[SystemSafety] Fwd: Re: HMI and TMI ("Three Mille Island", not "Too Much Information")

From: Peter Bernard Ladkin < >
Date: Wed, 15 Jul 2015 15:04:59 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2015-07-15 14:38 , robert schaefer wrote:
>
> .. Expressed as a design flaw, the man-machine system feedback loop was incomplete.
>
> Just curious, how would avoiding system loop design flaws be expressed formally?

It depends on the system and what kind of flaw you might have in mind. To my mind, it's a bit like asking a mathematician how you prove a theorem in algebra. It mostly depends on the theorem.

One way of doing it in this case would be to have a specification which says (*) <the valve is indicated closed> only if <certain failure modes> OR <the valve is closed>. And specifications of all the components in the causal chain from closed-valve-indicator to closed valve and maybe some others. And then you'd assume the subcomponent specifications are correct and fulfilled and prove (*), thereby incurring the obligations to show the subcomponent specifications correct and fulfilled. If there are people in that causal chain, you write down their procedures formally as you would that of any other active component, and generally assume they are correctly executed for the purposes of conducting the verification.

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Je suis Charlie
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de

-----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJVplp7AAoJEIZIHiXiz9k+k8QH/j3oB21Rc0UcDcJw/BWOA8o/ SROMIR1/rDO7awXf+ThCqO0BO85szjFuZRvfCU84/FndaodWcpUvDv7ms2bk+Eq8 SUlgd3uP7AaTgyDG/LWf0QDJB+oV4Rhttuu5nl0jayBpaklx9po31vJ8OkdG6KgJ kI1P3UeAZhumTLjd5aWKPpc/WsFwhsSNRX7Foa0ctnrgw4tm1b1GhpLqFbf05J/y k6iZdRxthje/GIJ6ThuDW9vSdrcvQGhVX53rFrwGpFgdhtn2GK0qeurJjdKtoBM4 fuTYHeakv157swFBngPINioDQ4DT8HEPtixntrq2qKZW40slmf1YsF8Ns8Z3kvQ= =Az/T
-----END PGP SIGNATURE-----



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Wed Jul 15 2015 - 15:05:07 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST