The Why-Because Analysis Homepage

Contents


What is WBA?
Why-Because Analysis (WBA) is a rigorous technique for causally analysing the behaviour of complex technical and socio-technical systems. Its primary application is in the analysis of accidents, mainly to transportation systems (air, rail and sea). It is also used in the Ontological Analysis method for safety requirements analysis during system development.

WBA is based on a rigorous notion of causal factor. Whether one event or state is a causal factor in the occurrence of another is determined by applying the Counterfactual Test. The Counterfactual Test was proposed by the philosophical logician David Lewis in 1975, who credited David Hume (1770's) and has withstood detailed philosophical criticism since. During analysis, a Why-Because Graph (WB-Graph or WBG) is built showing the causal connections between all events and states of the behaviour being analysed. The completed WB-Graph is the main output of WBA.

The WB-Graph provides a rigorous causal explanation of the behaviour being analysed. However, mistakes may be made in constructing the WB-Graph, as with any human activity. To detect such mistakes, WBA provides a formal proof method which allows one to check whether the WB-Graph is correct and relatively complete. The formal proof method is based on the logic EL, a multi-modal logic based inter alia on Lamport's TLA and Lewis's Causal Logic. Most users of WBA do not feel the need to check their WB-Graphs using the formal proof procedures, but for those who do, it is there. WBA is the only accident analysis method with such a formal consistency/completeness check.

There is one-page description of WBA in German, and a short history (PDF) of WBA.

back to contents...


WBA Introduction and Literature

  • The WBA Introduction by Jan Sanders, a primer for everyone new to Why-Because Analysis. This is a preliminary version. Comments are very welcome!
  • For drawing Why-Because Graphs there is the SERAS WBA Toolkit built by Jan Sanders. For installation and first steps please refer to the manual contained in the file provided. If you have problems please contact Jan Sanders.
  • An introductory paper by Peter Bernard Ladkin with a worked example is contained in a Tecnical Report Incident Reporting Using SERAS Reporter and SERAS Analyst. The SERAS Reporter is a WWW-based reporting and report-parsing tool that has now been incorporated directly into the SERAS toolset available from this page.
  • Causal Analysis of Aircraft Accidents is an Keynote Paper in SAFECOMP 2000, Computer Safety, Reliability and Security, Proceedings of the 19th International Conference, Lecture Notes in Computer Science No. 1943, Springer-Verlag, 2000, which demonstrates the insights WBA yields into some well-known aviation accidents.
  • The WBA workbook with example cases for students of WBA. The book was co-authored by Peter Bernard Ladkin, Jan Sanders and Thilo Paul-Stueve.

  • Considerably more detail about aspects of WBA (including rigorously formal demonstrations of explanatory adequacy) may be found in Chapters 11-25 of the on-line book Causal System Analysis, by Peter Bernard Ladkin

    back to contents...


    WBA Training Course and Tutorial

    A two-day WBA training course is available. It consists of a WBA Tutorial, and participant hands-on exercises using the SERAS toolkit. The WBA Tutorial is one day, without participant exercises. The Tutorial has been given inter alia at the Safety@Siemens 2000 conference in Munich, and at Siemens Transportation Systems in Braunschweig. The WBA training course in its present form has been given three times in Australia in 2004 under the auspices of the Australian Safety-Critical Systems Club and twice in 2005 under the auspices of the Australian Aviation Psychology Association and the Civil Aviation Safety Authority, as well as to industrial clients in the transportation industry in Europe. Contact Peter Ladkin.

    back to contents...


    Comparison of WB-Graphs

    The output of a Why-Because Analysis is a Why-Because Graph. If the method is objective, it should be the case that different WB-Graphs prepared by different groups for the same incident should be very similar. The question arises how one can formally assess similarity of WB-Graphs.

    back to contents...


    WBA examples

    Examples of Why-Because Analyses are available from RVS and other sources. We list some publically available examples:

    • from RVS:
      • Aviation:
        • 1979 Chicago O'Hare: Loss of control. A DC-10 aircraft physically lost an engine on takeoff, rolled inverted and hit the ground. A partial WBA may be found in the paper Formalism Helps in Describing Accidents (PDF), Peter Ladkin and Karsten Loer in Proceedings of the 18th Digital Avionics Systems Conference, IEEE Press, 1999.
        • 1988 Habsheim, France: CFIT. An A320 aircraft performing a low, slow pass at an air show hit trees at the end of the runway, settled to the ground, and burned. The accident sequence was captured on two amateur videos. A high-level WBA of the accident is discussed in the paper Causal Analysis of Aircraft Accidents (PDF), an invited paper in Computer Safety, Reliability and Security, Proceedings of the 19th International Conference, SAFECOMP2000, Lecture Notes in Computer Science No. 1943, Springer-Verlag, Heidelberg and London, 2000.
        • 1993 Warsaw: Runway overrun and fire. A A320 aircraft landing in a thunderstorm was unable to break adequately, overrun the runway and caught fire. The accident report and its partially misleading conclusions is WB-analysed in Causal Analysis of Aircraft Accidents (PDF), an invited paper in Computer Safety, Reliability and Security, Proceedings of the 19th International Conference, SAFECOMP2000, Lecture Notes in Computer Science No. 1943, Springer-Verlag, Heidelberg and London, 2000. The original WBA by Peter Ladkin and Michael Höhl is in Analysing the 1993 Warsaw Accident with a WB-Graph (HTML). The WB-Graph of this accident may be found at http://www.rvs.uni-bielefeld.de/research/WBA/WBG/.
        • 1994 Nagoya: Loss of control. An Airbus A300 aircraft about to land suddenly climbed steeply, stalled and impacted the ground tail first inside the airport boundary. The WB-Graph of this accident may be found at http://www.rvs.uni-bielefeld.de/research/WBA/WBG/.
        • 1994 Operation Provide Comfort, Northern Iraq: Two U.S. Army Black Hawk helicopters were shot down by two U.S. Air Force F-15 interceptor aircraft in one of the worst fratricide incidents of recent years. The sociological analysis of Col. Scott Snook of the Harvard Business School has been reproduced as a series of WB-Graphs to demonstrate a rigorous application of WBA to an incident with largely sociological causes, contrary to what Snook suggests, that a causal analysis of the incident is possible. This was presented as a talk at the 3rd Bieleschweig Workshop on System Engineering, Bielefeld, 2004. Slides (PDF), handout (PDF) are available. The invited paper Two Causal Analyses of the Black Hawk Shootdown During Operation Provide Comfort appeared in the Proceedings of the 8th Australian Workshop on Safety-Critical Software and Systems, volume 33 of Conferences in Research and Practice in Information Technology, ed. Peter Lindsay and Tony Cant, 2004.
        • 1995 Cali, Columbia: CFIT. A B757 aircraft impacted a mountain on descent at night into Cali airport. This was the first fatal accident for the B757 type. The paper Analysing the Cali Accident With a WB-Graph (HTML) was presented at the first Human Error and Systems Development Workshop (HESSD 97) in Glasgow, March 1997.
        • 1996 Puerto Plata, Dominican Republic: Loss of control. A B757 displayed confusing air data on takeoff and the pilots eventually lost control of the aircraft. The WB-Graph of the Puerto Plata accident (in German, PDF) is available, as is a formal proof of explanatory adequacy (also in German, PDF).
        • 2000 Donaueschingen (Blumberg): CFIT. At the end of a flight to certify the accuracy of a new instrument approach to the airport at Donaueschingen, a contractor pilot attempted to fly the approach, which was not yet approved, from memory in bad weather. His memory was not adequate, and the airplane impacted a hillside. A WB-Graph of the accident has been prepared by Peter Ladkin.
        • 2000 Paris: Fire and loss of control. A Concorde aircraft started to burn in the vicinity of the left engines on takeoff from Paris Charles de Gaulle airport. Control was lost and the aircraft crashed. A Why-Because Analysis of the accident was prepared by Bernd Sieker for his Diploma Thesis Visualisation Concepts and Improved Software Tools for Causal System Analysis. There are also slides available from Sieker's talk WBA and the Concorde Accident at the first Bieleschweig Workshop on Systems Engineering, 2002.
        • 2002 Überlingen, Lake Constance: Mid-air collision. A TU-154M and a B757 freighter collided at between FL350 and FL360 on a clear night with a little traffic despite both being equipped with TCAS. The slides from the talk Why-Because Analysis of the 2002 Lake Constance Midair Collision, the Why-Because Graph, List of Facts, and a timeline of the accident were prepared from the final report by Jörn Stuphorn and Jan Sanders and presented at the 5.5th Bieleschweig Workshop of the WBA and CausalML User Group in Bielefeld, 2005.
      • Rail:
      • Marine:
        • 1995 Rose and Crown Shoal, off Nantucket Island, USA: Grounding. The cruise ship Royal Majesty grounded in shallow water some 17 miles off course after a 30+ hour trip. Slides are available from the talk WBA of the Royal Majesty Accident, given at the Second Bieleschweig Workshop on Systems Engineering in Braunschweig, 2003. There is a paper also with the title WBA of the Royal Majesty Accident.
      • Computer Security:
        • 2000 Indonesia: DNS spoofing incidents. A series of incidents with the Internet Domain Name System were analysed by I Made Wiryana and Avinanta Tarigan and presented in a talk entitled Analysing DNS Incidents (PDF) at the First Bieleschweig Workshop on System Engineering, Bielefeld, 2002.
        • 2002 Bielefeld: Local area network penetration. The RVS net was penetrated by a Rumanian hacker, using a new exploit, who was observed online and attempted to delete his traces. Log files were forensically restored and the vunerability analysed, first by experience and intuition. The WB-Analysis was performed by Jan Sanders, Lars Molske and Damian Novak and presented in their talk Why-Because Analysis of a Computer Security Incident (PDF, 3.5MB) at the 5.5th Bieleschweig Workshop, the WBA and CausalML User Group meeting, Bielefeld, 2005. There is also a handout (PDF, 1.3MB) and a technical report (PDF, 3.2MB).

    • from the Institute for Railway Systems Engineering and Traffic Safety (IfEV) at the Technical University of Brunswick (Braunschweig), Germany:
      • Rail:
        • 1998 Eschede, Germany: Derailment. An ICE train derailed and collided with a bridge resulting in Germany's worst rail accident ever. A WBA was performed as a student research project and is available in German. The Why-Because Graph of the Eschede Accident, by Oliver Lemke, assessing only the specific train of events after the wheel tyre detached, has 111 nodes. Contact Oliver Lemke.
        • 1999 Ladbroke Grove, England: Collision. A local train ran through a stop signal and collided with a high speed intercity train resulting in England's worst rail accident in decades. A WBA was performed by Ernesto de Stefano as a student research project. The Ladbroke Grove Why-Because Graph has about 90 nodes, and shows clearly that up to nine different technical systems were causally involved in the accident. Contact Ernesto de Stefano at Siemens Transportation Systems.
        • 2000 Aasta, Norway: Collision. An intercity train collided head-on with another train on a signalled single track line, resulting in Norway's worst rail accident for decades. A WBA was performed as a student research project and is available in German. Contact Oliver Lemke. The WB-Graph is available.
        • 2000 Brühl, Germany: Derailment. An intercity train derailed when passing at high speed through points at Brühl station. The maximum speed limit was less than half of the train's speed. Slides from the talk Analysis of the Brühl railway accident using Why-Because Analysis given at the First Bieleschweig Workshop on System Engineering, Bielefeld, 2002, and a WB-Graph of the accident are available.
        • 2003 Neufahrn, Germany: Collision. A commuter train collided with a stationary commuter train on signalled track. A paper Informeller Vergleich zweier Why-Because-Analysen (PDF) (in German) by Oliver Lemke (IfEV, T.U. Braunschweig) and Enrico Anders (Chair of Railway Signalling and Traffic Safety Systems, T.U. Dresden) compares two WB-Analyses of the Neufahrn accident in order to derive some general comparison methods for Why-Because Analyses. The example was presented at the Bieleschweig Workshop 6.5 in Dresden on 29 November, 2005. Slides from the talk Why-Because Analysis of the S-Bahn railway accident in Neufahrn and a WB-Graph of the accident are available.

    • from the University of Applied Sciences Gelsenkirchen, Germany:
      • Air:
        • 2002 Überlingen, Germany: Mid-air collision. A TU-154M and a B757 freighter collided at between FL350 and FL360 on a clear night with a little traffic despite both being equipped with TCAS. The slides from the talk by Christina Junge Analyse der Midair-Collision bei Überlingen (WBA) (in German) at the Third Bieleschweig Workshop on Systems Engineering, Bielefeld, 2004, the Why-Because Graph (Visio format), and her Diploma Thesis (in German) are available.

    • from the Chair of Railway Signalling and Traffic Safety Systems at the Technical University of Dresden, Germany:
      • Rail:
        • 2003 Neufahrn, Germany: Collision. A commuter train collided with a stationary commuter train on signalled track. See the entry under IfEV, T.U. Braunschweig, above, for the joint Braunschweig/Dresden work on this accident.

    • from Siemens Transportation Systems Rail Automation Division:
      • Marine:
        • 1986 Zeebrugge, Belgium: Capsize. The RORO ferry Herald of Free Enterprise capsized upon leaving port and entering the open sea in the worst ferry accident ever in the North Sea. Slides are available from the talk by Ernesto de Stefano Towards a hybrid approach for Incident Root Cause Analysis at the Second Bieleschweig Workshop on Systems Engineering, Braunschweig, 2003.

    • from the University of York:
      • Air:
        • 1990 Ronaldsway, Isle of Man: Landing accident. A turboprop aircraft suffered damage on landing. The 2001 Ph.D. thesis of Julia Hill, Resolving Complexity in Accident Texts Through Graphical Notations and Hypertext (PDF, 2.4MB) contains a WBA of this accident in Section 5.3, pp91-105. The history of the flight is in Appendix B, pp214-6. Appendix D, p218, shows the WB-Graph of the accident. Appendix F, p220, contains the full WB-Graph, but this does not appear to be available online.
        • n.d., RAF military incident. The same thesis of Julia Hill contains a WBA case study by a third party in Section 7.12, pp133-6.

    • from members of the Australian Civil Aviation Safety Authority:
      • Air:
        • n.d., New Zealand. Turboprop landing accident. An accident to an Ansett Dash-8 aircraft was litigated in civil court and a WBA by Dmitri Zotov, now with the Australian Civil Aviation Safety Authority, helped decide the case. The WBA appears in his Ph.D. thesis submitted to Massey University, New Zealand. Contact Dmitri Zotov.

    back to contents...


    Older Material

    The material below consists of scientific work on WBA performed in the RVS group before 2005.

    Hierarchical Task Analysis

    A very detailed description of the WBA process was prepared by Thilo Paul-Stüve, based on his hierarchical task analysis (HTA) of WBA, which appeared in his Diplom (former equivalent to Master's) thesis in the RVS Group. Our experience is that this is too detailed to use as an introduction. It includes

    WB-Toolset

    We have a suite of software tools, based extensively on open source software, which aid in the construction and display of WB-Graphs. The suite is known as the WB-Toolset. The WB-Toolset currently comprises

    • YBEdit, the graphical editor and graph-layout engine
    • VDAS, the archiving system for WB-Analyses
    • YBFactor, the List of Facts editor
    • YBTimeliner, the timeline-drawing facility

    YBEdit is a layout and display software written in Tcl/Tk which uses the Graphviz layout engine and graph manipulation software from AT&T Labs. It incorporates a point-and-click-based GUI which displays the WB-Graph being built in real-time.

    VDAS is a lightweight archiving software written in Java. It is used to archive and store the WB-Graphs built with YB-Edit, and supplies version control and common-access control for cooperative work on a WB-Graph.

    YBFactor is an input GUI for entering the key events and states, and information about them, which are anticipated to play a causal role in the WB-Graph. It is written in Java.

    YBTimeliner converts a WB-Graph whose labels are annotated with the keywords TStmp and Actrs into a timeline showing the sequence of (punctual) events in an incident, along with the participants in each event, in an HTML format. YBTimeliner is written in PERL.

    The WB-Toolset is currently implemented on a "black box", YB-CSS, a small bare-bones PC running the operating system NetBSD. YB-CSS is a server which provides the WB-Toolset to up to five individual PCs running the freely available VNC client terminal emulation software. Because the only interface to a local area network or client computers is via VNC, there are virtually no important security issues with use of YB-CSS in this architectural configuration.

    back to contents...


    Timelines

    Events in WB-Graphs built using the WB-Toolset may be annotated with both time of occurrence and participants, in the node label, via the keywords TStmp and Actrs, to produce a timeline of the salient events. At present, only punctual times may be included. States, which generally occur over periods and not punctually, are not yet represented. As an example, we show an annotated version of the Glenbrook Specific-Causes Why-Because Graph and Timeline produced directly from it by the YBTimeliner software.

    back to contents...


    WBA literature and software

    The following literature and software appeared previously on the WBA home page in 2000. Some of it may be outdated; some of it represents research directions not taken. We can't take them all - please feel free to take this stuff and do interesting new things. And please also tell us about it!

    cid2ft

    Bernd Sieker, RVS-Soft-06, 28 June 2001 [ Service ]

    This tool analyses CIDs, presented as CI-Script input files, and generates a fault tree in Postscript from the CID. Its function is described in the document RVS-Occ-01-04, How to Generate Fault Trees from Causal Influence Diagrams, by Peter B. Ladkin, Bernd Sieker and Joachim Weidner [Abstract | PDF Version (333K) | Postscript Version (705K)].

    We offer this tool as a WWW service. The WW user must write the CI-Script input file. The service will prompt the user for the file name, and return the completed fault tree as a postscript file to the user.

    cid2dot

    Michael Höhl, Bernd Sieker, RVS-Soft-05, 21 June 2000, modified 1 July 2001
    [ Service ]

    This tool produces Postscript Causal Influence Diagrams, from input presented as CI-Script. Its function is described in the document RVS-Bk-00-01 Notes on the Foundations of System Safety and Risk, by Peter B. Ladkin [Abstract | PDF Version (1.65Mb) | PS Version (7.83MB)]

    We offer this tool as a WWW service. The WW user must write the CI-Script input file. The service will prompt the user for the file name, and return the completed fault tree as a postscript file to the user.

    wb2dot

    Michael Höhl, RVS-Soft-04, 2 April 1998 [ Manual | Service ]

    wb2dot is a tool for converting WB-Graphs written in textual ASCII form (in EBNF) automatically into (pictorial) graphs. There is a parser for the textual WB-Graph which feeds into the graph layout mechanism, which is the dot tool, part of the graphviz suite from Bell Labs. The Manual describes the tool.

    Also available is the wb2dot Service which allows people to use wb2dot remotely. The service offers a CGI interface, which asks for the filename (pathname) of a textual-WB-graph source file on the user's machine, reads it (make sure the permissions are set!), then processes it on our WWW server here, and returns to the user's browser an HTML page containing details of the run (including any error messages) along with a link to download the postscript file containing the pictorial form of the graph which was generated.

    A Quick Introduction to Why-Because Analysis

    Peter B. Ladkin, 1 March 1999
    [ 11pp, Postscript, 159K | DVI without chart, 43K]
    [ Chart of WB-Analyses performed by ourselves and others, Postscript, 19K ]

    Just what it says - this paper explains the steps in a Why-Because Analysis of a complex behavior, and illustrates the core idea, the WB-Graph Method, as well as explaining why formal verification of the WB-Graph is often important as well.

    Examples of Why-Because Graphs

    Heiko Holtkamp, 4 March 1999

    Postscript versions of Why-Because Graphs for various incidents we have analysed, generated using the tool wb2dot from analyses written in WB-Script. A postscript viewer with zoom capability is required, since the graphs are compact.

    Towards "Why...Because"-Analysis of Failures

    Karsten Loer, Diplom Thesis, 20 February 1998

    Abstract: This thesis introduces the Why...Because Analysis (WBA) method of explaining failures causally. From a brief history of an incident, WBA first aims at inquiring after and identifying the significant acts/states/events/non-events that partake in a causal explanation, and then proving rigorously in the formal logic Explanatory Logic (EL) that the explanation found is correct and relatively sufficient. WBA along with formal proof in Lamport's hierarchical style is presented by means of a small running example. (G-ZIPped PS, 501K

    Papers from the Origins of WBA

    The main idea of WB-analysis comes from a formal semantics for causation, explained by the philosophical logician David Lewis in 1973. Ladkin used the Lewis semantics first to clarify the causal factors involved in two aircraft accidents in

    • The X-31 and A320 Warsaw Crashes: Whodunnit? [ Abstract | HTML ]
    He showed that application of the Lewis criterion led to a structure that could be represented as a graph, called in that essay the causal hypergraph, now know as the WB-Graph. It was observed that logical connections fulfil the Lewis causality criterion also, although a logical implication between statements is not normally regarded as having anything to do with causality. Also, some instances of causality in the behavior machines is `traditionally' analysed by using logical inference from a specification of the machine and of the various states of the machine at the time events happen, using the assumption that the machine fulfils its specification. For these reasons, the Lewis relation could be seen as involving explanatory features which did not seem to be purely causal. The name WB-Graph (Why...Because...Graph) was thus suggested by Everett Palmer of NASA Ames to be more appropriate.

    Two survey papers reviewed the analysis method and results as of 1998.

    is informal, and was written for the biannual Research Magazine of the University of Bielefeld in early 1998. A more technical survey article is

    Papers describing some analyses from 1997-8 are:

    The Lewis criterion was also used to analyse the report of the 1979 Chicago O'Hare DC-10 engine-loss accident. The paper appeared in the 18th Digital Avionics System Conference in 1999. An early version is
    • Formalism Helps in Describing Accidents [ Abstract | HTML ]
    In the Cali, Warsaw and O'Hare cases, the conclusions of the rigorous WB-analysis based on the events, states and processes mentioned in the accident reports do not completely agree with the `probable causes' and `contributing factors' in those reports. Since the WB-analysis is based on a rigorous application of a precise criterion, and the causal conclusions in the accident reports are not justified by any explicit reasoning or reasoning criteria, one would be justified in holding the report conclusions to contain reasoning mistakes. In any case, an explanation of the divergence is to be wished for and is mostly lacking.

    The WB-analysis is primarily concerned with analysing causality. The input to the causal analysis is therefore taken to be the list of events, states and processes (short coherent sequences of actions and states that do not need to be analysed into components) stated in the accident reports. The Lewis criterion is applied to these pairwise to obtain the WB-graph in, first, a textual form and then (automatically or by hand) in graphical form. The textual and graphical form can be generated automatically from the individual judgements of causal factors, as shown in

    It is important to distinguish the purely temporal factors of an accident sequence from the causal factors that are part of its explanation. Some attempts to formalise causality have conflated them, and try to formalise the causal reasoning in a pure temporal logic. We do not believe this can work. A critique of one attempt to do this may be found in an early paper

    and a general critique of other attempts, and some principles on which they appear to be based, may be found in
    • Some Dubious Theses in the Tense Logic of Accidents [ Abstract | HTML ]
    Our view of how temporal logic enters into accident histories and analysis, and how the `standard' temporal logic for reactive systems should be thereby modified, may be found in

    More than just observable causal factors come into play when analysing an accident. One must be able to identify causally significant non-events, and to incorporate information about the procedural and regulatory context in which process leading to the accident developed. Palmer and Ladkin have developed a method of inferring the causal significance of non-events, based on comparing the observed events and states with standard operating procedures and observing where those procedures were not adhered to (in An Analysis of `Oops', to appear). Non-events are added to the state/event/process list to represent events that should have happened but didn't. We expect a similar technique to work for more general deontic contexts, such as regulatory matters and managerial oversight, Reason's latent error types.

    Furthermore, there are occasions when deontic considerations conflict with the purely causal analysis. An example was noted in

    • The Crash of Flight KE801, a Boeing B747-300, Guam, Wednesday 6 August, 1997: What We Know So Far [ Abstract | HTML ]
    In this example, explanation requires the deontic considerations to take precedence over the purely causal factors. WB-analysis will thus have to incorporate this deontic reasoning.

    We have observed that all accident reporting depends upon a closed-world assumption (CWA), namely that all the relevant facts are those we know plus those we know are missing. An investigation is considered to have gathered all the facts when we know what we know and we know what we don't know. An explanation based on this collection of facts and missing-facts may be incomplete (as when certain facts obviously lack a causal explanation - the causes are thus missing-facts), but it is not non-monotonic. If one is lacking part of an explanation, the explanation itself does not have to be revised when missing facts are discovered later. However, for many if not all accidents, it is in principle possible that certain events that are not considered plausible and are not easily traceable could in fact have happened, and have led to the accident. The supposition that there are no such abnormal events is equivalent to the CWA. It is a supposition, and the possibility is always there that it may be shown to be incorrect by further evidence. This plausibility criterion, the CWA, thus leads to non-monotonicity. While incompleteness is accomodated within the WB-method as it now is, non-monotonic features of the reasoning are not yet explicitly accounted for.

    The paper

    • Analysing Aviation Accidents using the WB-Graph Method: An Application of Multimodal reasoning [ DVI | PS ]
    is a short abstract with examples illustrating the deontic/causal conflict, and non-monotonic reasoning in aviation accident reports.

    back to contents...