Information Technology Reference
In-Depth Information
Definition 4
(System Definition)
.
A
system definition
S
=
C
1
,...,C
J
con-
sists of a set of components.
The set of all events in the system is defined by
E
S
=
j
=1
I
C
j
∪
O
C
j
,where
J
is the number of components in the system.
Definition 5
(System Property)
.
A
system property
ϕ
S
for system definition
S
is a constraint defined on the set
E
S
of system events.
Hypothesis 1.
There must be at least one component violation for a system
property violation, or equivalently,
j
=1
ϕ
C
j
→
ϕ
S
.
Hypothesis 1 is the basis for the causality analysis. A violation to Hypothesis 1
implies a flawed system design, which is out of the scope of this paper.
Definition 6
(Violation)
.
We say that a property
ϕ
is violated on trace
Tr
if
and only if
Tr
=
ϕ
. A system property violation is called a system failure. A
component property violation is called a component failure; in such cases, the
component is called faulty.
Definition 7
(Faulty Components)
.
Given an observed trace
Tr
andasystem
definition
S
on which a system property
ϕ
S
is violated, we define
|
F
{
C
|
C
is a component in
S
and
Tr
|
=
ϕ
C
}
=
(2)
to be the set of faulty components for the violation of
ϕ
S
on
Tr
.
Consider a
suspected subset
C⊆F
of faulty components. Replacing every
with a correct one would result in an alternative system
S
.Let
component in
C
tr
is a trace for
S
,and
tr
has the same system input as observed on
Tr
TR
C
=
{
tr
|
(3)
}
be the set of possible system traces for
S
when rerunning the system
S
with the
same system input as observed on
Tr
. The formal characterization of
TR
C
is a
case-by-case analysis, for which we show with the GPCA case study in Section 5.
Based on
TR
C
, several notions of causes can be defined.
Definition 8
(Contributory Cause [22])
.
A (non-empty) suspected subset
C⊆
F
of faulty components is a
contributory cause
for the violation of a system
property
ϕ
S
on an observed trace
Tr
if and only if
=
ϕ
S
.
Definition 9
(Main Contributory Cause/Necessary Cause [26,11])
.
A (non-
empty) suspected subset
∃
tr
∈
TR
C
.tr
|
of faulty components is a
main contributory
cause
for the violation of a system property
ϕ
S
on an observed trace
Tr
if and
only if
C⊆F
=
ϕ
S
.
Definitions 8 and 9 bound the two extremes of defining necessary cause. Def-
inition 8 requires there exists at least one alternative system execution trace on
which the system failure disappears while Definition 9 requires so on all alterna-
tive system execution traces. In this work, we do not fix a causality definition,
but take it as a parameter of the causality analysis problem.
Definition 10
(Causality Analysis Problem Definition)
.
Given a system defi-
nition
S
, a system property
ϕ
S
,andatrace
Tr
such that
Tr
∀
tr
∈
TR
C
.tr
|
|
=
ϕ
S
,let
F
be
