Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering

Both the human factors engineering (HFE) and formal methods communities are concerned with finding and eliminating problems with safety-critical systems. This work discusses a modeling effort that leveraged methods from both fields to use model checking with HFE practices to perform formal verification of a human-interactive system. Despite the use of a seemingly simple target system, a patient controlled analgesia pump, the initial model proved to be difficult for the model checker to verify in a reasonable amount of time. This resulted in a number of model revisions that affected the HFE architectural, representativeness, and understandability goals of the effort. If formal methods are to meet the needs of the HFE community, additional modeling tools and technological developments are necessary

Ideas for a high-level proof strategy language

ABSTRACT Finding ways to prove theorems mechanically was one of the earliest challenges tackled by the AI community. Notable progress has been made but there is still always a limit to any set of heuristic search techniques. From a proof done by human users, we wish to find out whether AI techniques can also be used to learn from a human user. AI4FM (Artificial Intelligence for Formal Methods) is a four-year project that starts officially in April 2010 (see www.AI4FM.org). It focuses on helping users of "formal methods" many of which give rise to proof obligations that have to be (mechanically) verified (by a theorem prover). In industrial-sized developments, there are often a large number of proof obligations and, whilst many of them succumb to similar proof strategies, those that remain can hold up engineers trying to use formal methods. The goal of AI4FM is to learn enough from one manual proof, to discharge proof obligations automatically that yield to similar proof strategies. To achieve this, a high-level (proof) strategy language is required, and in this paper we outline some ideas of such language, and towards extracting them. * During this work Gudmund Grov has been employed jointly by University of Edinburgh and Newcastle University. and constrained use of Z [FW08] -is the so-called "posit and prove" approach: a designer posits development steps and then justifies that they satisfy earlier specifications by discharging (often automatically generated) proof obligations (POs). A large proportion of these POs can be discharged by automatic theorem provers but "some" proofs require user interaction. Quantifying "some" is hard since it depends on many factors such as the domain, technology and methodology used -it could be as little as 3% or as much as 40%. For example, the Paris Metro line 14, developed in the Bmethod, generated 27, 800 POs (of which around 2, 250 required user-interaction) [Abr07] -the need for interactive proofs is clearly still a bottleneck in industrial application of FM, notwithstanding high degree of automation. THE FORMAL METHODS PROBLE

STL: Surprisingly Tricky Logic (for System Validation)

Much of the recent work developing formal methods techniques to specify or learn the behavior of autonomous systems is predicated on a belief that formal specifications are interpretable and useful for humans when checking systems. Though frequently asserted, this assumption is rarely tested. We performed a human experiment (N = 62) with a mix of people who were and were not familiar with formal methods beforehand, asking them to validate whether a set of signal temporal logic (STL) constraints would keep an agent out of harm and allow it to complete a task in a gridworld capture-the-flag setting. Validation accuracy was $45\% \pm 20\%$ (mean $\pm$ standard deviation). The ground-truth validity of a specification, subjects' familiarity with formal methods, and subjects' level of education were found to be significant factors in determining validation correctness. Participants exhibited an affirmation bias, causing significantly increased accuracy on valid specifications, but significantly decreased accuracy on invalid specifications. Additionally, participants, particularly those familiar with formal methods, tended to be overconfident in their answers, and be similarly confident regardless of actual correctness. Our data do not support the belief that formal specifications are inherently human-interpretable to a meaningful degree for system validation. We recommend ergonomic improvements to data presentation and validation training, which should be tested before claims of interpretability make their way back into the formal methods literature

METHODOLOGICAL FOUNDATIONS OF PUBLIC REGULATION IN THE SPHERE OF HUMAN DEVELOPMENT UNDER THE TRANSFORMATION OF THE UKRAINIAN SOCIETY

У статті визначено вихідні методологічні передумови державного регулювання у сфері людського розвитку, що базуються на поєднанні інституційної теорії та системно-синергетичного підходу; соціокультурному вимірі людського розвитку; аналізі нормативно-правового забезпечення та методології оцінки людського розвитку в Україні.The article deals with the initial methodological prerequisites for the formation of the conception of complex mechanism of public regulation in the sphere of human development under the transformation of the Ukrainian society based on the simultaneous combination of the achievements of the institutional theory and systematic and synergetic approach. Thus there singled out the three components of the institutional environment of human development: formal rules; informal rules; attractive self-organizing structures. It is proved that it is necessary to investigate and consider both formal rules and informal ones and selforganizing attractive structures as well in the process of elaborating a complex mechanism of public regulation in the sphere of human development. Formal rules are analyzed by studying normative legal documents concerning human development. The research of informal rules and self-organizing attractive structures is conducted through socio-cultural dimension. The Ukrainian national methods of calculating the index of regional human development is based on the measurement of external (or objective) factors that mostly characterize the socio-demographic and socio-economic components of human potential. However, subjective factors (valuable and motivational basis of human development and self-organizing processes of institutional environment) that characterize the sociocultural and activity-based components of human development, are not investigated sufficiently. The author proposes to improve methods for human development assessment by introducing additional indicators that characterize the valuable and motivational basis of human development and self-organizing processes derived from sociological observations, namely: main socio-psychological features of a social character; the level of satisfaction with various aspects of life; priorities in life and the importance of professional and social activities; socially significant values

PONDOK PESANTREN DAN MENGEMBANGKAN KUALITAS SUMBER DAYA MANUSIA

Human Resources (HR) has a very important position in realizing development capacity, which places humans in their function, namely as a development resource. The purpose of this study was to determine the efforts made by the Pondok Pesantren Darussalam Banyuwangi in developing the quality of human resources, to determine the supporting and inhibiting factors faced by the Darussalam Islamic Boarding School in developing the quality of human resources. To achieve these objectives, researchers used a qualitative research type with descriptive methods. The results showed that; (1) The existing education and teaching system in the Darussalam Islamic Boarding School, namely using the formal education system, non-formal education, and extracurricular education, (2) The efforts of the Darussalam Islamic Boarding School in developing quality human resources, which can be proven by the existence of various activities. and the educational activities in it, of which all these educational programs and activities are in order to develop the quality of faith, science and other skills of the students or students, from which all these resources can be created. quality human resources, (3) Supporting and Inhibiting Factors of Darussalam Islamic Boarding School in developing the quality of human resources, divided into internal factors and external factors

Proceedings of the First NASA Formal Methods Symposium

Topics covered include: Model Checking - My 27-Year Quest to Overcome the State Explosion Problem; Applying Formal Methods to NASA Projects: Transition from Research to Practice; TLA+: Whence, Wherefore, and Whither; Formal Methods Applications in Air Transportation; Theorem Proving in Intel Hardware Design; Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering; Model Checking for Autonomic Systems Specified with ASSL; A Game-Theoretic Approach to Branching Time Abstract-Check-Refine Process; Software Model Checking Without Source Code; Generalized Abstract Symbolic Summaries; A Comparative Study of Randomized Constraint Solvers for Random-Symbolic Testing; Component-Oriented Behavior Extraction for Autonomic System Design; Automated Verification of Design Patterns with LePUS3; A Module Language for Typing by Contracts; From Goal-Oriented Requirements to Event-B Specifications; Introduction of Virtualization Technology to Multi-Process Model Checking; Comparing Techniques for Certified Static Analysis; Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder; jFuzz: A Concolic Whitebox Fuzzer for Java; Machine-Checkable Timed CSP; Stochastic Formal Correctness of Numerical Algorithms; Deductive Verification of Cryptographic Software; Coloured Petri Net Refinement Specification and Correctness Proof with Coq; Modeling Guidelines for Code Generation in the Railway Signaling Context; Tactical Synthesis Of Efficient Global Search Algorithms; Towards Co-Engineering Communicating Autonomous Cyber-Physical Systems; and Formal Methods for Automated Diagnosis of Autosub 6000

Pengembangan Kompetensi Pegawai Negeri Sipil Pada Badan Kepegawaian dan Pengembangan Sumber Daya Manusia Kota Dumai

Based on staffing data at the Dumai City Human Resources Development and Staffing Agency, it is known that employee competence is still an issue that needs attention, especially in terms of knowledge/intellectual competence (formal education), skills competency (structural training, technical/functional training, courses, stewardship), and experience competencies (tenure, position/leadership experience), and attitude competencies. The purpose of this research is to find out the development of civil servant competency in the Dumai City Human Resources Development and human resources development agency and analyze the factors that hinder the development of civil servant competency in the Dumai City Human Resources Development and Staffing Agency. This research uses qualitative methods that are descriptive. The result of this study is the development of civil servant competencies in the Agency for Personnel and Human Resources Development dumai competency development cycle is still not optimal and there are still factors that hinder the development of Civil Servant Competency in the Agency for Personnel and Human Resources Development

Multidimensional study of urban squares through perimetral analysis: three Portuguese case studies

This paper addresses one of the most symbolically and socially meaningful elements of the public open space: the urban square (Portuguese: praça). Besides their urban centrality, these spaces’ potential for liveliness depends on multiple factors and their identity as a place may only be grasped by formal methods that embrace that latent complexity and address the multi?scale and multivariate correlations of factors that defy human cognitive capabilities. This paper will present a synchronic multidimensional analysis of three Portuguese historic squares: Praça da Oliveira, Praça de Santiago (Guimarães) and Praça do Giraldo (Évora), representative of the national historic heritage.info:eu-repo/semantics/acceptedVersio

Analysing the visual dynamics of spatial morphology

Recently there has been a revival of interest in visibility analysis of architectural configurations. The new analyses rely heavily on computing power and statistical analysis, two factors which, according to the postpositivist school of geography, should immediately cause us to be wary. Thedanger, they would suggest, is in the application of a reductionist formal mathematical description in order to `explain' multilayered sociospatial phenomena. The author presents an attempt to rationalise how we can use visibility analysis to explore architecture in this multilayered context by considering the dynamics that lead to the visual experience. In particular, it is recommended that we assess the visualprocess of inhabitation, rather than assess the visibility in vacuo. In order to investigate the possibilities and limitations of the methodology, an urban environment is analysed by means of an agent-based model of visual actors within the configuration. The results obtained from the model are compared with actual pedestrian movement and other analytic measurements of the area: the agents correlate well both with human movement patterns and with configurational relationship as analysed by space-syntax methods. The application of both methods in combination improves on the correlation with observed movement of either, which in turn implies that an understanding of both the process of inhabitation and the principles of configuration may play a crucial role in determining the social usage of space