Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

Extending the application of formal methods to analyse human error and system failure during accident investigations

Extending the application of formal methods to analyse human error and system failure during accident investigations

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Add to cart
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)
Add to cart

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
Software Engineering Journal — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

© The Institution of Electrical Engineers
Published

Recent disasters at Bhopal, Chernobyl, Habsheim and Kegworth illustrate the point that software is rarely the sole cause behind major accidents. Operator intervention, hardware faults, even the weather conditions and malicious acts all combine to create the conditions for failure. In the aftermath of these accidents, it seems difficult for software engineers, systems developers, forensic scientists and interface designers to predict all of the ways in which systems can fail. It is therefore important that we learn as much as possible from those failures that do occur. Unfortunately, it is often difficult to gain a coherent overview from the mass of detail that is typically contained in many accident reports. This makes it difficult for readers to identify the ‘catastrophic’ events that produced the necessary conditions for disaster. The paper argues that formal specification techniques can be used to resolve these problems. In particular, Temporal Logic of Actions is used to build a unified account of the human errors and system failures that contributed to the Three Mile Island accident. This notation provides high-level abstractions that can be used to strip away the mass of irrelevant details that often obscures important events during disasters. Formal proof techniques can then be applied to the model as a means of identifying the causal relationships that must be broken in order to prevent future failures.

References

    1. 1)
      • B. Sufrin , J. He , M.D. Harrison , H.W. Thimbleby . (1990) Specification, refinement and analysis of interactive processes, Formal methods in human computer interaction.
    2. 2)
      • Woods, D., Johansen, L., Cook, R., Sarter, N.: `Behind human error: cognitive systems, computers and hindsight', 94-01, Technical Report, 1994, CSERIAC State of the Art Report.
    3. 3)
      • N.G. Leveson . (1995) , Safeware: system safety and computers.
    4. 4)
      • M. Thomas . The story of the Therac-25 in LOTOS. High Integrity Syst. J. , 1 , 3 - 16
    5. 5)
      • C.W. Johnson , J.C. McCarthy , P.C. Wright . Using a formal language to support natural language in accident reports. Ergonomics , 6 , 265 - 1283
    6. 6)
      • C. Perrow . (1984) , Normal accidents: living with high-risk technologies.
    7. 7)
      • Telford, A., Johnson, C.W.: `Viewpoints for accident analysis', Technical report, 1996.
    8. 8)
      • J. Reason . (1990) , Human error.
    9. 9)
      • A. Finkelstein , I. Sommerville . The Viewpoints FAQ. Softw. Eng. J. , 1 , 2 - 4
    10. 10)
      • C.W. Johnson , M.D. Harrison , J. Vanderdonk . (1996) Techniques for the evaluation of design notations, Design, specification and verification of interactive systems '96.
    11. 11)
      • A.J. Dix . (1991) , Formal methods for interactive systems.
    12. 12)
      • M.D. Harrison , H.W. Thimbleby . (1989) , Formal methods in human computer interaction.
    13. 13)
      • V. Bignell , J. Fortune . (1984) , Understanding systems failures.
    14. 14)
      • C.W. Johnson , G. Cockton , S.W. Draper , G.R.S. Weir . (1994) The formal analysis of human-compuer interaction during accidents investigations, People and computers IX.
    15. 15)
      • C.W. Johnson . Representing and reasoning about the impact of environmental layout upon human computer interaction. Ergonomics , 3 , 512 - 530
    16. 16)
      • : BAC 1-11 G-AYWB and Boeing 737 EI-BTZ, Report on the incident involving, 12 April 1988, 1989 (Her Majesty's Stationery Office).
    17. 17)
      • Johnson, C.W., Telford, A.: `The formal analysis of human factors errors and system faiilures', TR-1996-6, Technical Report, 1996.
    18. 18)
      • J. Bowen , V. Stavridou . Safety-critical systems, formal methods and standards. Softw. Eng. J. , 4 , 189 - 209
    19. 19)
      • Z. Manna , A. Pnueli , R.S. Boyer , J. Strother Moore . (1981) Verification of concurrent programs: the temporal framework, The correctness problem in computer science.
    20. 20)
      • J.H. Fremlin . (1985) , Power production: what are the risks.
    21. 21)
      • Ladkin, P.: `Reasons and causes', Technical report, 1996, (available via http://www.techfak.uni-bielefeld.de$̃ladkin).
    22. 22)
      • Lamport, L.: `The temporal logic of actions', 79, Research Report, December 1991.
    23. 23)
      • C.W. Johnson , P. Palanque , R. Bastide . (1995) The application of Petri nets to represent and reason about human factors problems during accident analyses, The second Eurographics workshop on the design, specification and verification of interactive systems.
    24. 24)
      • M. Thomas . A proof of incorrectness using LP: the editing problem in the Therac-25. High Integrity Syst. J. , 1 , 49 - 62
http://iet.metastore.ingenta.com/content/journals/10.1049/sej.1996.0046
Loading

Related content

content/journals/10.1049/sej.1996.0046
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address