684 5 Safety and Risk i n Engineering Design Fig. 5.49 Detail design model of the scrubber in the l ayout of a gas cl eaning plant structural and geometric feature of the design. A schematic design model of the gas cleaning plant is graphically illustrated in Fig. 5.48. After evaluation of the design variables and constraints describing the structural and geometric feature of the design, a detail design model is prepared. In process engineering d esign, a detail design model typically has variables and constraints representing embodiment, structure and assembly, and dynamic flow and energy balance information of the process layout. A detail design model of the scrubber system of the gas cleaning plant is gr aphically illustrated in Fig. 5.49. A detail de- sign modelis computationallyrepresented as a network of d esign variables and con- straints that can be manipulated to identify critical equipment, for example, using constraint-based techniques (Smithers et al. 1990). The n etwork of design variables and constraints of a detail design model can be partitioned into smaller sets to identify relations. AI-based search methods, such as genetic algorithms and neural networks, can then be used to find a set of design variable values that best satisfy the constraints. This partition can be done based on the following: • mathematical relation s of the design variables, • assembly of the detail process model, • configuration of the systems layout, • heuristics introduced by designers. 5.3 Analytic Development of Safety and Risk in Engineering Design 685 A partition of the constraint network identifies a small region of the design space in which, for example, design variables and constraints are evaluated to identif y crit- ical equipment in designing for safety, and explored using evolutionary computing techniques such as evolutionary algorithms. a) Fundamentals of Evolutionary Algorithms (EA) Evolutionary algorithms (EA) are stochastic search and optimisation heuristics de- rived from classic evolution theory. The basic idea is that if only those individuals of a population reproduce that meet a certain selection criteria, and the other indi- viduals of the population die, then the population will converge to those individuals that best meet the selection criteria. If imperfect reproduction is included, the pop- ulation begins to explore the search space and will move to individuals that have an increased selection probability, w hereby this pr operty is passed down to their de- scendants through inheritance. This population dynamics follows the basic rule of evolution theory, which can best be described as ‘survival of the fittest’. To solve optimisation problems with an evolutionary heuristic, the individual items of a pop- ulation group have to represent a possible solution of a given problem, and the se- lection probability is set proportional to the quality of the represented solution. The quality of the represented solution is termed the fitness (F) of the individual item. For example, let A, B, C represent sets of items or population groups, and the current generation of the evolutionary process be indicated by s. Furthermore, a sin- gle individual item with the index i from the population A(s) is represented by a i (s). The quality of the solution represented by an individual item is termed the fitness F i of the individual item a i (s). The selection pro bability of an individual item a i (s)is indicated by p i . When a description of alternative solutions consists of n elements, the ith element forming a possible solution is termed attribute x i . An individualitem consists of several attributes x that could represent a possible solution that can then be optimised. An EA heuristic follows this scheme (Bäck 1994): 1. initialise a population group A(s = 0) 2. evaluate fitness of all a i from A(s) 3. select the fittest a i as parents B(s) from A(s) 4. reproduce descendants C(s) from B(s). Deductively, until a specific criterion is met, it thus follows that A(s+1)=C(s) (5.96) In the first step, a population of random possible solutions is identified. The EA generational loop is then initialised whereby the fitness F i for each individual item a i (s) within the current population A(s) is evaluated. The best individual items a i are selected from the population A(s) as parents B(s) for the next generation. The selection probability p i is set proportional to the fitness F i of the individual item. From the selected parents B(s), descendants are reproduced to form the popula- tion C(s). In all EA heuristics, either the descendants are imperfect clones of the 686 5 Safety and Risk i n Engineering Design parents with small variations, or the descendants are the product of multiple parents and inherit some attributes from the associated parents. The descendants C(s) form the next generation denoted by the expression A(s+ 1)=C(s). A significant property of EA heuristics is that the search space is not explored by starting with only one possible solution but rather with a whole population of possible solutions, in which the individual items of a population group can inter- exchange solution attributes. Thus, compared with general optimisation techniques, an EA heuristic is more resistant to premature convergence towards a local optima in the search space. Evolutionary computing techniques address design problems as a goal-directed search problem. This evolutionary approach is useful in engineering design applica- tions. In such applications, the goal is to minimise the number of constraints that are violated in a particular design solution. The process of exploring a design solution involves symbolic computation in terms of constraint propagation and satisfaction. This exploration process is common to most engineering design domains. However, whilst the evolutionarycomputing approach relies more on automatic formation and evolution of design concepts, the EA heuristic approach emphasises the use of sym- bolic computation an d heuristic-based evaluation and selection of a potentially large number of solutions, before any automatic searching methods are u sed (Tang et al. 1997). The latter is particularly important in engineering design where the search space for a design solution needs to be confined to a small region. The EA heuristic ap- proach can be usefully employed, applying specific techniques such as genetic al- gorithms that seamlessly scale b etween the exploration of the search space through genetic crossover and mutation, and the exploitation of known optima through the selection of fit individual items. b) Fundamentals of Genetic Algorithms (GA) Genetic algorithms (GA) originated from the work of John Holland and exhibit the most obvious mapping of natural evolutionary processes into a computer system, because they focus on the codingof attributes into a set of genes. The most common method of coding attributes is binary coding into a bit-string that represents these genes. Thus, some biological terms are used to illustrate the functionality of g enetic algorithms (Holland 1992). GA individual items GA individual items store the solution attributes in a coded representation. The most common representation is the binary coding of an attribute in a chain of bits. The bit-string consists of L number of bits, which are clustered into meaningful data representing information typically in th e for m of semantics, such as words, w i . The decoded words w are the solution attributes x, which are to be optimised. Each attribute x i is assigned to the word w i . In the simplest case, a word codes a real number. In this case, the real number attributes are limited to a range of values, since the length l of a word is always limited. 5.3 Analytic Development of Safety and Risk in Engineering Design 687 If the range of an attribute and the length l of a word w i are given, then the attribute is fixed to a real number. This coding is called standard binary coding. Similar coding styles can be found for nearly every data type that can be used as an attribute of a GA individual item, and can thus be optimised using the GA search heuristic. After the attributes x i of an individual item have b een determined—for instance, by decoding the word w i —the fitness F i can be calculated by using a target function F(x i ) as the fitness function. After the fitness for every individual a i of the population A(s) has been calculated, the best individual items of the population group A(s) are selected to be the parents of the next generation A(s + 1).Thisis called Holland’s fixed-length coding (Holland 1992). The main advantages of genetic algorithms are that they are very easy to imple- ment and they can be applied to nearly every kind of optimisation problem. Because of the general binary coding style, almost any data type can be stored in an individ- ual item and then be optimised by the GA heuristic. However, there are also some drawbacks using binary coding. For example, if real numbers are used as attributes, they become discretised (i.e. distinctively separate) and, because of the non-linear behaviour of standard binary coding, the search space for a design solution that is confined to a small region can get disrupted. 5.3.2 Analytic Development of Safety and Risk Assessment in Preliminary Design For safety systems of which the failure could result in loss of life, it is imperative that the best use is made of systems that are optimal and not just adequate, and that a design optimisation scheme is applied for systems that require a high likelihood of functional reliability on demand. Considering a more advanced analytic develop- ment of safety and risk assessment in preliminary design, a genetic algorithm (GA) is used to perform design optimisation, resulting in a design specification for later evaluation during the detail design phase. Analyses of system designs are carried out using the latest advances in fault-tree analysis (FTA), utilising the binary deci- sion diagram (BDD) approach whereby the method can be applied to high-integrity protection systems (HIPS). Varying param eters, which inevitably affect the action of the GA, are thus considered to determine areas where the application o f genetic algorithms for safety and risk assessment in preliminary design could be improved. 5.3.2.1 Genetic Algorithms in Optimal Safety System Design Failure of a safety system for a potentially hazardous industrial p rocess may have severe consequences, possibly resulting in personal injuries or loss of life. It is there- fore imperative that such systems have a high likelihood of functioning on demand. One measure of system performance is the probability that the system will fail to operate when required. Typically, the preliminary design of a safety system follows 688 5 Safety and Risk i n Engineering Design the traditional design process of analysis, assessment, appraisal and redesign. If, following analysis, the preliminar y design does not meet some predetermined ac- ceptability target for system reliability, then deficiencies in the design are removed, and the assessment and appraisal stages are repeated. Once the p redicted system reliability of a design reaches the acceptable criteria, the design process stops and the system is adopted. For a system of which the failure could result in fatality, it would inevitably be considered that a merely adeq uate level for system reliability is not sufficient. It is highly unlikely, however, that the design parameters can be manually selected such that optimal system performance can be achieved within the set desig n criteria and constraints. An approach by which optimal performance can be obtained, using the fault-tree analysis (FTA) method to determine th e availability of each system design, was pre- viously described in Sect. 5.2.3.2 dealing with design optimisation in d esigning for safety. The method is in the form of an iterative scheme that produces a sequence of system designs gradually improving the safety system performance. When the d e- sign can no longer be improved due to restrictions of the design criteria constraints, the optimisation procedure terminates (Andrews 1994). An alternative methodology is presented (Andrews et al. 1997), which incorpo- rates the latest advances in the fault-tree analysis technique, based on binary deci- sion diagrams and utilising a genetic algorithm (GA) to perform the optimisation (Painton et al. 1995). Further research into utilising a genetic algorithm to perform design safety opti- misation considersthe effects of modifyingthe GA process and the parameter values used, in order to make the GA process more accurate and effective ( Pattison et al. 1999). a) Safety Design Considerations Safety systems are designed to operate when certain conditions occur, and to pre- vent their development into a hazardous situation. Where possible, safety systems should not be designed so that single component failures can prevent the system from functioning. To ensure this, several options are available (Pattison et al. 1999): • Redundancy or diversity can be incorporated into the system. Redundancy dupli- cates elements within a system, while diversity involves the add ition of a totally different means of achieving the same function. • Component selection is another design option. Each component selected for the design is chosen from a group of possible alternatives. The design engineer must decide how to trade off the specific characteristics o f each component to give the most effective overall system performance. • The time interval between preventive maintenance activities is a further consid- eration. This is generally assigned on an ad hoc basis after the design has been fixed. Significant gains are to be made by considering the maintenance frequency at the design stage. 5.3 Analytic Development of Safety and Risk in Engineering Design 689 The choice of design is not unrestricted, in that practical considerations place limits on resources both during the design stage as well as in the later stages of the engineered installation, preventing a completely free choice of system design and rendering some design variations infeasible. b) The Design Optimisation Problem The objective of the design optimisation problem is to maximise design integrity by minimising system unreliability and unavailability through manipulation of the design variables such that constraint propagated limitations are not violated. Dif- ferent optimisation approaches to determine optimal design solutions have included dynamic programming, integer programming, mixed integer programming,aswell as non-linear programming and heuristics. Dynamic programming in this context is applicable to maximise reliability for a system given a single cost constraint in which the problem is to identify the optimal levels of redundancy (Bellman et al. 1962). The dynamic programming approach can also be applied to more d ifficult design problems in which a system has multiple sub-systems and components, each with constraints on cost and weight. For each sub-system, several component choices are made with different reliability, cost and weight. However, to accommodate such multiple constraints, the use of a Lagrangian multiplier within the objective func- tion is essential (Fyffe et al. 1968). While such a formulation provides a selection of different components, the search space is restricted to consider only solutions where identical components are in parallel. The use of a Lagrangian multiplier with dynamic programming is, however, often inefficient, necessitating the use of a sur- rogate constraints approach (Nakagawa et al. 1981). An alternate approach to the design optimisation problem has been to use integer programming. In applying integer programming, it is necessary to restrict the search space and prohibit mixing of different components within a sub-system. To max- imise reliability given non-linear but separable constraints, many variations of the problem can be transformed into an equivalent integer programming problem, using a branch-and-boundapproach (Ghare et al. 1969). The design optimisation problem can also be formulated as a multi-objective decision-making pr oblem with distinct goals for reliability, cost and weight (Misra et al. 1991). There have been several ef- fective uses of mixed integer and non-linear programming to solve the redundancy allocation problem in optimising a specific design. In these problems, component reliability is treated as a continuous variable, and component cost is expressed as a function of reliability and several other parameters (Tillman et al. 1977). While the redundancy allocation problem in design optimisation has been stud- ied in great detail and, in practice, many system de signs use multiple different (yet functionally similar) components in parallel, two areas that have not been suffi- ciently analysed are the implications of mixing functionally similar components within a parallel sub-system, and the use of k-out-of-n:G redundancy(k > 1).A typ- ical example is the determination of solutions to the redundancy allocation problem 690 5 Safety and Risk i n Engineering Design for a system design comprising series-parallel components in a high-integrity pro- tection system (HIPS). In such cases, use of genetic algorithms (GAs) in design optimisation is most appropriate. The power of genetic algorithms is that they can easily be adapted to diverse design scenarios including those with functionally simi- lar components, k-out-of-n: G redundancy, and more complex forms of redundancy. c) Genetic Algorithms (GAs) The use of genetic algorithms (GAs) in designing for safety in process engineer- ing systems is a new approach to determining solutions to the redundancy alloca- tion problem for a series-parallel system d esign comprising multiple components in a h igh-integrity protection system (HIPS). In such design problem formulations, there are specified numbers of sub-systems and, for each sub-system, there are mul- tiple component choices that can be selected and used in parallel. For designed sys- tems using off-the-shelf component types, with known cost, reliability and weight, system design and component selection become a combinatorial optimisation prob- lem where new system designs are composed largely of standard component types (pressure sensors, pressure control valves, etc.) with known characteristics. The problem is then to select the optimal combination of componentswith specific levels of redundancy, to collectively meet reliability and weight constraints at a minimum cost or, alternatively, to maximise reliability given cost and weight constraints. The GA optimisation approach is one of a family of heuristic optimisation tech- niques that has been demonstrated to converge to the optimal solution for many diverse, difficult problems, although optimality cannot always be guaranteed. The ability of the GA to efficiently find good solutions often depends on properly cus- tomising the encoding, operators and fitness measures to the specific engineering design problem. Genetic algorithms have been used to solve many difficult combi- natorial optimisation problems with large and complex search spaces. For a fixed design configuration and known incremental decreases in component failure rates and their associated costs, a GA can be used to find maximum reliability solutions to satisfy specific cost constraints. The algorithm can be formulated to optimise reliability, mean time between failure (MTBF), and availability (Painton et al. 1995). Genetic algorithms have also been used in the an alysis of series-parallel systems with multiple sub-systems and unique componentchoicesfor each sub-system (Coit et al. 1994), and to find solutions to the redundancy allocation problem where there are several failure modes(Ida et al. 1994).An interesting feature of this work, which will be considered in greater detail in a later section, is the u se of neural network approximations to sub-system reliability, instead of exact solutions. The GA methodology A genetic algorithm (GA) is a stochastic optimisation tech- nique patterned after natural selection in biological evolution (Goldberg 1989). The main advantage of the GA is that there are very few restrictions on the form of the solutions. The GA thoroughly examines the search space, and r eadily identifies 5.3 Analytic Development of Safety and Risk in Engineering Design 691 design configurations that will improve the final solution but would not be identified using prior dynamic programming, integer programming or non-linear program- ming formulations of the same design optimisation problem. The GA methodology is characterised by: • Encoding of solutions. • Generation of an initial population. • Selection of parent solutions for breeding. • Crossover breeding operator. • Mutation operator. • Culling of inferior solutions. • Iteration, i.e. repetition of steps 3–6 until termination criteria is met. An effective GA depends on complementary crossover and mutation operators. The effectiveness of the crossover operator dictates the rate of convergence, while the mutation opera tor prevents the algorithm from prematurely converging to local op- tima. The number of children and mutants produced with each generation are vari- able parameters that are held constant during a specific trial (Smith et al. 1996). Solution encoding Traditionally, solution encoding has been a binary string, as considered later in the example. For combinatorial optimisation, however,an encod- ing using integer values can be more efficient. Each possible solution to the redun- dancy allocation problem can be viewed as a collection of components in parallel for each sub-system. The selected components can be chosen in any combination from among the available components. These selected components are indexed in descending ord er of reliability (1 be ing the most reliable, etc.). The solu tion encod- ing is a vector representation in which each of the sub-systems is represented by the selected components, which form a particular solution and are listed according to their reliability index. The sub -system representations are then placed adjacent to each other to complete the vector representation. As an example, consider a system with sub-systems s = 3, with available com- ponents for each sub-system equating to m 1 = 5, m 2 = 4, m 3 = 5, and the max- imum number of components predetermined to be n max = 5. The solution string v q =(11 666|22 355|46 666) represents a prospective solution with two of the most reliable components used in parallel for the first sub-system, two of the second most reliable, and one of the third most reliable components used in parallel for the sec- ond sub-system, and one of the fourth most reliable components used for the third sub-system. Certain assumptions are inevitably made, typically: • The component reliabilities are known and deterministic. • Failures of individual components are independent. • All redundancy is active redundancy without repair. Initial population In general, the minimum effective population size would grow with problem size. For example, for a given population size P, the initial population is determined by randomly selecting p solution vectors. For each solution, s inte- gers are randomly selected to represent the number of components in parallel n i for 692 5 Safety and Risk i n Engineering Design a specific sub-system. Then, n i components are randomly and uniformly selected from among the m i components that are available. The selected components are se- quenced in accordance with their reliability. Objective function A typical objectivefunction of the redundancyallocation prob- lem in design optimisation is the sum of the reliability or cost, and a dynamicpenalty function determined by the relative degree of infeasibility of the solution set. Thus, in the specific case of a redundancy allocation problem for a series-parallel system, the problem formulation is to maximise reliability (problem P1) or to minimise cost (problem P2), given that these constraints are specified for each sub-system. This is given in the algorithmic expressions of Problem P1: max x ∏ i=1 R i (x i |k i ) (5.97) Problem P2: min s ∑ i=1 C i (x i ) ≤ C (5.98) s ∑ i=1 W i (x i ) ≤ W where: R i (x i |k i )=reliability of sub-system i,givenk C i (x i )=total cost of sub-system i W i (x i )=total weight of sub-system i k i = minimum number of components in parallel required for sub-system i to operate. Within the two problem formulations, system weight and cost are often defined as linear functions because this is a reasonable representation of the cumulative effect of component cost and weight. Using probability principles, it can be shown that system reliability can be expressed as a function of the decision variable x i , as indi- cated in Eq. (5.99) below. However, with such a general form of system reliability, it is not possible to determine a linearly equivalent objective function or constraint, as is done in integer programming formulations. R s (x 1 ,x 2 , ,x s |k)= x ∏ i=1 R i (x i |k i ) (5.99) Dynamic penalty function It is important to search through the infeasible region of the solution set, particularly for h ighly constrained problems, because in most cases the optimal solution can efficiently be reached via the infeasible region and, often, good feasible solutions are a product of breeding between a feasible and an infeasible solution. 5.3 Analytic Development of Safety and Risk in Engineering Design 693 To provide an efficient search through the infeasible region, but to ensure that the final best solution is feasible, a dynamic penalty function based on a significant criterion is defined to in crementally increase the penalty for infeasible solutions. For cost minimisation (problem P2), the objective and penalty functions are de- fined as follows f( λ ,v q )= s ∑ i=1 C i (x i )+P( λ ,v q ) (5.100) where: s = total number of sub-systems λ = Lagrangian multiplier vector v q = vector encoding of solution q f( λ ,v q )=fitness for the q member of the population C i (x i )=objective function for total cost of sub-system i P( λ ,v q )=penalty function for q member of the population. Crossover breeding operator The crossover b reeding operator provides a thor- ough search of areas of the sample space that demonstrate to produce good solu- tions. For the developed GA, parents are selected based on the ordinal ranking of their objective function. A uniform random numberU, between 1 and p, is selected, and the solution with the ranking closest to U is selected as a parent, following an appropriate selection procedure (Smith et al. 1993). The crossover operator retains all identical genetic information from both parents, and is then randomly selected with equal probability from either of the two parents for components that differ. Because the solution encoding is ranked, matches will inevitably be found. Mutation operator The mutation operator performs random perturbations to se- lected solutions. A predetermined number of mutations within a generation is set for each GA trial. Each value within the solution vector, which is randomly selected to be mu tated, is chan ged with probability equal to the mutation rate. A mutated component is changed with 50% probability, and a randomly chosen component with 50% probability (Smith et al. 1996). Evolution A survival of the fittest strategy is employed. After crossover breeding, the p best solutions from among the previous generation and the new child vec- tors are retained to form the next generation. The fitness measure is the objective function value. Mutation is then performed after culling inferior solutions from the population. The best solution within the population is never chosen for mutation, to ensure that the optim al solution is never altered via mutation. The GA is terminated after a pre- selected number of generations, although the optimal solution is usually reached much earlier. . 684 5 Safety and Risk i n Engineering Design Fig. 5.49 Detail design model of the scrubber in the l ayout of a gas cl eaning plant structural and geometric feature of the design. A schematic design. problem 690 5 Safety and Risk i n Engineering Design for a system design comprising series-parallel components in a high-integrity pro- tection system (HIPS). In such cases, use of genetic algorithms. components, k-out -of- n: G redundancy, and more complex forms of redundancy. c) Genetic Algorithms (GAs) The use of genetic algorithms (GAs) in designing for safety in process engineer- ing systems