NASA Logo

NTRS

NTRS - NASA Technical Reports Server

Back to Results
A Formal Approach for Designing and Evaluating ProceduresOperator interaction with modern control systems is a topic of great concern in high-risk industries such as nuclear power and commercial aviation. The issues associated with such systems focus on the ability of the operators (e.g., pilots) to achieve mission goals safely while containing failures. Operators must be able to interact safely and reliably with highly automatic and complex systems across the full spectrum of possible operating conditions, including normal, abnormal, and emergency situations. In environments such as commercial aviation, operator interaction with the machine is specified through a set of standard operating procedures (SOP). A procedure represents a collective agreement on the 'best' way to perform a given task. The intent of this paper is to suggest a formal methodology, for designing and evaluating procedures, that is both reliable and systematic. Our approach involves two major elements: a model of the machine and a list of the operator's task specifications (goals). We use formal modeling paradigms for describing the system and super-imposing on it the operator's tasks. Such paradigms, based on recent frameworks such as Statecharts and Hierarchical Hybrid Machines appear to be adequate methods for analyzing operator interaction with modern control systems. To illustrate this methodology, we model and analyze the sequence of actions for an emergency procedure. The procedure, Irregular Engine Start, for a medium-range aircraft, specifies the sequence of immediate actions that must be performed by the crew to avoid an uncontrolled rise in engine temperature during start-up. A model of engine behavior during a hot start is constructed. It also describes the various actions that can be taken by the crew and the resulting outcomes. The model is then opened up as a tree of all possible action sequences. This action tree allows us to trace the correct sequences necessary to achieve the desired end-goal (secure and shut down of the engine). In conclusion, we argue that the current process of designing and evaluating procedures can be improved. We discuss the implications of this approach for designing and evaluating this and other types of procedures. We conclude with insights about the benefits and limitation of this methodology, and offer suggestions for future research.
Document ID
20020064482
Acquisition Source
Ames Research Center
Document Type
Conference Paper
Authors
Degani, Asaf
(NASA Ames Research Center Moffett Field, CA United States)
Heymann, Michael
(NASA Ames Research Center Moffett Field, CA United States)
Shafto, Michael
(NASA Ames Research Center Moffett Field, CA United States)
Remington, Roger
Date Acquired
August 20, 2013
Publication Date
January 1, 1998
Subject Category
Computer Programming And Software
Meeting Information
Meeting: 10th Symposium on Aviation Psychology
Location: Columbus, OH
Country: United States
Start Date: May 2, 1999
End Date: May 7, 1999
Funding Number(s)
CONTRACT_GRANT: NCC2-798
Distribution Limits
Public
Copyright
Work of the US Gov. Public Use Permitted.

Available Downloads

There are no available downloads for this record.
No Preview Available