3.3 Analytic Development of Reliability and Performance in Engineering Design 143
presence of non-linear properties (for example, in the modelling of performance
characteristics of relief valves, non-return valves, end stops, etc.).
Secondly, the solutions may be very specific. They are typically produced for
a system at a certain pressure, flow, load condition, etc. In engineering design, and
in particular in the FMEA, it is common not to know the precise values of quantities,
especially in the early design stag es. It would thus be more intuitive to be able to
relate design criteria in terms of ranges of values, as considered in the labelled
interval calculus method for system performance measures.
b) Order of Magnitude
The problem of how to address complicated failure modes can be approached
through order of magnitude reasoning, developed by Raiman (1986) and extended
by Mavrovouniotis and Stephanopoulis (Mavrovouniotis et al. 1988). Order of
magnitude is primarily concerned with considering the relative sizes of quantities.
A variable in this formalismrefers to a specific physicalquantity with known dimen-
sions but unknown numerical values. The fundamental concept is that of a link—the
ratio of two quantities, only one of which can be a landmark. Such a landmark is
a variable with known (and constant) sign and value. There are seven possible prim-
itive relations between these two quantities:
A << BAis much smaller than B
A − < BAis moderately smaller than B
A ∼< BAis slightly smaller than B
A == BAis exactly equal to B
A >∼ BAis slightly larger than B
A > − BAis mode rately larger than B
A >> BAis much larger than B.
The formalism itself involves representing these primitives as real intervals centred
around unity (which represents exact equality). They allow the data to be repre-
sented either in terms of a precise value or in terms of intervals, depending upon the
information available and the problem to be solved. Hence, the algorithmic model
will encapsulate all the known features of the system b eing simulated. Vagueness

is introduced only by lack of knowledge in the initial conditions. A typical analysis
will consist of asking questions of the form:
• What happens if the p ressure rises significantly higher than the operating pres-
sure?
• What is the effect of the flow significantly being reduced?
c) Qualitative Simulation
Qualitative methods have been devised to simulate physical systems whereby quan-
tities are represented by their sig n only, and differential equations are rein terpreted
144 3 Reliability and Performance in Engineering Design
as logical predicates. The simulation involves finding values that satisfy these con-
straints (de Kleer et al. 1984).
This work was further developedto represent the quantities by intervals and land-
mark values (Kuipers 1986). Collectively, variables and landmarks are described as
the quan tities of the system. The latter represent important values of the quantities
such as maximum pressure, temperature, flow, etc.
The major drawback with these methods is that the vagueness of the input data
leads to ambigu ities in the predictions of system behaviour, whereby many new
constraints can be chosen that correspond to many physical solutions. In general,
it is not possible to deduce which of the myriad of solutions is correct. In terms of
FMEA, this would mean there could be a risk of failure effects being generated that
are a result of the inadequacy of the algorithm, and not of a particular failure mode.
d) Fuzzy Techniques
Kuiper’s work was enhanced by Shen and Leitch (Shen et al. 1993) to allow for
fuzzy intervals to be used in fuzzy simulation.
In qualitative simulation, it is possible to describe quantities (such as pressure)
as ‘low’ or ‘high’. However, typical of engineering systems, these fuzzy intervals
may be divided by a land mark representing some critical quantity, with consequent
uncertainty where the resulting point should lie, as ‘low’ and ‘high’ are not absolute
terms.
The concept of fuzzification allows the boundary to be blurred, so that for a small

range of values, the quantity could be described as both ‘low’ and ‘medium’. The
problem with this approach (and with fuzzy simulation algorithms in general) is that
it introduces further amb iguity.
For example, it has been found that in the dynamic simulation of an actuator,
there are 19 possible values for the solution after only three steps (Bull et al. 1995b).
This result is even worse than it appears, as the process of fuzzification removes the
guarantee of convergingon a physical solution. Furthermore, it has been shown that
it is possible to develop fuzzy Euler integration that allows for qualitative states to be
predicted at absolute time poin ts. This solves some of the problems but there is still
ambiguity in predicted behaviour of the system (Steele et al. 1996, 1997; Coghill
et al. 1999a,b).
3.3.2.3 Qualitative Reasoning in Failure Modes and Effects Analysis
It would initially appear that qualitative reasoning algorithms are not suitable for
FMEA or FMECA, as this formalism of analysis requires unique predictions of
system behaviour. Although some vagueness is permissible due to uncertainty,it
cannot be ambiguous, and ambiguity is an inherent feature of computational quali-
tative reasoning. I n orde r, then, to consider the feasibility of qualitative reasoning in
FMEA and FMECA without this resulting in ambiguity, it is essential to investigate
further the concept o f uncertainty in engineering design analysis.
3.3 Analytic Development of Reliability and Performance in Engineering Design 145
a) The Concept of Uncertainty in Engineering Design Analysis
Introducing the concept of uncertainty in reliability assessment by utilising the tech-
niques of FMEA and FMECA requires that some issues and concepts relating to the
physical system being designed must first be considered.
A typical engineering design can be defined using the concepts introduced by
Simon (1981), in terms of its inner and outer environment, whereby an interface
between the substance and organisation of the design itself, and the surroundings in
which it o perates is defined. Th e design engineer’s task is to establish a complete
definition of the design and, in ma ny cases, the manufacturing details (i.e. the inner
environment) that can cope with supply and delivery (i.e. the outer environment) in

order to satisfy a predetermined set of design criteria. Many of the issues that are
often referred to as uncertainty are related to the ability of the design to meet the
design criteria, and are due to characteristics associated with both the innerand outer
environments (Batill et al. 2000). This is especially the case when several systems
are integrated in a complex process with multiple (often co nflicting) char acteristics.
Engineering design is associated with decisions based upon information related
to this interface, which considers uncertainty in the complex integration of systems
in reality, compared to the concept of uncertainty in systems analysis and modelling.
From the perspective of the designer, a primary concern is the source of variations
in the inner environment, and the need to reduce these variations in system perfor-
mance throughdecisions made in the design process. The designer is also concerned
with how to reduce the sensitivity of the system’s performance to variations in the
outer environment (Simon 1981). Furthermore, from the designer’s perspective, the
system being designed exists only as an abstraction, and any information related to
the system’s characteristics or behaviour is approximate prior to its physical reali-
sation. Dealing with this incomplete description of the system, and the appr oximate
nature of the information associated with its characteristics and behaviour are key
issues in the design process (Batill et al. 2000).
The intention, however, is to focus on the integrity of engineering design using
the extensive capabilities now available with modelling and digital computing. With
the selection of a basic concept of the system at the beginning of the conceptual
phase of the engineering design process, the next step is to identify (though not
necessarily quantify) a finite set of design variables that will eventually be used to
uniquely specify the design. The identification and quantification o f this set of de-
sign variables are central to, and will evolve with the design throughout the design
process. It is this quantitative description of the system, b ased upon information
developed, using algorithmic models or simulation, that becomes the focus of pre-
liminary or schematic design.
Though there is great benefit in providing quantitative descriptions as early in
the design process as possible, this depends upon the availability of knowledge, and

the level of analysis and mode lling techniq ues related to the design . As the level of
abstraction of the design changes, and more and more detail is required to define it,
the number o f design variables will grow consid erably. Design variables typically
are associated with the type of material used and the geometric d escription of the
146 3 Reliability and Performance in Engineering Design
system(s) beingdesigned.Eventually,duringthe detail design phase ofthe engineer-
ing design process, the designer will be required to specify (i.e. quantify) the design
variables representing the sy stem. This specification often takes the form of detailed
engineering drawings that include materials information and all the necessary geo-
metric information needed for fabrication, including manufacturing tolerances.
Decisions associated with quantifying (or selecting) the design variables are usu-
ally based upon an assessment of a set of behavioural variables, also referred to as
system states. The behavioural variables or system states are used to describe the
system’s characteristics. The list of these characteristics also increases in detail as
the level of abstraction of the system decreases.
The behavioural variables are used to assess the suitability of the design, and are
based upon information obtained from several primary sources during the design
process:
• Archived experience
• Engineering analysis (such as FMEA and FMECA)
• Modelling and simulation.
Interpolating or extrapolating fro m information on similar design concepts can pro-
vide the designer with sufficient confidence to make a decision based upon the suc-
cess of earlier, similar designs. Often, this type of information is incorporated into
heuristics (rules-of-thumb),design handbooksor design guidelines. Engineers com-
monly gather experiential information from empirical data or knowledge bases. The
use of empirical information requires the designer to make numerous assumptions
concerning the suitability of the available information and its applicability to the
current situation. There are also many decisions made in the design process that
are based upon individual or corporate experience that is not formally archived in

a database.
This type of information is very valuable in the design of systems that are pertur-
bations (evolutionary designs) of existing successful designs, but has severe limita-
tions when considering the design of new or revolutionary designs. Though it may
be useful information, in a way that will assist in assessing the risk associated with
the entire design—which is usually not possible, it tends to compound the problem
related to the concept of uncertainty in the engineering design process.
The second type of information available to the designer is based upon analy-
sis, mathematical modelling and simulation. As engineering systems become more
complex, and greater demands are placed upon their performance and cost, this
source of information becomes even more important in the design process. How-
ever, the information provided by analysis such as FMEA and FMECA carries with
it a significant level of uncertainty, and the use of such information introduces an
equal level of risk to the decisions made, which will affect the integrity of the de-
sign. Quantifying uncertainty, and understanding the significant impact it has in the
design process, is an important issue that requires specific consideration, especially
with respect to the increasing complexity of engineering designs.
A further extension to the reliability assessment technique of FMECA is there-
fore considered that includes the appropriate representation of uncertainty and
3.3 Analytic Development of Reliability and Performance in Engineering Design 147
incompleteness of information in available knowledge. The main consideration of
such an approach is to provide a qualitative treatment of uncertainty based on pos-
sibility theory and fuzzy sets (Zadeh 1965). This allows for the realisation of failure
effects and overall consequences (manifestations) that will be more or less certainly
present (or absent), and failure effects and consequences that could be more or less
possibly present (or absent) when a particular failure mode is identified. This is
achieved by means of qualitative uncertainty calculus in causal matrices, based on
Zadeh’s possibility measures (Zadeh 1979), and their dual measures of certainty (or
necessity).
b) Uncertainty and Incompleteness in Available Knowledge

Available knowledge in engineering design analysis (specifically in the reliability
assessment techniques of FMEA and FMECA) can be considered from the point of
view of behavioural knowledge and of functional knowledge. These two aspects are
accordingly described:
i) In behavioural knowledge: expressing the likelihood of some or other expected
consequences as a result of an identified failure mode. Information about likeli-
hood is generally qualitative, rather than quantitative. Included is the concept of
‘negative information’, stating that some consequences cannot manifest, or are
almost impossible as consequences of a hypothesised failure mode. Moreover,
due to incompleteness of the knowledge, distinction is m ade between conse-
quences that are more or less sure, and those that are only possible.
ii) In functional knowledge: expressing the functional activities or work that sys-
tems and equipment are designed to perform. In a similar way as in the b e-
havioural knowledge, the propagation of system and equipment functions are
also incomplete and uncertain. In order to effectivelycapture uncertainty, a qual-
itative approach is more approp riate to the available information than a quanti-
tative one.
In the following paragraphs, an overview is given of various concepts and theory
for qu alitatively modelling uncertainty in engineering design.
3.3.2.4 Overview of F uziness in Engineering Design Analysis
In the real world there exists knowledge that is vague, uncertain, ambiguous or
probabilistic in nature, termed fuzzy knowledge. Human thinking and reasoning fre-
quently involves fuzzy knowledge originating from inexact concepts and similar,
rather than identical experiences. In complex systems, it is very difficult to answer
questions on system behaviour because they generally do not have exact answers.
Qualitative reasoning in engineering design analysis attempts n ot only to give such
answers but also to describe their reality level, calculated from the uncertainty and
imprecisionof facts that are applicable.The analysisshould also be able to copewith
148 3 Reliability and Performance in Engineering Design
unreliable and incomplete information and with different expert opinions. Many

commercial expert system tools or shells use d ifferent approaches to handle uncer-
tainty in knowledge or data, such as certainty factors (Shortliffe 1976) and Bayesian
models (Buchanan et al. 1984), but they cannot cope with fuzzy knowledge, which
constitutes a very significant part of the use of natural language in design analysis,
particularly in the early pha ses of the engineering design pro cess.
Several computer automated systems support some fuzzy reasoning, such as
FAULT (Whalen et al. 1982), FLOPS (Buckley et al. 1987), FLISP (Sosnowski
1990) and CLIPS (Orchard 1998), though most of these are developed from high-
level languages intended for a specific application.
Fuzziness and Probability
Probability and fu zziness are related but different concepts. Fuzziness is a typ e of
deterministic uncertainty. It describes the eventclass ambiguity. Fuzziness measures
the degree to which an event occurs, not whether it does occur. Pr obability arises
from the question whether or not an event occurs, and assumes that the event class
is crisply defined and that the law of non-contradiction holds. However, it would
seem more appropriate to investigate the fuzziness of probability, rather than dismiss
probability as a sp ecial case of fu zziness. In essence, whenever th e outcome of an
event is difficult to compute, a probabilistic approach may be used to estimate the
likelihood of all possible outcomes belonging to an event class. Fuzzy probability
extends the traditional notion of probability when there are outcomes that belong
to several event classes at the same time but at different degrees. Fuzziness and
probability are orthogonal concepts that characterise different aspects o f the same
event (Bezdek 1993).
a) Fuzzy Set Theory
Fuzziness occurs when the boundary of an element of information is not clear-cut.
For example, concepts such as high, low, medium or even reliable are fuzzy. As
a simple example, there is no single quantitative value that defines the term young.
For some people, age 25 is young and, for others, age 35 is young. In fact, the
concept young has no precise boundary. Age 1 is definitely young and age 100 is
definitely not young; however, age 35 has some possibility of being young and usu-

ally depends on the context in which it is being considered. The representation of
this kind of inexact information is based on the concept of fuzzy set theory (Zadeh
1965). Fuzzy sets are a generalisationof conventional set theory that was introduced
as a mathematical way to r epresent vagueness in everyday life. Unlike classical set
theory, where one deals with objects of which the membership to a set can be clearly
described, in fuzzy set theory membership of an element to a set can be partial, i.e.
an element belongs to a set with a certain grade (possibility) of membership.
3.3 Analytic Development of Reliability and Performance in Engineering Design 149
Fuzzy interpretations of data structures, p articularly during the initial stages of
engineering design, are a very natural and intuitively plausible way to formulate and
solve various design problems. Conventional (crisp) sets contain objects that satisfy
precise properties required for membership. For example, the set of numbers H
from 6 to 8 is crisp and can be defined as:
H = {r ∈ R|6 ≤ r ≤ 8}
Also, H is described by its membership (or characteristic) function (MF):
m
H
: R →{0,1} defined as:
m
H
(r)={16≤ r ≤ 8}
= {0otherwise}
Every real number r either is or is not in H.Sincem
H
maps all real numbersr ∈R
onto the two points (0, 1), crisp sets correspond to two-valued logic: is or is not, on
or off, black or white, 1 or 0, etc. In logic, values of m
H
are called truth values with
reference to the question:

‘Is r in H?’ The answer is yes if, and only if m
H
(r)=1; otherwise, no.
Consider the set F of real numbers that are close to 7. Since the property ‘close
to 7’ is fuzzy, there is not a unique membership function for F. Rather, the decision
must be made, based on the potential application and properties for F,whatm
H
should be. Properties that might seem plausible for F include:
i) normality
(i.e. MF(7)=1)
ii) monotonicity
(the closer r is to 7, the closer m
H
(r) is to 1, and conversely)
iii) symmetry
(numbers equally far left and right of 7 should have equal memberships).
Given these intuitive constraints, functions that usefully represent F are m
F1
, which
is discrete (represented by a staircase graph), or the function m
F1
, which is continu-
ous but not smooth (represented by a triangle graph).
One can easily construct a membership (or characteristic) function (MF) for F
so that every number has some positive membership in F but numbers ‘far from 7’,
such as 100, would not be expected to be included. One of the greatest differences
between crisp and fuzzy sets is that the former always have unique MFs, whereas
every fuzzy set may have an infinite number of MFs. This is both a weakness and
a strength, in that uniqueness is sacrificed but with a gain in flexibility, enabling
fuzzy models to be adjusted for maximum utility in a given situation.

In conventional set theory, sets of real objects, such as the numbers in H,are
equivalent to, and isomorphically described by, a unique membership function such
as m
H
. However, there is no set theory with the equivalent of ‘real objects’ corre-
spondingto m
F
. Fuzzy sets are always functions,from a ‘universe of objects’,say X,
150 3 Reliability and Performance in Engineering Design
into [0,1]. The fuzzy set is the function m
F
that carries X into [0, 1]. Every function
m: X →[0,1] is a fuzzy set by definition. While this is true in a formal mathematical
sense, many functions that qualify on this ground cannot be suitably interpreted as
realisations of a conceptual fuzzy set. In other words, functions that map X into the
unit interval may be fuzzy sets, but become fuzzy sets when, and only when, they
match some intuitively plausible semantic description of imprecise properties of the
objects in X (Bezdek 1993).
b) Formulation of Fuzzy Set Theory
Let X be a space of objects and x be a generic element of X. A classical set A, A ⊆X,
is defined as a co llection of elements or objects x ∈ X, such that each element (x)
can either belong to the set A, or not. By defining a membership (or characteristic)
function f or each element x in X, a classical set A can be represented by a set of
ordered p airs (x,0), (x, 1), which indicates x /∈ A or x ∈ A respectively (Jang et al.
1997).
Unlike conventional sets, a fuzzy set expresses the degree to which an element
belongs to a set. Hence, the membership function o f a fuzzy set is allowed to h ave
values between 0 and 1, which denote the degree of membership of an element in
the given set. Obviously, the definition of a fuzzy set is a simple extension of the
definition of a classical (crisp) set in which the characteristic function is permitted

to have any values between 0 and 1. If the value of the membership function is
restricted to either 0 o r 1, then A is reduced to a classical set. For clar ity, classical
sets are referred to as ordinary sets, crisp sets, non-fuzzy sets, or just sets.
Usually, X is referred to as the universe of discourse or, simply, the universe,and
it may consist of discrete (ordered or non-ordered) objects or it can be a continuous
space. The construction of a fuzzy set depends on two requirements: the identifi-
cation of a suitable universe of discourse, and the specification of an appropriate
membership function. In practice, when the universe of discourse X is a continuous
space, it is partitioned into several fuzzy sets with MFs covering X in a more or
less uniform manner. These fuzzy sets, which usually carry names that conform to
adjectives appearing in daily linguistic usage, such as ‘large’, ‘medium’ or ‘small’,
are called linguistic values or linguistic labels. Thus, the universe of discourse X is
often called the linguistic variable.
The specification of membership functions is subjective, which means that the
membership functions specified for the same concept by different persons may vary
considerably. This subjectivity comes from individual differences in perceiving or
expressing abstract concepts, and has little to do with randomness. Therefore, the
subjectivity and non-randomness of fuzzy sets is the primary difference between
the study of fuzzy sets, and probability theory that deals with an objective view of
random phenomena.
3.3 Analytic Development of Reliability and Performance in Engineering Design 151
Fuzzy Sets and Membership Functions
If X is a collection of objects denoted generically by x, then a fuzzy set A in X is
defined as a set of ordered p airs A = {(x,
μ
A(x))|x ∈ X},where
μ
A(x) is called the
membership function (or MF, for short) for the fuzzy set A. The MF maps each ele-
ment of X to a membership grade or membership value between 0 and 1 (included).

More formally, a fuzzy set A in a universe of discourse U is characterised by the
membership function
μ
A
: U →[0,1] (3.93)
The f unction associates, with each element x of U, a number
μ
A
(x) in the inter-
val [0,1]. This represents the grade of membership of x in the fuzzy set A.Forex-
ample, the fuzzy term young might be defined by the fuzzy set given in Table 3.12
(Orchard 1998).
Regarding Eq. (3.93), one can write:
μ
young
(25)=1,
μ
young
(30)=0.8, ,
μ
young
(50)=0
Grade of membership values constitute a possibility distribution of the term
young. The table can be graphically represented as in Fig. 3.27.
The possibility distribution of a fuzzy concept like somewhat young or very
young can be obtained by applying arithmetic operations to the fuzzy set of the
basic fuzzy term young,wherethemodifiers ‘ somewhat’and‘very’ are associated
with specific mathematical functions.
For example, the p ossibility values of each age in the fuzzy set representing the
fuzzy concept somewhat young might be calculated by taking the square root of the

corresponding possibility values in the fuzzy set of young, as illustrated in Fig. 3.28.
These modifiers are commonly referred to as hedges.
A modifier may be used to further enhance the ability to describe fuzzy con-
cepts. Modifiers (very, slightly, etc.) used in phrases such as very hot or slightly cold
change (modify) the shape of a fuzzy set in a way that suits the meaning of the word
used. A typical set of predefined modifiers (Orchard 1998) that can be used to de-
scribe fuzzy concepts in fuzzy terms, fuzzy rule patterns o r f uzzy facts is given in
Table 3.13.
Table 3.12 Fuzzy term young
Age Grade of membership
25 1.0
30 0.8
35 0.6
40 0.4
45 0.2
50 0.0
152 3 Reliability and Performance in Engineering Design
Possibility
1.0
0.0
µ
young
10 20 30 40 50 60 70 80
Age
Fig. 3.27 Possibility distribution of young
Possibility
1.0
0.0
µ
somewhat young

10 20 30 40 50 60 70 80
Age
Fig. 3.28 Possibility distribution of somewhat young
Table 3.13 Modifiers (hedges) and linguistic expressions
Modifier name Modifier description
Not 1−y
Very y
∗∗
2
Somewhat y
∗∗
0.333
More-or-less y
∗∗
0.5
Extremely y
∗∗
3
Intensify (y
∗∗
2) if y in [0,0.5]
1−2(1−y)
∗∗
2ify in (0.5, 1]
Plus y
∗∗
1.25
Norm Normalises the fuzzy set so that
the maximum value of the set is scaled
1.0(y = y

∗
1.0/max-value)
Slightly intensify (norm (plus A AND not very A))
= norm (y
∗∗
1.25 AND 1−y
∗∗
2)