[SystemSafety] AVs vs. driver aids ... some more WTF questions
Olwen Morgan
olwen at phaedsys.com
Mon Sep 2 12:10:59 CEST 2019
Realised I forgot something from the response below:
I should have said explicitly that the arguments for decoupling HMI and
core functions exist independently of whether they are forced by overall
system architecture (as is typically the case in modern vehicle-based
systems).
Oops!
Olwen
On 02/09/2019 10:54, Olwen Morgan wrote:
>
> On 06/08/2019 13:00, Andrew Banks wrote:
>>>> One way to avoid this is to design the HMI and functional
>>>> logic as distinct communicating action systems
>> Good heavens, woman - next you'll be suggesting that an unprotected
>> head-unit should not be allowed to communicate directly onto the vehicle
>> control bus?
>>
> There are sound technical reasons for decoupling HMI code from
> functional code. Among them are that (1) The control structures of
> both are simpler and easier to write if you do it that way, and (2)
> Finite-state machine and /or actiobn systems theory give you a
> passably tractable way to analyse system behaviour if you do.
> (Although it's actually better to use formal methods specifically
> designed for HMI development).
>
> Sadly, the benefits of splitting the HMI and core functions in this
> way are, in my experience, rarely considered in general - though this
> is probably more prevalent in hosted systems than embedded ones, AFAI
> can see.
>
>
> Olwen
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription:
> https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>
More information about the systemsafety
mailing list