Table 1 System safety requirements in GIVEN-WHEN-THEN syntax for the door controller to mitigate the hazard “Passengers fall out of the train” connected to the train function “Open external passenger doors”. These requirements describe the behavior of the external train doors equipped with the lock mechanism that makes the door opening function safer. A slightly revised version of the table in [19]
Name | Safety Requirement |
|---|---|
SafeReq1 | GIVEN the train is ready to run |
WHEN the driver requests to lock all external doors | |
THEN the door controller shall close and lock all the external doors | |
SafeReq2 | GIVEN an external door is locked |
WHEN the passenger requests to open the external door | |
THEN the door controller shall keep the external door closed and locked | |
SafeReq3 | GIVEN an external door is unlocked AND the train is at station |
WHEN the passenger requests to open an external door | |
THEN the door controller shall open the external door | |
SafeReq4 | GIVEN all external doors on the side of the train close to the platform are unlocked |
WHEN the driver requests to open all external doors | |
THEN the door controller shall open all external doors on the side of the train close to the platform | |
SafeReq5 | GIVEN the train approaches a station |
WHEN the driver requests to unlock all external doors that are on the train side close to the platform | |
THEN the door controller shall unlock all external doors on the side of the train close to the platform | |
SafeReq6 | GIVEN the train is running |
WHEN an external door is open | |
THEN the door controller shall provide an alert |