Description: This report develops a framework for a universe of discourse usable by such non-human experts. It is based on the idea that a design has many features of a contract and may be described as a contract between humans and a machine, defining what each must do to attain a goal. Several points are discussed: the use of techniques in analytical redundancy and their place as analogues in administrative control for conventional techniques in physical control; the use of redundant computer systems to protect against hardware faults; the necessity to prove properties of software used in redundant hardware, because software faults are common modes across redundant hardware; and some issues in choosing a programming language for provable control software. Because proof of correctness is costly, it should be used only where necessary. This report concludes that the degree of reliability needed by the plant model used in analytic redundancy protection need not be nearly as reliable as the mechanism to detect discrepancy between plant and model.
Date: April 1984
Creator: Gabriel, John R.
Item Type: Refine your search to only Report
Partner: UNT Libraries Government Documents Department