Reading
|
PanelSoft User Interfaces and Usability for Embedded Systems |
Feedback to 'Lock Up Your Software' - Murphy's Law Jan' 2001Mike Salish had a couple of interesting comments to make about the elevator trade. I was amazed to read that it is the safest mode of public transport around! His email follows: Being named as you are just begged for this very good article to be written. Much of my experience has been in elevator control equipment which has proven to be about the safest public transport on a per mile basis. This is accomplished by a generally accepted ANSI code which in essence requires that a single failure of equipment can not permit the elevator to move. The generally accepted interpretation is that the "computer" part of the design (usually microprocessor these days) can not override ANY of the mechanical switches or sensors. And those external components can independently prevent movement. It works very well in preventing the unintentional motion (like with the doors open). In practice in a normal office building with electronic controls there are the following individual items that must be independently operational for an elevator to move:
Other than the first two items (which control and limit speeds) the result of a fault condition is an immediate stop, regardless of what the electronic controls determine. I also have seen designs with the "fox and hens" problem where the software "protects" the system and provides "redundancy". It is usually a cost-cutting issue that drives such designs which provide little worst-case protection. Mike Salish Avanti, Systems, Inc. From Morgan Jones: Hi Niall, Saw your latest article in ESP - great stuff as usual. I particularly liked the battle between the interlocks and the paper cutters defeating the interlocks - I hadn't heard that one. Anyone who references Donald Norman is OK with me - I love his books. Morgan Jones |
|
|