Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

Fail-safe behavior

The accident report does not explore whether the PCS software could have included sanity checks on the roll rate or vehicle behavior to detect that incorrect roll rates were being provided by the IMS. Even if the PCS did detect it was getting anomalous roll rates, there may not have been any recovery or fail-safe behavior that could have been designed into the system. Without more information about the Centaur control requirements and design, it is not possible to speculate about whether the Inertial Navigation Unit software (the IMS and PCS) might have been designed to be fault tolerant with respect to filter constant errors. [Pg.476]

Example 2.11 describes an FSM which shows fail-safe behavior. The others clause ensures that if the FSM were to go to the state defined by encoding "ll , then it is reset to the state SO. [Pg.57]

Partial correctness is analogous to weak equivalence in that it is a sort of fail-safe condition. If A(a) = FALSE the input criterion is invalid and a presumably never occurs as input and so we make no claims as to the behavior of program (P,I) with "bad" input. If (P,I,a) does not halt there is no output and this is also regarded as a don t-care situation. There are fairly realistic situations where we would be perfectly satisfied with this sort of "correctness" -for example, in data security or protection systems. We presume - or have enpirical evidence - that the system does not fail often or catastrophically and wish to know that when it is working and output is given (of whatever kind, for the output could be just internal transfer of data) then the result is "good" or, more likely, nothing "bad" happens. [Pg.45]

Behavior at Critical requires Safe if feed Fail safe if operated Fail safe if reactor... [Pg.196]

Nuclear safety I C systems have to meet demanding functional and non-functional objectives. They need high reliability and quality of components as well as good properties of architectures such as deterministic behavior, fail-safe and fault tolerant features, functional diversity, and separation. Furthermore, these systems should avoid unnecessary complexity and prevent when possible, operator and maintenance errors. In addition, safety I C systems shall meet the other customer expectations such as modularity, scalability, flexibility, ease of operation. [Pg.38]

Procedures should be established to assist employees to reduce the likelihood of assaults and robbery from those seeking drugs or money, as well as procedures to follow in the case of threatening behavior and provision for a fail-safe back-up in administration offices. [Pg.302]

The behavioral discrepancy could be a "sin of omission" or a "sin of substitution." The worker might have failed to perform a particular safe behavior because he took a short cut or the individual could have performed a certain behavior that puts someone at risk for injury. After deciding what is safe and what is at risk for a particular individual and work situation, an action plan can be designed to reduce the discrepancy between what is and what should be. [Pg.155]

The reason that most of us fail to get the type of motivation we desire is that we try to change people s values, which are set in early life, or change their attitudes, which are an integral part of their personalities. Both values and attitudes are not measurable or easily observable and are accepted or rejected based on our own set of values and attitudes. The best that we can hope to accomplish is to change an individual s behavior, which is observable and measurable. Over time, the workers attitudes may change or their values may be altered by your motivational attempt, but that is not as important as obtaining safe and healthy work behavior. It is imperative that we motivate workers to exhibit a behavior that wiU keep them safe and healthy in the performance of their jobs. [Pg.46]

This recovery procedure triggers transitions in manifold components (e.g. ES FDIR, ES CTRL, ES A, ES B), which are part of the AOCS, CDU, PM and OBDH subsystems. The satellite model captures all these interrelations. The Earth sensor FDIR component furthermore includes many more behaviors (and thus more transitions) to cover other scenarios, like the transition to Safe Mode after a signal loss of the secondary Earth sensor while being in Orbit Control Mode. Another example is the switch-over that is initiated when the primary Earth sensor has failed while being in that mode. This makes the FDIR component tightly coupled with a major part of the overall system. It is therefore imperative to understand which effects the FDIR component has on the system, and under which (isolated) conditions these effects apply. This aims to avoid undesired behaviors. [Pg.249]

See other pages where Fail-safe behavior is mentioned: [Pg.272]    [Pg.44]    [Pg.55]    [Pg.56]    [Pg.272]    [Pg.44]    [Pg.55]    [Pg.56]    [Pg.342]    [Pg.77]    [Pg.20]    [Pg.77]    [Pg.952]    [Pg.957]    [Pg.663]    [Pg.819]    [Pg.261]    [Pg.100]    [Pg.379]    [Pg.90]    [Pg.450]    [Pg.227]    [Pg.201]    [Pg.393]    [Pg.51]    [Pg.1074]    [Pg.786]    [Pg.428]    [Pg.302]    [Pg.94]    [Pg.3]    [Pg.107]    [Pg.89]    [Pg.334]    [Pg.24]    [Pg.5]    [Pg.97]    [Pg.758]    [Pg.515]    [Pg.75]    [Pg.2]    [Pg.4]    [Pg.59]    [Pg.203]   
See also in sourсe #XX -- [ Pg.55 ]



SEARCH



Fail safe

Safe behavior

© 2024 chempedia.info