Information Technology Reference
In-Depth Information
7 Related Work
Halpern and Pearl [13] were among the first to introduce the counterfactual rea-
soning for causes into the engineering domain. Some later development [15,4] is
based on the notions in [13]. In this work, we formally characterized the set of
reconstructed traces, and showed that causality can be defined based on the set
of reconstructed traces. One advantage of our work is the explicit treatment of
real-time systems, which is not presented in previous work on causality analy-
sis. Timestamps are considered as variables so that constraints on timestamped
events symbolically characterize sets of traces that satisfy the constraints.
The treatment of trace reconstruction is another difference between our work
and previous ones [15,11]. In [15], each occurrence of an event on a trace is
represented by a boolean variable
e
, indicating whether the event is present on
the trace (
e
is true) or not (
e
is false). The underlying component behaviors
are not considered in [15]. Similarly, in [11], the trace reconstruction rules place
a more rigid requirement than in this paper, which may occasionally lead to
undesired analysis result, as we have discussed in [26]. On the other hand, the
work in [11] in addition defines
horizontal
causality between one component's
failure and another's, which is not discussed in any other work in causality
analysis. Also, our Hypothesis 1 is due to [11].
The result of causality analysis naturally provides an
explanation
to the sys-
tem failure: which components' faulty behaviors are the causes to the system
property violation. The work in [4] provides an application in explaining coun-
terexamples from formal verification of system properties specified in linear tem-
poral logics (LTL) [20]. We believe the approach in [4] can be extended to the
setting in this paper.
8Conluon
We proposed the causality analysis problem for black-box component-based sys-
tems. By using causality analysis we are able to establish causal relationship
between component failures and system failure. We provided a formal analysis
framework to solve the causality analysis problem, and detailed the trace recon-
struction rules for the analysis for real-time systems. We illustrated our approach
with the GPCA case study. In the future, we are planning to enhance the ap-
plication of the analysis by providing tool support for safety-critical systems in
the medical device domain.
Acknowledgement.
We would like to thank FDA researchers Paul L. Jones
and Yi Zhang for their motivating discussions on the causality analysis prob-
lem and help in explaining infusion pumps and the GPCA safety requirement
document [12].
