System failure
System failure is always a surprise. Obviously, system designers always want to avoid the surprise. Failure to prevent the surprise is regarded as design or implementation mistake. The problem is that surprise associated with rare situations, which means that we do not have many opportunities to encounter them during the system development.
Is the exception expected?
Consider the case of a common home appliance erroneously set to delay its operation. Typically, the user might realize that the appliance does not function, and call for technical assistance. By the time the assistance is connected, the delay time might elapse, and the problem is not there anymore, and the problem that the user had experience remains a mystery.
For the appliance designer, the delay is a required feature, therefore the software is not designed to raise an exception on setting a delay. For the user, on the other hand, the setting of the delay is exceptional, and the resulting situation is unexpected.
Coping with the unexpected
Unexpected exceptions are often due to complexity, such as that due to adding features that are rarely used. Harel & Weiss (2011) identified the problem of system failure with unexpected events. Zonnenshain and Harel (2009) noted that in many celebrated accidents, the unexpected events was attributed to machine-operator mismatch. Following Leveson (2004) STAMP, Zonnenshain and Harel (2015) developed a guide for resilience assurance, in which the unexpected are defined explicitly, in the form of deviation from operational rules. The guide has a chapter on system-wide, rule-based exception handling, a key to detecting design flaws of this kind.
Updated on 04 Jun 2017.