Triplet Enactment Concerns

Triplet enactment concerns address failures in enacting a triplet; triplet behaviour concerns address failures in the governed behaviour of a correctly enacted triplet. The distinction is convenient but not rigorous. This post lists enactment concerns, with brief comments on each.

INITIALISATION: A triplet is enacted when an execution of its machine program is begun by its parent machine in the enactment tree. Enactment is considered to end when program execution ends. The triplet's machine program defines local variables; the global variables are governed world domains. The governed world model specifies a precondition on the global variables for enactment to begin. For example: firefighter lift service may specify that the lift car is at the ground floor, the doors are open, and the hoist motor is switched off. The external agent activating the enactment must ensure that the precondition is satisfied. For different behaviours different treatments of the initialisation concern will be appropriate. The weakest precondition is true, which is always satisfied. In general, a stronger precondition will restrict the freedom to combine the triplet with other concurrent behaviours. An initial phase of the triplet behaviour that allows a weaker precondition by establishing desired conditions may sometimes overcome this disadvantage.

TERMINATION: Enactment of a triplet behaviour may end in three ways. First, the machine program may terminate at a programmed halt. For example, a CloseDoors behaviour in a lift system halts when the doors reach their closed position. Second, the parent machine may issue an OrderlyHalt control command: the machine program halts on reaching the next orderly state of the governed world—where "orderly" is defined in the behaviour design. For example, in a Stop-Start feature of a car, "orderly" may mean "the engine is running, possibly successfully restarted after a stop." Third, the enactment may be forcibly ended by an Abort command. This is appropriate if all governed world states are considered orderly or a critical situation unconditionally demands immediate pre-emptive termination.

In every case the termination concern demands careful attention to the governed world state that will hold when the behaviour enactment ends. Potential failures include continuing physical processes that the machine would have stopped had it not terminated: for example, spatial movement of a vehicle or heating of a solid or gas in a closed vessel. Failures also include leaving a sequentially compound action at an incomplete stage that leaves some resource permanently unavailable: for example, by acquiring a resource and never releasing it.

INTEGRITY: The enactment of a behaviour must have temporal integrity: the machine execution cannot be suspended for later resumption. Sometimes the machine may wait for an event or state change in the governed world, but waiting is itself an execution state. In the period between suspend and resume, by contrast, execution is absent. On resumption the machine would need to reset any software local variables representing governed world phenomena which may have changed—demanding, in effect, another initialisation.

Links to other posts:
 ↑ Avoiding Failure:  Checklists of failures and how to avoid them
 ↑  Physical Bipartite System:  The nature of a bipartite system
 ↑ Enactment: A behaviour is enacted by executing its machine program
 ↑ Triplets:  Triplets (Machine+World=Behaviour) are system behaviour elements
 → Triplet Behaviour Concerns: Failures to avoid in triplet behaviour design