Abstract
Formal methods provide support for validation and verification of interactive systems by means of complete and unambiguous description of the envisioned system. Used in the early stages of the development process, they allow detecting and correcting development faults at design and development time. However, events that are beyond the envelope of the formal description may occur and trigger unexpected behaviours in the system at execution time (inconsistent from the formally specified system) resulting in failures. Sources of such interactive system failures can be permanent or transient hardware failures, due to, e.g. natural faults triggered by alpha particles from radioactive contaminants in the chips or neutrons from cosmic radiation. This chapter first presents a systematic identification of the faults that can be introduced in the system during both at development and operations time and how formal methods can be used in such context. To exemplify such usage of formal methods, we present their use to describe software architecture and self-checking components to address these faults in the context of interactive systems. As those faults are more likely to occur in the high atmosphere, the proposed solutions are illustrated using an interactive application within the field of interactive cockpits. This application allows us to demonstrate the use of the concepts and their application for WIMP interactive systems (such as the ones of the nuclear case study of the book).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Airlines Electronic Engineering Committee (2002) ARINC Specification 661: cockpit display system interfaces to user systems
Airlines Electronic Engineering Committee (2003) ARINC Specification 653: avionics application software standard interface
Arlat J, Aguera M, Amat L et al (1990) Fault injection for dependability validation: a methodology and some applications. IEEE Trans Softw Eng 16(2):166–182
Avižienis A, Laprie JC, Randell B, Landwehr C (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Secure Comput 1(1):11–33
Barboni E, Conversy S, Navarre D, Palanque P (2006) Model-based engineering of widgets, user applications and servers compliant with ARINC 661 specification. In: Interactive systems. Design, specification, and verification. Springer, Berlin, Heidelberg, pp 25–38
Basnyat S, Chozos N, Palanque P (2006) Multidisciplinary perspective on accident investigation. Reliab Eng Syst Saf 91(12):1502–1520
Basnyat S, Palanque P, Schupp B, Wright P (2007) Formal socio-technical barrier modelling for safety-critical interactive systems design. Saf Sci 45(5):545–565
Bass L, Little R, Pellegrino R, Reed S, Seacord R, Sheppard S, Szezur MR (1991) The arch model: Seeheim revisited. UI Developpers’ WorNshop, 1
Boehm BW (1984) Verifying and validating software requirements and design specifications. IEEE Softw 1(1):75
Bolton ML (2015) Model checking human-human communication protocols using task models and miscommunication generation. J Aerosp Inf Syst 12(7):476–489
Bolton ML, Bass EJ (2013) Generating erroneous human behavior from strategic knowledge in task models and evaluating its impact on system safety with model checking. IEEE Trans Syst Man Cybern: Syst 43(6):1314–1327
Bolton ML, Bass EJ, Siminiceanu RI (2012) Generating phenotypical erroneous human behavior to evaluate human–automation interaction using model checking. Int J Human Comput Stud 70(11):888–906
Boring RL, Hendrickson SM, Forester JA, Tran TQ, Lois E (2010) Issues in benchmarking human reliability analysis methods: a literature review. Reliab Eng Syst Saf 95(6):591–605
Bowen J, Reeves S (2012) Modelling user manuals of modal medical devices and learning from the experience. In: Proceedings of ACM symposium on engineering interactive computing systems. ACM, pp 121–130
Bowen J, Stavridou V (1993) Formal methods, safety-critical systems and standards. Softw Eng J 8(4):189–209
Dearden AM, Harrison MD (1995) Formalising human error resistance and human error tolerance. In: Proceedings of the fifth international conference on human-machine interaction and artificial intelligence in aerospace, EURISCO
Department of the Army (2006) TM 5–698-4, Failure modes, effects and criticality analysis (FMECA) for command, control, communications, computer, intelligence, surveillance, and reconnaissance (C4ISR) facilities
Dessiatnikoff A, Nicomette V, Alata E, Deswarte Y, Leconte B, Combes A, Simache C (2013) Securing integrated modular avionics computers. In Proceedings of the 32nd digital avionics system conference (DASC), Syracuse (NY, USA), 6–10 Oct
Fayollas C, Fabre JC, Palanque P, Barboni E, Navarre D, Deleris Y (2013) Interactive cockpits as critical applications: a model-based and a fault-tolerant approach. Int J Crit Comput-Based Syst 4(3):202–226
Fayollas C, Fabre JC, Palanque P, Cronel M, Navarre D, Deleris Y (2014) A software-implemented fault-tolerance approach for control and display systems in avionics. In Proceedings of the IEEE 20th Pacific rim international symposium on dependable computing, pp 21–30
Genrich HJ (1991) Predicate/transitions nets. In: Jensen K, Rozenberg G (eds) High-levels petri nets: theory and application. Springer, Heidelberg, pp 3–43
Hall A (1990) Seven myths of formal methods. IEEE Softw 7(5):11–19
Hamilton MH (1986) Zero-defect software: the elusive goal: it is theoretically possible but difficult to achieve; logic and interface errors are most common, but errors in user intent may also occur. IEEE Spectr 23(3):47–53
Hamon A, Palanque P, Silva JL, Deleris Y, Barboni E (2013) Formal description of multi-touch interactions. In: Symposium on engineering interactive computing systems. ACM, pp 207–216
Hecht H, Fiorentino E (1987) Reliability assessment of spacecraft electronics. In: Annual reliability and maintainability symposium. IEEE, pp 341–346
Hollnagel E (2004) Barriers and accident prevention. Ashgage
IBM (1989) Common user access: advanced interface design guide. IBM, SC26-4582-0
Johnson C, Harrison M (1992) Using temporal logic to support the specification and prototyping of interactive control systems. Int J Man Mach Stud 37(3):357–385
Karlesky M, Isbister K (2013) Fidget widgets: secondary playful interactions in support of primary serious tasks. In CHI ’13 extended abstracts on human factors in computing systems. ACM, pp 1149–1154
Laprie JC, Arlat J, Béounes C, Kanoun K (1990) Definition and analysis of hardware and software fault-tolerant architectures. IEEE Comput 23(7):39–51
Martinie C, Navarre D, Palanque P, Fayollas C (2015) A generic tool-supported framework for coupling task models and interactive applications. In Proceedings of the 7th ACM SIGCHI symposium on engineering interactive computing systems. ACM, pp 244–253
Martinie C, Palanque P, Fahssi R, Blanquart JP, Fayollas C, Seguin C (2016) Task model-based systematic analysis of both system failures and human errors. IEEE Trans Human-Mach Syst 46(2):243–254
Martinie C, Palanque P, Navarre D, Barboni E (2012) A development process for usable large scale interactive critical systems: application to satellite ground segments. In Proceedings of the 4th international conference on human-centered software engineering. Springer, Berlin, Heidelberg, pp 72–93
Martinie C, Palanque P, Navarre D, Winckler M, Poupart E (2011) Model-based training: an approach supporting operability of critical interactive systems. In Proceedings of ACM symposium on engineering interactive computing systems. ACM, pp 53–62
Memon AM, Pollack EM, Soffa ML (2001) Hierarchical GUI test case generation using automated planning. IEEE Trans Softw Eng 27(2):144–155
Navarre D, Palanque P, Basnyat S (2008) usability service continuation through reconfiguration of input and output devices in safety critical interactive systems. The 27th international conference on computer safety, reliability and security. LNCS 5219, pp 373–386
Navarre D, Palanque P, Ladry J, Barboni E (2009) ICOs: a model-based user interface description technique dedicated to interactive systems addressing usability, reliability and scalability. ACM TOCHI 16(4):1–56
Nicolescu B, Peronnard P, Velazco R, Savaria Y (2003) Efficiency of transient bit-flips detection by software means: a complete study. In: Proceedings of the 18th IEEE international symposium on defect and fault tolerance in VLSI systems. IEEE, pp 377–384
Normand E (1996) Single-event effects in avionics. IEEE Trans Nucl Sci 43(2):461–474
Palanque P, Basnyat S (2004) Task patterns for taking into account in an efficient and systematic way both standard and erroneous user behaviours. In: 6th international conference on human error, safety and system development. Springer, pp 123–139
Palanque P, Bastide R (1995) Verification of an interactive software by analysis of its formal specification. In: Proceedings of the IFIP TC 13 human-computer interaction conference, Lillehammer, Norway, 27–29 June 1995, pp 191–197
Palanque P, Bastide R (1997) Synergistic modelling of tasks, users and systems using formal specification techniques. Interact Comput 9:129–153
Palanque P, Bastide R, Dourte L (1993) Contextual help for free with formal dialogue design. In: Proceedings of the fifth international conference on human-computer interaction, Orlando, Florida, USA, 8–13 Aug, p 2
Palanque P, Ladry JF, Navarre D, Barboni E (2009) High-fidelity prototyping of interactive systems can be formal too. 13th international conference on human-computer interaction San Diego, CA, USA, LNCS, pp 667–676
Pnueli A (1986) Applications of temporal logic to the specification and verification of reactive systems: a survey of current trends. LNCS n° 224. Springer, pp 510–584
Polet P, Vanderhaegen F, Wieringa P (2002) Theory of safety related violation of system barriers. Cogn Technol Work 4(3):171–179
Rajkomar A, Blandford A (2012) A distributed cognition model for analysing interruption resumption during infusion administration. In Proceedings of the 30th European conference on cognitive ergonomics. ACM, pp 108–111
Reason J (1990) Human error. Cambridge University Press
Reiter MK, Stubblebine SG (1999) Authentication metric analysis and design. ACM Trans Inf Syst Secur 2(2):138–158
RTCA and EUROCAE (2000) DO-254—design assurance guidance for airborne electronic hardware
RTCA and EUROCAE (2011) DO-333 formal methods supplement to DO-178C and DO-278A software tool qualification considerations
RTCA and EUROCAE (2012) DO-178C/ ED-12C, Software considerations in airborne systems and equipment certification
Ruksenas R, Back J, Curzon P, Blandford A (2009) Verification-guided modelling of salience and cognitive load. Formal Asp Comput 21(6):541–569
Schroeder B, Pinheiro E, Weber WD (2009) DRAM errors in the wild: a large-scale field study. In ACM SIGMETRICS, pp 193–204
Stavely AM (1998) Toward zero-defect programming, 1st edn. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA
Tankeu-Choitat A, Fabre JC, Palanque P, Navarre D, Deleris Y (2011a) Self-checking components for dependable interactive cockpits. In: Working conference on dependable computing, ACM
Tankeu-Choitat A, Navarre D, Palanque P, Deleris Y, Fabre JC, Fayollas C (2011b) Self-checking components for dependable interactive cockpits using formal description techniques. In: Proceedings of 17th IEEE Pacific rim international symposium on dependable computing
Thimbleby H, Gimblett A (2011) Dependable keyed data entry for interactive systems. In: Proceedings of the 4th international workshop on formal methods for interactive systems
Traverse P, Lacaze I, Souyris J (2004) Airbus fly-by-wire: a total approach to dependability. In: Proceedings of the 18th IFIP world computer congress, building the information society, pp 191–212
Wright N, Patrick AS, Biddle R (2012) Do you see your password?: applying recognition to textual passwords. In: Proceedings of symposium on usable privacy and security. ACM
Yau SS, Cheung RC (1975) Design of self-checking software. In Proceedings of the international conference on reliable software. IEEE, pp 450–457
Yeh YC (1996) Triple-triple redundant 777 primary flight computer. In: IEEE aerospace applications conference, pp 293–307
Acknowledgements
This work is partly funded by Airbus under the contract CIFRE PBO D08028747-788/2008.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Fayollas, C., Palanque, P., Fabre, JC., Martinie, C., Déléris, Y. (2017). Dealing with Faults During Operations: Beyond Classical Use of Formal Methods. In: Weyers, B., Bowen, J., Dix, A., Palanque, P. (eds) The Handbook of Formal Methods in Human-Computer Interaction. Human–Computer Interaction Series. Springer, Cham. https://doi.org/10.1007/978-3-319-51838-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-51838-1_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51837-4
Online ISBN: 978-3-319-51838-1
eBook Packages: Computer ScienceComputer Science (R0)