Integrating Model Checking and HCI Tools to Help Designers Verify User Interface Properties

In this paper we present a method that aims to integrate the use of formal techniques in the design process of interactive applications, with particular attention to those applications where both usability and safety are main concerns. The method is supported by a set of tools. We will also discuss how the resulting environment can be helpful in reasoning about multi-user interactions using the task model of an interactive application. Examples are provided from a case study in the field of air traffic control. Document type: Part of book or chapter of boo

V&V of Lexical, Syntactic and Semantic Properties for Interactive Systems Through Model Checking of Formal Description of Dialog

International audienceDuring early phases of the development of an interactive system, future system properties are identified (through interaction with end users in the brainstorming and prototyping phase of the application, or by other stakeholders) imposing requirements on the final system. They can be specific to the application under development or generic to all applications such as usability principles. Instances of specific properties include visibility of the aircraft altitude, speed… in the cockpit and the continuous possibility of disengaging the autopilot in whatever state the aircraft is. Instances of generic properties include availability of undo (for undoable functions) and availability of a progression bar for functions lasting more than four seconds. While behavioral models of interactive systems using formal description techniques provide complete and unambiguous descriptions of states and state changes, it does not provide explicit representation of the absence or presence of properties. Assessing that the system that has been built is the right system remains a challenge usually met through extensive use and acceptance tests. By the explicit representation of properties and the availability of tools to support checking these properties, it becomes possible to provide developers with means for systematic exploration of the behavioral models and assessment of the presence or absence of these properties. This paper proposes the synergistic use two tools for checking both generic and specific properties of interactive applications: Petshop and Java PathFinder. Petshop is dedicated to the description of interactive system behavior. Java PathFinder is dedicated to the runtime verification of Java applications and as an extension dedicated to User Interfaces. This approach is exemplified on a safety critical application in the area of interactive cockpits for large civil aircrafts

A User-Centered View on Formal Methods: Interactive Support for Validation and Verification

International audienceDuring early phases of the development of an interactive system, future system properties are identified (through interaction with end users e.g. in the brainstorming and prototyping phases of the development process, or by re-quirements provided by other stakeholders) imposing re-quirements on the final system. Some of these properties rely on informal aspects of the system (e.g. satisfaction of users) and can be checked by questionnaires, while other ones require the use of formal methods. Whether these properties are specific to the application under development or generic to a class of applications, the verification of the presence of these properties in the system under construc-tion usually involve verification tools to process the formal description of the system. The usability [26] of these tools has a significant impact on the V&V phases which usually remains perceived as very resource consuming. This posi-tion paper proposes the application of action theory to iden-tify complex aspects of verification and exploits it for iden-tifying areas of improvement

Gulfs of Expectation: Eliciting and Verifying Differences in Trust Expectations using Personas

Personas are a common tool used in Human Computer Interaction to represent the needs and expectations of a system’s stakeholders, but they are also grounded in large amounts of qualitative data. Our aim is to make use of this data to anticipate the differences between a user persona’s expectations of a system, and the expectations held by its developers. This paper introduces the idea of gulfs of expectation – the gap between the expectations held by a user about a system and its developers, and the expectations held by a developer about the system and its users. By evaluating these differences in expectation against a formal representation of a system, we demonstrate how differences between the anticipated user and developer mental models of the system can be verified. We illustrate this using a case study where persona characteristics were analysed to identify divergent behaviour and potential security breaches as a result of differing trust expectations

On lions, impala, and bigraphs: modelling interactions in physical/virtual spaces

While HCI has a long tradition of formally modelling task-based interactions with graphical user interfaces, there has been less progress in modelling emerging ubiquitous computing systems due in large part to their highly contextual nature and dependence on unreliable sensing systems. We present an exploration of modelling an example ubiquitous system, the Savannah game, using the mathematical formalism of bigraphs, which are based on a universal process algebra that encapsulates both dynamic and spatial behaviour of autonomous agents that interact and move among each other, or within each other. We establish a modelling approach based on four perspectives on ubiquitous systems—Computational, Physical, Human, and Technology—and explore how these interact with one another. We show how our model explains observed inconsistencies in user trials of Savannah, and then, how formal analysis reveals an incompleteness in design and guides extensions of the model and/or possible system re-design to resolve this

Using gherkin to extract tests and monitors for safer medical device interaction design

Number entry systems on medical devices are safety critical and it is important to get them right. Interaction design teams can be multidisciplinary, and in this work we present a process where the requirements of the system are drawn up using a Controlled Natural Language (CNL) that is understandable by non-technical experts or clients. These CNL requirements can also be directly used by the Quality Assurance (QA) team to test the system and monitor whether or not the system runs as it should once deployed. Since commonly, systems are too complex to test all possible execution paths before deployment, monitoring the system at runtime is useful in order to check that the system is running correctly. If at runtime, it is discovered that an anomaly is detected, the relevant personnel is notified through a report in natural language.peer-reviewe

Making intelligent systems team players: Case studies and design issues. Volume 1: Human-computer interaction design

Initial results are reported from a multi-year, interdisciplinary effort to provide guidance and assistance for designers of intelligent systems and their user interfaces. The objective is to achieve more effective human-computer interaction (HCI) for systems with real time fault management capabilities. Intelligent fault management systems within the NASA were evaluated for insight into the design of systems with complex HCI. Preliminary results include: (1) a description of real time fault management in aerospace domains; (2) recommendations and examples for improving intelligent systems design and user interface design; (3) identification of issues requiring further research; and (4) recommendations for a development methodology integrating HCI design into intelligent system design

Using K-MADe for learning task modeling: interests and difficulties

International audienceTeaching user-centred software design covers many aspects. One of the most important ones is task modeling. Since task modeling contributes largely to the ergonomic quality and acceptance of the resulting software, it is essential for task modeling concepts to be well understood by future software designers. To this end, this study aims at evaluating a task model (K-MAD) and its associated tool (K-MADe) as regards the task modeling training. This article describes the rationale of the study, the model and the software tool used, the teaching steps, and the experience feedback on the practical use of the software. The latter identifies the benefits and disadvantages of this practical use from the teaching point of view, but also from a practical standpoint, including in terms of evolution of the models obtained and of their edition.L'enseignement de la conception de logiciel centrée utilisateur concerne de nombreux aspects. Un de ces aspects les plus importants est la modélisation des tâches. La modélisation des tâches contribuant fortement à la qualité ergonomique et à l'acceptation du logiciel résultant, il est indispensable qu'elle soit la mieux comprise possible par les futurs concepteurs de logiciels. Dans ce but, cette étude cherche à évaluer un modèle de tâche particulier (K-MAD) et son outil associé (K-MADe) dans une démarche d'enseignement de la modélisation des tâches. Cet article décrit la problématique de l'étude, le modèle et le logiciel enseigné, les différentes phases de l'enseignement, et le retour d'expérience d'utilisation concrète du logiciel. Ce retour d'expérience identifie les apports et les inconvénients liés à cette utilisation, lors de son enseignement, et propose des pistes d'évolution des modèles obtenus et d'édition de ces modèles