Unformatted text preview: ommanding system into a hazardous state unhandled or incorrectly handled system component failures [Note these are related to what we called system accidents] Missing or incorrect feedback and not updated correctly Time lags not accounted for Explains most software−related accidents É É ¿ Process Models ½ Î » º ¹ ¸ · µ ¿ ¶ µ ´ c Explains developer errors May have incorrect model of required system or software behavior development process physical laws etc. Also explains most human/computer interaction problems
Pilots and others are not understanding the automation
What did it just do? Why did it do that? What will it do next? How did it get us into this state? How do I get it to do what I want? Why won’t it let us do that? What caused the failure? What can we do so it does not happen again? Or don’t get feedback to update mental models or disbelieve it
ÿ Î » º ¹ ¸ · µ ¶ µ ´ c Validating and Using the Model
Can it explain (model) accidents tha...
View Full Document
- Spring '09
- Safety engineering, Hazard Analysis, safety constraints