Modelling rational user behaviour as games between an angel and a demon

Formal models of rational user behavior are essential for user-centered reasoning about interactive systems. At an abstract level, planned behavior and reactive behavior are two important aspects of the rational behavior of users for which existing cognitive modeling approaches are too detailed. In this paper, we propose a novel treatment of these aspects within our formal framework of cognitively plausible behavior. We develop an abstract, formal model of rational behavior as a game between two opponents. Intuitively, an Angel abstractly represents the planning aspects, whereas a Demon represents the reactive aspects of user behavior. The formalization is carried out within the MOCHA framework and is illustrated by simple examples of interactive tasks

Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering

Both the human factors engineering (HFE) and formal methods communities are concerned with finding and eliminating problems with safety-critical systems. This work discusses a modeling effort that leveraged methods from both fields to use model checking with HFE practices to perform formal verification of a human-interactive system. Despite the use of a seemingly simple target system, a patient controlled analgesia pump, the initial model proved to be difficult for the model checker to verify in a reasonable amount of time. This resulted in a number of model revisions that affected the HFE architectural, representativeness, and understandability goals of the effort. If formal methods are to meet the needs of the HFE community, additional modeling tools and technological developments are necessary

Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) How to Prove Complex Properties of Hybrid Systems with KeYmaera: A Tutorial

The date of receipt and acceptance will be inserted by the editor Abstract. This paper is a tutorial on how to model and prove complex properties of complex hybrid systems in KeYmaera, an automatic and interactive formal verification tool for hybrid systems implementing differential dynamic logic. Hybrid systems can model highly nontrivial controllers of physical plants, whose behaviors are often safety critical such as trains, cars, airplanes, or medical devices. Formal methods can help design systems that work correctly. This paper illustrates how KeYmaera can be used to systematically model, validate, and verify hybrid systems. We develop tutorial examples that illustrate challenges arising in many realworld systems. In the context of this tutorial, we identify the impact that modeling decisions have on the suitability of the model for verification purposes. We show how the interactive features of KeYmaera can help users understand their system designs better and prove complex properties for which the automatic prover of KeYmaera still takes an impractical amount of time. We hope this paper is a helpful resource for designers of embedded and cyber-physical systems and that it illustrates how to master common practical challenges in hybrid systems verification.

Compositional dependability modeling using arcade

Dependability is a key concern for today's complex computer and communication systems. To make sure that such an application meets all its dependability requirements, a rigorous and systematic analysis is required. This talk introduces ARCADE, a formally well-rooted and extensible framework for dependability evaluation. It has been designed so as to combine the strengths of previous approaches to the evaluation of dependability. Key feature is its formal semantics in terms of Input/Output-Interactive Markov Chains, which enables both compositional modeling and compositional analysis, enabling great computational reductions for many models. The ARCADE approach is also extensible, and hence adaptable to new circumstances or application areas. In this talk, I will introduce the new modeling approach, discuss its formal semantics and illustrate its use with two case studie

Time for Reactive System Modeling

Reactive systems interact with their environment by reading inputs and computing and feeding back outputs in reactive cycles that are also called ticks. Often they are safety critical systems and are increasingly modeled with highlevel modeling tools. The concepts of the corresponding modeling languages are typically aimed to facilitate formal reasoning about program constructiveness to guarantee deterministic output and are explicitly abstracted from execution time aspects. Nevertheless, the worst-case execution time of a tick can be a crucial value, where exceedance can lead to lost inputs or tardy reaction to critical events. This thesis proposes a general approach to interactive timing analysis, which enables the feedback of detailed timing values directly in the model representation to support timing aware modeling. The concept is based on a generic timing interface that enables the exchangeability of the modeling as well as the timing analysis tool for the flexible implementation of varying tool chains. The proposed timing analysis approach includes visual highlighting and modeling pragmatics features to guide the user to timing hotspots for timing related model revisions

Computational Modeling of Complex Protein Activity Networks

Because of the numerous entities interacting, the complexity of the networks that regulate cell fate makes it impossible to analyze and understand them using the human brain alone. Computational modeling is a powerful method to unravel complex systems. We recently described the development of a user-friendly computational tool, Analysis of Networks with Interactive MOdeling (ANIMO). ANIMO is a powerful tool to formalize knowledge on molecular interactions. This formalization entails giving a precise mathematical (formal) description of molecular states and of interactions between molecules. Such a model can be simulated, thereby in silico mimicking the processes that take place in the cell. In sharp contrast to classical graphical representations of molecular interaction networks, formal models allow in silico experiments and functional analysis of the dynamic behavior of the network. In addition, ANIMO was developed specifically for use by biologists who have little or no prior modeling experience. In this chapter, we guide the reader through the ANIMO workflow using osteoarthritis (OA) as a case study. WNT, IL-1β, and BMP signaling and cross talk are used as a concrete and illustrative model