Invited Talk: Structured Engineering Argumentation
暂无分享,去创建一个
The decision to trust an engineering system—whether to fly in an aircraft, to drive a car - can have real world, societal, environmental and economic consequences. Engineering arguments are multidisciplinary and have a number of characteristics. A significant component of these decisions is science-based and may deploy sophisticated engineering calculations, mathematical models, simulations of the world and the engineered systems. However, this does not mean the judgments are purely deductive or logical. The framing of the problems, the validation of the assumptions, the application of “stopping rules” to decide when there is sufficient confidence is often an exercise in expert judgement. The overall process is socio-technical with challenge necessary to build confidence, and seeking dissent and counter-evidence important. One contribution to achieving confidence in engineering decisions is assurance cases: “a documented body of evidence that provides a convincing and valid argument that a system is adequately dependable for a given application in a given environment”. Our approach is based on the key concepts of claims, arguments and evidence (CAE): Claims—statements about a property of the system, Evidence that is used as the basis of the justification of the claim, Arguments link the evidence to the claim. Engineering justifications are too complex to express in terms of a simple CAE triple. If we are developing a top down justification, the claims need to be expanded into subclaims until we can identify evidence that can directly support the subclaims. Engineering assurance arguments tend to be some 10 s to 100 s of nodes and have considerable supporting narrative. We have developed an approach to structuring such arguments based on a set of archetypal CAE fragments that we have termed CAE building blocks. The identification of the blocks was supported by an empirical analysis of the types of engineering arguments that are made about safety and dependability from defence, finance and medical applications. Our approach factors out the argument into parts that can be addressed deductively and the side-warrant, which highlights the properties assumed of the world and have an inductive component. In this way we hope to get the benefits of deductive reasoning without losing the important argument that justifies why, in the real world, such deduction is appropriate and valid. These two aspects: the use of CAE fragments and the factorisation of deductive and inductive allow us to speculate how we can best exploit a variety of automated reasoning approaches.