A probabilistic logic for the development of safety-critical, interactive systems

C.W. Johnson
1993 International Journal of Man-Machine Studies  
This paper starts from the premise that the human contribution to risk must be assessed during the development of safety-critical systems. In contrast to previous approaches, discrete numerical values are rejected as means of quantifying the probability of operator'error' for many di erent users of many di erent systems. Numerical probabilities are used to rank the importance that designers attach to particular system failures. Adequate development resources must be allocated so that operators
more » ... ill resolve and not exacerbate high priority failures. In order to do this, human factors and systems engineers must be provided with notations that can represent risk assessments. Many techniques that are in widespread use, such as fault-tree analysis, provide inadequate support for the development of interactive systems. They do not capture the temporal properties that can determine the quality of interaction between operators and stochastic application processes. It is argued that probabilistic temporal logics avoid this limitation. Notations which are built around linear models of time cannot easily capture the semantics of risk assessments. We have developed Probabilistic Computation Tree Logic (PCTL) to avoid this problem. PCTL is built around a branching model of time. Finally, it is argued that PCTL speci cations and Monte Carlo techniques can be used to provide faithful simulations of interactive systems. The implementation of the Risklog prototyping tool is brie y described. Partial simulations can be shown to system operators in order to determine whether they are likely to intervene and resolve system failures.
doi:10.1006/imms.1993.1064 fatcat:t4rmnplpsfb4vmmi3oz32e32qu