Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

From: Peter Bernard Ladkin < >
Date: Mon, 29 Feb 2016 07:43:07 +0100

On 2016-02-28 23:53 , Les Chambers wrote:
> I look forward to the day when standards bodies screw up the courage to mandate the state engine as
> the core modelling technique in control systems.

First, standards don't mandate. They purport to describe the state of the art.

Second, people who are writing/modifying the international software safety standards are not keen on telling people how to design and build software. They mostly come from companies which have their own software development processes and nobody wants to be told to scrap what they are doing and do something different, especially when that suggestion comes from a competitor. Standards are mostly concerned to describe checks and balances and things to ensure which best practice has shown necessary.

Third, although state machines have been prominent in the most widely-used development techniques (I use the word "technique" loosely) such as SA-RT, modern control systems have aspects which cannot effectively be modelled as transducers. For one example, communications (most control systems nowadays are distributed in some sense). For another example, the requirement for industrial robots that, when they are operating, no human shall enter the protected space is realised today by artificial-vision sensors rather than by building a metal cage with an interlock on the door. I don't know anyone who does that kind of visual pattern recognition using a state machine.

> Without these two fundamental approaches I and many people like me would have a huge problem
> understanding our own code two weeks after we wrote it

That might be why Fagan inspections are such a good idea.

> When will these standards wonks understand that pussyfooting around using terms like "unambiguous
> graphical representation" is unhelpful, creating a massive ambiguity in the standard itself which,

I think you'll find out that that is coming rather than going. People developing the highest quality software are keen on assuring determinism and like to use the word "unambiguous", I think for good reason. And almost everybody uses graphical representations somewhere during SW development (the Lustre graphics in SCADE, for example). Why, there is even a YouTube video explaining to people about Mealy&Moore machines .... and unsurprisingly it uses what we are calling unambiguous graphical representations.

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Je suis Charlie
Tel+msg +49 (0)521 880 7319

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Feb 29 2016 - 07:43:33 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST