Systematic automation of scenario-based testing of user interfaces

Ensuring the effectiveness factor of usability consists in ensuring that the application allows users to reach their goals and perform their tasks. One of the few means for reaching this goal relies on task analysis and proving the compatibility between the interactive application and its task models. Synergistic execution enables the validation of a system against its task model by co-executing the system and the task model and comparing the behavior of the system against what is prescribed in the model. This allows a tester to explore scenarios in order to detect deviations between the two behaviors. Manual exploration of scenarios does not guarantee a good coverage of the analysis. To address this, we resort to model-based testing (MBT) techniques to automatically generate scenarios for automated synergistic execution. To achieve this, we generate, from the task model, scenarios to be co-executed over the task model and the system. During this generation step we explore the possibility of including considerations about user error in the analysis. The automation of the execution of the scenarios closes the process. We illustrate the approach with an example.José Campos acknowledges support from project "NORTE01-0145-FEDER-000016", financed by the North Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF

Analysis of WIMP and Post WIMP Interactive Systems based on Formal Specification

While designing interactive software, the use of a formal specification technique is of great help by providing non-ambiguous, complete and concise descriptions. The advantages of using such a formalism is widened if it is provided by formal analysis techniques that allow to prove properties about the design, thus giving an early verification to the designer before the application is actually implemented. This paper presents how models built using the Interactive Cooperative Objects formalism (ICOs) are amenable to formal verification. The emphasis is on the behavioral part of the description of the interactive systems and more precisely on the properties at the interaction technique level. However, the process and the associated tools can be generalized to the other parts of the interactive systems (including the non-interactive parts)

Genetic software architecture and model-based approach for the dependability of interactive critical

Depuis l'introduction au début des années 2000 du standard ARINC 661 (définissant les interfaces graphiques dans les cockpits), les avions modernes, tels que l'A380, l'A350 ou le B787, intègrent des systèmes interactifs permettant à l'équipage d'interagir avec des applications interactives. Ces applications sont affichées sur des écrans à travers l'utilisation d'un dispositif similaire à un clavier et une souris. Pour des raisons d'exigences de sûreté de fonctionnement, l'utilisation de ces systèmes est limitée, à l'heure actuelle, à la commande et au contrôle de fonctions avioniques non critiques. Cependant, l'utilisation de ces systèmes dans les cockpits d'avions civils apporte de nombreux avantages (tels qu'une amélioration de l'évolutivité du cockpit) qui amènent les industriels à chercher comment l'étendre à la commande et le contrôle de systèmes avioniques critiques. Dans cette optique, nous proposons une approche duale et homogène de prévention et de tolérance aux fautes pour concevoir et développer des systèmes interactifs tolérants aux fautes. Celle-ci repose, dans un premier temps, sur une approche à base de modèles permettant de décrire de manière complète et non ambiguë les composants logiciels des systèmes interactifs et de prévenir les fautes logicielles de développement. Dans un second temps, elle repose sur une approche de tolérance aux fautes naturelles et certaines fautes logicielles résiduelles en opération, grâce à la mise en œuvre d'une solution architecturale fondée sur le principe des composants autotestables. Les contributions de la thèse sont illustrées sur une étude de cas de taille industrielle : une application interactive inspirée du système de commande et contrôle de l'autopilote de l'A380.Since the introduction of the ARINC 661 standard (that defines graphical interfaces in the cockpits) in the early 2000, modern aircrafts such as the A380, the A350 or the B787 possess interactive systems. The crew interacts, through physical devices similar to keyboard and mouse, with interactive applications displayed on screens. For dependability reasons, only non-critical avionics systems are managed using such interactive systems. However, their use brings several advantages (such as a better upgradability), leading aircraft manufacturers to generalize the use of such interactive systems to the management of critical avionics functions. To reach this goal, we propose a dual and homogeneous fault prevention and fault tolerance approach. Firstly, we propose a model-based approach to describe in a complete and unambiguous way interactive software components to prevent as much as possible development software faults. Secondly, we propose a fault tolerant approach to deal with operational natural faults and some residual software faults. This is achieved through the implementation of a fault tolerant architecture based on the principle of self-checking components. Our approach is illustrated on a real size case study: an interactive application based on the command and control system of the A380 autopilot

Architecture logicielle générique et approche à base de modèles pour la sûreté de fonctionnement des systèmes interactifs critiques

Since the introduction of the ARINC 661 standard (that defines graphical interfaces in the cockpits) in the early 2000, modern aircrafts such as the A380, the A350 or the B787 possess interactive systems. The crew interacts, through physical devices similar to keyboard and mouse, with interactive applications displayed on screens. For dependability reasons, only non-critical avionics systems are managed using such interactive systems. However, their use brings several advantages (such as a better upgradability), leading aircraft manufacturers to generalize the use of such interactive systems to the management of critical avionics functions. To reach this goal, we propose a dual and homogeneous fault prevention and fault tolerance approach. Firstly, we propose a model-based approach to describe in a complete and unambiguous way interactive software components to prevent as much as possible development software faults. Secondly, we propose a fault tolerant approach to deal with operational natural faults and some residual software faults. This is achieved through the implementation of a fault tolerant architecture based on the principle of self-checking components. Our approach is illustrated on a real size case study: an interactive application based on the command and control system of the A380 autopilot.Depuis l'introduction au début des années 2000 du standard ARINC 661 (définissant les interfaces graphiques dans les cockpits), les avions modernes, tels que l'A380, l'A350 ou le B787, intègrent des systèmes interactifs permettant à l'équipage d'interagir avec des applications interactives. Ces applications sont affichées sur des écrans à travers l'utilisation d'un dispositif similaire à un clavier et une souris. Pour des raisons d'exigences de sûreté de fonctionnement, l'utilisation de ces systèmes est limitée, à l'heure actuelle, à la commande et au contrôle de fonctions avioniques non critiques. Cependant, l'utilisation de ces systèmes dans les cockpits d'avions civils apporte de nombreux avantages (tels qu'une amélioration de l'évolutivité du cockpit) qui amènent les industriels à chercher comment l'étendre à la commande et le contrôle de systèmes avioniques critiques. Dans cette optique, nous proposons une approche duale et homogène de prévention et de tolérance aux fautes pour concevoir et développer des systèmes interactifs tolérants aux fautes. Celle-ci repose, dans un premier temps, sur une approche à base de modèles permettant de décrire de manière complète et non ambiguë les composants logiciels des systèmes interactifs et de prévenir les fautes logicielles de développement. Dans un second temps, elle repose sur une approche de tolérance aux fautes naturelles et certaines fautes logicielles résiduelles en opération, grâce à la mise en œuvre d'une solution architecturale fondée sur le principe des composants autotestables. Les contributions de la thèse sont illustrées sur une étude de cas de taille industrielle : une application interactive inspirée du système de commande et contrôle de l'autopilote de l'A380

Performance Evaluation of Interactive Systems with Interactive Cooperative Objects Models

International audienc

A Generic Approach for Assessing Compatibility Between Task Descriptions and Interactive Systems: Application to the Effectiveness of a Flight Control Unit

International audienceTask models are a very powerful artefact describing users’ goals and users’ activities and contain numerous information extremely useful for designing usable interactive applications. Indeed, task models is one of the very few means for ensuring effectiveness of the application i. e. that the application allows users to reach their goals and perform their tasks. This paper presents a tool-supported framework for exploiting task models throughout the development process and even when the interactive application is deployed and used. To this end, we introduce a framework for connecting task models to an existing, executable, interactive application. The main contribution of the paper lies in the definition of a systematic correspondence between the user interface elements of the interactive application and the low level tasks in the task model. Depending on the fact that the code of the application is available or not, the fact that the application has been prepared at programming time for such integration or not, we propose different alternatives to perform such correspondence (in a toolsupported way). This task-application integration allows the exploitation of task models at run time bringing in the benefits listed above to any interactive application. The approach, the tools and the integration are presented on a case study of a Flight Control Unit (FCU) used in aircraft cockpits. This paper extends the article entitled ‘A Generic Tool-Supported Framework for Coupling Task Models and Interactive Applications’ which have been presented at the 7th ACM SIGCHI Symposium on Engineering Interactive Computing Systems (EICS 2015). In this expanded version, the detailed description of the correspondence between annotations in the program of the interactive application and interactive tasks in the task models has been added. The complete version of the case study has also been integrated so that the application of each step of the proposed validation process is presented

A Generic Tool-Supported Framework for Coupling Task Models and Interactive Applications

International audienceTask models are a very powerful artefact describing users' goals and users' activity and contain numerous information extremely useful for designing usable interactive application. Indeed, task models is one of the very few means for ensuring effectiveness of the application i.e. that the application allows users to reach their goals and perform their tasks. Despite those advantages, task models are usually perceived as a very expensive artefact to build that has to be thrown away as soon as the interactive application has been designed, i.e. right after the early stages of the design process are performed. However, tasks models can also be of great help for instance when used to support training material production, for training of operators and for providing tasks and goals oriented contextual help while the interactive application is being used ... This paper proposes a tool-supported framework for exploiting task models throughout the development process and even when the interactive application is deployed and used. To this end, we introduce a framework for connecting task models to an existing, executable, interactive application. The main contribution of the paper lies in the definition of a systematic correspondence between the user interface elements of the interactive application and the low level tasks in the task model. Depending on the fact that the code of the application is available or not, the fact that the application has been prepared at programming time for such integration or not, we propose different alternatives to perform such correspondence (in a tool-supported way). This task-application integration allows the exploitation of task models at run time bringing in the benefits listed above to any interactive application. The approach, the tools and the integration are presented on a case study of a Flight Control Unit (FCU) used in aircraft cockpits

Engineering mixed-criticality interactive applications

International audienceIn the field of critical systems, safety standards such as DO-178C define Development Assurance Levels (DALs) for software systems (or sub-systems). The higher the consequence of a failure the higher DAL is required by certification authorities. Developing a system at a DAL A requires the use of formal description techniques and is thus expensive. For lower DALs, standard software development is accepted. While operating such systems, reaching a given goal might require operators to perform tasks using sub-systems of different DALs. Operations thus take place via mixed-criticality systems developed using several different techniques. In order to guarantee the effectiveness of the developed systems, it is necessary to ensure the compatibility of the operators' tasks and the system (whatever technique has been used for its development). While DAL identification is outside the scope of the paper, this article presents a task-model based approach for addressing multiple DALs for mixed-criticality interactive software. That approach proposes a systematic process for engineering mixed-criticality interactive applications. This process is supported by a software modeling and development environment integrating both formal description techniques and standard software programming techniques. The process and the development environment are illustrated with a case study of a mixed-criticality interactive cockpit application

Automation: Danger or Opportunity? Designing and Assessing Automation for Interactive Systems (CHI 2018)

International audienceThis course takes a practical approach to introduce the principles, methods and tools in task modeling and how this technique can support identification of automation opportunities, dangers and limitations. A technical interactive hands-on exercise of how to "do it right", such as: How to go from task analysis to task models? How to identify tasks that are good candidate for automation (through analysis and simulation)? How to identify reliability and usability dangers added by automation? How to design usable automation at system, application and interaction levels? And more..

QBP Notation for Explicit Representation of Properties, Their Refinement and Their Potential Conflicts: Application to Interactive Systems

Part 3: Dealing with Conflicting User Interface Properties in User-Centered Development ProcessesInternational audienceThis paper presents a notation called QBP (Question, Behavior, Property) to represent software and system properties and their relationship. The properties are structured in a tree-shape format from very abstract and generic ones (such as safety or security) to more concrete (leave of the tree). This tree-shape representation is used in the paper to represent properties classification in several areas such as Dependable and Secure computing and Human-Computer Interaction. The notation makes it possible to connect the properties among each other and to connect them to concrete properties expressed in temporal logic. Those concrete properties are, in turn, connected to behavioral descriptions of interactive systems satisfying (or not) the properties. An example is given on a set of different traffic lights from different countries