Fuzzy Fault Trees Formalized⋆

Thi Kim Nhung Dang1 , Milan Lopuhaä-Zwakenberg1 , and Mariëlle

Stoelinga1,2
1
University of Twente, Enschede, the Netherlands
{t.k.n.dang, m.a.lopuhaa, m.i.a.stoelinga}@utwente.nl
2
Radboud University, Nijmegen, the Netherlands
arXiv:2403.08843v1 [cs.AI] 13 Mar 2024

m.stoelinga@cs.ru.nl

Abstract. Fault tree analysis is a vital method of assessing safety risks.

It helps to identify potential causes of accidents, assess their likelihood
and severity, and suggest preventive measures. Quantitative analysis of
fault trees is often done via the dependability metrics that compute the
system’s failure behaviour over time.
However, the lack of precise data is a major obstacle to quantitative
analysis, and so to reliability analysis. Fuzzy logic is a popular framework
for dealing with ambiguous values and has applications in many domains.
A number of fuzzy approaches have been proposed to fault tree analysis,
but —to the best of our knowledge— none of them provide rigorous
definitions or algorithms for computing fuzzy unreliability values.
In this paper, we define a rigorous framework for fuzzy unreliability val-
ues. In addition, we provide a bottom-up algorithm to efficiently calculate
fuzzy reliability for a system. The algorithm incorporates the concept of
α-cuts method. That is, performing binary algebraic operations on inter-
vals on horizontally discretised α-cut representations of fuzzy numbers.
The method preserves the nonlinearity of fuzzy unreliability. Finally, we
illustrate the results obtained from two case studies.

Keywords: Fault trees · reliability analysis · fuzzy numbers

1 Introduction

Fault trees. Fault trees (FTs) are a systematic, graphical tool used to identify
potential sources of failure in a system. By analyzing an FT, a designer can
identify potential failure paths, understand the impact of failures, and determine
the best measures to prevent them. A FT is a directed acyclic graph (DAG) that
consists of basic events (BEs) representing atomic failure events, intermediate
AND/OR gates whose activation depends on that of their children, and the root
representing system failure. The system fails when the root is activated. We
provide a brief overview of FTs in Sec.4
⋆
This research has been partially funded by ERC Consolidator grant 864075 CAESAR
and the European Union’s Horizon 2020 research and innovation programme under
the Marie Skłodowska-Curie grant agreement No. 101008233.
2 Dang et al.

Quantitative analysis. Whereas qualitative analysis identifies critical factors and

root causes in a system design, quantitative analysis generates relevant numeri-
cal values. Typical metrics include the system reliability, availability, mean time
to failure, etc. We are focused on (un)reliability, a method that calculates sys-
tem failure probability, where BEs are equipped with probabilistic information.
Unreliability is a critical safety metric to ensure system safety and availability.
Uncertain parameters. Conventional fault tree analysis (FTA) assumes failure
probability is exact or a single estimated value. However, it is infeasible in prac-
tice to estimate a failure rate or probability as we must handle two types of
uncertainty: aleatoric uncertainty that stems from natural fluctuations, modeled
as probability distributions; and epistemic uncertainty that stems from a lack of
knowledge, in our case not knowing exact values for failure rates. Thus, methods
that allow us to deal with uncertain parameter values are urgently needed.
Fuzzy theory. Fuzzy theory is a common framework for handling imprecise data/uncertainty.
Fuzzy logic has been applied in various domains such as control systems [2], med-
ical imaging, economic risk assessment, decision trees [3] and machine learning
[4]. Fuzzy logic models uncertainty/similarity by a range of values, and to each of
these a possibility value in [0, 1] is assigned by means of a membership function.
Fundamentals of fuzzy theory are summarised in Sec.3 and based on our earlier
paper [5].
While fuzzy theory has been proposed in many studies to overcome the lim-
itation of conventional FTA [11,16,8,14], it has been lacking in mathematical
rigor in much of the earlier work. In addition, there are no efficient algorithms
for calculating unreliability with fuzzy parameters. Performing exact calculations
for nonlinear operations is computationally expensive and difficult to implement
in practice. As a consequence, there are approximations that result in fuzzy
numbers of the same type as the operands [16]. Thus, they do not provide the
right-shaped resulting number. Moreover, if the operands are of two different
types, the approximation is not applicable.
Contributions. Our first contribution is a clear, mathematically rigorous defini-
tion of the fuzzy unreliability metric. The definition is valid for general fuzzy
numbers, rather than specific types such as triangular numbers. The definition
follows Zadeh’s extension principle [19], a general approach to apply functions
and arithmetic operations on sets to fuzzy numbers.
We then propose a bottom-up algorithm for calculating fuzzy unreliability
metric for tree-structured FTs. During the calculation procedure, fuzzy attribu-
tion is discretised horizontally and saved as α-cut series. Arithmetic operations
are performed on these α-cut series representing fuzzy numbers. Output of the
algorithm is an α-cut series approximation of a fuzzy number. This approximate
computational technique works for fuzzy numbers that can be expressed as α-
cut interval and is applicable when performing operations on fuzzy numbers of
different types.
Summarized our contributions are:

1. A rigorous definition of fuzzy unreliability metric;

 Fuzzy Fault Trees Formalized 3

2. A bottom-up algorithm for computing fuzzy unreliability in tree-like FTs

based on α-cuts;
3. A counter example showing why a straight forward extension of BDD-based
methods for reliability calculations does not work for fuzzy fault trees;
4. An implementation of the algorithm and its illustration on two benchmark
fault trees.

2 Related work

Fuzzy fault tree analysis has been studied in a wide body of literature and re-
viewed in many works[11,12]. When vagueness arise, uncertain parameters can
be described as fuzzy numbers. Each BEs is then equiped with a fuzzy num-
ber/possibility. Fuzzy set theory was first introduced in fault tree analysis by
Tanaka et al.[16]. The main idea of using fuzzy theory is to express the ambigu-
ous parameters in triangular, or trapezoidal, or Left-Right type fuzzy numbers,
then calculate the fuzzy probability of the top event based on Zadeh’s principle
as in [16], or using α-cut fuzzy operators as in[8], or applying extended algebraic
operations on the L-R type fuzzy number as in[14].
In general, it is challenging to calculate the fuzzy probability of a top event.
This is because of the multiplication of fuzzy numbers. Nonlinear programming
of the operation is infeasible to implement in practice [17]. Multiplication of
trapezoidal or triangular numbers is often done using an estimation [16] which
results in a fuzzy number of the same type as the operands. An approximate an-
alytical algorithm for calculating fuzzy operations is L-R representation[6]. Also,
there is an approximate numerical approach [13] that applies the extension prin-
ciple to the discretised fuzzy numbers resulting in the discrete extended product.
This approach, however, lacks generality because the extended operation may
not result in convex numbers. Using α-cut representation and interval arithmetic,
DSW algorithm [17] provides an efficient way to calculate fuzzy operations. We
incorporate this method into our BU-algorithm.

3 Preliminary Theory

Fuzzy set theory was first introduced by L.A. Zadeh [19] in 1965. Since then it
has been used to deal with vague problems. We consider fuzzy elements that can
have a range of possible values. For an element x of a set X, the extent to which
x can be equal to x is expressed by the membership degree of x in x, which is
a value x[x] ∈ [0, 1]. By that, x[x] = 1 denotes full membership, while x[x] = 0
denotes no membership.
For instance, the failure probability of a BE may be given as a real number,
e.g. x = 0.3 ∈ R; but often the exact value is not known precisely, and can be
somewhere around 0.3. This can be represented by a fuzzy number x : R → [0, 1]
which is 0 everywhere except close to 0.3, and which has a maximum at 0.3 (see
Fig. 1).
4 Dang et al.

(a) (b) (c)

Fig. 1: (a) A non-fuzzy, ‘crisp’ element x = 0.3, (b) a fuzzy element x, expressing
uncertainty around 0.3, and (c) a trapezoidal fuzzy number trapa,b,c,d .

Definition 1. Let X be a set. A fuzzy element of X is a function x : X → [0, 1].

The set of all fuzzy elements of X is denoted F(X) := {x | x : X → [0, 1]}.

Our definition of fuzzy element is very general. Many works in the literature
restrict the form of the function x : X → [0, 1] to make computation more con-
venient, especially for X = R, i.e., for so-called fuzzy numbers. Thus there exist
triangular, trapezoidal, Gaussian, etc. fuzzy numbers [7].

Example 1. For real numbers a ≤ b ≤ c ≤ d, the trapezoidal fuzzy number

trapa,b,c,d ∈ F(R) is defined as (see Fig. 1c):

 x−a

 b−a , if a < x ≤ b,

1, if b < x < c,
trapa,b,c,d [x] = d−x
 , if c ≤ x < d,
 d−c


0, otherwise.

Triangular fuzzy numbers are special cases of trapezoidal numbers, with b = c.

Thus, tria,b,d = trapa,b,b,d . Gaussian fuzzy numbers are characterized by their
mean m and standard deviation d:
2
gaussm,d [x] = exp ( −(x−m)
2d2 )

For convenience, we abbreviate x via a list of membership values x 7→ x[x],

omitting x for which x[x] = 0. For example, x = {1 7→ 0.7, 2 7→ 0.5} ∈ F(Z)
denotes the fuzzy number with x[1] = 0.7, x[2] = 0.5 if x = 2 and x[x] = 0
everywhere else.

Zadeh’s extension principle. They key technique to perform arithmetic opera-

tions on fuzzy numbers is based on Zadeh’s extension principle [7,19]. To under-
stand this principle, consider a function f : X → Y . Zadeh’s extention principle
lifts f to a function over fuzzy numbers fe: F(X) → F(Y ). First assume the
special case where f is injective and f (x) = y. Then we set fe(x)[y] = x[y], since
the trust we have that for f (x) to be equal to y is the same the trust we have for
x to be y. For y ∈ Y without an inverse, i.e. with f −1 (y) = ∅, we set fe(x)[y] = 0,
since f can never be equal to y. Now, if f is not injective, then there can be
 Fuzzy Fault Trees Formalized 5

multiple values x with f (x) = y. Each of these values x ∈ f −1 (y) have been
assigned a fuzzy value x. Zadeh’s extension principle takes the best value from
x ∈ f −1 (y), i.e. for which x[x] is maximal. For functions of multiple arguments
this works exactly the same.

Definition 2 (Zadeh’s Extension Principle). Let f be a multiargument

function f : X1 × X2 × · · · × Xn → Y . The Zadeh extension of f is the function
fe: F(X1 ) × . . . × F(Xn ) → F(Y ) defined as:

 sup min xi [xi ], f −1 (y) ̸= ∅,
(x1 ,x2 ,...,xn )∈ i Xi : i=1,...,n
 Q
fe(x1 , . . . , xn )[y] = f (x1 ,x2 ,...,xn )=y

0 f −1 (y) = ∅.


Addition and subtraction operations performed on specific fuzzy numbers

can have straightforward formulations. E.g., for two trapezoidal fuzzy numbers
we have

trapa1 ,a2 ,a3 ,a4 +

e trapb1 ,b2 ,b3 ,b4 = trapa1 +b1 ,a2 +b2 ,a3 +b3 ,a4 +b4 ,
trapa1 ,a2 ,a3 ,a4 −
e trapb1 ,b2 ,b3 ,b4 = trapa1 −b4 ,a2 −b3 ,a3 −b2 ,a4 −b1 .

The key problem with fuzzy operations is that for many common operations,
Zadeh’s extension principle destroys the shape of their operant. E.g. For example,
due to their non-linearity, the quotient of two trapezoidal fuzzy numbers is not
trapezoidal; the same is true for their product.
Some works approximate operations by a fuzzy number of the same type as
the operations. Such approximations yield outcomes that are easy to visualize,
but are not exact [3].

α-cuts Another way to perform arithmetic operations on fuzzy number is via

their α-cuts [3]. An α-cut of x(α) of a fuzzy number x ∈ F(X) yields all values
in x with x[x] ≥ α, i.e. whose trust is at least α.

Definition 3. Let x ∈ F(X) and α ∈ [0, 1]. An α-cut or α-level x(α) of x equals

x(α) = {x ∈ X | x[x] ≥ α}. (1)

Example 2. The α-cuts of trapezoidal and guassian fuzzy number are given by:

(α)
trapa,b,c,d = [(b − a)α + a, d − (d − c)α]
(α)  √ √ 
gaussm,d = m − d −2 ln α, m + d −2 ln α

The elements of the set of α-cut lie in the red interval shown in Fig. 2
6 Dang et al.

Fig. 2: α−cut of trapezoidal fuzzy number trapa,b,c,d .

Suppose we have a fuzzy number x that is (piecewise) continuous and convex

— i.e., for all x, y ∈ R and λ ∈ R we have x[λx + (1 − λ)y] ≥ min{x[x], x[y]}.
(α) (α)
For such a fuzzy number each α-cut x(α) is a closed interval [a1 , a2 ]. Fur-
thermore, x is completely determined by this collection of intervals, as α ranges
over [0, 1]. This means that we have two ways of describing such a fuzzy num-
ber: either by the membership function x : R → [0, 1], or by the two functions
a1 , a2 : [0, 1] → R, that assign to α the endpoints of the α-cut of x. The advan-
tage of the second viewpoint is that Zadeh extensions become significantly easier
to compute: it turns out that Zadeh extensions of arithmetic operations become
interval operations on the α-cuts. These operations are defined as follows.

Definition 4. (Interval operations[1,2]) Let [a1 , a2 ] and [b1 , b2 ] be two closed

intervals on the real line. The arithmetic operations between intervals is defined
by
1. [a1 , a2 ] + [b1 , b2 ] = [a1 + b1 , a2 + b2 ]
2. [a1 , a2 ] − [b1 , b2 ] = [a1 − b2 , a2 − b1 ]
3. [a1 , a2 ] · [b1 , b2 ] = [min{a1 b1 , a1 b2 , a2 b1 , a2 b2 }, max{a1 b1 , a1 b2 , a2 b1 , a2 b2 }]

The following result shows that we can use these interval operations to cal-
culate Zadeh extensions, by describing the resulting fuzzy number in terms of its
α-cuts. Note that many existing fuzzy number types such as triangular, trape-
zoidal, Gaussian, satisfy its assumptions.

Lemma 1. Let x, y be two piecewise continuous, convex fuzzy numbers, and let
⋄ be an arithmetic operation in {+, −, ·}. Then the α-cuts of the fuzzy number
⋄y are given by
xe

⋄ y)(α) = {x ⋄ y|x ∈ x(α) , y ∈ x(α) } = x(α) ⋄ y(α) ,

(x e ∀α ∈ [0, 1]

Example 3. Consider two triangular fuzzy numbers tri1,2,3 , and tri3,4,6 . We wish
to calculate addition, subtraction, and multiplication of the two fuzzy numbers
using their α-cuts. We have the equation describing α-cuts of tri1,2,3 , and tri3,4,6 ,
(α) (α)
for any α ∈ [0, 1]: tri1,2,3 = [1 + α, 3 − α], and tri3,4,6 = [3 + α, 6 − 2α]

e tri3,4,6 )(α) = [4 + 2α, 9 − 3α]

– (tri1,2,3 +
e tri3,4,6 )(α) = [3α − 5, −2α]
– (tri1,2,3 −
 Fuzzy Fault Trees Formalized 7

Because the functions are linear, substituting α = 0 and α = 1 provides pa-

rameters of the resulting triangular membership functions of the sum and sub-
traction: tri4,6,9 , and tri−5,−2,0 . Multiplication of fuzzy numbers requires more
comments. We need to search for the minimum and maximum among functions:
α2 + 4α + 3, −2α2 + 4α + 6, −α2 + 9, 2α2 − 12α + 18. Analysing the values of
these functions for α ∈ [0, 1], the following interval is obtained
– (tri1,2,3 e· tri3,4,6 )(α) = [α2 + 4α + 3, 2α2 − 12α + 18]
The functions are not linear, thus replacing α with 0 and 1 provides just the val-
ues of x, for which the membership function takes values 0 and 1 e.g., (tri1,2,3 e· tri3,4,6 )[3] =
0, (tri1,2,3 e· tri3,4,6 )[18] = 0 and (tri1,2,3 e· tri3,4,6 )[8] = 1. To determine the result-
ing multiplication fuzzy number, we solve two nonlinear functions: √ α2 + 4α + 3 =
2
x, and 2α − 12α + 18 = √
x. The solution are α1,2 = −2 ± 1 + x for the first
6± 2x
equation, and α1,2 = 2 for the second. In the case of the first equation, we
√
choose −2+ 1 + x as the membership function for x ∈ [3, 8] √because it provides
values in the range [0, 1]. For the second case, the function 6− 2 2x provides values
in ranges [0, 1] for x ∈ [8, 18]. Finally the multiplication is described by:

 √
−2√+ 1 + x, if 3 ≤ x ≤ 8,

(tri1,2,3 e· tri3,4,6 )[x] = 6− 2 2x , if 8 < x ≤ 18, (2)

0, otherwise.


4 Fault trees
In this section, we briefly review the terminology of (static) fault trees. A more
comprehensive overview can be found, e.g., at [12].
Definition 5. [10] A fault tree is a tuple T = (V, E, t), where (V, E) is a rooted
directed acyclic graph, and t is a map t : V → {BE, OR, AND} such that t(v) = BE
if and only if v is a leaf for all v ∈ V .
The root of T is denoted RT . For a node v ∈ V , we let ch(v) be the set of
all children of v. The set of BEs (basic events) is denoted BET .
A safety event is a set of BEs that occurs simultaneously. We denote such an
event by its corresponding binary vector f⃗ ∈ BBET . The extent to which a safety
event leads to overall system failure is determined by the structure function: for
a node v ∈ V and a safety event f⃗, the structure function ST (v, f⃗) is a Boolean
stating whether f⃗ propagates through v.
Definition 6. Let T be a FT. The structure function ST : V × BBET → B of T
is defined, for a node v ∈ V and a safety event f⃗ ∈ BBET , by
⃗
W
Vw∈ch(v) ST (w, f ) if t(v) = OR,

ST (v, f⃗) = ⃗
w∈ch(v) ST (w, f ) if t(v) = AND, (3)

fv if t(v) = BE.

8 Dang et al.

(a) (b)

Fig. 3: A fault tree for a road trip (a), and its BDD representation (b). The road
trip fails if both phone and car fail; car fails if either engine or battery fails.

A safety event f⃗ that reaches the root RT i.e. ST (RT , f⃗) = 1 is called a cut
set. The set of all cut sets of T is denoted CT .

4.1 Fault tree reliability analysis

Fault trees are used for quantitative probability analysis as follows: suppose
each BE v is assigned a probability p(v), the unreliability of the system is the
probability that the system as a whole fails. This is the probability that a random
safety event F⃗ (distributed according to the BE probabilities) propagates to the
root.

Definition 7. Let T = (V, E, t, p) be a FT. The unreliability of T is defined as

n
X Y
(1−fv )
U (T ) = p(v)fv · 1 − p(v) . (4)
f⃗∈CT v=1

Example 4. Consider the FT from Fig.3a. Let p(a) = 0.8, p(b) = 0.1, and p(c) =
0.4, then f⃗ ∈ BBET is written as fa fb fc . The cut set is represented as CT =
{111, 110, 101}, and thus the unreliability is

U (T ) = 0.8 · 0.1 · 0.4 + 0.8 · 0.1 · 0.6 + 0.8 · 0.9 · 0.4 = 0.368.

In this definition, the failure probabilities of the BEs are assumed to be

independent. This is a standard assumption; any dependence between the BEs
is meant to be captured by the FT modeling.

Bottom-up method Calculation of (4) directly is difficult (in fact, NP-hard

[9]) because finding the entire set CT and calculating each element’s probability is
copmutationally infeasible for large FTs. Unreliability can instead be computed
 Fuzzy Fault Trees Formalized 9

via a bottom-up method, assigning a probability pv to each node. For a node v

with children v1 , . . . , vn , we have
( Qn
1− (1 − pvi ) if t(v) = OR,
pv = Qn i=1 (5)
p
i=1 vi if t(v) = AND.

Then U (T ) is calculated as pRT .

Example 5. Consider the FT from Fig.3a. Let p(a) = 0.8, p(b) = 0.1, and p(c) =
0.4. The top failure probability derived using probability laws is



pRT = pa · 1 − (1 − pb ) · (1 − pc ) = 0.8 · 1 − (1 − 0.1) · (1 − 0.4) = 0.368.

The bottom-up algorithm is fast, but only works when T is a tree. The
reason is that the probability laws in (6) only hold when the pvi are independent
probabilities, which will not generally be true if the vi share children. For DAG-
structured FTs, a different approach is used.

Calculation through BDDs Another approach to unreliability calculation in-

volves transforming the structure function of an AT to a binary decision diagram
(BDD). BDD are compact representations of Boolean functions; see Fig. 3b for
an example. To evaluate a safety event f⃗, start from the root of the BDD, and
at a node labeled v, take the solid line if fv = 1, and the dashed line if fv = 0.
The label of the reached leaf is the value of ST (RT , f⃗).
Now U (T ) is the probability that one ends up in leaf 1, if we assign probability
p(v) to each solid line and 1 − p(v) to each dashed line from a BDD node labeled
v. This can be calculated quickly using a bottom-up algorithm on the BDD,
and this works even when the original FT is DAG-shaped. A shortcoming of
the method is the worst-case-exponential size of the BDD. The size of BDD is
strongly affected by the order of the variable, meanwhile finding the order that
minimizes BDD size is NP-hard.

5 Fuzzy unreliability
The concept of failure possibility arises in unreliability analysis when the fail-
ure probabilities are not exactly known. Instead of having a fixed real value,
the failure possibility can be defined by a fuzzy number/ element on interval
[0, 1], with any shape of membership function. The failure possibility of a basic
event i denoted as pi . We first give an example of how this affects unreliability
calculation, before giving the general definition.

Example 6. Consider the road trip FT T from Fig.3a. Its unreliability function
UT : [0, 1]3 → [0, 1] is given by

UT (pa , pb , pc ) = pa pb pc + pa (1 − pb )pc + pa pb (1 − pc )
= pa pc + pa pb − pa pb pc .
10 Dang et al.

Now suppose T has failure possibilities ⃗p = (pa , pb , pc ) given by pa = {0.5 7→

0.7, 0.8 7→ 1}, pb = {0.1 7→ 1}, pc = {0.4 7→ 1}; that is, b, c have crisp probability
values, and a either takes probability 0.5 or 0.8 with possibility 0.7 and 0.1,
respectively. The unreliability of T is then defined to be U eT (pa , pb , pc ), i.e., the
Zadeh extension of UT , applied to ⃗p. Using Def.2, the confidence that this fuzzy
unreliability value equal to a number y ∈ [0, 1] is equal to

U
eT (⃗p)[y] = sup min{pa [pa ], pb [pb ], pc [pc ]}
pa ,pb ,pc ∈[0,1] :
pa pc +pa pb −pa pb pc =y

We notice that b has one single probability value pb = 0.1 with pb [pb ] ̸= 0,
and c has only pc = 0.4 with pc [pc ] ̸= 0. Substituting those probabilities and
their confidences to the expression above, then


1, if y = 0.368,


sup min pa [pa ], 1, 1 = 0.7, if y = 0.23,
pa : 
0.4pa +0.1pa −0.04pa =y 0, otherwise,


eT (⃗p) = {0.23 7→ 0.7, 0.368 7→ 1}.

so U
Definition 8. Let T be a FT.
1. A fuzzy attribution is an element ⃗p of F([0, 1])BET .
2. The fuzzy unreliability value of T given ⃗p is defined as U eT : F([0, 1])BAST →
eT (⃗p), where U
F([0, 1]) is the Zadeh extension of the function UT from Definition 7.
eT (⃗p) is the fuzzy element of [0, 1] defined, for y ∈ [0, 1], by
More concretely, U

U
eT (⃗p)[y] = sup min pv [pv ].
v∈BET
⃗∈[0,1]BET :
p
UT (⃗
p)=y

6 Calculation of fuzzy unreliability

6.1 Tree-structured FTs
In general, ŨT (⃗
p) is difficult to compute. However, when T is tree-structured, it
can be found using a bottom-up algorithm. This algorithm is inspired by the BU
algorithm for crisp FT probabilities. When T is a tree, the children of a node v
do not have any descendants in common, and as such are independent events.
This means that their failure probabilities pv can be computed via
( Q
1 − e w∈ch(v) (1 − pw ) if t(v) = OR,
pv = Q (6)
w∈ch(v) pw if t(v) = AND.
e

The following result shows the validity of this approach. It is proven analo-
gously to a similar result for attack trees in [5].
 Fuzzy Fault Trees Formalized 11

Theorem 1. Let T be a tree-structured FT, and let ⃗p ∈ F([0, 1])BET be a vector

of fuzzy probabilities. Then pRT = U
eT (⃗p).

Example 7. We apply the algorithm to Ex. 6. We calculate the pv as follows:

pa = pa = {0.5 7→ 0.7, 0.8 7→ 1},

pb = pb = {0.1 7→ 1},
pc = pc = {0.4 7→ 1},
pOR(b,c) = 1 − (1 − pb )˜·(1 − pc )
= 1 − {0.9 7→ 1}˜·{0.6 7→ 1} = {0.46 7→ 1},
pRT = pa˜·pOR(b,c)
= {0.5 7→ 0.7, 0.8 7→ 1}˜·{0.46 7→ 1} = {0.23 7→ 0.7, 0.368 7→ 1}.

Thus we indeed retrieve ŨT (T,⃗p) = {0.23 7→ 0.7, 0.368 7→ 1}.

6.2 Efficient computation via α-cuts

While the BU approach calculates ŨT (⃗p) correctly, it can be difficult to use
in practice, due to the fact that the objects pv it operates on are functions
[0, 1] → [0, 1]. Storing such a function in theory would take an infinite amount
of space. On the other hand, if one were to approximate this by storing pv [x]
for only finitely many values of x, it is not clear how Zadeh-extended operators
such as ˜· are calculated.
To make our algorithm applicable in practice, we choose instead to use α-
cuts, as we have seen that this allows for efficient computation. First, we choose
the (finite)nset of A of α we are
o going to use: we pick the number of cuts ncuts and
1 2
take A = ncuts , ncuts , · · · , 1 . Then for each BE v, we store pv as a ncuts × 3-
array whose rows are of the form (α, a1 (α), a2 (α)); the interpretation is that
(α)
pv = [a1 (α), a2 (α)]. Thus we store each fuzzy number as a set of ncuts α-cuts.
The fuzzy multiplication ˜· of (6) is now performed level-wise using Lemma 1.
Thus at each node we need to make O(ncuts ) crisp arithmetic operations, for a
total time complexity of O(ncuts · |V |).

6.3 DAG-structured FTs

When T is not tree-structured but DAG-structured, the BU approach no longer
computes ŨT (⃗p) correctly, because the probabilities of the children of a node
may no longer be independent. In fact, this is already true for crisp probability
values [12], so it is no surprise that the same holds in the fuzzy setting.
For crisp probabilities the BDD method of Section 4 exists . However, this
also does not work in the fuzzy setting. The reason is that the Zadeh-extended
arithmetic operators +̃ and ˜· no longer satisfy distributivity, which is crucial in
the proof of the BDD method. Thus finding a general algorithm for DAG FTs
is considerably more complicated, and we leave this as an open problem.
12 Dang et al.

Fig. 4: A DAG FT
Fig. 5: BDD calculation

Example 8. Consider the BDD shown in Fig.5, with variable order u < v < w,
and pu = pw = {0.5 7→ 1} and pv = {0 7→ 1, 1 7→ 1}. We label v as v1 and v2 for
distinction in the calculation. Let fuzzy attribution as in the previous example.
The fuzzy unreliability of top event is

BDD(v) = 0.5 · BDD(v1 )+0.5

e · BDD(v2 )
= 0.5 · {0 7→ 1, 1 7→ 1}+0.5
e · {0.5 7→ 1, 1 7→ 1}
= {0 7→ 1, 0.5 7→ 1}+{0.25
e 7→ 1, 0.5 7→ 1}
= {0.25 7→ 1, 0.5 7→ 1, 0.75 7→ 1, 1 7→ 1}.

On the other hand, similar to Ex. 6 one can calculate ŨT (⃗p) = {0.25 7→ 1, 1 7→ 1}.
This shows that the BDD method does not work for fuzzy unreliability.

7 Experiments

We execute experiments to calculate top event possibility using BU

g algorithm.
The algorithm is implemented in Python. As we perform computation with fuzzy
attribution the system unreliability will be a fuzzy element. We use two bench-
mark FTs:
1. Container Seal Design (CSD)[15] with 6 BEs and 4 (AND, OR) gates.
2. Liquid Storage Tank Failure (LSTF)[18] with 35 BEs and 15 (AND, OR) gates.
We take the crisp probabilities from [15] and [18]. In the case of [15], six
BEs e1 , . . . , e6 have crisp probabilities 0.1, 10−5 , 10−3 , 10−3 , 10−3 , 10−3 , respec-
tively. In case we want to fuzzify pi into a triangular possibility, we assign
pi = tri0.2·pi ,pi ,1.8·pi . If we want trapezoidal possibility or Gaussian possibility,
we assign pi = trap0.2·pi ,0.9·pi ,1.1·pi ,1.8·pi , or pi = gausspi ,0.4·pi , respectively.
For the experiments, we have fuzzified all crisp BE probability values ob-
tained from the two benchmarks. We use triangular possibility, or trapezoidal
possibility, or Gaussian possibility or combination of those three. When combi-
nation of the three types arises, fuzzy possibility type for each BEs is assigned
as in the table in appendix. BEs possibilities will be horizontally discretised into
ncuts = 100 α−cuts series within the BU algorithm process.
 Fuzzy Fault Trees Formalized 13

(a) CSD (b) LSTF

Fig. 6: System fuzzy unreliabilities of CSD and LSTF FT models

Figure 6 displays the resulting fuzzy unreliabilities of the systems CSD and
LSTF, respectively. In each subfigure, we plot the crisp unreliability obtained
from crisp BEs values (crisp unreliability), fuzzy unreliability obtained from
fuzzy BEs triangular possibility (u_tri), trapezoidal possibility (u_trap), Gaus-
sian possibility (u_gauss), and the their combination (u_mix). We observe that
the system unreliability is not the same type as the operands BEs possibilities.
This is obvious since calculation of unreliability requires fuzzy multiplications
which is a nonlinear operation. The method overcomes the complexity of per-
forming exact fuzzy multiplication [16] or using nonlinear programming [17]. In
addition, it provides more precise solution than the product estimations of fuzzy
numbers and the conventional discretisation approach [13].

8 Conclusion and future work

In this paper, we define a mathematical formulation for deriving fuzzy unreli-
ability values for FTs. The definition is explicit and generic for general fuzzy
attribution. We also introduce an efficient algorithm to calculate FT fuzzy un-
reliability metric. The algorithm works for tree-like structure models with any
type of fuzzy attribute that can be expressed as α-cut intervals. Experiments
on practical models show that the algorithm preserves the nonlinear property of
the resulting fuzzy number.
In the future, we want to develop an algorithm for fuzzy unreliability compu-
tation on DAG FTs. Another avenue for future research is to create an algorithm
for probabilistic FT analysis in continuous time where each BE is assigned a con-
tinuous probability distribution.

References
1. Alefeld, G., Mayer, G.: Interval analysis: theory and applications. Journal of Com-
putational and Applied Mathematics 121(1), 421–464 (2000)
14 Dang et al.

2. de Barros, L.C., Bassanezi, R.C., Lodwick, W.A.: The Extension Principle of Zadeh
and Fuzzy Numbers, pp. 23–41. Springer, Berlin, Heidelberg (2017)
3. Basiura, B., Duda, J., Gaweł, B., Opiła, J., Pełech-Pilichowski, T., Rębiasz, B.,
Skalna, I.: Fuzzy Numbers, pp. 1–26. Springer Inter. Publishing, Cham (2015)
4. Couso, I., Borgelt, C., Hullermeier, E., Kruse, R.: Fuzzy sets in data analysis:
From statistical foundations to machine learning. IEEE Computational Intelligence
Magazine 14(1), 31–44 (2019)
5. Dang, T.K.N., Lopuhaä-Zwakenberg, M., Stoelinga, M.: Fuzzy quantitative attack
tree analysis (2024)
6. Dubois, D., Prade, H.: Fuzzy real algebra: Some results. Fuzzy Sets and Systems
2(4), 327–348 (1979)
7. Jezewski, M., Czabanski, R., Leski, J.: Introduction to Fuzzy Sets, pp. 3–22.
Springer International Publishing, Cham (2017)
8. Lin, C.T., Wang, M.J.J.: Hybrid fault tree analysis using fuzzy sets. Reliability
Engineering & System Safety 58(3), 205–213 (1997)
9. Lopuhaä-Zwakenberg, M.: Fault tree reliability analysis via squarefree polynomials
(2023)
10. Lopuhaä-Zwakenberg, M., Budde, C.E., Stoelinga, M.: Efficient and generic algo-
rithms for quantitative attack tree analysis. IEEE Transactions on Dependable and
Secure Computing pp. 1–18 (2022)
11. Mahmood, Y.A., Ahmadi, A., Verma, A.K., Srividya, A., Kumar, U.: Fuzzy fault
tree analysis: a review of concept and application. International Journal of System
Assurance Engineering and Management 4, 19–32 (2013)
12. Ruijters, E., Stoelinga, M.: Fault tree analysis: A survey of the state-of-the-art in
modeling, analysis and tools. Computer Science Review 15-16, 29–62 (2015)
13. Schmucker, K.J.: Fuzzy sets, natural language computations, and risk analysis
(1983)
14. Singer, D.: A fuzzy set approach to fault tree and reliability analysis. Fuzzy Sets
and Systems 34(2), 145–155 (1990)
15. Stamatelatos, M., Vesely, W., Dugan, J., Fragola, J., Minarick, J., Railsback, J.:
Fault tree handbook with aerospace applications (2002)
16. Tanaka, H., Fan, L.T., Lai, F.S., Toguchi, K.: Fault-tree analysis by fuzzy proba-
bility. IEEE Transactions on Reliability R-32(5), 453–457 (1983)
17. W. M. Dong, H.C.S., Wongt, F.S.: Fuzzy computations in risk and decision anal-
ysis. Civil Engineering Systems 2(4), 201–208 (1985)
18. Yazdi, M., Nikfar, F., Nasrabadi, M.: Failure probability analysis by employing
fuzzy fault tree analysis. Int. J. Syst. Assur. Eng. Manag. 8, 1177–1193 (02 2017)
19. Zadeh, L.: Fuzzy sets. Information and Control 8(3), 338–353 (1965)