| 摘要 |
In a safety management system for equipment adapted to operate autonomously in a real-time environment, both a deterministic processor and a non-deterministic processor are provided for processing incoming alerts and generating control signals in response. The non-deterministic processor can deal with unrehearsed, complex and unpredictable situations, by providing essentially open-ended procedures working in large search spaces with no guarantee of a solution. The deterministic processor monitors behaviour of the non-deterministic processor and validates control signals produced by it against safety policies. The deterministic processor also provides an “intelligent” interface to the non-deterministic processor, which receives alerts only from the deterministic processor, and enforces time-critical delivery of responses. |
