

# Cognitive Load Management for Planning and Executing Verification Strategies

Sukhwan Jung  
The University of Arizona  
1127 E James E Rogers Way  
Tucson, AZ, USA  
[shjung@arizona.edu](mailto:shjung@arizona.edu)

Alejandro Salado  
The University of Arizona  
1127 E James E Rogers Way  
Tucson, AZ, USA  
[alejandrosalado@arizona.edu](mailto:alejandrosalado@arizona.edu)

Copyright © 2024 by the authors. Permission granted to INCOSE to publish and use.

**Abstract.** Verification is an integral stage of the system engineering process, partially to capture human errors during the process. There is, however, seemingly less attention given to the potential human errors caused by verification engineers themselves, that is, errors that result from ineffective verification planning and/or execution. We focus on two sets of possible cognitive overloads during the verification process: short term overloads during each verification event and long-term overloads over the system lifecycle. A graph-based mathematical approach is proposed to lower such cognitive overloads, utilizing orthogonality and graphical representation. The research is in progress, with theoretical and empirical validations remaining. Practical engineering considerations will be added to finalize the proposed approach, which will then go through an empirical study for validation.

## Introduction

Verification, paired with problem definition and system architecture, is one of the main activities of systems engineering. With the validation process checking whether *the right system was built*, the verification process determines if *the system is built right* (Wentworth, Knaus & Aougab 1997). This is to capture unintended system errors before they can cause significant system failures; tangible evidence is collected to ensure that the intended information transformations are done in given system elements (Walden, Roedler & Forsberg 2015).

The verification process is conceptualized under the assumption that there is no such thing as error-free engineers. It is assumed that human errors would occur in all stages of the system engineering process from system design to operations and management. This is also true for the verification process itself— not only human errors expected to occur during verification, but such human errors hold significant impact in the overall quality of the system development process. Both in formulation as well as implementation, inaccurate verifications bring faulty assumptions about the system which in turn derail the future developments.

However, the human factor has historically seldom been considered while formulating a verification strategy. Most of the cognitive research relative to verification has been focused on verifying the human factor components of the system and system users instead (Boring 2014; Jeffrey C. & Ronald L. 2017; Wishart et al. 2020). We assume that human errors occurring during the verification process have an impact on the quality of developed systems, proposing an approach based on human cognition theories. The introduction of the human factor in the formulation and execution of the verification process would be beneficial, as the outcome of the verification strategy is ultimately determined by the quality of its implementation by verification engineers.

We focus on the cognitive loads experienced by verification engineers and their impact on processing information and exercising judgement. Cognitive overload leads to faulty information processing and

decision making, therefore minimizing such instances during verification is necessary for higher system veracity. There are two sets of cognitive systems involved in a verification strategy: working memory within each verification iteration and long-term memory over the system lifecycle. We propose a graph-based mathematical approach to help verification engineers tackle these issues. Orthogonality-based verification strategy design and graphical representation are used to structurally lower a chance of cognitive overloads for both cognitive systems.

This paper is organized as follows. The Related Works section discusses the theoretical background of the human factors in systems engineering process and the cognitive load theory. The Proposed Approach section describes two approaches to overcome the short-term cognitive overload issues and solving them in long-term learning. The Conclusion section provides the state of research progression and future plans, which includes theoretical or empirical experiments. The theoretical and practical validation of the proposed approach is still ongoing; the Result section will be added in a future full paper with tangible analysis results.

## Related Work

**Human factors in verification.** The human factors engineering principle is actively conducting research on human factors related to system operator performance, including human-machine collaborations (Chignell et al. 2023; Salvendy & Karwowski 2021; Wishart et al. 2020). Human factors on verification engineers, on the other hand, did not receive significant attention. Research efforts on the relationship between human factors and verification are mostly either the extension of operator interaction verification (Degani & Heymann 2002), or for verification in different domains. A program verification tool competition ‘*VerifyThis*’ has been proposed to recognize the importance of human factors such as creativity in the otherwise automated process (Ernst et al. 2019). While sharing the principal concept of verification, their automatic nature was mostly incompatible with the system verification which often requires manual involvements.

**Cognitive psychology.** Miller’s law (Miller 1956) is one of the most widely accepted theories about the information storage capacity of immediate, or working, memory. The law argues that there is ‘*the magical number seven plus or minus two*’ that dictates the number of distinguishable pieces of information humans can process concurrently. Information exceeding this number is theorized to be compressed into smaller number of chunks, or schemas, which can then be hierarchically accessed to retrieve individual information when needed (Bromley 2019). While there are increasing movements to overturn this now nearly 70-year-old law in the field of cognitive phycology domain (Cowan 2015), its simplicity and empirical evidence supports its position as the basis for basic cognitive science research.

Cognitive load (Sweller 1988) provides a more in-depth analysis for human cognitive loads, which is used in a variety of research domains. The theory revolves around the capacity and duration limits of working memory. There are three commonly accepted forms of cognitive load: intrinsic, extraneous, and germane loads, each describing the inherent difficulty of the target information, the presentation of information, and effort required for successful schema generation, respectively (DeLeeuw & Mayer 2008). The schemas are either encoded into or retrieved from long-term memory, each representing *memorizing* and *remembering*. Therefore, cognitive overload can not only impede spontaneous information processing but also negatively affect long term learning and decision making (Klingberg 2009). The hierarchical concept map has been shown to reduce cognitive loads as schemas are known to have pseudo-hierarchical network structures stored in long-term memory (Amadieu et al. 2009).

## Proposed Approach

We aim to propose a verification planning and reasoning approach utilizing graphical structures to tackle both cognitive overload problems in working and long-term memories. This is done by reducing the cognitive effect of numerous verification activities and their evidence in large systems, encouraging engineers to build a more orthogonal verification strategy to enhance schema building and reduce long loops. This approach is expected to provide a supporting tool for verification engineers, modulating verification strategies and managing implementation policies leading to fewer cognition-related human errors. In this paper, the term ‘human errors’ encompasses the general definition of errors caused by human actors rather than specific types and characteristics. This is to ensure the generalizability of the proposed approach. Short- and long-term memories were utilized to describe initial coverage of different human error bases, which will be dissected further to allow error-specific customizations in the future once the approach undergoes empirical validation.

Figure 1 shows an example of modularizing a complex verification strategy to reduce the cognitive loads of verification engineers. The example verification strategy contains 5,779 parameters, 3,115 verification activities, and 28 models connected by 17,319 relationships between them. Figure 1(a) visualizes the strategy with graphical format; individual entities are so numerous that storing them in a working memory is likely impossible to any engineer. We propose to group orthogonal verification activities together, converting this graph into a hierarchical modularization tree as shown in Figure 1(b). Having eight modules at each level, the example verification strategy can be represented within a five-level hierarchy.



Figure 1. An example verification strategy, (a) raw and (b) processed.

**Working memory.** The main constraint regarding working memory is the information capacity limitation. While there are individual variations in their cognitive limits, it is generally agreed that exceeding these limitations causes lower reasoning and decision-making capabilities (Miller 1956). We propose that such a threat can be averted in verification by introducing the concept of hierarchical verification with orthogonality. By separating components and encapsulating subtasks, a verification strategy becomes a collection of orthogonal modules instead of a single interconnected system. The verification process can then be independently assessed on orthogonal modules before integration between modules can be verified at modular level. This significantly reduces the amount of information in the working memory of verification engineers at any given time, reducing the risk of cognitive overload. Note that modules here do not only refer to the traditional partitioning of system into components performed in systems engineering. This refers also to identifying modules that are decoupled, from a cognitive processing level, at the same level of encapsulation. An example might be

features that are totally decoupled. Such orthogonal structures may not always be present in every system; we argue that some degree of verification evidence reuse would be allowed in such cases.

This approach is also scalable with larger systems by formulating a multi-level orthogonality in verification strategies, dividing each orthogonal module into a collection of sub-modules. Such recursive nature allows this approach to be applicable to a wide range of systems with varying sizes. We assume that there are optimal numbers of hierarchy levels as well as the size of the lowest-level modules. The Miller's number (seven) is considered to be the golden standard for the amount of information at each orthogonal module; the information being verification evidence in the lowest-level module and sub-modules in subsequent hierarchies. Our current assumption is that the hierarchy level sizes is less important than the number of information being processed at each module, as frequent refreshment of working memory causes significantly lower mental fatigue compared to the instances of working memory overloads.

**Long-term memory.** We are currently working on an approach to solve the cognitive overload problem with regards to information processing into long-term memory. This is being studied in two parts, minimizing extraneous and germane loads. The extraneous cognitive load minimization can be achieved by transforming the verification strategy format to graphs. This grants better visualization of the verification evidence flow in a more structured way. This is limited to the fundamental presentation formats; therefore, no specific visualization techniques and user interfaces are required. This graphical representation is also being used to minimize germane cognitive load by providing information flow in each orthogonal module. We believe that existing graph models such as concept maps can be utilized to help engineers internalize the set of information. Policies such as retaining engineer assignments to specific orthogonal modules are also being considered. Intrinsic load is mostly dependent on the domain knowledge and experience of verification engineers than the verification strategy therefore is not being considered in this research.

## Conclusion and Remaining Works

This research is in the late stages of finalizing a proposed approach, with theoretical or empirical validation remaining. We are currently in the later stage of theoretical validation with additional background research and domain expert consultation. The proposed solutions are also being refined with practical limitations such as inherently non-orthogonal verification strategies. Modifications to the proposed approach such as overlapping modularization are being considered, along with changes to verification policies. Once the proposed solutions are theoretically validated, an empirical study will be conducted to determine their effectiveness. An interactive graphical interface will be designed for the experiment, providing both the multi-level orthogonal modularization and conceptual representation with predefined rulesets. Additional considerations need to be given to the experiment design separating the effects of individual solutions, which is planned as a future work in the current stage. We expect this research to provide a low-cost method to tackle the cognitive overload problem during system verification process, ensuring the system is *built right* with relatively less resources. The result can then be applied to more complex solutions such as verification strategy in the form of hypergraph.

## Acknowledgements

This material is based upon work supported by the National Science Foundation under Grant No. CMMI-2205468.

## References

Amadieu, F, van Gog, T, Paas, F, Tricot, A & Mariné, C 2009, 'Effects of prior knowledge and concept-map structure on disorientation, cognitive load, and learning', *Learning and Instruction*, vol. 19, no. 5, pp. 376–386.

Boring, RL 2014, 'Human Factors Design, Verification, and Validation for Two Types of Control Room Upgrades at a Nuclear Power Plant', *Proceedings of the Human Factors and Ergonomics Society Annual Meeting*, vol. 58, no. 1, SAGE Publications Inc, pp. 2295–2299.

Bromley, M 2019, 'Lightening the cognitive load for your students', *SecEd*, vol. 2019, no. 12, Mark Allen Group, pp. 14–15.

Chignell, M, Wang, L, Zare, A & Li, J 2023, 'The Evolution of HCI and Human Factors: Integrating Human and Artificial Intelligence', *ACM Transactions on Computer-Human Interaction*, vol. 30, no. 2, p. 17:1-17:30.

Cowan, N 2015, 'George Miller's Magical Number of Immediate Memory in Retrospect: Observations on the Faltering Progression of Science', *Psychological review*, vol. 122, no. 3, pp. 536–541.

Degani, A & Heymann, M 2002, 'Formal Verification of Human-Automation Interaction', *Human Factors*, vol. 44, no. 1, SAGE Publications Inc, pp. 28–43.

DeLeeuw, KE & Mayer, RE 2008, 'A comparison of three measures of cognitive load: Evidence for separable measures of intrinsic, extraneous, and germane load', *Journal of Educational Psychology*, vol. 100, no. 1, American Psychological Association, US, pp. 223–234.

Ernst, G, Huisman, M, Mostowski, W & Ulbrich, M 2019, 'VerifyThis – Verification Competition with a Human Factor', in D Beyer, M Huisman, F Kordon & B Steffen (eds), *Tools and Algorithms for the Construction and Analysis of Systems*, Springer International Publishing, Cham, pp. 176–195.

Jeffrey C., J & Ronald L., B 2017, *A Human Factors Engineering Process to Support Human-System Interface Design in Control Room Modernization*, Idaho National Lab. (INL), Idaho Falls, ID (United States), viewed 7 June 2024, <<https://www.osti.gov/biblio/1484709>>.

Klingberg, T 2009, *The Overflowing Brain: Information Overload and the Limits of Working Memory*, Oxford University Press, USA.

Miller, GA 1956, 'The magical number seven, plus or minus two: Some limits on our capacity for processing information', *Psychological Review*, vol. 63, no. 2, American Psychological Association, US, pp. 81–97.

Salvendy, G & Karwowski, W 2021, *Handbook of human factors and ergonomics*, John Wiley & Sons.

Sweller, J 1988, 'Cognitive load during problem solving: Effects on learning', *Cognitive Science*, vol. 12, no. 2, pp. 257–285.

Walden, DD, Roedler, GJ & Forsberg, K 2015, 'INCOSE Systems Engineering Handbook Version 4: Updating the Reference for Practitioners', *INCOSE International Symposium*, vol. 25, no. 1, pp. 678–686.

Wentworth, JA, Knaus, R & Aougab, H 1997, *Verification, Validation and Evaluation of Expert Systems*, viewed 15 January 2024, <<https://rosap.ntl.bts.gov/view/dot/56919>>.

Wishart, J, Como, S, Forgione, U, Weast, J, Weston, L, Smart, A & Nicols, G 2020, 'Literature review of verification and validation activities of automated driving systems', *SAE Int. J. Connect. Autom. Veh*, vol. 3, pp. 267–323.