Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reasoning about human error with interactive systems based on formal models of behaviour Paul Curzon Queen Mary, University of London Paul Curzon Queen.

Published byRoland Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "Reasoning about human error with interactive systems based on formal models of behaviour Paul Curzon Queen Mary, University of London Paul Curzon Queen."— Presentation transcript:

1 Reasoning about human error with interactive systems based on formal models of behaviour Paul Curzon Queen Mary, University of London Paul Curzon Queen Mary, University of London 1

2 Acknowledgements  Ann Blandford (UCL)  Rimvydas Rukš ė nas (QMUL)  Jonathan Back (UCL)  George Papatzanis (QMUL)  Dominic Furniss (UCL)  Simon Li (UCL)  …+ various QMUL/UCL students  Ann Blandford (UCL)  Rimvydas Rukš ė nas (QMUL)  Jonathan Back (UCL)  George Papatzanis (QMUL)  Dominic Furniss (UCL)  Simon Li (UCL)  …+ various QMUL/UCL students

3 Background  The design of computer systems (including safety critical systems) has historically focused on the hardware and software components of an interactive system  People have typically been outside the system as considered for verification  The design of computer systems (including safety critical systems) has historically focused on the hardware and software components of an interactive system  People have typically been outside the system as considered for verification 1

4 Can we bring users into the development process?  In a way that talks at the same level of abstraction as established software development  That accounts for cognitive causes of error  That doesn’t require historical data to establish probabilities  That doesn’t demand strong cognitive science background of the analyst  In a way that talks at the same level of abstraction as established software development  That accounts for cognitive causes of error  That doesn’t require historical data to establish probabilities  That doesn’t demand strong cognitive science background of the analyst 1

5 The Human error Modelling (HUM) project  Systematic investigations of human error and its causes  Formalise results in a user model included in the “system” for verification  Model of cognitively plausible behaviour  Investigate ways of “informalising” the knowledge to make it usable in practice  focus on dynamic context-aware systems  Improve understanding of actual usability design practice  Systematic investigations of human error and its causes  Formalise results in a user model included in the “system” for verification  Model of cognitively plausible behaviour  Investigate ways of “informalising” the knowledge to make it usable in practice  focus on dynamic context-aware systems  Improve understanding of actual usability design practice 1

6 Systematic Errors  Many errors are systematic  They have cognitive causes  NOT due to lack of knowledge of what should do  If we understand the patterns of such errors, then we can minimise their likelihood through better design  Formalise the behaviour from which they emerge and we can develop verification tools to identify problems  Many errors are systematic  They have cognitive causes  NOT due to lack of knowledge of what should do  If we understand the patterns of such errors, then we can minimise their likelihood through better design  Formalise the behaviour from which they emerge and we can develop verification tools to identify problems 1

7 Post-completion errors (PCEs)  Characterised by there being a clean-up or confirmation operation after achievement of main goal  Infrequent but persistent  Examples:  Leaving the original on the photocopier  Leaving the petrol filler cap at the petrol station  …etc.  Characterised by there being a clean-up or confirmation operation after achievement of main goal  Infrequent but persistent  Examples:  Leaving the original on the photocopier  Leaving the petrol filler cap at the petrol station  …etc. 1

8 Experiments: eg Fire engine dispatch

9 Call prioritization

10 The structure of specifications

11 Generic user model in SAL Cognitive principles:  Non-determinism  Relevance  Salience  Mental vs. physical  Pre-determined goals  Reactive behaviour  Voluntary completion  Forced termination Cognitive principles:  Non-determinism  Relevance  Salience  Mental vs. physical  Pre-determined goals  Reactive behaviour  Voluntary completion  Forced termination UserModel{goals,actions, … } = … TRANSITION ([]g,slc: Commit_Action: … ) [] ([]a: Perform_Action: … ) [] Exit_Task: … [] Abort_Task: … [] Idle: … 1

12 Recent Work: salience and cognitive load  Our early work suggested importance of salience and cognitive load…  Humans rely on various cues to correctly perform interactive tasks:  procedural cues are internal;  sensory cues are provided by interfaces;  sensory cues can strengthen procedural cueing (Chung & Byrne, 2004).  Cognitive load can affect the strength of sensory & procedural cues.  Our early work suggested importance of salience and cognitive load…  Humans rely on various cues to correctly perform interactive tasks:  procedural cues are internal;  sensory cues are provided by interfaces;  sensory cues can strengthen procedural cueing (Chung & Byrne, 2004).  Cognitive load can affect the strength of sensory & procedural cues. 1

13 Aims  To determine the relationship between salience and cognitive load;  To extend (refine) our cognitive architecture with salience and load rules;  To assess the formalization by modeling the task used in the empirical studies.  To highlight further areas where empirical studies are needed.  To determine the relationship between salience and cognitive load;  To extend (refine) our cognitive architecture with salience and load rules;  To assess the formalization by modeling the task used in the empirical studies.  To highlight further areas where empirical studies are needed. 1

14 Approach  Use fire engine dispatch to develop an understanding of the link between cognitive load and salience  Re-analyse all previous experiments to refine and validate understanding, identifying load and salience of individual elements  Informally devise rule for the relationship  Formalise the informal rule in user model  Model and verify one detailed experimental scenario - fire engine dispatch  Compare models predicted results with those from the experiment.  Use fire engine dispatch to develop an understanding of the link between cognitive load and salience  Re-analyse all previous experiments to refine and validate understanding, identifying load and salience of individual elements  Informally devise rule for the relationship  Formalise the informal rule in user model  Model and verify one detailed experimental scenario - fire engine dispatch  Compare models predicted results with those from the experiment. 1

15 Experimental setting  Hypothesis: slip errors are more likely when the salience of cues is not sufficient to influence attentional control.  Variables: intrinsic and extraneous cognitive load.  Hypothesis: slip errors are more likely when the salience of cues is not sufficient to influence attentional control.  Variables: intrinsic and extraneous cognitive load. 1

16 Fire engine dispatch

17 Results 1

18 Interpretation of empirical data  High intrinsic load reduces the salience of procedural cues.  High intrinsic & extraneous load may reduce the salience of sensory cues  High intrinsic load reduces the salience of procedural cues.  High intrinsic & extraneous load may reduce the salience of sensory cues 1

19 Formal salience and load rules  Types: Salience  {High,Low,None}; Load  {High,Low}  Procedural: if default  High  intrinsic  High then procedural  Low else procedural  default  Sensory: if default  High  intrinsic  High  extraneous  High then sensory  {High, Low} else sensory  default  Types: Salience  {High,Low,None}; Load  {High,Low}  Procedural: if default  High  intrinsic  High then procedural  Low else procedural  default  Sensory: if default  High  intrinsic  High  extraneous  High then sensory  {High, Low} else sensory  default 1

20 Levels of overall salience  HighestSalience( … )  … procedural  High  procedural  Low  sensory  High  HighSalience( … )  … procedural  None  sensory  High  LowSalience( … )  …  HighestSalience( … )  … procedural  High  procedural  Low  sensory  High  HighSalience( … )  … procedural  None  sensory  High  LowSalience( … )  … 1

21 Choice priorities [] g,slc: Commit_Action: HighestSalience(g, … )  (HighSalience(g, … )  NOT(  h: HighestSalience(h, … )))  (LowSalience(g, … )  NOT(  h: HighestSalience(h, … )  HighSalience(g, … )))  …  commit[ … ]  committed; status  … [] g,slc: Commit_Action: HighestSalience(g, … )  (HighSalience(g, … )  NOT(  h: HighestSalience(h, … )))  (LowSalience(g, … )  NOT(  h: HighestSalience(h, … )  HighSalience(g, … )))  …  commit[ … ]  committed; status  … 1

22 Correctness verification  Use model checking to reason about properties of combined user model - fire engine dispatch system  Compare to actual results from the experiment  Use model checking to reason about properties of combined user model - fire engine dispatch system  Compare to actual results from the experiment 1

23 Correctness verification  Functional correctness: System  EVENTUALLY(Perceived Goal Achieved)  ‘Decide mode’ goal: System  ALWAYS (Route Constructed  Mode chosen)  Functional correctness: System  EVENTUALLY(Perceived Goal Achieved)  ‘Decide mode’ goal: System  ALWAYS (Route Constructed  Mode chosen) 1

24 Formal verification & empirical data LoadError ExtraneousIntrinsicInitializeModeTerm Low + HighLow + LowHigh +  High

25 Results (again) 1

26 Summary  Abstract (simple) formalisation of salience & load:  close correlation with empirical data for some errors;  Initialization error - match  Mode error - false positives  Termination error - 1 condition false negative  further refinement of salience & load rules requires new empirical studies.  Demonstrates how empirical studies and formal modelling work can feed each other.  Abstract (simple) formalisation of salience & load:  close correlation with empirical data for some errors;  Initialization error - match  Mode error - false positives  Termination error - 1 condition false negative  further refinement of salience & load rules requires new empirical studies.  Demonstrates how empirical studies and formal modelling work can feed each other. 1

Download ppt "Reasoning about human error with interactive systems based on formal models of behaviour Paul Curzon Queen Mary, University of London Paul Curzon Queen."

Similar presentations

Chapter 2 The Process of Experimentation

Chapter 2 The Process of Experimentation
The Robert Gordon University School of Engineering Dr. Mohamed Amish

The Robert Gordon University School of Engineering Dr. Mohamed Amish
Lecture # 2 : Process Models

Lecture # 2 : Process Models
The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:4221 4090

The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:
Seven possibly controversial but hopefully useful rules Paul De Boeck K.U.Leuven.

Seven possibly controversial but hopefully useful rules Paul De Boeck K.U.Leuven.
CSCU 411 Software Engineering Chapter 2 Introduction to Software Engineering Management.

CSCU 411 Software Engineering Chapter 2 Introduction to Software Engineering Management.
Decision Making: An Introduction 1. 2 Decision Making Decision Making is a process of choosing among two or more alternative courses of action for the.

Decision Making: An Introduction 1. 2 Decision Making Decision Making is a process of choosing among two or more alternative courses of action for the.
DECO3008 Design Computing Preparatory Honours Research KCDCC Mike Rosenman Rm 279

DECO3008 Design Computing Preparatory Honours Research KCDCC Mike Rosenman Rm 279
Software Quality Control Methods. Introduction Quality control methods have received a world wide surge of interest within the past couple of decades.

Software Quality Control Methods. Introduction Quality control methods have received a world wide surge of interest within the past couple of decades.
1 Keeping Track: Coordinating Multiple Representations in Programming Pablo Romero, Benedict du Boulay & Rudi Lutz IDEAs Lab, Human Centred Technology.

1 Keeping Track: Coordinating Multiple Representations in Programming Pablo Romero, Benedict du Boulay & Rudi Lutz IDEAs Lab, Human Centred Technology.
Writing Good Software Engineering Research Papers A Paper by Mary Shaw In Proceedings of the 25th International Conference on Software Engineering (ICSE),

Writing Good Software Engineering Research Papers A Paper by Mary Shaw In Proceedings of the 25th International Conference on Software Engineering (ICSE),
These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.

These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.
Business Area Analysis Focus: Domain View (selected business area) Goals: –Isolate functions and procedures that allow the area to meet its goals –Define.

Business Area Analysis Focus: Domain View (selected business area) Goals: –Isolate functions and procedures that allow the area to meet its goals –Define.
Models of Human Performance Dr. Chris Baber. 2 Objectives Introduce theory-based models for predicting human performance Introduce competence-based models.

Models of Human Performance Dr. Chris Baber. 2 Objectives Introduce theory-based models for predicting human performance Introduce competence-based models.
©Ian Sommerville 2000Software Engineering, 6/e, Chapter 91 Formal Specification l Techniques for the unambiguous specification of software.

©Ian Sommerville 2000Software Engineering, 6/e, Chapter 91 Formal Specification l Techniques for the unambiguous specification of software.
Chapter 7 design rules.

Chapter 7 design rules.
Chapter 10: Architectural Design

Chapter 10: Architectural Design
1 User Interface Design CIS 375 Bruce R. Maxim UM-Dearborn.

1 User Interface Design CIS 375 Bruce R. Maxim UM-Dearborn.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Critical Systems Specification 3 Formal Specification.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Critical Systems Specification 3 Formal Specification.
Basic Concepts The Unified Modeling Language (UML) SYSC 3100 - System Analysis and Design.

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.

Similar presentations

Ads by Google