724 5 Safety and Risk i n Engineering Design Fig. 5.78 Ward back propagation ANN architecture (Schocken 1994) Fig. 5.79 Probabilistic (PNN) ANN architecture (Schocken 1994) Fig. 5.80 General regression (GRNN) ANN architecture (Schocken 1994) GRNN applications are able to produce continuous valued outputs and respond bet- ter than back propagation in m any cases (Fig. 5.80). Unsupervised neural network Kohonen self-organising map—contains an input and an output layer. One neurode is present in the output layer for each category specified by the user. Kohonen networks are known to separate data into a specified number of categories (Fig. 5.81). In Sect. 5.4, an artificial intelligence-based blackboard model is used to hold shared information in a general and simple model that allows for the representa- tion of a variety of modelled system behaviours. The AIB blackboard system is prescribed for problem-solving in knowledge-intensive domains that require large Fig. 5.81 Kohonen self- organising map ANN archi- tecture (Schocken 1994) 5.4 Application Modelling of Safety and Risk in Engineering Design 725 amounts of diverse and incomplete knowledge, therefore necessitating multiple co- operation of various knowledge sources. One knowledge source, a neural expert program (Lefebvre et al. 2003), is em- bedded in the AIB blackboard for processing of time-varying information, such as non-linear dynamic modelling, time series prediction, and adaptive control of vari- ous engineering design problems. 5.4 Application Modelling of Safety and Risk in Engineering Design Returning to Sect. 1.1, the five main objectives that need to be accomplished in pursuit of the goal of the research in this handbook are: • the development of appropriate theory on the integrity of engineering design for use in mathematical and computer models; • determination of the validity of the developed theory by evaluating several case studies of engineering designs that have been recently constructed, that are in the process of being constructed or that have yet to be constructed; • application of mathematical and computer modelling in engineering design veri- fication; • determination of the feasib ility of a practical application of intelligent computer automated methodology in engineering design reviews through the development of the appropriate industrial, simulation and mathematical models. The following models have been developed, each for a specific purpose and with specific expected results, in partly achieving these objectives: • RAMS analysis model, to validate the developed theory on the determination of the integrity of engineering design. • Process equipment models (PEMs), for application in dynamic systems simula- tion modelling to in itially determine mass-flow balances for preliminary engi- neering designs of large integrated process systems, and to evaluate and verify process design integrity of complex integrations of systems. • Artificial intelligence-based (AIB) model, in which relatively new artificial intel- ligence (AI) modelling techniqu es, such as inclusion of knowledge-based expert systems within a blackboard model, have been applied in the development of intelligent computer automated methodology for determining the integrity of en- gineering design. The third model, the artificial intelligence-b ased (AIB) model, will now be consid- ered in detail in this section. 726 5 Safety and Risk in Engineering Design 5.4.1 Artificial Intelligence-Based (AIB) Blackboard Model Artificial intelligence (AI) has been applied to a number of fields of engineering design. Although there are some features that the various design areas share, such as the need to integrate heuristics with algorithmic numerical procedures, there are also some important differences. Each field of engineering seems to recognise the importance of representing declarative concepts, although specific needs vary. In process engineering, for example, the hierarchical representation of components with their functional relationships seems to be vital. In mechanical engineering, the representation of solid geometric shapes has been thoroughly studied and is viewed as being crucial to the successful evolution of computer aided d esign or manufac- turing CAD/CAM systems. Artificial intellig ence in engineering design can be de- scribed as a discipline that provides a multi-level methodologyfor knowledge-based problem-solving systems, in which a knowledge-level specification of the system (and the class of problems it must solve) is mapped into an algorithm-level descrip- tion of an efficient search algorithm for efficiently solving that class of problems. The algorithmdescriptionis then mapped into programcodeatthe program level, using one or more programming paradigms (e.g. procedural programming, rule- based programming or object-oriented programming, OOP), or shells (e.g. RAM- ESP), or commercially available sub-systems (e.g. CLIPS, JESS or EXSYS). The application of AI to engineering design thus represents a specialisation of software engineering methodology to: • Design tasks (specified at the ‘knowledge level’). • Design process models (described at the ‘algorithm level’). • Design programs built from shells (implemented at the ‘program level’). Integration of the design process with blackboard models The quality of engi- neering design using traditional CAD techniques is adversely affected by two fea- tures of the design process. Features of the design process affecting the quality of engineering design are: • Limited scope in addressing problems that arise in the many stages of the devel- opment of an engineered installation. • A lack of understanding of the essential processes involved in engineering de- sign. Both of these are related to systems integration issues. The life cycle of an engi- neered installation can be described by a collection of projects, where each project involves a coherent set o f attributes, such as the design, manufacturing or assem- bling of a system. Traditional CAD tools typically address some n arrow aspect of the design project, and fail to provide integrated support for the d evelopment of an 5.4 Application Modelling of Safety and Risk in Engineering Design 727 engineered installation, particularly evaluation of design integrity. Essentially, mod- ern engineering design of complex systems requires an approach that allows mul- tiple, diverse program modules, termed knowledge sources, to cooperate in solving complex design p roblems. The (AIB) blackboard model The artificial intelligence-based (AIB) blackboard model that has been developed enables the integration of multiple, diverse program modules into a single problem-solving environment for determining the integrity of engineering design. This AIB blackboard model is a database that is used to hold shared information in a centralised model that allows for the representation of a variety of modelled system behaviours. Given the nature of programming for blackboard systems, it is prescribed for problem-solving in knowledge intensive domains that require large amounts of diverse and incomplete knowledge, therefore requiring multiple cooperationof various knowledge sources in the search of a large problem space. The AIB blackboard model consists of a data structure (the blackboard) contain- ing information (the context) that permits a set of modules (knowledge sources) to interact. The blackboard can be seen as a global database or working memory in which distinct representations of knowledge and intermediate results are integrated uniformly. It can also be seen as a means of communication among knowledge sources, mediating all of their interactions in a co mmon display, review and per- formance evaluation area. The engineering design methodology for the AIB black- board model, presented in the following graphical presentation (Fig. 5.82), applies the concept of object-oriented p rogramming. Object-oriented programming (OOP) has two fundamental properties, encapsu- lation and inheritance. Encapsulation means that the user (the engineering designer) can request an action from an object, and the object chooses the correct operator, as opposed to traditional programming where the user applies operators to operands and must assure that the two are type compatible. The second property, namely inheritance, greatly improves the re-usability of code, as opposed to traditional pro- gramming where new functionality often means extensive re-coding. In this way, the AIB blackboard model may be structured so as to represent dif- ferent levels of abstraction and also distinct and possibly overlapping solutions in the design space of complex engineering d esign problems. In terms of the type of problems that it can solve, there is only one major assumption—that the problem- solving activity generates a set of intermediate results. The AIB blackboard model for engineering design integrity consists of four sections, each section containing six design modules, culminating in a summary design analysis module particular to each specific section (Fig. 5.83). The first sec- tion of the AIB blackboard model contains modules or knowledge sources for as- sessing preliminary design (inclusive of conceptual design basics), such as process definition, performance assessment, RAM assessment, design assessment, HazOp analysis, and critical process specifications, including a summary process analysis module. The second section contains modules for evaluating detail design, such as systems definition, functions analysis, FMEA, risk evaluation, criticality analysis, 728 5 Safety and Risk in Engineering Design Fig. 5.82 AIB blackboard model for engineering design integrity (ICS 2003) and critical plant specifications, including a summary plant analysis module. The third section contains modules related to operations analysis, and the fourth sec- tion contains modules of knowledge-based expert systems relating to the modules of the three former sections. Thus, the expert system module called ‘facts’ relates to process definition, systems definition and operating procedures, etc. Most engineeringdesigns are still carried out manuallywith input variables based on expert judgement, prompting considerable incentive to develop model-based techniques. Investigation of safety-related issues in engineering designs can effec- tively be done with discrete event models. A process plant’s physical behaviour can be modelled by state transition systems, where the degree of abstraction is adapted both to the amount of information that is available at a certain design phase, and to the objective of the analysis. A q ualitative plant description for designing for safety is sufficient in the early design phases, as indicated in Figs. 5.83 to 5.87. However, the verification of supervisor y controllers in later design phases requires finer mod- elling su ch as the development of timed discrete models. The procedure of model refinement and verification is later illustrated by the application of expert systems. A systematic hierarchical representation of equipment, logically grouped into systems, sub-systems, assemblies, sub-assemblies and components in a systems breakdown structure (SBS), is illustrated in Fig. 5.84. 5.4 Application Modelling of Safety and Risk in Engineering Design 729 Fig. 5.83 AIB blackboard model with systems modelling option The systems breakdown structure (SBS) provides visibility of process systems and their constituent assemblies and components, and allows for safety and risk analysis to be summarised from system level to sub-system, assembly, sub-assembly and component levels. The various levels of the SBS are norm a lly determined by a framework of criteria established to logically group similar components into sub- assemblies or assemblies, which are then logically grouped into sub-systems or sys- tems. This logical grouping of items at each level of an SBS is done by identifying the actual physical design configuration of the various items at one level of the SBS into items of a higher level of the systems hierarchy, and by defining common operational and physical functions of the items at each level. When designing or analysing a system for safety, a method is needed to determine how the variables are interrelated. System hierarchical models based on a structured SBS, as illus- trated in Fig. 5.85, provide formulations of the core concept of a system in order to match the particular modellin g perspective—for example, establishing FMEA and criticality analysis in designing for safety. The p articular model formalisms that are used depend on the objectives of the modelling requirements and the modelling techniques applied. In the case of schematic design modelling, the formalisms commonly used are functional (what a system can do), behavioural (describes or predicts the system’s dynamic response) 730 5 Safety and Risk in Engineering Design Fig. 5.84 Designing for safety using systems modelling: system and assembly selection and schematic (an iconic model of the system’s structure and connectivity). Thus, a schematic design model contains design variables and constraints describing the structural and geometric feature of the design. A detail design model typically has variables and constraints representing embodiment, structure and assembly, and dy- namic flow and energy balance information of the process layout. Designing for safety begins with a schematic design model, as graphically illustrated in Fig. 5.85, and development of a systems hierarchical structure as graphically illustrated in Fig. 5.86. The treeview illustrated in the left column of Fig. 5.86 enables designer s to view selected equipment (assemblies, sub-assemblies and components) in their cascaded systems hierarchical structure. The equipment and their codes are related according to the following systems breakdown structure (SBS): • components, • assemblies, • systems, • sections, • operations, • plant. 5.4 Application Modelling of Safety and Risk in Engineering Design 731 Fig. 5.85 Designing for safety using systems modelling A selection facility in the treeview, alongside the selected component, enables the designer to directly access the component’s specific technical specifications, or spares bill of materials (BOM). Equipment technical data illustrated in Fig. 5.87 automatically format the tech- nical attributes relevant to each type of equipment that is selected in the design process. The equipment technical data document is structured into three sectors: • technical data obtained from the technical data worksheet, relevant to the equip- ment’s physical and rating data, as well as performance measures and perfor- mance operating, and property attributes that are considered during the design process, • technical specifications obtained from an assessment and evaluation of the re- quired process and/or system design specifications, • acquisition data obtained from manufacturer/vendor data sheets, once equipment technical specifications have been finalised during the detail design phase of the engineering design process. A feature of the systems m odelling option in the AIB blackboard model is to d e- termine system failure logic from network diagrams or fault-tree diagrams, through Monte Carlo (MC) simulation. 732 5 Safety and Risk in Engineering Design Fig. 5.86 Treeview of systems hierarchical structure Figure 5.88 illustrates the use of the network diagram in determining potential system failuresin a parallel controlvalveconfiguration of a high-integrityprotection system (HIPS). Isograph’s AvSim c  Availability Simulation Model (Isograph 2001) has been imbedded in the AIB blackboard for its powerfulnetwork diagrammingca- pability, especially in constructing block diagrams. The network diagram consists of blocks and nodes connected together in a parallel (and/or series) arrangement. The blocks in the network diagram usually represent potential component or sub-system failures, although they may also be used to represent other events such as operator actions, which may affect the reliability of the system under study. The nodes in the network diagram are used to position connecting lines and indicate voting arrange- ments. The complete system network diagram will consist of either a single node or block on the left-hand side of the diagram (input node or block) connected via intermediate nodes and blocks to a single node or block on the right-hand side of the diagram (output node or block). A complete system network diagram can have only one input node or block and one output node or block. In addition, all the inter- mediate nodes and blocks must be connected. The entire system network diagram represents ways in which component and sub-system failures will interact to cause the sy stem to fail. 5.4 Application Modelling of Safety and Risk in Engineering Design 733 Fig. 5.87 Technical data sheets for modelling safety Monte Carlo simulation is employed to estimate system and sub-system param- eters such as number of expected failures, unavailability, system capacity, etc. Th e process involves synthesising system performance over a given number of simula- tion runs. In effect, each simulation run emulates how the system might perform in real life, based on the input data provided by the blackboard system’s knowledge base. The input data can be divided into two categories: a failure logic diagram, and quantitative failure and/or maintenance parameters. The logic diagram (either a fault tree or a network diagram, in this case) informs the knowledge base how component failures interact to cause system failures. The failure and maintenance parameters indicate how often components are likely to fail and how quickly they should b e restored to service. By performing many simulation runs, a statistical pic- ture of the system performance is established. Monte Carlo simulation must emulate the chance variations that will affect system performance in real life. To do this, the model must generate random numbers that form a uniform distribution. Simulation methods are generally employed in relia bility studies when deterministic methods are incapable of modelling strong dependencies between failures. In add ition, sim- ulation can readily assess the reliability behaviour of repairable components with non-constant failure or repair rates. . problem-solving in knowledge-intensive domains that require large Fig. 5.81 Kohonen self- organising map ANN archi- tecture (Schocken 1994) 5.4 Application Modelling of Safety and Risk in Engineering. is em- bedded in the AIB blackboard for processing of time-varying information, such as non-linear dynamic modelling, time series prediction, and adaptive control of vari- ous engineering design. Application Modelling of Safety and Risk in Engineering Design Returning to Sect. 1.1, the five main objectives that need to be accomplished in pursuit of the goal of the research in this handbook are: •