Embed Size (px)
Citation preview
ELSEVIER Fuzzy Sets and Systems 74 (1995) 103-113
FgZZV sets and systems
An Computer assisted reliability analysis:
application of possibilistic reliability theory to a subsystem of a nuclear power plant
Bart Cappelle, Etienne E. Kerre*
Department of Applied Mathematics and Computer Science, Universiteit Gent, Krijgslaan 281-$9, B-9000 Gent, Belgium
Abstract
Since the late 1970s multistate structure functions have been introduced to overcome the shortcomings of the classical and binary approach to the structural aspects of systems and their components. The uncertainty about the state of a system and its components, classically is described by probability theory. Recently, several new models are proposed that are based upon fuzzy set theory and possibility theory. The spread and success of these models, however, highly depend upon the development of computer tools that allow the reliability engineer to apply these new methods rather easily. In this paper, we present such tool, CARA - Computer Assisted Reliability Analysis which is able to represent and study the multistate aspects of systems and their components when only incomplete information is available.
Keywords: Reliability theory; Nuclear power plants; Multistate systems; Computer assisted reliability analysis
1. Introduction
Classical reliability applies binary structure function theory and probability theory to analyse the reliability of complex systems and devices. The determination of the uncertainty about the system state, the development of renewal policies to determine the availability of components and systems are the major goals of classical reliability theory. Two basic assumptions are made in classical reliability theory:
• each system and component assumes either one of two possible states, i.e., failure and functioning, sometimes denoted by 0 and 1,
• probabili ty theory serves as the unifying model to represent the uncertainty about the state the system and its components assume.
In classical reliability theory, one thus assumes that a system and its components are binary in nature. This assumption, which is in many cases an oversimplification, has been subject to criticisms since the early
* Corresponding author.
0165-0114/95/$09.50 © 1995 - Elsevier Science B.V. All rights reserved SSDI 0165-0114(95)00040-2
104 B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103-113
beginning of the structural approach to the reliability of systems at the beginning of the 1960s [19]. From 1978 on, however, several mathematical models have been developed to study the multistate behaviour of systems and their components. There was a lack of a unifying approach to the various models - amongst others we mention the models of E1-Neweihi et al. [121, Natvig [17], Griffith [131, Block and Savits [5], Baxter [4], Montero, Tejada and Yfifiez [151 - but recently one of us has developed a unifying lattice-based approach to structure function theory [8].
From the mid-1980s on, more and more nonprobabilistic models that are based upon fuzzy set theory and possibility theory to model the uncertainty about the system state, appear in literature. Amongst others, we mention Singer [201, Onisawa [181, Tanaka et al. [21], Cai and Wen [6], and Cappelle and Kerre [9, 101. The developed models seem to be very successful when, e.g., ordinal information like the reliability of component 1 is higher than the reliability of component 2, or linguistic information like the reliability of component 7 is rather hi#h, or human behaviour must be modelled.
The spread and success of these new developments in reliability theory, however, highly depend upon the development of software that helps the reliability engineer to apply and to understand easily the new reliability techniques. Therefore, at the department of Applied Mathematics and Computer Science, we are developing a computer program CARA - Computer Assisted Reliability Analysis - that is able to represent multistate systems when only partial information is available. CARA is an intelligent tool which is an MS-Windows and Pascal application.
2. States and structure functions
The state of a component or a system is one of the basic notions in reliability theory. The state of a component or a system indicates its ability to function. In [8], one of us has shown that a state is an interpretation of the values taken by the parameters that characterize the component or system. This idea applies both to binary and nonbinary components but in the binary case, from the available information of the set of parameters that characterizes the component or system, we must decide upon perfect functioning or complete failure of the component or system. The basic idea in our approach, however, is that both systems and components can assume one of more than two possible states, since there are no intermediate states to represent partial failure or partial functioning in the classical approach.
Many real-life systems are not binary in nature. Hence, a realistic mathematical model of such system must include the possibility of partial failure and partial functioning. By adding some values between 0 and 1, we are able to model intermediate states. In this paper, we assume that the set of possible states is [0, 11 but some general lattice-based models have been developed recently [8, 15]. Hence, we assume that the values taken by the parameters that characterize the components, are transformed into a real number between 0 and 1. In order to explain the ideas above more profoundly, we have a closer look at a concrete example.
Example 1. Consider, e.g., a pump in a feedwater system. The minimal flow that is required for the system to function properly, is 50 t/h (tons per hour). A safety mechanism prevents the pump to function when its actual flow is lower than 10 t/h, since otherwise the pump may be damaged. When the actual flow is 40 t/h, does this pump function or not? In other words, are we able to decide upon the functioning or failing of the pump. The classical theory requires to do so, but many reliability engineers cannot say that the pump does not function, since its actual flow is close to 50t/h and the actual flow is far away from the failure limit of 10t/h. On the other hand, we cannot really accept that the pump is functioning perfectly as well. Whatever state we associate in the classical case, we notice a considerable loss of essential information. Therefore, a multistate approach is useful in this case and the actual flow of 40 t/h must be transformed into a value between 0 and 1. Under the conditions of this example, a mapping f that transforms the value of the actual flow into an
B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103-113 105
intermediate state, can be defined as follows:
t O; x ~< 10,
x - 10 10 < x ~< 50, f : [0, + ~ [ ~ [0, 1] : x ~ 4-----6--;
1; elsewhere.
When the actual flow of the pump is 40 t/h, one notices that the corresponding state is 0.75, indicating that the pump is closer to perfect functioning than to complete failure, but that it does not function perfectly.
Systems are made up of many different components. The determination of a mapping that maps a component confiouration, i.e., any element of the Cartesian product of the component state spaces, into the corresponding system state is one of the basic problems in reliability theory. When a system is made up of n components, the configurations belong to [0, 1]" and the above-mentioned mapping is called an n-ary structure function. Although an n-ary structure function is a [0, 1]"-[0, 1] mapping, the reverse does not hold. An n-ary structure function satisfies two additional conditions.
Definition 1. A [0, 1]"-[0, 1] mapping ~b that satisfies
• qS(0, ... ,0) = 0 and qS(1 . . . . . 1) = 1,
• ~b is isotone,
is an n-ary structure function.
The first condition of Definition 1 states that whenever all components fail, the system completely fails and whenever all components function perfectly, the system functions perfectly as well. The second condition mimics the fact that a degraded component that starts to function better, cannot deteriorate a system. Although the definition assumes that the possible values of the states of both the components and the system belong to the unit interval, the notion can be extended perfectly to arbitrary complete lattices. For more details, we refer to [7, 8, 15].
Example 2. One easily verifies that any t-norm and any t-conorm extended to n arguments is an n-ary structure function. Averaging operators are 2-ary structure functions. The Barlow-Wu extensions [3] of a binary structure function with n components is an n-ary structure function. Particularly, the mapping qS,
~1 : [0, 1"13 __} [0, 1"1 : (X1, X2, X 3) ~ min(xl, m a x (x2, x 3)),
is a 3-ary structure function since it is a Barlow-Wu extension o f a binary structure function [8]. One easily verifies that Definition 1 covers almost all previous concepts of multistate n-ary structure
functions when components and systems assume states in the unit interval (see, e.g., [4, 12, 16, 17]). In the sequel, we assume that the reliability aspects of a system are completely represented by the structure
function that is associated to that system. This assumption, though not explicitly, is also made in the classical approach to reliability.
For the sake of simplicity, we shall denote (0, . . . , 0) by 0 and (1, . . . , 1) by 1. The elements of [0, 1]" will be denoted by bold faced letters, e.g., x , y and z. On [0, 1]", we define the product order relation, i.e.,
(V(x,y) e [0, 1]" x [0, 1]")(x ~< y ~ , (Vie {1 . . . . . n})(prlx ~< pr,y)).
Hence, the isotonicity condition of Definition 1 can be restated as
(V(x,y) ~ [0, 1]" × [0, 1]")(x ~<y =~ t~(x) ~< ~(y)).
106 B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103-113
3. n-ary structure functions and partial information
In many real-life problems it is very difficult to determine the n-ary structure function and in most cases, only partial information is available. Even in the binary case, i.e., when both components and systems assume one of only two possible states, the determination of the corresponding binary structure function is not obvious at all, although some algorithms appear in literature. For some examples, we refer to the basic works of Barlow and Proschan [-1, 2] and Kauffman et al. [14].
In this section, we present some additional results to the approximation theorems we have proved previously [10]. These results will lead to useful algorithms. First, we introduce the notion of set of observations. Let (p be an n-ary structure function and A a subset of [0, 1]" then OA,
oA = {(x,~(x))lxE A},
is called a set of observations of ~b. It is quite obvious that Oa represents partial information of the structure function ~b whenever A differs from the configuration space [0, 1]". In the sequel, we assume that A is a nonempty subset of [0, 1] n that may be equal to [0, 1] ~.
Definition 2. Let ~b be an n-ary structure function and A a nonempty subset of [0, lJ n. • Let x be an element of [0, l J ' \ { l} then
I(A, q~)(x)= sup 4)(y) y~[O,x]nA
and I(A,~p)(1)= 1. • Let x be an element of [0, 1]~\ {0} then
u(A, ~b)(x)= inf (p(y) y~[x, 1 ]c~A
and u(A,q~)(0) = 0.
Remark 1. As usual in lattice theory, we assume that in [0, 1]
i n f 0 = l and s u p 0 = 0 .
Theorem 1. Let dp be an n-ary structure function and A a nonempty subset of[0, 1] n, then the mappings I(A, ~b) and u(A, ~b) are n-ary structure functions.
Proof. First, we prove that I(A, (p) satisfies the boundary conditions of n-ary structure functions. Since
l(A,~b)(0)= sup ~b(y) y~{O}nA
and
{0}nA = 0 or {0}nA = {0},
we find that
I (A, ~b) (0) = sup 0 or I (A, q~) = sup {~b (0) }.
Hence, I(A, ~)(0) = 0. Taking into account Definition 2, obviously I(A,~)(1) = 1 holds. Finally, we prove that I(A, ~b) is an increasing mapping. Let x and y be two elements of [0, lJ n, satisfying x ~<y, then
An[0, x] ~_ An[0 ,y] ,
B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 H995) 103-113 1 0 7
hence,
sup tk(z)~< sup q~(z) Z. ~ [0, x]nA z~[O,y]nA
In a similar way, it can be proved that u(A, ~b) is an n-ary structure function. []
The set of all n-ary structure functions can be provided with a partial order relation ~<, transforming this set into a complete lattice [7, 8]. The partial order relation <~ is pointwisely defined, i.e., for any two n-ary structure functions ~bl and ~b2
The following theorem is essential for the CARA programme, that we present in the next section.
Theorem 2. Let d? be an n-ary structure function and A a nonempty subset of [0, 1] n, then
I(A, ~b) 6 q~ 6 u(A, q~). (1)
Proof. Let x be an arbitrary element of [0, 1]~\ {0,1}. Since
[0 ,x lnA ~ [0,x] and [-x, 1 ]nA _~ Ix, l] ,
we find that
sup ~b(z) ~< ~b(x) and inf 4)(z)/> ~b(x). z~ [O, x ]nA Ze[X, I ] n A
When x = 0 or x = 1, (1) holds taking into account the boundary conditions of structure functions. []
Theorem 3. Let ~p be an n-ary structure function, and A and B be two nonempty subsets of [0, 1]" satisfying A ~_ B, then
l(A,~b)~< I(B,4)) and u(B,4))6u(A,~b). (2)
Proof. Due to the analogy, we only shall prove the first inequality of (2). Let x be an arbitrary element of [0, 1]"\ {1}, then
[0 ,x ]nA _ [0 ,x]nB.
Hence,
sup ~(Z)~< sup q~(Z). z~ [0, x I n A zE [0, x],~B
When x = 1, the inequality holds, taking into account Definition 1. []
From Theorem 2, we may conclude that the n-ary structure function I(A, ~b), u(A, ~b), respectively, is a lower boundary, an upper boundary, respectively, of the n-ary structure function ~b. Moreover, Theorem 3 states that adding observations to the set of observations leads to a lower and an upper boundary of the n-ary structure function, that gets closer and closer to the structure function tk.
A set of observations OA is called dense if and only if I(A, tk) = u(A, ~b), and, hence, taking .into account Theorem 2, both the equalities I(A, ~b) = q~ and u(A, ~b) = q~ hold.
Corollary 1. Let q~ be an n-ary structure function, then 0[o,11, is dense.
108 B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103 113
Proof. We prove the equality 1([0, 1]", q~) = ~b = u([0, 1]', q~). Let x be an arbitrary element of [0, 1]"\{0,1}. Since
[O,x]c~[O, 1]" = [O,x] and [x,l]c~[O, 1]" = [x, 1],
we find that
q~(x) ~< sup (k(Y) ~< inf ~(y) ~< ~b(x). ye[O,x] ye[x, I]
When x = 0 or x = 1, the equality holds, taking into account the boundary conditions. []
From Corollary 1, we deduce that there exists at least one dense set of observations. In [8], it is proved that sometimes there exists a minimal dense set of observations. These minimal sets of observations are closely related to the generalized notions of minimal path and minimal cut elements, and to some special types of continuity of n-ary structure functions. For more detailed information, we refer to Montero et al. [15, 16] and Cappelle I-8].
Corollary 1 also indicates that the lower and upper boundary of the system state eventually will converge to the exact value of the system state, when more and more observations are added to the set of observations.
In real-life reliability studies, we have a set of observations from experiments which is the available partial information about the structure of the system. From this available partial information, we can deduce a lower and an upper bound of the value of the system state, that gets closer and closer to the exact system state when more and more information is added, as shown in this section.
4. The CARA system
The CARA system is able to represent a system from the available partial information, i.e., from any nonvoid set of observations, in an intelligent way and it allows to study the stability of the approximated system. It is an MS-Windows application written in Pascal that is very easy to use and that has been provided with a graphics interface. The nonvoid set of observations is stored in a file and the programme starts to read the file, when it has been activated. Manual corrections to the set of observations can be made easily, e.g., when configurations must be deleted, replaced or added.
When the file with observations is fed to CARA, the programme creates an intelligent representation of the system by an object oriented data structure. This object has been linked to an MS-Windows object, hence, creating suitable graphics tools has been made a lot easier. When CARA has loaded the file of observations and created an intelligent representation of the system, the reliability engineer can examine the structure of the system. Up till now, several tools have been included to approximate the system state and to calculate the system performance boundaries for any possible configuration. Some tools have been developed more profoundly, like the component versus system performance tool and the possibility to study the stability of the system. For more details, we refer to [11]. In the next section, we shall demonstrate the possibilities of CARA by a concrete example, an emergency feedwater supply system of a nuclear power plant.
5. A feedwater system in a nuclear power plant
The system that we have modelled by CARA is made up of eight components: • a cistern, • two valves, two pumps and two pneumatic valves in two parallel trains, • a valve.
B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103-113
4 Valvel ~-~ Pump, H~n. Valve,~. ]
109
o ] Cistern ~ -
[ Valve2 H Pump2 H P n v a l v e 2
Fig. 1. The feedwater system of the nuclear power station.
- - ~ Valve3 ]
The system is an emergency coolant system of a nuclear power station in Belgium, and it has been profoundly studied previously by classical reliability techniques, mainly fault-tree analysis. The reliability model studies the loss of flow behind the last valve. The structure of the system is a series circuit of the cistern, two parallel trains that each consists of a series circuit of one valve, one pump and one pneumatic valve, and eventually a valve. A schematic representation of the system has been depicted in Fig. 1. It is well known that fault trees suffer from combinatorial explosions whenever the system under study has many components. The study of the above-mentioned system has 16 basic events, and 7 composed events that lead to the top event, i.e., the loss of flow behind the last valve. We stress once more that the binary approach does not allow to distinguish between a small or a huge loss of flow and for each of these possibilities a new analysis must be carried out. Besides the fault-tree approach, this system can also be modelled by a binary structure function but this approach does not allow to represent the partial functioning or partial failing aspects of the system either.
The multistate approach, however, overcomes several of the problems of these classical models. In the sequel, we show that we are able to model huge or minor losses of flow behind valve 3 without loss of essential information. In order to achieve this objective, to each component we associate a state variable, that we denote by xl, 1 ~< i ~< n:
• xl is the state variable of the cistern, • x2 and x5 are the state variables of valve 1, valve 2, respectively, • x3 and x6 are the state variables of pump 1, pump 2, respectively, • x4 and x7 are the state variables of pneumatic valve 1, pneumatic valve 2, respectively, • xa is the state variable of valve 3.
All state variables take values in the unit interval and the system state is deduced from the component states by the n-ary structure function that represents the system. Now, we determine that n-ary structure function. In order to do so, we need some additional information about the system. We assume that the security mechanism of the coolant system selects the parallel train that is functioning best. The system functions perfectly, whenever the actual flow behind valve 3 is at least Xo t/h. The value of Xo depends upon the situation of the power plant and can vary when the plant conditions change. The component states may be derived rather easily now, since their state can be interpreted as the minimum of 1 and the ratio of the actual flow and Xo. In our example, to each component i we can associate a mappingf ,
J~' [0, + oo [---, [0, 1] 'x ~ min (~oo, 1), (3)
that transforms the maximum flow of the component into a component state.
110 18. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103-113
Table 1 The correspondence between the actual maximal flows and the derived component states when x0 = 40 t/h
Component Maximal flow Component state
Cistern 50.0 1.000 Pump 1 35.0 0.875 Pump 2 40.0 1.000 Valve 1 55.0 1.000 Valve 2 40.0 1.000 Valve 3 30.0 0.750 Pneumatic valve 1 50.0 1.000 Pneumatic valve 2 20.0 0.500
Example 3. Assume that the minimal flow behind valve 3 must be 40t/h and assume that we have information about the actual maximum flow of each component. This available information is depicted in the first column of Table 1, while in the second column the corresponding component state is calculated, applying formula (3) (x0 = 40 t/h).
Now, we must derive the system state from the component states. Taking into account the restriction that only the best parallel train functions and that the two parallel trains never function at the same time, we deduce that the system state is the maximum of the states of the two parallel trains of the system. One also notices that the state of a parallel train, is the minimum of the states of the components that belong to the parallel train, i.e., the state of the first train equals min(xl, x2, x3, x4, Xa) and the state of the second train equals min(xx,xs,x6,xT,xa), because the maximum flow of the train never can exceed the flow of the "weakest" component and is at least equal to the flow of the "weakest component". Therefore, the mapping
4~: [0, 1] a ~ [0, 1] :x ~ max(min(xl,x2,x3,x4,xs),min(xl,xs,X6,XT,Xs)), (4)
with x = (Xx,X2, x3 . . . . . xs), models the reliability problem, partial loss of flow behind valve 3, properly. Remark once more that in the binary case, we are only able to distinguish between total failure and complete functioning. Obviously, the multistate approach allows to deduce more detailed information about the partial functioning of both components and systems.
Example 4. Assume that the states of the components equal the states calculated in Table 1, then the system state is determined by (4); and equals 0.75, since
max(min(1.0, 1.0,0.875, 1.0,0.75), min(1.0, 1.0, 1.0, 0.5, 0.75)) = 0.75.
Hence, the system state is 0.75 which means that there is a loss of flow behind valve 3 but the system is closer to perfect functioning than to a complete failure. In the binary case, the reliability engineer probably would have decided that the system fails to function. In an emergency case, e.g., the coolant system still can be used to prevent a large-scale accident although it would not be sufficient to prevent an accident.
Remark 2. For this system, the n-ary structure function is the Barlow-Wu extension of the corresponding binary structure function, determined by the set of minimal paths
{ {1, 2, 3,4, 8}, {1, 5,6, 7, 8} }.
For more detailed information, we refer to [3].
B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103-113 111
We have evaluated CARA by this system that we have approximated by more than 90 000 observations randomly chosen. We remind the reader that in our case each observation is a 9-tuple, hence, CARA must handle an input of more than 800 000 real numbers. Several tools have been included in CARA. Amongst others, we mention component versus system behaviour and the relative importance of components in systems.
In order to prove the efficiency of the implemented method, we have approximated the diagonal d of the structure function ~b, i.e.,
d: [0, 1] --* [0, 1] : x v--~ ~b(x, ... ,x).
For the system that we have modelled, one easily verifies that d simply is the mapping that maps x into x. The CARA system selects seven equidistant elements in the unit interval. Then CARA determines the
lower and upper boundary for the mapping d from the available incomplete information. The number of equidistant points that the program selects, depends upon the number of components and the number of available observations. The result is shown in Table 2. Since we know that the exact system state is somewhere between the calculated upper and lower boundary, CARA calculates the arithmetic mean of the upper and lower boundary as a first-order approximation of the system state. Hence, we obtain seven couples, ((x~, . . . , x~), ~ba(x, . . . , x~)), 1 <~ i ~< 7; xi is one of the seven selected equidistant elements of the unit interval and
I(A, e/))(xi . . . . , x i ) + u(A, ( k ) ( x i , . . . , x i ) 4).(x~ . . . . . x 3 =
2
Table 2 The upper and lower boundaries for the mapping d in seven equidistant points and their arithmetic mean
Component state Lower boundary of d Upper boundary of d Arithmetic mean
0.125 0.000 0.250 0.125 0.250 0.000 0.250 0.125 0.375 0.250 0.500 0.375 0.500 0.500 0.500 0.500 0.625 0.500 0.750 0.625 0.750 0.750 0.750 0.750 0.875 0.750 1.000 0.875
Table 3 The approximation of the mapping d by the information of Table 2 and the method of least squares in 11 equidistant points
Exact value Approximated value Deviation
0.000 0.000 0.000 0.100 0.040 0.060 0.200 0.150 0.050 0.300 0.260 0.040 0.400 0.370 0.030 0.500 0.480 0.020 0.600 0.590 0.010 0.700 0.700 0.000 0.800 0.805 0.005 0.900 0.915 0.015 1.000 1.000 0.000
112 B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103-113
By applying the method of least squares, we determine the best-fitted polynomial curve and we approxi- mate d by this fitted curve in l l equidistant points of the unit interval - obviously this number can be changed by the user. The results are shown in Table 3. Upon inspection, one notices that the approximated value differs at most 0.06 from the exact value. Taking into account the incompleteness of the information about ~ and the few points we considered to apply the method of least squares, the results are surprisingly good.
6. Conclusion
In the first part of this paper, we have explained and proved some theoretical results that are indispensable to understand the computer program that we have developed at the department of applied mathematics and computer science. We have shown how reliability problems can be tackled using multistate structure function theory, and how real-life models can be determined by applying the developed theory.
In the second part of this paper, we have presented a prototype of a computer program, CARA, that is able to handle a huge amount of information about the structure of a system in an intelligent way. We have evaluated the system by means of a feedwater supply system in a nuclear power plant and we have shown that the performance of CARA is remarkably high.
As far as we know, it is the first time that a tool is presented that is able to apply multistate structure function theory to real-life problems. Moreover, we are convinced that the further development of this tool will lead to a better spread and understanding, and a wider application of these new techniques by reliability theoreticians and reliability engineers, and that it eventually will lead to a safer society.
References
[1] R.E. Barlow and F. Proschan, Mathematical Theory of Reliability (Wiley, New York, 1965). [2] R.E. Barlow and F. Proschan, Statistical Theory of Reliability and Life Testim3 (Holt, Rinehart and Winston, New York,
1975). [3] R.E. Barlow and R. Wu, Coherent systems with multistate components, Math. Oper. Res. 3 (1978) 275 281. [4] L.A. Baxter, Continuous structures I, J. Appl. Probab. 21 (1984) 802-815. [5] H.W. Block and T.H. Savits, A decomposition theorem for multistate structure functions, J. Appl. Probab. 19 (1982) 391-402. [6] K.-Y. Cai and C.-Y. Wen, Street-lighting lamps replacement: a fuzzy viewpoint, Fuzzy Sets and Systems 37 (1990) 161-172. [7] B. Cappelle, Muitistate structure functions and possibility theory: an alternative approach to reliability theory, in: Introduction to
the Basic Principles of Fuzzy Set Theory and Some of its Applications, E.E. Kerre, Ed., Communication and Cognition, Gent (1991) 252-293.
[8] B. Cappelle, Structure functions and reliability mappings, a lattice theoretic approach reliability theory (in Dutch) Doctoral Dissertation, Universiteit Gent, Gent, (1994).
[9] B. Cappelle and E.E. Kerre, On a Possibilistic Approach to Reliability, in: Proc. 2nd lnternat. Syrup. on Uncertainty Modelling and Analysis, 25-28 April 1993, University of Maryland, College Park Maryland, B.M. Ayyub, Ed., (IEEE Computer Society Press, Los Alamitos, California, Washington, 1993) 415-418.
[10] B. Cappelle and E.E. Kerre, Issues in possibilistic reliability theory, to appear in: T. Onisawa and J. Kacprzyk, Eds., Fuzzy Sets and Possibility Theory in Reliability and Safety Analysis, (Omnitech Press, Warszawa and Physica Verlag, Heidelberg 1994) 20 pp.
[11] B. Cappelle and E.E. Kerre, The CARA system: An intelligent tool to support qualitative reliability analysis, in: Proc. 7th Internat. AMSE Syrup. on Fuzzy Systems, Neural Networking and Artificial Intelligence, Lyon (France), July 1994, 25-35.
[12] E. EI-Neweihi, F. Proschan and J. Scthuraman, Muitistate coherent systems, J. Appl. Probab. 15 (1978) 675-688. [13] W.S. Griffith, Multistate reliability models, J. Appl. Probab. 17 (1980) 735 744. [14] A. Kauffman, D. Grouchko and R. Cruon, Mathematical Models for the Study of the Reliability of Systems (Academic Press, New
York, 1977). [15] J. Montero, J. Tejada and J. Y~fiez, General structure functions, in: Proc. Workshop on Knowledge-Based Systems and Models of
Logical Reasoning, December 1988 Cairo (Egypt).
B. Cappelle, E.E. Kerre / Fuzzy Sets and Systems 74 (1995) 103 113 113
[16] J. Montero, J. Tejada and J. Y/tfiez, Structural properties of continuum systems, Eur. J. Oper. Res. 45 (1990) 231-240. [17] B. Natvig, Two suggestions of how to define a multistate coherent system, Adv. Appl. Probab. 14 (1982) 435-445. [ 18] T. Onisawa, An approach to human reliability in man-machine systems using error possibility, Fuzzy Sets and Systems 27 (1988)
87-103. [19] A.F. Premo, The use of Boolean algebra and a truth table in the formulation of a mathematical model of success, IEEE Trans.
Reliability 12 (1963) 45-49. [20] D. Singer, A fuzzy set approach to fault tree and reliability analysis, Fuzzy Sets and Systems 34 (1990) 145-155. [21] H. Tanaka, L.T. Fan, F.S. Lai and K. Toguchi, Fault-tree analysis by fuzzy probability, IEEE Trans. Reliability 32 (1983)
453 457.
