The complex ontology seems simple; the simple ontology seems difficult. This is because social reality is created by us for our purposes and seems as readily intelligible to us as those purposes themselves. Cars are for driving; dollars for earning, spending and saving; bathtubs for taking a bath. but once there is no function, no answer to the question, What's it for? we are left with a harder intellectual task of identifying things in terms of their intrinsic features without reference to our interests, purposes and goals.
The trend in natural philosophy has been, however, to eliminate teleological explanations in favor of etiological ones: instead of explaining things in terms of their supposed purposes, one attempts to explain how their structure contributes towards their reaching a particular state, which thereby gives the (false) impression of an attempt to attain a purposeful `goal'. One thinks here not so much of the `manifest destiny' exposition of recent North American history, but of Darwin's elimination of teleological explanations in biology in favor of a general explanation by way of random evolutionary mutations and natural selection. The general elimination of teleology can be taken further, towards behaviorism, which attempts to describe the intentional behavior of an agent entirely in terms of its efficient consequences, avoiding reference to the agent's intentions except as a folksy shorthand. Behaviorism consequently avoids the last reference to intentionality and thus to teleology.
So both extremes, that everything has a teleology, or that nothing has, have been pursued. The middle road, that artifacts have a teleology but that other entities such as thunderstorms and people do not, seems to coincide with the late twentieth-century, and, one may predict, early twenty-first century common scientific and philosophical background. Why so?
One reason why the middle road corresponds to `common sense' can be found when considering the combinations of both extreme positions with realism. The claim that there is a way that things are (and conversely, a way that things are not), independently of its being observed, or independently of anything having a purpose, is a form of realism. Crudely speaking, realism is the claim that there is a distinction between facts dependent on us, and facts which pertain independently of us, and that there are facts of both sorts. That a confabrication of metal and plastic has such-and-such a pointy form and composition would be such a person-independent fact; that it is a screwdriver is dependent on us. I have not met any engineer, and precious few mathematicians and physicists, who does not subscribe to some version of this realist view.
The positions that everything has a teleology, or that nothing has, are roughly independent of a realist outloook. But the combinations of either with realism lead to interesting questions. If all objects were to have purposes, it would be an appropriate topic for scientific investigation to determine what that purpose is. Thus, crudely, biology until Darwin. Call this the objective teleological function of an object; its destiny, if you will. If we were to believe in such a universal teleology but also in intention, then we could also discuss whether the purpose bestowed on a screwdriver by the intention of its users conformed with its objective teleological function. An engineer could ask whether his intention in building a nuclear power station conformed with its destiny. At the other extreme, those who would wish to deny teleological explanation altogether while embracing realism, would have to explain how artifacts such as a screwdriver appear to have a purpose or function while not actually doing so.
Thus do philosophical positions on the material world affect the kinds of questions and answers that properly constitute science. Different general assumptions validate or vilify the pertinence of certain questions; incur obligations to give certain types of explanation or render them meaningless. The intellectual discomfort of rigorously holding to either of the extreme positions on teleology while maintaining a realist view would lead one naturally to the common-sense view: that some objects, artifacts, have a function while others may not.
Let us take it then that some entities can have a purpose bestowed upon them. An agent must do the bestowing, and the act is intentional: the agent intends that the entity shall have the prescribed purpose. But this does not explain how some entities, such as money and the law, seem to have a purpose and function independently of having that function bestowed on them by any one of their individual users. Searle's essay explains how that may come about, through hierarchies of collective intentions based ultimately on speech acts.
Presupposing the `common sense' view of teleology, I would like to define artifacts as simply those entities or processes which have a purpose bestowed on them by individual agents or collective intentionality. But here are two potentially contrary examples. One is from the fine arts. Artists create artifacts. But an artist may intend to create an artifact that has no discernable purpose at all - neither to please nor disgust, neither to educate nor obfuscate, neither to decorate nor vandalise. Such may be her purpose - to have no purpose. Does that pose a difficulty for distinguishing artifacts by their purposeful nature? No. It poses no philosophical difficulty to try to create an object which has as purpose that it has no purpose, just as it poses no philosophical difficulty that I may assert P and ~P and insist that both are true, or that I may walk in front of a speeding car and intend to live. It simply poses difficulties in successful execution.
Second, what may be the role of mathematics and similar endeavors which appear to be created by humans yet apparently inherit truth conditions independent of human agency? Explanations of the role of mathematics have been given close to both extreme teleological positions. Mathematics seems to be a product of human agency, and constructivists take mathematics as having thereby a purpose, explaining the meaning of mathematical entities and assertions in terms of how they are used in fulfilling that purpose. Others, platonists for example, take the pursuit of mathematics to be the discovery of brute facts: mathematical objects are real, and truths about them may be discovered through pure reasoning. Others may simply say that it suffices to take mathematics itself as simply a convenient shorthand for pure reasoning (logicists), or as a description of complex operations on physical or potentially physical signs (nominalists), which signs, of course, have a structure of their own.
I shall take it that a screwdriver has a purpose and a calcium molecule does not, and I won't offer a view of whether mathematical theories do or not. Accordingly, I shall assume some version of realism is true. One sufficient for the task is defended by Searle (Sea95, Chapters 7, 8) based on a correspondence theory of truth (Sea95, Chapter 9), defended also by the Wittgenstein of the Tractatus, Tarski, and Austin, but out of favor with others such as Strawson and Quine, who prefer to explain truth in terms of the general internal consistency of the collection of truths, a coherence theory.
According to this definition of artifact, explanation itself is artifactual. Explanations are constructed by agents (you, me, the local scientist) with the purpose of exhibiting the connections between some features of the world (remember realism) and others. Wordly phenomena are explained by the occurence of other events in their environments, and the general validity of certain explanatory schemata called `scientific laws'; the truth of assertions is explained in terms of the truth of other assertions. Explaining builds an artifact; namely, an explanation.
Descriptions are artifacts: the purpose of a description may be to locate the object of the description, an activity called `referring'; or to assert certain significant properties of the object. A model is an artifact: something whose features may somehow approximate the features of other things that they are said to be `modelling'.
I may explain by giving a description. To explain the occurrence of a particular events, I may say that the world satisfies such-and-such causal laws, these earlier events happened, and this particular event was a causal consequence. I have described part of the history of the world, and thereby have explained, or partially explained, the occurrence of the particular event. I may also explain by building a model. I draw lines representing the roads on the table top, use blocks to represent the cars, and move the blocks around to show how the accident occurred. I could be said to be thereby describing the accident. Some, not I, also believe that when I describe, I could be said to be thereby building, or giving, a model (Footnote 1). It may indeed be true that the sequence of events that constitutes my generating the model of the accident is the sequence of events that also constitutes my explaining the accident which is also the sequence of events which constitutes my describing the accident. This does not automatically mean that explaining is the same as describing is the same as model building (Footnote 2). One way to distinguish these acts is through their purpose. The purpose of explaining is to allow Uncle Joe to understand; the purpose of building the model is to explain; the purpose of gathering the wooden blocks and the pen is to build the model; the purpose of getting up from the table is to gather the wooden blocks and the pen: it doesn't follow that the purpose of getting up from the table is to allow Uncle Joe to understand. Purpose is not transitive. Similarly I may explain by building a model; and I may build a model by describing it (Footnote 3): it does not thereby follow that I am explaining by describing.
Thus may we describe all sorts of real things. We need a name for the thing, as a means of referring to the thing, and then we may truly or falsely predicate properties of it. And we may ascribe properties of those properties, and so forth. For example, whatever S may be above, is is at least a unary predicate of objects. Thus Unary-predicate-of-objects(S) is a true assertion. This is a generally Fregean view, which does not appear to view logical syntax as a means of `modelling', or `abstracting' from reality, but rather as part of the means of describing reality itself, the way things are.
Of course, we must not restrict predication to unary predicates. I shall show in a later essay that it proves easier, for example, to explain abstraction as a binary relation rather than as a unary predicate. And there are not only binary relations, but ternary relations, and so on. I take relations to be just as real as objects.
I take a view of logic as (at least) the science of inference amongst assertions. Thus, no matter what assertions A and B may be, if A is true and B is true, we may infer that A & B is true. And vice versa. There is no question of modelling here, the activity is completely different. It makes little sense to consider logic as somehow a `model of reality'. I would not even know how to begin to explain what such a view might mean. Logic is a means of determining the truth of compound assertions from the truth of assertions involving sentences of which it is composed, by paying attention to the form, but not necessarily the content, of those assertions. Thus the logical form of a sentence, A & B helps determine the conditions under which we may succesfully assert the proposition which it expresses. These conditions are themselves conditional upon the assertion conditions of its parts A and B.
I also take (at least) traditional logical syntax with a correspondence theory of truth as a language in which not only assertions concerning brute facts may be made, and the relations between such correct assertions revealed, but also other features of the world such as properties and (logical) behaviors may be defined. According to this view, the truth of some assertions may be explained simply given (a) the truth of other, different assertions, and (b) the relation of the form of the assertion to the forms of these other assertions (a `logical truth' is, roughly speaking, a true assertion whose truth may be explained without reference to the truth of other assertions). Thus logic depends on an analysis of the form of assertions, a syntax. Since assertions are true or false because of `the way things are' (the realist-correspondence theory), it follows that true assertions somehow describe this way that things are. The logical-syntactic analysis of true assertions displays the features of this assertion which contribute to its being true. I summarise this view by saying that sentences in logical syntax describe reality (or `the world') if they are true.
This is far from a model-theoretic account. Under this view, model theory is an oracle for logic: the truth of a (consequent) assertion follows from the truth of other (antecedent) assertions just in case in all (mathematical) models in which the antecedent assertions are true, the consequent assertion is also true: but this follows from our understanding of the concepts involved, it is not itself a definition. If we accept a broadly realist view of mathematics such as that espoused by Maddy (Mad90), one half of this proposition follows: if there is a situation in the world which demonstrates that the consequent may be interpreted such as to be false, in circumstances in which the interpretations of the antecedents are all true, then a mathematical construction demonstrating this invalidity is present in the situation itself. However, it is conceivable that there may be a mathematical model of the invalidity of an inference which has no correspondent in `the way things are'. Such a situation may arise, for example, if building the model depends on some set-theoretic principles whose truth or falsity does not appear to follow from assertions which are unequivocally logical. (Such principles are held by some to be present in modern-day set theory: the axiom of infinity, for example, or the grandiose axioms of infinity that fall under the description of `large-cardinal axioms'.) Such potential situations have been held to cause difficulties for a Maddian account (Car96). However, the objections raised in (Car96) apply to the explanation of uncountable transfinite sets, axioms of infinity of which I hope I have little need.
Given a dose of realism and a correspondence theory of truth, one may explain how one may describe the world: there exist brute facts (as well as `subjective facts'); one may describe these brute facts by using assertions (a form of speech act (Sea69), (Aus75); and these assertions, which may be given the syntax of a formal logical language, are true or false by virtue of a correspondence with the brute facts. Voilà.
Good enough for engineering, one might say. Those unhappy with such an account could nevertheless sympathise with the sentiment: Would that life were so easy. For such people, clearly, an account of the form
suffices, and so they only need supply an account of the modal Would-that in order to avail themselves of the realist explanation......
An artifact has a purpose, value, goal. Therefore, were it to occur, failure of the artifact to fulfil that purpose is a significant occurrence which we would likely wish to explain. Similarly, if the artifact fails to fail, we might say it is a success.
There may be a logical asymmetry between success and failure. Failures, like counterexamples, are often exemplified by individual events or finite sequences of them. In such a case, success, the lack of failure, would be exemplified by a lack of these individual failure events or sequences. To say of such an artifact that it is a success is to say that it never fails or failed. If the artifact persists through time, then although we could recognise such a failure right away, we could only recognise success so far, up to the present time. Because of the nature of this case, there could not be a time when we could recognise unqualified success (Footnote 5). Engineering artifacts usually are life-limited, which means that after the life-period has expired, we are able assert success definitively in retrospect. But only at the exact point at which the life expires (or afterwards) are we able to assert success, whereas we should be ready at any time to assert failure. As an example, think of accidents on public transportation.
Not all artifacts are like this, of course. For example, by taking an artifact as in the previous example, and changing the purpose of the artifact to be the contrary of its former purpose, the logical properties of success and failure are switched: success becomes instantly ascertainable when it occurs, and it is failure which one is unable to ascertain except partially. For example, playing the lottery.
There are some artifacts whose success and failure are both ascertainable at the same time. Think of a scientific experiment with a definite outcome. This outcome, when it occurs, may be desired (success!) or undesired (failure!). One may think of such cases as having a purpose definable by a state predicate with quantification only over finitely many objects. At the appointed time, either this state predicate holds (success!) or it does not (failure!). In such a case, the logical form of success and failure is symmetric.
The question of `correctness' or `failure' of an artifact, then, has a teleological component; we may think of `correctness' as `success'. It seems to follow that assessing an artifact is pursued through comparing it with its purpose. All very easy, one might think.
Syntax may be misleading, however. We ask of artifacts whether they work or not. That has the logical form (after Frege)
of a unary predicate whose one argument place is filled by a name for the artifact. But suppose, as we just mooted, that assessment is accomplished through comparison of an artifact with its purpose. This has at least the logical form
of a binary predicate whose arguments are a name for the artifact and a (name for a description of) its purpose. Who would think such trivial observations were worth making? Let us call the former, mistaken, logical form the superficial form, of the sentence asserting that an artifact functions correctly. Some arguments, such as those of Fetzer claiming that programs, conceived as bits in the physical computer, cannot be proved correct, can be seen to rest on an equivocation based on taking the superficial syntactic form to be the logical form. So a first task in the logic of artifacts is determine the logical form of an assertion of correctness - this will require some general logicist principles of what constitutes a proper logical form. I shall consider logical form in a later essay.
A second task concerns engineering, which I take to be the deliberate construction and maintenance of artifacts. One could broadly construe the purpose of a bridge to carry its load over an obstacle, but any bridge may fail to fulfil its function if the load is too great or the wind obstreperous (pardon my teleological vocabulary). Consequently, there is a normative function to engineering. An artifact will be constructed to fulfil a function under certain conditions, and these conditions must be such as to allow determination of whether they pertain or not. If they do not pertain - and here the normative intention is made plain - the artifact is deemed nevertheless to fulfil its purpose: the failure is abrogated if the conditions are not met. One could surmise that the process of requirements specification is what in engineering constitutes determining these conditions.
A second step in the engineering task explains how the system is put together to fulfil the purpose under the conditions. One could surmise that this description of how the system is put together is what is meant by design specification. Our folksy expression of this process makes plain another feature of most systems: they are put together, ergo they have parts. Accordingly, the logic of systems engineering may be expected to include aspects of mereology, the logic of the relation of parts to whole.
A system may have parts with distinctly different features: for example mechanical parts such as light bulbs with a few simple states and which are simple in operation; computers for which enumerating and comparing states and transitions between them is all but humanly impossible and for which task mathematics is essential; and humans, whose behavior may only partially be described by (partial) state predicates, who also have intentions and capabilities outside those within which the system is constrained, and who may occasionally decide to use them for better or worse. These constituent parts also have purpose, function within the system. One may surmise that they are themselves, therefore, subject to the same engineering logic as the entire system.
Finally, systems may fail under circumstances in which one might have hoped they would succeed. Because system design is a complicated process, and because purposes are often inexact and the description of environmental behavior might be vague, failures can surprise. Because failures can surprise, and we may wish to modify a system so that it no longer fails under those circumstances, the failure must be explained. An explanation consists in a reconstruction of the events and states that are relevant to the failure, that somehow led to the failure. If one believes in causality, as do most engineers, explanatory relevance may involve assertions of cause.
The process of constructing an explanation is an attempt to discover the brute facts pertaining to the failure, along with the causal relations between them. Some forms of explanation, so-called deductive-nomological explanations, explain events by reduction to logical inference amongst statements of a special sort (so called `general laws' and `particular instances'). Others may posit a basic relation of causality, and attempt to determine amongst which `brute facts' this relation pertains. In either case, discovery of relevant `brute facts' alone does not suffice; inference must be employed to constitute these facts into a web which itself constitutes the explanation. The teleological import of failure explanation is in engineering not primarily historical (although this might serve to comfort the bereaved, if so there be), but more often a prelude to maintenance, to achieve the purpose, to avoid failure, under similar general circumstances in the future.
A foundation for system engineering must attempt therefore to clarify the logical structure of artifacts: how they may fulfil and fail to fulfil their purpose. Since artifacts have behavior, that is, they may change their relation to their surroundings in a manner self-initiated, we can suppose that the logical form of assertions concerning artifacts must allow for a change in truth value of assertions with time: thus a temporal logic. One must be able to explain failure. Thus if one wishes, as engineers might, to speak simply of causality without analysing further, then a theory of causality must be overlaid on the temporal logic. It would be convenient if this theory were compatible with temporal inference: a logical theory with a formal semantics, whose syntax coheres with the syntax of a temporal logic.
Finally, a foundation must aim for precision: to yield formal methods for determining, in the largest possible range of cases, the brute facts given, what situation the artifact is in with regard to fulfilling or failing to fulfil its purpose. Precision and `coverage' may conflict, and engineers have often opted for coverage allied to `engineering intuition'. The other aspect, namely providing a foundation, adding precision in a principled way through formality, is an traditional philosophical step to which this work attempts to contribute. And to provide some engineering insight on the way would be a pleasant bonus.
Correctness in System Engineering attempts to determine the logical form of an assertion of correctness or failure of a system, with particular reference to Fetzer's argument (in my opinion, false) that programs (whatever they might be) cannot in principle be proven correct. My view is that Fetzer's argument depends on an equivocation on the logical form of an assertion of correctness: that, depending on what one is prepared to take as a purpose, there are some purposes which can be proven of certain systems, whether or not those systems were designed to fulfil those purposes. The flip side of correctness is failure, and the flip side of determining correctness is analysing failure. I consider `standard' engineering reasoning concerning failure and decomposition of the system into parts, to arrive at the conclusion that the system purpose not only functionally contributes to the logical form of a correctness assertion, but it contributes by being part of the system itself. Drawing this conclusion depends on my giving priority to the principle that general reasoning is best formulated by inference rules whose validity may be established without too many tears (that is, they're not complex) and with syntactic generality (one formulates them in such a way as not to allow invalidities whose syntax fits the template that the rule prescribes; and thus to require exceptions to the general rule).
Many engineers believe that when they describe a system, they are involved in modelling: that describing and modelling are similar if not identical activities. I don't think they are. Brian Smith constructed an argument that explained the impossibility of proving programs correct from the impossibility of knowing whether a model accurately mirrors reality or not. Realists who subscribe to a correspondence theory of truth need have none of it: Smith's explanation bears an uncomfortable similarity - dare one say, models itself on - Locke's explanation of perception. So in On Needing Models, I refute Smith's argument. It doesn't suffice, however, merely to refute the arguments of others such as Smith and Fetzer. One should also attempt to provide an account of one's own. I do so in Abstraction and Modelling, which relies on material on logical form discussed in Logical Form As A Binary Relation.
An explanation of failure should involve the history of failure: the brute facts that pertained on the way to failure, or that constitute the failure, depending on what on takes a failure to be. These brute facts can be assigned a relation to each other as causal factors, according to the logical semantics of David Lewis ((Lew73.1), based on the semantics of (Lew73.2)). To see how this may work, we need reliable, detailed recounting of incidents of failure. Failure reporting of such a standard may be found in artifacts for which public safety is regarded as paramountly important. One also needs enough examples, and thanks to the advances in engineering, safety-critical artifact domains have relatively few failures to recount: there must be sufficiently many artifacts that `relatively few' still can mean `many'. Despite the considerable advances in air safety, there are still enough commercial aircraft accidents to provide a wealth of examples of failure, and all these accidents are investigated in detail by commissions of experts. Thus these accidents provide a domain of examples in which to test my conclusions regarding the logic of failure. It helps also that I am a pilot and like flying in general .........
To establish the basic ontology, I consider two incidents, the loss of the X-31 research aircraft, and the Lufthansa A320 accident in Warsaw, in The X-31 and A320 Warsaw Crashes: Whodunnit?. Using the Lewis semantics, I establish that the Warsaw report's conclusions about causal factors contain significant omissions: we might suspect that unless the semantics leads to anomalies that we cannot explain away, it can be used as a standard with which such official explanations can be compared. I do so with the report on the 1979 Chicago DC-10 accident report, in Formalism Helps in Describing Accidents, and a more complex example, the 1995 Cali B757 accident report, in Analysing the Cali Accident With a WB-Graph. This latter, however, requires ontological apparatus clarified in Explaining Failure With Tense Logic, which shows how the ontology and syntax of tense logic may suffice for providing the formal framework in which causally-relevant situations and their changes may be expressed. One should beware, though, of conflating causality with temporal-logical notions. Not even Hume did that (though he certainly seemed to try), but certain engineers seem to think it a natural formal shorthand: this view is debunked in Reasons and Causes, while considering a particular expression of such a view suggested also for explaining the Warsaw A320 accident.
Conflating temporal-logical features with causality is considered further in Some Dubious Theses in the Tense Logic of Accidents, along with what I regard as other misleading attempts to use tense logic in the elucidation of causality.
Finally, I don't believe that logic and foundations need be abstruse: indeed, in engineering, adoption is more likely the clearer and simpler they are. Nevertheless, it may take familiarity to understand the use. I attempt to show the worth of commentary based on these foundational analyses by considering the history of reports of the investigation of the accident to AeroPeru 603 on 2 October 1996.
For other examples and discussion of how events, or sequences of events, may be the same while appearing under different descriptions, see Davidson's many essays in (Dav80). Davidson argues persuasively for an ontology of events: it's not necessary, however, to commit to such an ontology in order to argue simply that the same act may appear under different descriptions. (But why not do it anyway?)
I may, instead of ruining Aunt Jemima's tablecloth by drawing and moving blocks around on it, I may choose instead to write down a first-order-logical description of what I would have drawn on the tablecloth and how I would have moved the blocks around.
This is not to say that models may not also be basic. I prefer to work in terms of descriptions, and this seems to suffice. I shall define models in terms of descriptions, and the notion of abstraction, in a later essay. However, it does mean that anyone who believes modelling to be the only basic activity has somehow to define describing and descriptions in terms of models and the activity of modelling. This seems to me to be a much harder task than mine.
This is an exactly parallel argument to that used for success and failure of general physical laws of certain sorts, for example those which contain only universally quantified variables for objects. Counter instances are individual and can be recognised, thereby demonstrating failure of the general law; whereas success of the law can only be observed up to the present point. This point is often associated with Karl Popper.