PII: S0951-8320(99)00066-6

Abstract Accident reports are produced by regulatory and commercial authorities, such as the UK Air Accident Investigation Branch and the US National Transportation Safety Board, in response to most major accidents. These documents are intended to ensure that disasters do not recur. They, typically, contain accounts of the human and system failures that lead to major accidents. These descriptions are then used to identify the primary and secondary causes of the failure. Finally, recommendations are made so that the operators and regulators of safety-critical systems can avoid future accidents. Unfortunately, it is often difficult for readers to trace the way in which particular conclusions are drawn from the many hundreds of pages of evidence in these reports. Natural language arguments often contain implicit assumptions and ambiguous remarks that prevent readers from understanding the reasons why a particular conclusion was drawn from a particular accident. In contrast, this paper argues that mathematical proof techniques can be used to support the findings of accident investigations. These techniques enable analysts to formally demonstrate that a particular conclusion is justified given the evidence in a report. In doing so, it is possible to identify missing pieces of evidence, to identify ambiguities and to determine which items of evidence are critical to particular lines of argument. The later sections of this paper then introduce Conclusion, Analysis and Evidence diagrams. These can be used to communicate the results of a formal analysis. The intention is not to replace the natural argumentation structures that are currently used in accident reports. Rather, our aim is to increase our confidence that particular conclusions are well supported by the evidence that is presented within a report. Finally, we show how CAE diagrams may be used in conjunction with design rationale techniques that have been proposed to support the design of safety-critical applications. This helps to ensure that findings about previous failures are propagated into the subsequent development of future systems.

[1]  Fabio Paternò,et al.  A User Interface Evaluation Mapping Physical User Actions to Task-Driven Formal Specifications , 1995, DSV-IS.

[2]  N. Worley,et al.  The Chernobyl accident and its implications for the United Kingdom , 1988 .

[3]  Christopher W. Johnson,et al.  Extending the application of formal methods to analyse human error and system failure during accident investigations , 1996, Softw. Eng. J..

[4]  P. Palanque,et al.  Design, Specification and Verification of Interactive Systems ’95 , 2000, Eurographics.

[5]  Alan J. Dix,et al.  Formal methods for interactive systems , 1991, Computers and people series.

[6]  Andrzej Szałas,et al.  Time and Logic: A Computational Approach , 1995 .

[7]  John M. Carroll,et al.  Design rationale: concepts, techniques, and use , 1996 .

[8]  C. W. Johnson,et al.  Using Z to support the design of interactive safety-critical systems , 1995, Softw. Eng. J..

[9]  Transactions of the Institution of Chemical Engineers , 1927, Nature.

[10]  Chris W. Johnson The Formal Analysis of Human-Computer Interaction During Accident Investigations , 1994, BCS HCI.

[11]  J. van Benthem,et al.  Temporal logic , 1995 .

[12]  M. Kooij Interface specification with temporal logic , 1989, IWSSD '89.

[13]  E. Hajnicz An analysis of structure of time in the first order predicate calculus , 1995 .

[14]  George R. S. Weir,et al.  People and Computers IX: Crafting Interaction: Styles, Metaphors, Modalities and Agents , 1994 .

[15]  Chris W. Johnson A First Step Towards the Integration of Accident Reports and Constructive Design Documents , 1999, SAFECOMP.

[16]  Chris W. Johnson,et al.  Using a formal language to support natural language in accident reports , 1995 .

[17]  Simon Buckingham Shum,et al.  Analyzing the Usability of a Design Rationale Notation , 1996 .

[18]  Andrew Dillon,et al.  Design rationale: Concepts, techniques, and use , 1997 .

[19]  Barry H. Kantowitz,et al.  Human workload in aviation , 1988 .

[20]  Dov M. Gabbay,et al.  Handbook of logic in artificial intelligence and logic programming (Vol. 4): epistemic and temporal reasoning , 1995 .

[21]  David C. Nagel,et al.  Human factors in aviation , 1988 .

[22]  Philippe A. Palanque,et al.  Formal Specification and Verification of CSCW using the Interactive Cooperative Object Formalism , 1995, BCS HCI.