[SystemSafety] HMI and TMI ("Three Mille Island", not "Too Much Information")
robert schaefer
rps at haystack.mit.edu
Wed Jul 15 14:38:38 CEST 2015
If I remember correctly, one of the problems that led to the meltdown at TMI was that the HMI reported the state of
the valves as commanded and not as they actually were. Expressed as a design flaw, the man-machine system
feedback loop was incomplete.
Just curious, how would avoiding system loop design flaws be expressed formally?
----------------------------------------
robert schaefer
Atmospheric Sciences Group
MIT Haystack Observatory
Westford, MA 01886
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150715/aa6a3a65/attachment.html>
More information about the systemsafety
mailing list