CT, Wang MJ. Hybrid fault tree analysis using fuzzy sets. Reliability Engineering and System Safety 1998;58:205±13. [19] Petri CA. Communication with automata. Doctoral Thesis. University of Bonn; 1962. Technical Report (English) RADC-TR-65-377. Grif®s (NY): Rome Air Development Center; 1966.
17
[20] Henley J, Kumamoto H. Probabilistic risk assessment. New York: IEEE Press, 1992. [21] Kaufmann A. Introduction to the fuzzy subset, vol. 1. New York: Academic Press, 1975. [22] Karwowski W, Mital A, editors. Applications of fuzzy set theory in human factors Amsterdam: Elsevier, 1986. [23] Cai KY. Fuzzy reliability theories. Fuzzy Sets and Systems 1991;40:510±1. [24] Bastani FB, Ramamoorthy CV. Input-domain-based models for estimating the correctness of process control program. In: Serra A, Barlow RE, editors. Theory of reliability, Amsterdam: NorthHolland, 1986. p. 321±78. [25] Shiraishi N, Furuta H. Reliability analysis based on fuzzy probability. Journal of Engineering Mechanism 1983;109:1445±59. [26] Zadeh LA. Fuzzy sets. Information and Control 1965;8:338±53. [27] Zadeh LA. The concept of a linguistic variable and its application to approximate reasoning, Part I. Information Sciences 1975;8:199±249. [28] Yager RR. A characterization of the extension principle. Fuzzy Sets and Systems 1986;18:205±17. [29] Dubois D, Prade H. Fuzzy sets and systems: theory and applications. Boston: Academic Press, 1980. [30] Moore R. Interval analysis. Englewood Cliffs, NJ: Prentice-Hall, 1966. [31] Odoom ER. A methodology for operational reliability programme development and assessment with application to ship propulsion plants. PhD Thesis. Exeter (UK): University of Exeter; 2000. [32] Ross TJ. Fuzzy logic with engineering applications. New York: McGraw-Hill, 1995. [33] Raafat HMN. The quanti®cation of risk in system design. Journal of Engineering for Industry 1983;105:223±33.
www.elsevier.com/locate/ress
Reliability modelling of repairable systems using Petri nets and fuzzy Lambda±Tau methodology J. Knezevic a, E.R. Odoom b,* a
Research Centre MIRCE, Harrison Building, School of Engineering and Computer Science, University of Exeter, Exeter EX4 4QE, UK b Department of Automotive and Marine Engineering, College of Technological Studies, P.O. Box 42325, Shuwaikh 70654, Kuwait Received 20 May 2000; accepted 6 February 2001
Abstract A methodology is developed which uses Petri nets instead of the fault tree methodology and solves for reliability indices utilising fuzzy Lambda±Tau method. Fuzzy set theory is used for representing the failure rate and repair time instead of the classical (crisp) set theory because fuzzy numbers allow expert opinions, linguistic variables, operating conditions, uncertainty and imprecision in reliability information to be incorporated into the system model. Petri nets are used because unlike the fault tree methodology, the use of Petri nets allows ef®cient simultaneous generation of minimal cut and path sets. q 2001 Elsevier Science Ltd. All rights reserved. Keywords: Reliability; Repairable systems; Petri nets; Lambda±Tau methodology; Fuzzy set; Linguistic variables
1. Introduction This paper outlines a novel approach for determining the reliability of repairable technical systems making use of Petri nets (PN) and fuzzy Lambda±Tau methodology. The PN methodology of reliability modelling is similar to that of fault tree modelling using graphical representation of the relations between conditions and events. The application of PN to reliability engineering has been limited, but few examples can be found for reliability evaluation [1±4], fault-tolerant analysis [5], safety analysis [6] and reliability growth [7]. The proposed approach makes use of PN modelling and qualitative analysis instead of the fault tree analysis and utilises the Lambda±Tau methodology in conjunction with fuzzy set theory to obtain quantitative results. The Lambda±Tau method of solution is a technique for dealing with repairable systems in fault tree analysis [8,9]. The use of fuzzy set theory and fuzzy arithmetic to determine component or system reliability can be found in the literature [10±18]. However, all of these publications deal with non-repairable systems. It is well known that most databases, on which most of reliability analyses depend, are either out of date or collected under different operating and environmental conditions. Furthermore, the two most important concepts for quantifying system availability are * Corresponding author. Fax: 1965-481-0730. E-mail address: [email protected] (E.R. Odoom).
the failure and repair rates of hardware and human errors. Unfortunately, current failure and repair rates are not suf®cient to account for the complex interactions that human action, such as operator's tasks and maintenance work, may have on the hardware. To add to the problems just mentioned above, it is a common knowledge that large amount of data is required in order to estimate (either by quantitative methods or Monte Carlo simulation) more accurately, the failure, error or repair rates. However, it is usually impossible to obtain such a large quantity of data in any particular plant due to rare events of components, human errors and economic restraints. Thus, experts usually base their estimation on previous engineering experiences. From this point of view, fuzzy probabilities or possibilities are better suited to model such judgements in a ¯exible and ef®cient manner. For example, the use of fuzzy sets to describe subsystem and component reliability and availability will allow input from a wide range of data sources collected under many different conditions. Additionally, the use of expert opinions and other linguistic options can be logically incorporated and used in determining reliability, maintainability and availability of systems. The proposed methodology involves qualitative modelling using PN and quantitative analysis using Lambda±Tau method of solution with the basic events represented by fuzzy numbers of triangular membership function. In the sections that follow, the basic theories leading to the proposed approach are presented.
0951-8320/01/$ - see front matter q 2001 Elsevier Science Ltd. All rights reserved. PII: S 0951-832 0(01)00017-5
2
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Nomenclature A, B ~ B~ A; XA(x) mA~ x
crisp sets fuzzy sets binary membership function of a crisp set A degree of membership of element x in fuzzy set A~ l~ ij fuzzy failure rate of component i with j 1; 2; 3 being lower limit, mean (crisp) and upper limit of the triangular membership function, respectively t~ ij fuzzy repair time of component i with j 1; 2; 3 being lower limit, mean (crisp) and upper limit of the triangular membership function, respectively l (a ) the crisp set (interval) of the fuzzy failure rate l~ ; called the alpha-cut of the fuzzy set, where l a {xuml~ x $ l} (a ) t the crisp set (interval) of the fuzzy repair time t~ ; called the alpha-cut of the fuzzy set, where t a {xumt~ x $ t} A~ ij triangular membership function of a fuzzy number A~ with linguistic expression given to event i, by expert j ~i M average of a group of fuzzy numbers for event i m out(u) the output of a fuzzy triangular number after fuzzy arithmetic operation ui points on the base of the output fuzzy triangular number with i 1; 2; 3 being the lower limit, the upper limit and the crisp value, respectively up defuzzi®ed value of the output fuzzy triangular
2. Petri nets theory C.A. Petri proposed PN about four decades ago for modelling the dynamic behaviour of sequential asynchronous automations [19]. It is now widely used in many ®elds including reliability engineering. PN has been subjected to a lot of mathematical works in the literature, for example, see Ref. [3]. In the ®eld of reliability modelling, it is quite easy to understand and apply. PN modelling is basically a graphical method utilizing some basic symbols for describing relations between conditions and events. PN has a static part as well as a dynamic part. The static part is made of only three objects: places, transitions and arrows. The dynamic part is the marking of the graph and it is made of various `tokens' which are present, or not present in the various places and evolves dynamically according to the `®ring' of the various valid transitions. The marking of PN model at a given moment represents the state of the system. In order to make the markings evolve, the valid transitions have to be ®red. The rules of validation of a transition are very simple:
a transition is said to be valid if, and only if, each input place contains at least one token. In PN model, places (events) correspond to discrete states represented by circles while and the transitions (gates) are represented by bars. The execution of a PN is controlled by the position of the token. The ®ring of transitions moves tokens. However, for a token to be moved, a transition must be enabled (i.e. by having the required number of tokens on the input side). During ®ring, the enabling tokens are removed from the input places and new tokens are generated and placed in the output places. PN can be used to analyse the dynamic behaviour of systems and it is most useful in modelling state transitions in complex systems because they provide an easy way to understand the model of information ¯ow. The description given above is the basic PN theory. However, some improvements can be added in order to make PN more powerful and ¯exible, for example: ² Stochastic Petri nets (SPN), are modi®cations of the conventional PN, with the difference that they allow random sojourn times in markings with exponential waiting distribution. ² Generalised stochastic Petri nets (GSPN) provide the capability to model two types of transitions: 1. Timed transitions. These represent exponential ®ring delays. 2. Immediate transitions. These ®re in zero time and have higher priority than timed transitions. 2.1. Representing systems with Petri nets models Similar to fault tree model, graphical models based on PN model can be constructed to represent cause-and-effect relationship among events. The two nodes of PN model (the places and transitions) are connected by arc (arrows). The number of places is ®nite and not zero. Likewise, the number of transitions is also ®nite and not zero. An arc is directed and connects either a place to a transition or a transition to a place. In this paper, only the static part of PN is used, i.e. the tokens are omitted and it is assumed that transitions are not timed (i.e. they are immediate transitions). Fig. 1 illustrates the basic logic gates of fault tree model with its equivalent logic transitions of PN model. 2.2. Minimal cut and path sets generation in Petri nets model A cut set is a set of components whose failure will result in a system failure and a minimal cut set is one in which all the components must fail in order for the system to fail. Similarly, a path set is a set of components whose functioning ensures that the system functions and a minimal path set is one in which all the components within the set must
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
3
Fig. 1. Basic fault tree logic gates and their representation in PN model.
function for the system to function. Minimal cut and path sets can be derived from a PN model more ef®ciently than from an equivalent fault tree model. It was demonstrated through a matrix method in Ref. [4] that the determination of minimal path sets could be achieved in PN model without transforming the PN to its dual. This means, the minimal cut and path sets can be determined at the same time. In the same reference, it was proved that for the same model, it takes about twice as much instructional steps to generate minimal cut sets in a fault tree model as in equivalent PN model. The matrix method for the determination of minimal cut and path sets in PN model is demonstrated in the example below. 2.3. An illustrative example for cut and path sets generation Fig. 2 illustrates a fault tree model for a hypothetical system. The corresponding PN model is illustrated in Fig. 3. When the matrix method for generating the minimal cut and path sets of a PN model is applied to this model, the resulting minimal cut and path sets are as shown in Fig. 4.
Fig. 2. Fault tree model.
3. Lambda±Tau methodology for determining reliability of repairable systems The Lambda±Tau methodology is a solution technique for dealing with repairable systems of the fault tree model. The method requires redundant-free expressions from the model, i.e. the basic events of the model must not be repeated events. In many cases, this requirement can be met by Boolean substitution reduction techniques. The basic expressions for failure rate and repair time associated with the logical AND- and OR-gates of fault tree model are derived in Ref. [8] and presented here in Table 1. From these expressions, various parameters such as those shown in Table 2 could be obtained. The constant rate model as required in this method is the most commonly used distribution in reliability engineering because most technical systems exhibit constant failure and repair rates after the initial burn-in period. A wellknown characteristic of this distribution, which is not
Fig. 3. PN model of Fig. 2.
4
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Fig. 4. Minimal cut and path sets generation using matrix method.
shared by other failure distributions, is its lack of memory. That is, the time to failure of a component or system is not dependent on how long the component or system has been operating. In general, the assumption of the constant rate model is viable if any of the following applies [20]: ² the system is in its `prime of life'; ² the system is made of solid-state electronic devices; ² the system is a large one with many sub-systems or components which have different failure rates or ages; ² the data are so limited that elaborate mathematical treatments are unjusti®ed.
The Lambda±Tau method incorporates many other restrictions. The main restrictions on its application of the Lambda±Tau method are: ² the ratio of the basic event repair times, t , to the mission time, T, must be small (preferably #0.1); ² the basic event failure rates, l , are very small (preferably #10 23 h 21); ² the product of t and l is very small (preferably #0.1); ² the product of l and T is very small (preferably #0.1); ² t and l must be constant (i.e. the negative exponential distribution must be applied in the quantitative analysis), and failures occur independently.
Table 1 Basic expressions of the Lambda±Tau method Gate
2-Inputs
3-Inputs
l AND
l 1´l 2´[t 1 1 t 2]
l1 ´l2 ´l3 ´[t 2´t 3 1 t 1´t 3 1 t 1´t 2]
n-Inputs 2
3
6n 7 n 6X Y 7 Y 6 7 lj 6 tj 7 6 7 j 4i1 n 5 j 1; i±j
t AND
t1 ´t2 t1 1 t2
t1 ´t2 ´t3 t2 t3 1 t1 t3 1 t1 t2
n Y
2i1
ti 3
6 7 n 6 Y 7 X 6 7 ti 7 6 6 n 7 j1 4 5 i 1; i±j
l OR
l1 1 l2
l1 1 l2 1 l3
n X j1
t OR
l1 t1 1 l2 t2 l1 1 l2
l1 t1 1 l2 t2 1 l3 t3 l1 1 l2 1 l3
lj
n X
lj tj
j1 n X j1
lj
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
5
Table 2 Some reliability parameters for repairable system with constant repair rate model [15] Parameters
Expressions
Mean time to failure
MTTFS
Mean time to repair
MTTRS
Z1 0
Z1 0
tlS e2lS t dt
1 lS
tmS e2lS t dt
1 tS mS
Mean time between failure
MTBFS MTTFS 1 MTTRS
Availability
AS t
mS lS 1 e2 lS 1mS t lS 1 mS lS 1 mS
Unavailability
QS t
lS 1 2 e2 lS 1mS t lS 1 mS
Expected number of failures
WS 0; t
lS mS l2S t1 1 2 e2 lS 1mS t lS 1 mS lS 1 mS 2
Reliability
RS t e2lS t
Unreliability
FS t 1 2 e2lS t
4. Relevant concepts of fuzzy set theory to reliability analysis The failure probabilities of certain components and error probabilities of human operators are usually dependent on experts' engineering judgement rather than on databases that might be insuf®cient and sometimes `obsolete'. However, the judgements of these experts are usually related to their subjectivity. The subjectivity means that the experts cannot estimate these probabilities precisely, exactly and objectively. It is a fact that hardware reliability and human reliability are dependent on environmental conditions and therefore the failure probability and the error probability cannot be physical constant properties. For all practical purposes, they should be modi®ed depending on the environmental conditions. However, it may be dif®cult or even impossible to establish a database to accommodate all the various environmental conditions. It is, therefore, necessary to evaluate the condition in order to modify the failure probabilities and the error probabilities. Usually, the modi®cation is performed by multiplying the probabilities by numerical factors, which often depend on the evaluation of environmental conditions by experts. Hence, the failure and error probabilities, which are estimated by considering the environmental conditions, may not be objective any longer. It may be that subjectivity and fuzziness are latent behind the numerical factors used in modifying the failure and error probabilities. The use of fuzzy methodology in reliability engineering
can be traced back to Kaufmann's [21] work. He introduced the notion of component possibility as a reliability index to replace the notion of component probability. However, he did not explain why the notion of component possibility could be effective and what it exactly meant in engineering and in mathematics. The main work of fuzzy methodology in reliability engineering appeared in 1980s and thereafter. Recently, fuzzy methodology has been widely applied in reliability engineering, e.g. in human reliability [22], hardware reliability [23], software reliability [24], structural reliability [25], etc. In this section, we improve on the existing fuzzy methodology in reliability that is normally based on non-repairable system, to include repairable systems with human components. Zadeh [26] ®rst introduced the fuzzy set theory and used this word to generalise the mathematical concept of the set to one of the fuzzy set. He then theorised that if the available information is such that the uncertain value can be located inside a closed interval, which he called interval of con®dence, then a membership function that maps each element of the interval of con®dence to a value in the interval {0, 1} can be de®ned. 4.1. Fundamentals of fuzzy sets and membership function Classical sets contain objects that satisfy precise properties of membership. Fuzzy sets, on the other hand, contain objects that satisfy imprecise properties of membership, i.e. membership of an object in a fuzzy set can be partial. For classical sets, an element x in a universe U is either a
6
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
member of some crisp set A or it is not. This binary issue of membership can be represented mathematically by the indicator function: ( 1; x [ A; 1 XA x 0; x Ó A:
a -cut of a fuzzy set A~ denoted as A a is the crisp set comprised of all the elements x of a universe of discourse X for which the membership of A~ is greater than or equal to a , that is,
Zadeh [26] extended the notion of binary membership to accommodate various degrees of membership on the real continuous interval {0, 1}, where the endpoints of 0 and 1 conform to no membership and full membership, respectively. Just as the indicator function does for crisp sets, the in®nite number of values in-between the end points can represent various degrees of membership for an element x in some set of the universe U. The sets of the universe U that can accommodate degrees of membership were termed by Zadeh as fuzzy sets. Hence, a fuzzy set can be represented by a functional mapping as
where a is a parameter in the range 0 # x # 1; the vertical bar in Eq. (4) is shorthand for `such that'.
mA~ x [ 0; 1;
2
where mA~ x is the degree of membership of element x in ~ The value fuzzy set A~ or simply membership function of A: mA~ x is on the unit interval that measures the degree to ~ equivalently, we which element x belongs to fuzzy set A; can write ~ mA~ x the degree to which x [ A:
3
The larger mA~ x is, the stronger the degree of belongingness ~ In other words, a fuzzy subset A~ of a universe of for x in A: discourse U {x} is de®ned as a mapping by which x is assigned a number in {0, 1}. This indicates the extent to ~ which x belongs to A: 4.2. The extension principle In order to extend mathematical laws of crisp numbers to fuzzy numbers, it is necessary to use the extension principle. The extension principle was developed by Zadeh [27] and later elaborated by Yager [28] to enable the extension of the domain of a function on fuzzy sets. The extension principle provides the theoretical warranty that fuzzifying the parameters or arguments of a function results in computable fuzzy sets. It plays a fundamental role in translating setbased concepts into their fuzzy set counterparts. Typical examples include arithmetic operations with fuzzy numbers, discussed later. Detailed formulations of the principle may be found in Refs. [27,29]. 4.3. The use of a -cuts ~ we can associate a collection of With any fuzzy set A; ~ An crisp sets known as a -cuts (alpha-cuts) or level sets of A: a -cut is a crisp set consisting of elements of A~ which belong to the fuzzy set at least to a degree a . The concept of a -cuts offers a method for resolving any fuzzy set in terms of constituent crisp sets. Alpha-cuts are indispensable in performing arithmetic operations with fuzzy sets. The
A a {x [ XumA~ x $ a};
4
4.4. Fuzzy numbers and interval arithmetic Fuzzy numbers can be used for handling imprecise information such as `about 5', `high reliability', `low failure rate', etc. Many different membership functions such as the triangular, trapezoidal, normal, gamma, etc. [16] can be used in representing fuzzy numbers. For example, a fuzzy set with triangular membership function may be adequate for representing a term such as `about 5', whereas a fuzzy number with trapezoidal membership function may be used to represent `between 5 and 7'. The basic operations on fuzzy numbers, extended through the extension principle using a -cuts and interval arithmetic, which is the basis for the proposed approach, are discussed next. The roots of computing with fuzzy numbers originated from a branch of mathematics called interval analysis developed to deal with the calculus of tolerances [30]. Brief descriptions of trapezoidal and triangular fuzzy numbers are given below. Let x; a1 ; a2 ; a3 ; a4 [ R (real line) with a1 # a2 # a3 # a4 ; then a fuzzy number is trapezoidal fuzzy number if its membership function mA~ : R ! {0; 1} is equal to 8 x 2 a1 > > ; a1 # x # a2 ; > > a2 2 a1 > > > > < 1; a2 # x # a3 ; mA~ x 5 > a4 2 x > > ; a # x # a ; > 3 4 > a4 2 a3 > > > : 0; otherwise: The quadruplet a1 ; a2 ; a3 ; a4 de®nes a trapezoidal fuzzy number where the interval a2 ; a3 is the most likely values of mA~ x: `a1' and `a4' are the lower and upper bounds of the available area for the evaluation of data. A triangular fuzzy number is a fuzzy number A in R, if its membership function mA~ : R ! {0; 1} is 8 x 2 a1 > > ; a1 # x # a2 ; > > a 2 a1 > < 2 a3 2 x mA~ x 6 > ; a2 # x # a3 ; > > a3 2 a2 > > : 0; otherwise: A triplet a1 ; a2 ; a3 de®nes the triangular fuzzy number where the parameter `a2' gives the maximal grade of mA~ x; i.e. mA~ a2 1; with `a1' and `a3' being the lower and upper bounds of the available area for the evaluation data. A triangular fuzzy number is a special case of
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
7
Fig. 5. A fuzzy triangular number A~ with alpha-cut a .
trapezoidal fuzzy number with a2 a3 : These two fuzzy numbers are the most used in reliability calculations because under certain weak assumptions, they are suitable for the description of the imprecision, vagueness and subjectivity of the data requirements of the hardware failures and human errors. They are also intuitively easy for preparation, evaluation and interpretation of engineering data. A triangular fuzzy number de®ned by a triplet a1 ; a2 ; a3 with a -cuts, A (a ), is de®ned below and shown in Fig. 5:
It should be noted that the multiplication or division of two fuzzy triangular numbers would result in a new fuzzy number whose shape will be considerably changed and no longer having a triangular membership function with linear sides but rather with parabolic sides. From the above basic discussions, the logical AND- and OR-transitions of the PN model using the Lambda±Tau expressions can be formulated.
A a a 1a ; a 3a :
Fuzzy numbers of basic places of PN model over interval of con®dence can be used to account for imprecision and uncertainties in data. Using the extension principle coupled with a -cut and interval arithmetic operations on fuzzy triangular numbers (Eq. (8)), the fuzzy system reliability can be determined through iteration. The application of this approach to the failure rate (l ) and repair time (t ) of the AND- and OR-transition expressions given in Table 2 can be established [31].
7
The a -cut de®nes the interval of con®dence of the triangular number and can be written as A a a2 2 a 1a a 1 a 1a ; 2 a 3a 2 a2 a 1 a 3a :
8
The arithmetic of fuzzy numbers depends on the arithmetic of the interval of con®dence. The four main arithmetic operations on two fuzzy triangular numbers A~ and B~ described by the a -cuts are shown in Table 3 with the following de®nitions: A a A 1a ; A 3a ;
B a B 1a ; B 3a ;
a [ 0; 1:
4.5. Fuzzy expressions for logical AND- and OR-transitions of PN model
4.5.1. AND-transition The interval expressions for the fuzzy triangular number
Table 3 Basic operations of fuzzy numbers, extended through the extension principle Operation
Crisp
Fuzzy
Addition
A1B
A~ 1 B~ A1 a 1 B1 a ; A3 a 1 B3 a
Subtraction
A2B
A~ 2 B~ A1 a 2 B3 a ; A3 a 2 B1 a
Multiplication
A´B
~ B~ A a ´B a ; A a ´B a A´ 1 1 3 3
Division
A4B
A~ 4 B~ A1 a 4 B3 a ; A3 a 4 B1 a
if 0 Ó B1 a ; B3 a
8
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
of the basic places for the failure rate l~ and repair time t~ to AND-transition expressions can be determined from the following: 2
n Y
l a 4
{ li2 2 li1 a 1 li1 }´
i1
n X
2
n Y
4
j1
n Y i1 n X
i1 i±j
n Y
4
j1
i1 i±j
3
i1
{ ti2 2 ti1 a 1 ti1 }5; 9
33
i1 i±j
3
10
7 7 7 7 i1 37 2 7: 7 n n X Y 7 4 { ti2 2 ti1 a 1 ti1 }5 7 5 { 2 ti3 2 ti2 a 1 ti3 }
j1
"
l
n X i1
n X i1
{ li2 2 li1 a 1 li1 }; #
{ 2 li3 2 li2 a 1 li3 } ;
i3
i2
i3
#3
"
{ 2 li3 2 li2 a 1 li3 }´{ ti3 2 ti2 a 1 ti3 } 7 7 7 7 n X 7 5 { li2 2 li1 a 1 li1 }
(12):
i1
4.6.1. Formalisation of linguistic variables The notion of linguistic variable may be regarded as a variable whose values are fuzzy numbers. Linguistic variables can be envisaged in a wider context since they assume values consisting of words or sentences in a language. Zadeh [27] de®ned linguistic variable as being characterised by a quintuple denoted by kY; P Y; X; G; Ml
i1 i±j
4.5.2. OR-transition Similarly, the interval expressions for the fuzzy numbers with triangular membership function of the basic places for the OR-transition can be determined from the following:
a
#
The concept of a linguistic variable is very useful in dealing with situations, which are too complex or ill-de®ned to be reasonably described in conventional quantitative expressions. A linguistic variable is a variable whose values are words or sentences in natural or arti®cial language. For example, `high reliability' is a linguistic variable. Experts' subjective assessments of human error and recovery rates using linguistic variables can be combined with hardware failure rates and repair time in a fuzzy PN model to determine the failure rate and repair time of the TOP place of a system [31].
{ 2 ti3 2 ti2 a 1 ti3 }55:
n 6 Y 6 6 { ti2 2 ti1 a 1 ti1 } 6 6 3; 2 i1 6 6X n 6 n 4Y 6 { 2 ti3 2 ti2 a 1 ti3 }5 4
n Y
"
4.6. Estimating human error and vague information through linguistic variables
2
j1
n X
6 { li2 2 li1 a 1 li1 }´{ ti2 2 ti1 a 1 ti1 } 6 6 ; t a 6 i1 n X 6 4 { 2 l 2 l a 1 l } n X
;a [ [0,1] and
t a
2
i1
{ 2 li3 2 li2 a 1 li3 }´ 2
and
11
13
where Y is the name of the variable, P(Y) the term set of Y whose elements are labels of linguistic values of Y, G generally a grammar for generating Y, M a semantic rule for associating with each label L [ P Y its meaning M(L), which is a fuzzy set on the universe P whose base variable is p and X the universe whose base variable is x. For example, consider a linguistic variable named probability, that is, Y probability; with P {0; 1} and base variable p [ P: The term set associated with probability could be P(probability) {very low, low, fairly low, medium, fairly high, high, very high} where each term in P(probability) is a label of a linguistic value of probability. The meaning M(P) of a label P [ P probability is de®ned to be the constraint P(p) on the base variable p imposed by the name of P. Therefore, M(P) is a fuzzy set of P whose membership function P(p) conveys the semantics of name P. Fig. 6 is a graphical illustration of this concept.
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
9
Fig. 6. Example of a linguistic variable called `probability'.
4.6.2. Aggregation of experts' fuzzy opinions In conducting linguistic assessments for human and vague events such as environmental events, it is normal to obtain a number of experts' opinions. This is necessary because the data on human performance or environmental condition are more or less subjective. These opinions are usually aggregated using mean, median, maximum, minimum or mixed operators. In our work, the average (mean) method of aggregation was used because it is the most commonly used, understandable and appropriate method to use in this case. If we let Aij aij ; bij ; cij represent the triangular fuzzy numbers where i 1; 2; ¼; m; j 1; 2; ¼; n; are the linguistic expressions given to event i, by expert j, then the average equation for aggregating the n experts' opinions in fuzzy number can be de®ned as Mi
1 ^ Ai1 % ¼ % Aim ; n
i 1; 2; ¼; m;
14
where Mi is the resulting average fuzzy number of the event i. Examples utilising the concept of linguistic variables is given in Appendices A and B. 4.7. Defuzzi®cation of fuzzy process output In many engineering applications of fuzzy set theory, it is often required that the output from fuzzy process be represented as crisp value since most of the actions or decisions implemented by humans or machines are crisp or binary. In order to obtain a crisp result from a fuzzy process, it is necessary to convert the fuzzy output to a crisp value. The process of converting a fuzzy quantity to a precise quantity is called defuzzi®cation. There exist many defuzzi®cation techniques such as max-membership principle, centre of area (COA), weighted average, mean±max membership, centre of sum, centre of largest area, etc., which can be used depending on the application. The COA method was selected for this study because it is equivalent to the mean of
data appropriate for reliability calculations. If a fuzzy set mout u can be described with its minimum and maximum interval as u1 ; u2 ; then COA defuzzi®cation u p of mout u can be de®ned as [32] Zu2 u´mout u du u up Z1u2 : 15 mout u du u1
Fig. 7 illustrates the defuzzi®cation u p of the output of a fuzzy number mout u: 5. An illustrative example An example of a fault tree with it data taken from Ref. [9] is converted into a PN model as shown in Fig. 8. The data for the components are: lA lB lC lD 1023 failure h21 ; tA tB tC tD 5 h and mission time t 100 h: We required to determine the reliability parameters for the TOP place. The minimal cut and path sets generated using the matrix method described in Section 2.2 are {AC, AD} and {A, CD}, respectively. 5.1. Developing fuzzy numbers from reliability data Reliability data in most databases are reported on a con®dence interval basis together with the mean (crisp) value. If this is the case, the mean value is said to be the most probable representation of the measured or observed event. When such data is reported for a basic event (place), it is simply a matter of representing the triplet of the fuzzy triangular number (a1, a2, a3) with the lower, mean and upper values of the data at 0, 1.0, and 0 membership values. When the lower and upper limits are not given, the analyst may have to choose the lower and upper limits of the fuzzy triangular numbers from his/her engineering experience. In this case, a bias could be introduced by the designer or engineer with
10
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Fig. 7. Defuzzi®cation of a fuzzy set m out(u) by the COA method.
regard to the type of use and component operating environment. For this example, we chose a ^15% spread of the crisp values to obtain the lower and upper limits at 0 membership value and the crisp value at 1.0 membership of the triangular fuzzy number. Other percentages values such as ^25 and ^50% were applied to the crisp values to obtain the lower and upper limits of the fuzzy triangular numbers.
given above (see Fig. 9), the various intervals of the input fuzzy triangular number corresponding to the a 's can be determined utilising the method of similar triangles and Eq. (8). After the input fuzzy triangular numbers are determined, they can be used in Eqs. (9)±(12) to determine the TOP place utilising the minimal cut set principle. First, we determine the failure rate (l ) as follows:
5.2. Hand calculating the Lambda and Tau values of the TOP place
1. li1(0) (AND) (8.5 £ 10 24)(8.5 £ 10 24)(4.25 1 4.25) 6.141 £ 10 26 using Eq. (9) for the two components of minimal cut set {AC} and {AD}, hence,
Using a 0; 0:1; and 1 with ^15% spread of the crisp values as the lower and upper limits for the l and t values
For a 0; we have for lower limit l 0 i1 ;
l1(0)(OR) 6.141 £ 10 26 1 6.141 £ 10 26 1.2283 £ 1025
Fig. 8. PN model, for example.
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
11
Fig. 9. Input data represented as fuzzy triangular numbers.
using Eq. (11) for the union of both minimal cut sets {AC} and {AD}, i.e. the TOP place. Similarly, for the crisp value, li2 li1 hence, for the two components (A and C), with a 1; we have for the crisp value l 1 i2 ; 2.
li2(1)(AND)
23
23
similarly for {AD}, hence, 6:141 £ 1026 1:5706 1 6:141 £ 1026 1:5706 1:521 £ 1025 1 1:521 £ 1025
t 0 1 OR
0:6341 TOP place:
25
(10 )(10 )(5 1 5) 10 (cut sets), l 1 OR 1025 1 1025 2:0 £ 1025 (TOP place). 2
For a 0; we have for the upper limit l 0 i3 ; 3. li3(0) (AND) (1.15 £ 10 23)(1.15 £ 10 23)(5.75 1 5.75) 1.521 £ 1025 (cut sets), l3(0) (OR) 1.521 £ 10 25 1 1.521 £ 1025 3.042 £ 10 25 (TOP place). 4. l i1(0.1) (AND) (8.65 £ 10 24 )(8.65 £ 10 24 )(4.325 1 4.325) 6.472 £ 10 26 (cut sets), l1(0.1) (OR) (6.472 £ 10 26 1 6.472 £ 1026) 1.2944 £ 1025 (TOP place). 5. li3(0.1) (AND) (1.135 £ 10 23)(1.135 £ 10 23)(5.675 1 5.675) 1.4621 £ 1025 (cut sets), l 3(0 . 1) (OR) (1.4621 £ 10 2 5 1 1.4621 £ 10 2 5 ) 2.924 £ 1025 (TOP place).
7. t 1 i2 AND 5:0 5:0= 5:0 1 5:0 2:5 (cut sets),
t 1 2 OR
2:5 TOP place: AND 5:75 5:75= 4:25 1 4:25 3:8897 (cut 8. sets),
t 0 i3
t3 0 OR
1:521 £ 1025 3:8897 1 1:521 £ 1025 3:8897 6:141 £ 1026 1 6:141 £ 1026
9:6336 TOP place: 9. t 0:1 AND 4:325 4:325= 5:675 1 5:675 1:648 i1 (cut sets),
Similarly, we determine the repair time (t ) as follows: 6. ti1(0) (AND) (4.25)(4.25)/(5.75 1 5.75) 1.5706 using Eq. (10) for two components of minimal cut set {AC} and
1025 2:5 1 1025 2:5 1025 1 1025
t1 0:1 OR
6:472 £ 1026 1:648 1 6:472 £ 1026 1:648 1:4621 £ 1025 1 1:4621 £ 1025
0:7295 TOP place:
12
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Table 4 Fuzzy TOP place parameters Degree of Membership
Failure rate (failures h 21) Left spread
Right spread 25
1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
Repair time (hour)
2.0000 £ 10 1.9114 £ 10 25 1.8253 £ 10 25 1.7420 £ 10 25 1.6612 £ 10 25 1.5829 £ 10 25 1.5071 £ 10 25 1.4338 £ 10 25 1.3629 £ 10 25 1.2944 £ 10 25 1.2283 £ 10 25
Left spread 25
2.0000 £ 10 2.0914 £ 10 25 2.1855 £ 10 25 2.2823 £ 10 25 2.3820 £ 10 25 2.4846 £ 10 25 2.5901 £ 10 25 2.6985 £ 10 25 2.8099 £ 10 25 2.9243 £ 10 25 3.0418 £ 10 25
2.5000 2.1802 1.9074 1.6653 1.4533 1.2677 1.1052 9.6295 £ 10 21 8.3846 £ 10 21 72952 £ 10 21 6.3422 £ 10 21
Right spread 2.5000 2.8610 3.2737 3.7455 4.2851 4.9025 5.6093 6.4189 7.3468 8.4111 9.6328
1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
MTBF (h) 5.0002 £ 10 4 4.7818 £ 10 4 4.5759 £ 10 4 4.3817 £ 10 4 4.1982 £ 10 4 4.0249 £ 10 4 3.8610 £ 10 4 3.7059 £ 10 4 3.5590 £ 10 4 3.4197 £ 10 4 3.2876 £ 10 4
5.0002 £ 10 4 5.2322 £ 10 4 5.4787 £ 10 4 5.7410 £ 10 4 6.0203 £ 10 4 6.3180 £ 10 4 6.6357 £ 10 4 6.9749 £ 10 4 7.3378 £ 10 4 7.7263 £ 10 4 8.1426 £ 10 4
ENOF 1.9999 £ 10 23 1.9112 £ 10 23 1.8252 £ 10 23 1.7418 £ 10 23 1.6610 £ 10 23 1.5827 £ 10 23 1.5069 £ 10 23 1.4336 £ 10 23 1.3627 £ 10 23 1.2941 £ 10 23 1.2279 £ 10 23
1.9999 £ 10 23 2.0913 £ 10 23 2.1854 £ 10 23 2.2823 £ 10 23 2.3820 £ 10 23 2.4845 £ 10 23 2.5900 £ 10 23 2.6984 £ 10 23 2.8098 £ 10 23 2.9242 £ 10 23 3.0417 £ 10 23
1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
Availability 9.999500 £ 10 21 9.999402 £ 10 21 9.999285 £ 10 21 9.999145 £ 10 21 9.998980 £ 10 21 9.998782 £ 10 21 9.998547 £ 10 21 9.998268 £ 10 21 9.997936 £ 10 21 9.997540 £ 10 21 9.997070 £ 10 21
9.999500 £ 10 21 9.999583 £ 10 21 9.999652 £ 10 21 9.999710 £ 10 21 9.999759 £ 10 21 9.999799 £ 10 21 9.999834 £ 10 21 9.999862 £ 10 21 9.999886 £ 10 21 9.999906 £ 10 21 9.999922 £ 10 21
Unavailability 4.999751 £ 10 25 2.69759 £ 10 24 1.61901 £ 10 24 9.73823 £ 10 25 5.86701 £ 10 25 3.53813 £ 10 25 2.13311 £ 10 25 1.28234 £ 10 25 7.64597 £ 10 26 4.47547 £ 10 26 2.52352 £ 10 26
4.999751 £ 10 25 5.983224 £ 10 25 7.154279 £ 10 25 8.548192 £ 10 25 1.020693 £ 10 24 1.218042 £ 10 24 1.452811 £ 10 24 1.732089 £ 10 24 2.064327 £ 10 24 2.459622 £ 10 24 2.930041 £ 10 24
1.0 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0.0
Reliability 9.980020 £ 10 21 9.979109 £ 10 21 9.978169 £ 10 21 9.977202 £ 10 21 9.976208 £ 10 21 9.975185 £ 10 21 9.974133 £ 10 21 9.973052 £ 10 21 9.971941 £ 10 21 9.970800 £ 10 21 9.969628 £ 10 21
9.980020 £ 10 21 9.980905 £ 10 21 9.981763 £ 10 21 9.982595 £ 10 21 9.983402 £ 10 21 9.984183 £ 10 21 9.984940 £ 10 21 9.985672 £ 10 21 9.986380 £ 10 21 9.987064 £ 10 21 9.987725 £ 10 21
Unreliability 1.998007 £ 10 23 1.909494 £ 10 23 1.823664 £ 10 23 1.740456 £ 10 23 1.659811 £ 10 23 1.581669 £ 10 23 1.506031 £ 10 23 1.432836 £ 10 23 1.362026 £ 10 23 1.293600 £ 10 23 1.227498 £ 10 23
1.998007 £ 10 23 2.089143 £ 10 23 2.183080 £ 10 23 2.279758 £ 10 23 2.379179 £ 10 23 2.481520 £ 10 23 2.586722 £ 10 23 2.694845 £ 10 23 2.805889 £ 10 23 2.919972 £ 10 23 3.037155 £ 10 23
10. t 0:1 AND 5:675 5:675= 4:325 1 4:325 i3 3.7232 (cut sets), t 0:1 OR 3
1:4621 £ 1025 3:7232 1 1:462 £ 1025 3:7232 6:672 £ 1026 1 6:472 £ 1026
8:4111 TOP place:
The rest of the a -cuts can be determined similarly. The complete computer solution to this example is tabulated in Table 4. Eq. (15) was used for defuzzifying the failure rate and repair time with the results as: l 2:0678 £ 1025 failure h21 and l 3:8191 h: The crisp results are l 2:0 £ 1025 failure h21 and t 2:5 h: From the expressions of Eqs. (9)±(12), it is obvious that
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
13
Fig. 10. Fuzzy reliability parameters of the TOP place.
hand calculation for few basic events within a cut set with different failure rates and repair times could be very tedious and error prone. It is practically impossible to do hand calculations for several basic events within cut sets with different failure rates and repair times. Hence, software was developed to do all the calculations including the generation of the minimal cut and path sets, and the defuzzi®cation of the fuzzy failure rate and repair time values of the TOP place. 5.3. Determination of reliability parameters After defuzzifying failure rate and repair time values for the TOP place of the system, they can be used in determin-
ing a number of quanti®able parameters such as the unavailability, expected number of failures (ENOF), etc. of the TOP place. In this example, the mean time between failures (MTBF), availability, unavailability, ENOF, reliability and unreliability were determined for the system's TOP place using the given mission time of 100 h. The results of the generated minimal cut and path sets together with the quantitative solution can be used in setting up condition monitoring and maintenance planning of the system or plant. 5.4. Results The results of the fuzzy reliability parameters based on
14
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Table 5 Output values of reliability parameters for the TOP place of the PN model Reliability parameters
Crisp value
Defuzzi®ed value of the 15% spread on the crisp value
Defuzzi®ed value of the 25% spread on the crisp value
Defuzzi®ed value of the 50% spread on the crisp value
Repair time (h) Failure rate (h 21) MTBF Unavailability Availability ENOF Reliability Unreliability
2.50000 2.00000 £ 10 25 5.00015 £ 10 4 4.99975 £ 10 24 9.99950 £ 10 21 1.99990 £ 10 23 9.98002 £ 10 21 1.99801 £ 10 23
3.81913 2.06781 £ 10 25 4.83642 £ 10 4 7.89660 £ 10 25 9.99921 £ 10 21 2.06765 £ 10 23 9.97934 £ 10 21 2.06567 £ 10 23
7.33372 2.18877 £ 10 25 4.56951 £ 10 4 1.60493 £ 10 24 9.99840 £ 10 21 2.18842 £ 10 23 9.97814 £ 10 21 2.18638 £ 10 23
7.65884 £ 10 1 2.76250 £ 10 25 3.62757 £ 10 4 2.11129 £ 10 23 9.97241 £ 10 21 2.75666 £ 10 23 9.97241 £ 10 21 2.75868 £ 10 23
^15% spread on the crisp input data and their corresponding lower and upper limits are shown in Table 4 and plotted in Fig. 10. The crisp and the defuzzi®ed values of the three different spreads on the crisp values are tabulated in Table 5. The crisp value does not change irrespective of the spread chosen. As is evident in Table 5, the defuzzi®ed value increases as the percentage of the spread increases for MTTR, MTTF, unavailability, ENOF, and unreliability. At the same time, the defuzzi®ed value decreases as the percentage of spread increases for MTBF, availability and reliability. This means that the values obtained through the fuzzy methodology are conservative in nature, which may be bene®cial for plant maintenance managers in terms of performing maintenance. For example, maintenance may be based on the defuzzi®ed MTBF value instead of the crisp MTBF value. In this case, maintenance can be performed any time on or after the defuzzi®ed MTBF and before the crisp MTBF. Depending on the percentage of spread used (above ^50%), an overestimation of the parameters may result. Hence, selection of the spread on the crisp value for fuzzy input data should be used with great care and knowledge of the system, its available data and environment of operation. 6. Conclusions The methodology proposed in this paper can be applied to any repairable technical system or plant. The development of fuzzy numbers from available data on components and using fuzzy possibility theory to de®ne membership functions can greatly increase the relevance of the reliability study. The use of fuzzy arithmetic in the PN model increases the ¯exibility for application to various systems and conditions. In addition, it allows the use of fewer data, if data is scarce, or use many data range from many sources as is possible for the systems being studied. A bias can also be introduced by the designer or engineer when assigning membership function values to more accurately re¯ect the environment in which the system will operate. This fuzzy reliability methodology has important implications for
management with respect to plant maintenance and operation. With reduced MTBF, a safe interval between maintenance is established and inspections may be conducted long before the crisp estimation is reached. Similarly, with increased repair time, a reduced availability that is more conservative than that of the crisp value can be realised. The overall bene®ts for the methodology, however, include (i) the ability to model and deal with highly complex systems (because fuzzy sets can deal easily with approximations), (ii) the ability to model systems involving multiple experts (since fuzzy sets are well suited to representing multiple cooperating, collaborating and even con¯icting experts), (iii) improve handling of uncertainties and possibilities (because fuzzy logic provides a better, more consistent, and more mathematically sound method of handling uncertainties in data than conventional methods, such as, Bayesian statistics). The most important bene®t of all is, one can obtain both the crisp, fuzzy and the defuzzi®ed results for even the most highly complex integrated systems with few data. Acknowledgements The authors would like to thank the editor-in-chief and the referees whose valuable comments have in¯uenced the quality of this paper. The authors would also like to thank the MIRCE Akademy for its support on this project. Appendix A. Computing human error and recovery rates with linguistic variables The triangular and trapezoidal membership functions of the linguistic fuzzy numbers for the human error and recovery rates can be expressed as shown below and illustrated in Fig. 11. The crisp human error and recovery time data used were taken from Ref. [33] and is presented in Table 6 with the subscripts of the membership functions indicated.
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
15
Fig. 11. Fuzzy numbers representing linguistic values.
1. Recovery time (t ): 8 1; > > > < 0:06 2 t mENS t ; > 0:02 > > : 0;
2. Error rate (l ):
0:04 , t # 0:06; otherwise:
8 t 2 0:05 > > ; > > > < 0:05 mINS t mEUS t 0:15 2 t > ; > > 0:05 > > : 0; 8 t 2 0:075 > > ; > < 0:075 mIUS t 1; > > > : 0;
8 1; > > > < 0:1875 2 l mENS l ; > 0:0625 > > : 0;
0 , t # 0:04;
8 l 2 0:250 > > ; > > > < 0:250 mINS l 0:750 2 l > ; > > 0:250 > > : 0;
0:05 , t # 0:10; 0:10 , t # 0:15; otherwise:
8 l 2 1:650 > > ; > < 1:650 mIUS l 1; > > > : 0;
0:075 , t # 0:15; 0:15 , t # 0:25; otherwise:
Table 6 Human error rates and recovery time estimate Human performance
Error rate, l (h 21)
Recovery time, t (h)
Experienced and under no stress (ENS) Inexperienced and under no stress (INS) Experienced and under stress (EUS) Inexperienced and under stress (IUS)
0.125 0.500 2.000 3.300
0.04 0.10 0.10 0.15
0 , l # 0:125; 0:125 , l # 0:1875; otherwise: 0:250 , l # 0:500; 0:500 , l # 0:750; otherwise:
1:650 , l # 1:650; 3:300 , l # 5:000; otherwise:
16
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17
Fig. 12. The aggregation process for the human recovery time.
Appendix B. Numerical illustration of aggregation of experts' fuzzy opinions Consider, for example, the basic event (place), `operator fails to operate an emergency lever'. The established membership functions in Appendix A, are used for determining the aggregated values for the human error (failure) rate and recovery (repair) time to be used in the PN model. Let say, for example, ®ve experts suggested the performance of the human operator as follows: EUS, EUS, IUS, IUS and INS. Using the membership functions de®ned in Appendix A, we determine the recovery time (t ) aggregation as shown below: 8 t 2 0:05 > > ; > > > < 0:05 mINS t mEUS t 0:15 2 t > ; > > 0:05 > > : 0;
0:05 , t # 0:10; 0:10 , t # 0:15; otherwise:
and the linguistic value IUS is 8 t 2 0:075 > > ; 0:075 , t # 0:15; > < 0:075 mIUS t 1; 0:15 , t # 0:25; > > > : 0; otherwise: After converting each expert's linguistic ratings into fuzzy numbers, the aggregated fuzzy number of the recovery time for operator fails to operate emergency equipment
is
8 t 2 0:055 > > ; > > 0:055 > > > < 1; mM t > 0:170 2 t > > ; > > 0:040 > > : 0;
0 , t # 0:110; 0:110 , t # 0:130; 0:130 , t # 0:170; otherwise:
This process is shown diagrammatically in Fig. 12. The error rate can be obtained in a similar fashion. After obtaining the fuzzy human error rate and the recovery time (in trapezoidal membership function), it can approximated into a triangular membership function and use with the other triangular numbers in the PN model just as if they are hardware failure rates and repair times. References [1] Kumar V, Aggarwal KK. Petri net modelling and reliability evaluation of distributed processing systems. Reliability Engineering and System Safety 1993;41:167±76. [2] Hura GS, Atwood JW. The use of Petri nets to analyze coherent fault trees. IEEE Transactions on Reliability 1988;375:469±74. [3] Bobbio A. System modelling with Petri nets. In: Colombo AG, Saiz de Bustamante A, editors. System reliability assessment, Proceedings of the ISPRA Course held in Madrid, 1988. [4] Liu TS, Chiou SB. The application of Petri nets to failure analysis. Reliability Engineering and System Safety 1997;57:129±42. [5] Viswanadham N. Reliability of computer and control system. New York: Elsevier, 1987. [6] Leveson NG, Stolzy JL. Safety analysis using Petri nets. IEEE Transactions on Software Engineering 1987;133:386±97.
J. Knezevic, E.R. Odoom / Reliability Engineering and System Safety 73 (2001) 1±17 [7] Shabalin AN. Generation of models for reliability growth. Proceedings of the Annual Reliability and Maintenance Symposium, New York: IEEE Press, 1992. p. 299±302. [8] Misra KB. Reliability analysis and prediction: a methodology oriented treatment. Amsterdam: Elsevier, 1992. [9] Dhillon BS, Singh C. Engineering reliability: new techniques and applications. New York: Wiley, 1981. [10] Cai KY. Fuzzy reliability theories. Fuzzy Sets and Systems 1991;40:510±1. [11] Chen SM. Fuzzy system reliability analysis using fuzzy number arithmetic operations. Fuzzy Sets and Systems 1994;64:31±38. [12] Cheng CH, Mon DL. Fuzzy system reliability analysis by interval of con®dence. Fuzzy Sets and Systems 1993;56:29±35. [13] Singer D. Fuzzy set approach to fault tree and reliability analysis. Fuzzy Sets and Systems 1990;34:145±55. [14] Sugeno M, Onisawa, T, Nishiwaki Y. A new approach based on fuzzy sets concepts to fault tree analysis and diagnosis of failure at nuclear power plants. In: Proceedings of the IAEA Symposium on Diagnosis of Failure and Response to Abnormal Occurrences at Nuclear Power Plants, 1984 June 12±15; Dresden. [15] Tanaka H, Fan LT, Lai FS, Toguchi K. Fault tree analysis by fuzzy probability. IEEE Transactions on Reliability 1983;R-32:453±7. [16] Mon DM, Cheng CH. Fuzzy system reliability analysis for components with different membership functions. Fuzzy Sets and Systems 1994;64:145±57. [17] Cai KY. Introduction to fuzzy reliability. Boston: Kluwer Academic Publishers, 1996. [18] Lin CT, Wang MJ. Hybrid fault tree analysis using fuzzy sets. Reliability Engineering and System Safety 1998;58:205±13. [19] Petri CA. Communication with automata. Doctoral Thesis. University of Bonn; 1962. Technical Report (English) RADC-TR-65-377. Grif®s (NY): Rome Air Development Center; 1966.
17
[20] Henley J, Kumamoto H. Probabilistic risk assessment. New York: IEEE Press, 1992. [21] Kaufmann A. Introduction to the fuzzy subset, vol. 1. New York: Academic Press, 1975. [22] Karwowski W, Mital A, editors. Applications of fuzzy set theory in human factors Amsterdam: Elsevier, 1986. [23] Cai KY. Fuzzy reliability theories. Fuzzy Sets and Systems 1991;40:510±1. [24] Bastani FB, Ramamoorthy CV. Input-domain-based models for estimating the correctness of process control program. In: Serra A, Barlow RE, editors. Theory of reliability, Amsterdam: NorthHolland, 1986. p. 321±78. [25] Shiraishi N, Furuta H. Reliability analysis based on fuzzy probability. Journal of Engineering Mechanism 1983;109:1445±59. [26] Zadeh LA. Fuzzy sets. Information and Control 1965;8:338±53. [27] Zadeh LA. The concept of a linguistic variable and its application to approximate reasoning, Part I. Information Sciences 1975;8:199±249. [28] Yager RR. A characterization of the extension principle. Fuzzy Sets and Systems 1986;18:205±17. [29] Dubois D, Prade H. Fuzzy sets and systems: theory and applications. Boston: Academic Press, 1980. [30] Moore R. Interval analysis. Englewood Cliffs, NJ: Prentice-Hall, 1966. [31] Odoom ER. A methodology for operational reliability programme development and assessment with application to ship propulsion plants. PhD Thesis. Exeter (UK): University of Exeter; 2000. [32] Ross TJ. Fuzzy logic with engineering applications. New York: McGraw-Hill, 1995. [33] Raafat HMN. The quanti®cation of risk in system design. Journal of Engineering for Industry 1983;105:223±33.