Alan Wassyng

Sajid Rahim, Kourosh Sabri, Anna Ells et al.

Retinopathy of Prematurity (ROP) is a potentially blinding eye disorder because of damage to the eye's retina which can affect babies born prematurely. Screening of ROP is essential for early detection and treatment. This is a laborious and manual process which requires trained physician performing dilated ophthalmological examination which can be subjective resulting in lower diagnosis success for clinically significant disease. Automated diagnostic methods can assist ophthalmologists increase diagnosis accuracy using deep learning. Several research groups have highlighted various approaches. Captured ROP Retcam images suffer from poor quality. This paper proposes the use of improved novel fundus preprocessing methods using pretrained transfer learning frameworks to create hybrid models to give higher diagnosis accuracy. Once trained and validated, the evaluations showed that these novel methods in comparison to traditional imaging processing contribute to better and in many aspects higher accuracy in classifying Plus disease, Stages of ROP and Zones in comparison to peer papers.

Mehrnoosh Askarpour, Alan Wassyng, Mark Lawford et al.

Machine learning (ML) is finding its way into safety-critical systems (SCS). Current safety standards and practice were not designed to cope with ML techniques, and it is difficult to be confident that SCSs that contain ML components are safe. Our hypothesis was that there has been a rush to deploy ML techniques at the expense of a thorough examination as to whether the use of ML techniques introduces safety problems that we are not yet adequately able to detect and mitigate against. We thus conducted a targeted literature survey to determine the research effort that has been expended in applying ML to SCS compared with that spent on evaluating the safety of SCSs that deploy ML components. This paper presents the (surprising) results of the survey.

Guy Meyer, Alan Wassyng, Mark Lawford et al.

A sudden reliance on the internet has resulted in the global standardization of specific software and interfaces tailored for the average user. Whether it be web apps or dedicated software, the methods of interaction are seemingly similar. But when the computer tool is presented with unique users, specifically with a disability, the quality of interaction degrades, sometimes to a point of complete uselessness. This roots from one's focus on the average user rather than the development of a platform for all (a golden standard). This paper reviews published works and products that deal with providing accessibility to visually impaired online users. Due to the variety of tools that are available to computer users, the paper focuses on search engines as a primary tool for browsing the web. By analyzing the attributes discussed below, the reader is equipped with a set of references for existing applications, along with practical insight and recommendations for accessible design. Finally, the necessary considerations for future developments and summaries of important focal points are highlighted.

Monika Jaskolka, Vera Pantelic, Alan Wassyng et al.

Model-Based Development (MBD) is widely used for embedded controls development, with Matlab Simulink being one of the most used modelling environments in industry. As with all software, Simulink models are subject to evolution over their lifetime and must be maintained. Modularity is a fundamental software engineering principle facilitating the construction of complex software, and is used in textual languages such as C. However, as Simulink is a graphical modelling language, it is not currently well understood how modularity can be leveraged in development with Simulink, nor whether it can be supported with current Simulink modelling constructs. This paper presents an effective way of achieving modularity in Simulink by introducing the concept of a Simulink module. The effectiveness of the approach is measured using well-known indicators of modularity, including coupling and cohesion, cyclomatic complexity, and information hiding ability. A syntactic interface is defined in order to represent all data flow across the module boundary. Four modelling guidelines are also presented to encourage best practice. Also, a custom tool that supports the modelling of Simulink modules is described. Finally, this work is demonstrated and evaluated on a real-world example from the nuclear domain.

Spencer Smith, Mojdeh Sayari Nejad, Alan Wassyng

Assurance cases provide an organized and explicit argument for correctness. They can dramatically improve the certification of Scientific Computing Software (SCS). Assurance cases have already been effectively used for safety cases for real time systems. Their advantages for SCS include engaging domain experts, producing only necessary documentation, and providing evidence that can be verified/replicated. This paper illustrates assurance cases for SCS through the correctness case for 3dfim+, an existing Medical Imaging Application (MIA) for analyzing activity in the brain. This example was partly chosen because of recent concerns about the validity of fMRI (Functional Magnetic Resonance Imaging) studies. The example justifies the value of assurance cases for SCS, since the existing documentation is shown to have ambiguities and omissions, such as an incompletely defined ranking function and missing details on the coordinate system. A serious concern for 3dfim+ is identified: running the software does not produce any warning about the necessity of using data that matches the parametric statistical model employed for the correlation calculations. Raising the bar for SCS in general, and MIA in particular, is both feasible and necessary - when software impacts safety, an assurance case methodology (or an equivalently rigorous confidence building methodology) should be employed.

Zinovy Diskin, Nicholas Annable, Alan Wassyng et al.

We propose considering assurance as a model management enterprise: saying that a system is safe amounts to specifying three workflows modelling how the safety engineering process is defined and executed, and checking their conformance. These workflows are based on precise data modelling as in functional block diagrams, but their distinctive feature is the presence of relationships between the output data of a process and its input data; hence, the name ``WorkflowPlus'', WF+ . A typical WP^+ model comprises three layers: (i) process and control flow, (ii) dataflow (with input-output relationships), and (iii) argument flow or constraint derivation. Precise dataflow modelling signifies a crucial distinction of (WP+)-based and GSN-based assurance, in which the data layer is mainly implicit. We provide a detailed comparative analysis of the two formalisms and conclude that GSN does not fulfil its promises.

Yixian Cai, George Karakostas, Alan Wassyng

Verification is the process of checking whether a product has been implemented according to its prescribed specifications. We study the case of a designer (the developer) that needs to verify its design by a third party (the verifier), by making publicly available a limited amount of information about the design, namely a diagram of interconnections between the different design components, but not the components themselves or the intermediate values passed between components. We formalize this notion of limited information using tabular expressions as the description method for both the specifications and the design. Treating verification as a process akin to testing, we develop protocols that allow for the design to be verified on a set of inputs generated by the verifier, using any test-case generating algorithm that can take advantage of this extra available information (partially white-box testing), and without compromising the developer's secret information. Our protocols work with both trusted and untrusted developers, and allow for the checking of the correctness of the verification process itself by any third party, and at any time.

Linna Pang, Chen-Wei Wang, Mark Lawford et al.

A critical step towards certifying safety-critical systems is to check their conformance to hard real-time requirements. A promising way to achieve this is by building the systems from pre-verified components and verifying their correctness in a compositional manner. We previously reported a formal approach to verifying function blocks (FBs) using tabular expressions and the PVS proof assistant. By applying our approach to the IEC 61131-3 standard of Programmable Logic Controllers (PLCs), we constructed a repository of precise specification and reusable (proven) theorems of feasibility and correctness for FBs. However, we previously did not apply our approach to verify FBs against timing requirements, since IEC 61131-3 does not define composite FBs built from timers. In this paper, based on our experience in the nuclear domain, we conduct two realistic case studies, consisting of the software requirements and the proposed FB implementations for two subsystems of an industrial control system. The implementations are built from IEC 61131-3 FBs, including the on-delay timer. We find issues during the verification process and suggest solutions.