[SystemSafety] HMI and TMI ("Three Mille Island", not "Too Much Information")

From: robert schaefer < >
Date: Wed, 15 Jul 2015 08:38:38 -0400

If I remember correctly, one of the problems that led to the meltdown at TMI was that the HMI reported the state of the valves as commanded and not as they actually were. Expressed as a design flaw, the man-machine system feedback loop was incomplete.

Just curious, how would avoiding system loop design flaws be expressed formally?



robert schaefer
Atmospheric Sciences Group
MIT Haystack Observatory
Westford, MA 01886


The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jul 15 2015 - 14:40:53 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST