[SystemSafety] A couple of anecdotes on requirements engineering

Olwen Morgan olwen at phaedsys.com
Sun Oct 14 19:44:00 CEST 2018


Peter,

The inanity that you describe is everywhere. It arises from , among 
other things, the lack of appreciation of the role of stress testing as 
a normal part of development.

I once worked on a project to develop a trainborne module for the Train 
Protection and Warning System (TPWS). SInce the trainborne element picks 
up circa 65kHz radio signals from units in the track bed, it suffers 
from the problem that rail track beds are electromagnetically very noisy 
environments. Accordingly, I advised the client that testing should 
include suitable, repeatable pseudo-random stress testing. This fell on 
the deaf (blocked?) ears of the unwashed.

Another delightful problem that was ignored is that the then time signal 
transmitter in Daventry was on a frequency very close to that used by 
TPWS. Incident reports on all-hardware implementations of the trainborne 
unit stated that there was a 2V drop across the antenna when the train 
passed the Daventry transmission site. As if this wasn't enough, the 
TPWS unit was for an international service that ran over both UK and 
overseas infrastructure where the locos used were capable of speeds 
significantly exceeding the maximum specified operating limit for TPWS.

AFAI know, what they did after I withdrew from the project was to put 
the unit on a loco on the East Coast main line and take the reactions of 
the unit at high speed as the stress test. Hardly a controlled test, let 
alone one that was accurately repeatable and reproducible

To me the case for pseudo-random stress testing was a no-brainer. 
Unfortumately I had to argue this to people who showed worrying signs of 
having no brains. Whenever I work on a safety-related control system, I 
always point out that the requirements should take account of the total 
system including both the control unit and the environment whence it 
receives stimuli. That way you can at least get some idea of a system's 
response to out-of-specification adventitious conditions. I've not yet 
succeeded in convincing anyone of the sense of this approach on a 
small-scale embedded development.


O



On 14/10/18 11:15, Peter Bernard Ladkin wrote:
> https://abnormaldistribution.org/index.php/2018/10/14/passwords-and-requirements-engineering/
>
>
> PBL
>
> Prof. Peter Bernard Ladkin, Bielefeld, Germany
> MoreInCommon
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319  www.rvs-bi.de
>
>
>
>
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181014/7b8714cf/attachment.html>


More information about the systemsafety mailing list