A hazard analysis method for systematic identification of safety requirements for user interface software in medical devices

© Springer International Publishing AG (outside the US) 2017. Formal methods technologies have the potential to verify the usability and safety of user interface (UI) software design in medical devices, enabling significant reductions in use errors and consequential safety incidents with such devices. This however depends on comprehensive and verifiable safety requirements to leverage these techniques for detecting and preventing flaws in UI software that can induce use errors. This paper presents a hazard analysis method that extends Leveson’s System Theoretic Process Analysis (STPA) with a comprehensive set of causal factor categories, so as to provide developers with clear guidelines for systematic identification of use-related hazards associated with medical devices, their causes embedded in UI software design, and safety requirements for mitigating such hazards. The method is evaluated with a case study on the Gantry-2 radiation therapy system, which demonstrates that (1) as compared to standard STPA, our method allowed us to identify more UI software design issues likely to cause use-related hazards; and (2) the identified UI software design issues facilitated the definition of precise, verifiable safety requirements for UI software, which could be readily formalized in verification tools such as Prototype Verification System (PVS).- U.S. Food and Drug Administration(NORTE-01-0145-FEDER-000016)Sandy Weininger (FDA), Scott Thiel (Navigant Consulting, Inc.), Michelle Jump (Stryker), Stefania Gnesi (ISTI/CNR) and the CHI+MED team (www.chi-med.ac.uk) provided useful feedback and inputs. Paolo Masci’s work is supported by the North Portugal Regional Operational Programme (NORTE 2020) under the PORTUGAL 2020 Partnership Agreement, and by the European Regional Development Fund (ERDF) within Project “NORTE-01-0145-FEDER-000016”.info:eu-repo/semantics/publishedVersio

The Quantum Monadology

The modern theory of functional programming languages uses monads for encoding computational side-effects and side-contexts, beyond bare-bone program logic. Even though quantum computing is intrinsically side-effectful (as in quantum measurement) and context-dependent (as on mixed ancillary states), little of this monadic paradigm has previously been brought to bear on quantum programming languages. Here we systematically analyze the (co)monads on categories of parameterized module spectra which are induced by Grothendieck's "motivic yoga of operations" -- for the present purpose specialized to HC-modules and further to set-indexed complex vector spaces. Interpreting an indexed vector space as a collection of alternative possible quantum state spaces parameterized by quantum measurement results, as familiar from Proto-Quipper-semantics, we find that these (co)monads provide a comprehensive natural language for functional quantum programming with classical control and with "dynamic lifting" of quantum measurement results back into classical contexts. We close by indicating a domain-specific quantum programming language (QS) expressing these monadic quantum effects in transparent do-notation, embeddable into the recently constructed Linear Homotopy Type Theory (LHoTT) which interprets into parameterized module spectra. Once embedded into LHoTT, this should make for formally verifiable universal quantum programming with linear quantum types, classical control, dynamic lifting, and notably also with topological effects.Comment: 120 pages, various figure

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Mathematical Logic: Proof theory, Constructive Mathematics

The workshop “Mathematical Logic: Proof Theory, Constructive Mathematics” was centered around proof-theoretic aspects of current mathematics, constructive mathematics and logical aspects of computational complexit

Formalizing graphical notations

The thesis describes research into graphical notations for software engineering, with a principal interest in ways of formalizing them. The research seeks to provide a theoretical basis that will help in designing both notations and the software tools that process them. The work starts from a survey of literature on notation, followed by a review of techniques for formal description and for computational handling of notations. The survey concentrates on collecting views of the benefits and the problems attending notation use in software development; the review covers picture description languages, grammars and tools such as generic editors and visual programming environments. The main problem of notation is found to be a lack of any coherent, rigorous description methods. The current approaches to this problem are analysed as lacking in consensus on syntax specification and also lacking a clear focus on a defined concept of notated expression. To address these deficiencies, the thesis embarks upon an exploration of serniotic, linguistic and logical theory; this culminates in a proposed formalization of serniosis in notations, using categorial model theory as a mathematical foundation. An argument about the structure of sign systems leads to an analysis of notation into a layered system of tractable theories, spanning the gap between expressive pictorial medium and subject domain. This notion of 'tectonic' theory aims to treat both diagrams and formulae together. The research gives details of how syntactic structure can be sketched in a mathematical sense, with examples applying to software development diagrams, offering a new solution to the problem of notation specification. Based on these methods, the thesis discusses directions for resolving the harder problems of supporting notation design, processing and computer-aided generic editing. A number of future research areas are thereby opened up. For practical trial of the ideas, the work proceeds to the development and partial implementation of a system to aid the design of notations and editors. Finally the thesis is evaluated as a contribution to theory in an area which has not attracted a standard approach

A Survey on Modeling Language Evolution in the New Millennium

AbstractLanguage is a complex evolving system and it is not a trivial task to model the dynamics of processes occurring during its evolution. Therefore, modeling language evolution has attracted the interest of several researchers giving rise to a lot of models in the literature of the last millennium. This work reviews the literature devoted to computationally represent the evolution of human language through formal models and provides an analysis of the bibliographic production and scientific impact of the surveyed language evolution models to give some conclusions about current trends and future perspectives of this research field. The survey provides also an overview of the strategies for validating and comparing the different language evolution models and how these techniques have been applied by the surveyed models