Using PVS to support the analysis of distributed cognition systems

  • Paolo Masci
  • Paul Curzon
  • Dominic Furniss
  • Ann Blandford


The rigorous analysis of socio-technical systems is challenging, because people are inherent parts of the system, together with devices and artefacts. In this paper, we report on the use of PVS as a way of analysing such systems in terms of distributed cognition. Distributed cognition is a conceptual framework that allows us to derive insights about plausible user trajectories in socio-technical systems by exploring what information in the environment provides resources for user action, but its application has traditionally required substantial craft skill. DiCoT adds structure and method to the analysis of socio-technical systems from a distributed cognition perspective. In this work, we demonstrate how PVS can be used with DiCoT to conduct a systematic analysis. We illustrate how a relatively simple use of PVS can help a field researcher to (i) externalise assumptions and facts, (ii) verify the consistency of the logical argument framed in the descriptions, (iii) help uncover latent situations that may warrant further investigation, and (iv) verify conjectures about potential hazards linked to the observed use of information resources. Evidence is also provided that formal methods and empirical studies are not alternative approaches for studying a socio-technical system, but that they can complement and refine each other. The combined use of PVS and DiCoT is illustrated through a case study concerning a real-world emergency medical dispatch system.


Formal analysis Higher-order logic PVS Distributed cognition DiCoT Socio-technical systems 


  1. 1.
    Formal specification of the London Ambulance Service in PVS (2012).
  2. 2.
    Bass EJ, Feigh KM, Gunter E, Rushby J (2011) Formal modeling and analysis for interactive hybrid systems. In: 4th International Workshop on Formal Methods for Interactive SystemsGoogle Scholar
  3. 3.
    Bernardeschi C, Cassano L, Domenici A, Masci P (2010) Debugging PVS specifications of control logics via event-driven simulation. In: Proc. 1st Intl. Conf. on Computational Logics, Algebras, Programming, Tools, and Benchmarking (Computation Tools 2010)Google Scholar
  4. 4.
    Bernardeschi C, Masci P, Pfeifer H (2008) Early prototyping of wireless sensor network algorithms in pvs. In: Harrison MD, Sujan MA (eds) Proc. of SAFECOMP08, Lecture Notes in Computer Science, vol 5219, pp 346–359. Springer, BerlinGoogle Scholar
  5. 5.
    Bernardeschi C, Masci P, Pfeifer H (2009) Analysis of wireless sensor network protocols in dynamic scenarios. In: Proc. of SSS09, Lecture Notes in Computer Science, vol 5873, pp 105–119. Springer, BerlinGoogle Scholar
  6. 6.
    Blandford A, Furniss D (2006) DiCoT: A Methodology for Applying Distributed Cognition to the Design of Teamworking Systems. Interactive Systems, pp 26–38Google Scholar
  7. 7.
    Bolton ML, Bass EJ (2010) Formally verifying human–automation interaction as part of a system model: limitations and tradeoffs. Innovations in Systems and Software Engineering 6(3):219–231. doi:10.1007/s11334-010-0129-9 Google Scholar
  8. 8.
    Bolton ML, Bass EJ, Siminiceanu RI (2012) Generating phenotypical erroneous human behavior to evaluate human-automation interaction using model checking. Int J Hum Comput Stud. doi:10.1016/j.ijhcs.2012.05.010
  9. 9.
    Bolton ML, Bass EJ, Siminiceanu RI 2012 Using formal verification to evaluate human-automation interaction, a review. IEEE Trans Syst Man Cybern A Syst Hum. (in press)Google Scholar
  10. 10.
    Bolton ML, Siminiceanu RI, Bass EJ (2011) A systematic approach to model checking human-automation interaction using task analytic models. IEEE Trans Syst Man Cybern A Syst Hum 41(5): 961–976Google Scholar
  11. 11.
    Butler R, Sjogren J (1998) A PVS Graph Theory Library. NASA Technical Memorandum 1998–206923, NASA Langley Research Center, Hampton, VirginiaGoogle Scholar
  12. 12.
    Crow J, Owre S, Rushby J, Shankar N, Stringer-Calvert D (2001) Evaluating, testing, and animating PVS specifications. Tech. rep, Computer Science Laboratory, SRI International, Menlo ParkGoogle Scholar
  13. 13.
    Dun H, Xu H, Wang L (2008) Transformation of BPEL Processes to Petri Nets. In: Theoretical Aspects of Software Engineering, 2008. TASE ’08. 2nd IFIP/IEEE International Symposium on, pp 166–173Google Scholar
  14. 14.
    Fields R (2001) Analysis of erroneour actions in the design of critical systems. Ph.D. thesis, University of YorkGoogle Scholar
  15. 15.
    Foster H, Uchitel S, Magee J, Kramer J (2010) An integrated workbench for model-based engineering of service compositions. Services Comput IEEE Trans 3(2):131–144Google Scholar
  16. 16.
    Furniss D (2004) Codifying distributed cognition: A case study of emergency medical dispatch. Master’s thesis, UCLIC, UCL Interaction CentreGoogle Scholar
  17. 17.
    Furniss D, Blandford A (2006) Understanding emergency medical dispatch in terms of distributed cognition: a case study. Ergonomics J 49:1174–1203Google Scholar
  18. 18.
    Hutchins E (1995) Cognition in the Wild, new edn. The MIT Press.
  19. 19.
    Hutchins E (1995) How a cockpit remembers its speed. Cognitive Sci 19:265–288Google Scholar
  20. 20.
    Kirsh D, Maglio P (1994) On distinguishing epistemic from pragmatic action. Cognitive Sci 18:513–549Google Scholar
  21. 21.
    Larsen KG, Pettersson P, Yi W (1997) Uppaal in a nutshell. Int J Software Tools Technol Transf 1:134–152MATHGoogle Scholar
  22. 22.
    Masci P, Curzon P (2011) Checking user-centred design principles in distributed cognition models: a case study in the healthcare domain. In: USAB 2011: Information Quality in eHealth, 7th Conference of the Austrian Computer Society. Springer Lecture Notes in Computer Science (LNCS)Google Scholar
  23. 23.
    Masci P, Curzon P, Blandford A, Furniss D (2011) Modelling distributed cognition systems in pvs. In: FMIS2011, the 4th Intl. Workshop on Formal Methods for Interactive SystemsGoogle Scholar
  24. 24.
    Masci P, Furniss D, Curzon P, Harrison MD, Blandford A (2012) Supporting field investigators with PVS: a case study in the healthcare domain In: SERENE 2012: 4th International Workshop Software Engineering for Resilient Systems, Lecture Notes in Computer Science (LNCS)Google Scholar
  25. 25.
    Masci P, Huang H, Curzon P, Harrison M (2012) Using pvs to investigate incidents through the lens of distributed cognition. In: NASAFM 2012: 4th Nasa Formal Methods Symposium. Springer Lecture Notes in Computer Science (LNCS)Google Scholar
  26. 26.
    McKnight J, Doherty G (2008) Distributed cognition and mobile healthcare work. In: Proc. of BCS-HCI ’08, pp 35–38. British Computer Society, Swinton, UKGoogle Scholar
  27. 27.
    de Moura L, Owre S, Ruess H, Rushby J, Shankar N, Sorea M, Tiwari A (2004) SAL 2. In: Alur R, Peled DA (eds) Computer Aided Verification: CAV 2004, Lecture Notes in Computer Science, vol 3114, pp 496–500. Springer, BerlinGoogle Scholar
  28. 28.
    Movaghar A, Meyer J (1984) Performability modelling with stochastic activity networks. In: Proc of the 1984 Real-Time Systems, Symposium, pp 215–224Google Scholar
  29. 29.
    Muñoz C (2003) Rapid prototyping in PVS. Tech. Rep. NIA Report No. 2003–03, NASA/CR-2003-212418, National Institute of Aerospace, Hampton, VAGoogle Scholar
  30. 30.
    Owre S, Rajan S, Rushby J, Shankar N, Srivas M (1996) PVS: combining specification, proof checking, and model checking. In: Alur R, Henzinger TA (eds) Computer-Aided Verification, CAV ’96, no. 1102 in Lecture Notes in Computer Science, pp 411–414. Springer-Verlag, New Brunswick, NJGoogle Scholar
  31. 31.
    Priority Dispatch Corp. Inc. (2005) ProQA 3.4, emergency dispatch software.
  32. 32.
    Rajkomar A, Blandford A (2012) Understanding infusion administration in the icu through distributed cognition. Journal of Biomedical Informatics (0). doi:10.1016/j.jbi.2012.02.003.
  33. 33.
    Rushby J (2002) Using model checking to help discover mode confusions and other automation surprises. Reliability Engineering and System Safety 75(2), 167–177. Available at
  34. 34.
    Rushby JM (2001) Modeling the human in human factors. In: SAFECOMP, pp 86–91Google Scholar
  35. 35.
    Shankar N, Owre S (1999) Principles and pragmatics of subtyping in PVS. In: Bert D, Choppy C, Mosses P (eds) Recent Trends in Algebraic Development Techniques, WADT ’99, Lecture Notes in Computer Science, vol 1827. Springer, Toulouse, pp 37–52Google Scholar
  36. 36.
    Sharp H, Robinson H, Segal J, Furniss D (2006) The role of story cards and the wall in xp teams: A distributed cognition perspective. In: Proceedings of the conference on AGILE 2006, pp 65–75. IEEE Computer Society, Washington, DC, USA Google Scholar
  37. 37.
    Vicente KJ (1999) Cognitive Work Analysis : Toward Safe, Productive, and Healthy Computer-Based Work. Lawrence Erlbaum, New JerseyGoogle Scholar
  38. 38.
    Werth J, Furniss D (2012) Medical equipment library design: revealing issues and best practice with DiCoT. International Health Informatics Symposium (IHI, In (2011)Google Scholar
  39. 39.
    Westbrook JI, Ampt A (2009) Design, application and testing of the work observation method by activity timing (wombat) to measure clinicians’ patterns of work and communication. Int J Med Inform 78. doi:10.1016/j.ijmedinf.2008.09.003
  40. 40.
    Wright P, Fields B, Harrison MD (1996) Distributed information resources: A new approach to interaction modelling. In: Proceedings of ECCE8: European Conference on Cognitive Ergonomics, pp 5–10. EACEGoogle Scholar
  41. 41.
    Wright P, Fields B, Harrison M (2000) Analyzing human-computer interaction as distributed cognition: the resources model. Hum Comput Intact J 15(1):1–42Google Scholar
  42. 42.
    Wright P, Fields B, Merriam N (1997) From formal models to empirical evaluation and back again, chap. 13, pp 283–314. Formal methods in human-computer interaction. Springer, BerlinGoogle Scholar
  43. 43.
    Zha H, van der Aalst W, Wang J, Wen L, Sun J (2010) Verifying workflow processes: a transformation-based approach. Software and Systems Modeling pp 1–12. doi:10.1007/s10270-010-0149-9

Copyright information

© Springer-Verlag London 2013

Authors and Affiliations

  • Paolo Masci
    • 1
  • Paul Curzon
    • 1
  • Dominic Furniss
    • 2
  • Ann Blandford
    • 2
  1. 1.School of Electronic Engineering and Computer ScienceQueen Mary University of LondonLondonUK
  2. 2.UCLIC, UCL Interaction CentreUniversity CollegeLondonUK

Personalised recommendations