[SystemSafety] AVs vs. driver aids ... some more WTF questions

Peter Bishop pgb at adelard.com
Tue Aug 6 15:04:54 CEST 2019


Or alternatively model the functional logic and HMI as
intercommunicating state machines.
This could be done formally, e.g. using UPPAAL, TLA or SMV, with the
advantage of being able to prove desired properties,
In addition, the model could include abnormal human actions to check the
robustness of the HMI / control logic.

I believe there has been quite a lot of work on this (e.g. by Prof
Thimbleby).

Peter

On 23/07/2019 14:13, Olwen Morgan wrote:
> One way to avoid this is to design the HMI and functional logic as
> distinct communicating action systems. That way you can have optimal
> control structures for both at the expense of needing a communication
> protocol between them. You could build HMIs like this quite
> straightforwardly by using, for example, Tcl/Tk for the HMI and Erlang
> for the core logic. Indeed I'm inclined to think that requiring
> different languages for the HMI and functional logic would not be a
> bad idea since it would tend to force a design as two communicating
> actions systems.

-- 
Peter Bishop
Chief Scientist
Adelard LLP
24 Waterside, 44-48 Wharf Rd, London N1 7UX
http://www.adelard.com
Recep:  +44-(0)20-7832 5850
Direct: +44-(0)20-7832 5855

Registered office: 5th Floor, Ashford Commercial Quarter, 1 Dover Place,
Ashford, Kent TN23 1FB
Registered in England & Wales no. OC 304551. VAT no. 454 489808

This e-mail, and any attachments, is confidential and for the use of
the addressee only. If you are not the intended recipient, please
telephone 020 7832 5850. We do not accept legal responsibility for
this e-mail or any viruses.



More information about the systemsafety mailing list