From Probabilistic Counterexamples via Causality to Fault Trees

In recent years, several approaches to generate probabilistic counterexamples have been proposed. The interpretation of stochastic counterexamples, however, continues to be problematic since they have to be represented as sets of paths, and the number of paths in this set may be very large. Fault trees (FTs) are a well-established industrial technique to represent causalities for possible system hazards resulting from system or system component failures. In this paper we suggest a method to automatically derive FTs from counterexamples, including a mapping of the probability information onto the FT. We extend the structural equation approach by Pearl and Halpern, which is based on Lewis counterfactuals, so that it serves as a justification for the causality that our proposed FT derivation rules imply. We demonstrate the usefulness of our approach by applying it to an industrial case study.

[1]  Andreas Zeller,et al.  Why Programs Fail, Second Edition: A Guide to Systematic Debugging , 2009 .

[2]  Donald Nute,et al.  Counterfactuals , 1975, Notre Dame J. Formal Log..

[3]  Andrew Hinton,et al.  PRISM: A Tool for Automatic Verification of Probabilistic Systems , 2006, TACAS.

[4]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[5]  Joanne Bechta Dugan,et al.  Automatic synthesis of dynamic fault trees from UML system models , 2002, 13th International Symposium on Software Reliability Engineering, 2002. Proceedings..

[6]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[7]  Michael Huth,et al.  Hintikka Games for PCTL on Labeled Markov Chains , 2008, 2008 Fifth International Conference on Quantitative Evaluation of Systems.

[8]  Peter Menzies,et al.  Counterfactual Theories of Causation , 2001 .

[9]  Christel Baier,et al.  Model-Checking Algorithms for Continuous-Time Markov Chains , 2002, IEEE Trans. Software Eng..

[10]  Husain Aljazzar,et al.  Directed Explicit State-Space Search in the Generation of Counterexamples for Stochastic Model Checking , 2010, IEEE Transactions on Software Engineering.

[11]  Ur Informationssysteme,et al.  COMPLEXITY RESULTS FOR STRUCTURE-BASED CAUSALITY , 2001 .

[12]  Dietmar Pfahl,et al.  Software Process Change, International Software Process Workshop and International Workshop on Software Process Simulation and Modeling, SPW/ProSim 2006, Shanghai, China, May 20-21, 2006, Proceedings , 2006, SPW/ProSim.

[13]  Ilan Beer,et al.  Explaining Counterexamples Using Causality , 2009, CAV.

[14]  Joost-Pieter Katoen,et al.  The Ins and Outs of the Probabilistic Model Checker MRMC , 2009, 2009 Sixth International Conference on the Quantitative Evaluation of Systems.

[15]  Mohamed Nassim Seghir,et al.  A Lightweight Approach for Loop Summarization , 2011, ATVA.

[16]  Daniele Varacca,et al.  Counterexamples in Probabilistic LTL Model Checking for Markov Chains , 2009, CONCUR.

[17]  Ned Hall,et al.  Causation and counterfactuals , 2004 .

[18]  Marco Bozzano,et al.  Symbolic Fault Tree Analysis for Reactive Systems , 2007, ATVA.

[19]  Gerhard Schellhorn,et al.  Formal Fault Tree Semantics , 2002 .

[20]  Joost-Pieter Katoen,et al.  Counterexample Generation in Probabilistic Model Checking , 2009, IEEE Transactions on Software Engineering.

[21]  Lars Grunske,et al.  Probabilistic Model-Checking Support for FMEA , 2007, Fourth International Conference on the Quantitative Evaluation of Systems (QEST 2007).

[22]  Husain Aljazzar,et al.  Debugging of Dependability Models Using Interactive Visualization of Counterexamples , 2008, 2008 Fifth International Conference on Quantitative Evaluation of Systems.

[23]  George S. Avrunin,et al.  Automatic Fault Tree Derivation from Little-JIL Process Definitions , 2006, SPW/ProSim.

[24]  Salvatore J. Bavuso,et al.  Dynamic fault-tree models for fault-tolerant computer systems , 1992 .

[25]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[26]  Thomas Peikenkamp,et al.  Model Based Importance Analysis for Minimal Cut Sets , 2008, ATVA.

[27]  Alberto L. Sangiovanni-Vincentelli,et al.  A formal approach to fault tree synthesis for the analysis of distributed fault tolerant systems , 2005, EMSOFT.

[28]  Kishor S. Trivedi,et al.  Stochastic Reward Nets for Reliability Prediction , 1996 .

[29]  Joseph Y. Halpern,et al.  Causes and Explanations: A Structural-Model Approach. Part I: Causes , 2000, The British Journal for the Philosophy of Science.

[30]  Joseph Y. Halpern,et al.  Causes and explanations: A structural-model approach , 2000 .

[31]  Husain Aljazzar,et al.  Safety Analysis of an Airbag System Using Probabilistic FMEA and Probabilistic Counterexamples , 2009, 2009 Sixth International Conference on the Quantitative Evaluation of Systems.

[32]  J. Davenport Editor , 1960 .

[33]  Nancy G. Leveson,et al.  Safety analysis tools for requirements specifications , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[34]  Florian Leitner-Fischer,et al.  QuantUM: Quantitative Safety Analysis of UML Models , 2011, QAPL.

[35]  Marco Bozzano,et al.  Improving System Reliability via Model Checking: The FSAP/NuSMV-SA Safety Analysis Platform , 2003, SAFECOMP.

[36]  Pedro R. D'Argenio,et al.  Significant Diagnostic Counterexamples in Probabilistic Model Checking , 2008, Haifa Verification Conference.

[37]  Nancy G. Leveson,et al.  Safety verification in MURPHY using fault tree analysis , 1988, Proceedings. [1989] 11th International Conference on Software Engineering.

[38]  A. Alexandrova The British Journal for the Philosophy of Science , 1965, Nature.

[39]  Robert K. Brayton,et al.  Verifying Continuous Time Markov Chains , 1996, CAV.

[40]  Alex Groce,et al.  SPECIAL S ECTION O N T OOLS A ND A LGORITHMS F OR THE C ONSTRUCTION A ND A NALYSIS O F S YSTEMS , 2005 .

[41]  Andreas Zeller,et al.  Why Programs Fail: A Guide to Systematic Debugging , 2005 .

[42]  Husain Aljazzar,et al.  Generation of Counterexamples for Model Checking of Markov Decision Processes , 2009, 2009 Sixth International Conference on the Quantitative Evaluation of Systems.