[SystemSafety] HMI and TMI ("Three Mille Island", not "Too Much Information")

robert schaefer rps at haystack.mit.edu
Wed Jul 15 14:38:38 CEST 2015


If I remember correctly, one of the problems that led to the meltdown at TMI was that the HMI reported the state of 
the valves as commanded and not as they actually were. Expressed as a design flaw, the man-machine system 
feedback loop was incomplete.

Just curious, how would avoiding system loop design flaws be expressed formally?

----------------------------------------
robert schaefer
Atmospheric Sciences Group
MIT Haystack Observatory
Westford, MA 01886




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150715/aa6a3a65/attachment.html>


More information about the systemsafety mailing list