A Hybrid Approach to Causality Analysis

  • Shaohui WangEmail author
  • Yoann Geoffroy
  • Gregor Gössler
  • Oleg Sokolsky
  • Insup Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9333)


In component-based safety-critical systems, when a system safety property is violated, it is necessary to analyze which components are the cause. Given a system execution trace that exhibits component faults leading to a property violation, our causality analysis formalizes a notion of counterfactual reasoning (“what would the system behavior be if a component had been correct?”) and algorithmically derives such alternative system behaviors, without re-executing the system itself. In this paper, we show that we can improve precision of the analysis if (1) we can emulate execution of components instead of relying on their contracts, and (2) take into consideration input/output dependencies between components to avoid blaming components for faults induced by other components. We demonstrate the utility of the extended analysis with a case study for a closed-loop patient-controlled analgesia system.


Patient Control Analgesia Causality Analysis Separable Component System Execution System Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Arney, D., Pajic, M., Goldman, J.M., Lee, I., Mangharam, R., Sokolsky, O.: Toward patient safety in closed-loop medical device systems. In: ICCPS 2010, pp. 139–148. ACM, New York, NY, USA (2010)Google Scholar
  2. 2.
    ASTM International. F2761–2009. Medical Devices and Medical Systems – Essential Safety Requirements for Equipment Comprising the Patient-Centric Integrated Clinical Environment (ICE), Part 1, 2009Google Scholar
  3. 3.
    Beer, I., Ben-David, S., Chockler, H., Orni, A., Trefler, R.: Explaining counterexamples using causality. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 94–108. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  4. 4.
    Chaki, S., Groce, A., Strichman, O.: Explaining abstract counterexamples. SIGSOFT Softw. Eng. Notes 29(6), 73–82 (2004)CrossRefGoogle Scholar
  5. 5.
    de Kleer, J., Williams, B.C.: Diagnosing multiple faults. Artif. Intell. 32(1), 97–130 (1987)CrossRefzbMATHGoogle Scholar
  6. 6.
    de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  7. 7.
    Gössler, G., Aştefănoaei, L.: Blaming in component-based real-time systems. In: Proceedings of the 14th International Conference on Embedded Software (2014)Google Scholar
  8. 8.
    Gössler, G., Le Métayer, D.: A general trace-based framework of logical causality. In: Fiadeiro, J.L., Liu, Z., Xue, J. (eds.) FACS 2013. LNCS, vol. 8348, pp. 157–173. Springer, Heidelberg (2014) Google Scholar
  9. 9.
    Gössler, G., Le Métayer, D., Raclet, J.-B.: Causality analysis in contract violation. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Roşu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol. 6418, pp. 270–284. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  10. 10.
    Halpern, Y.P., Pearl, J.: Causes and explanations: a structural-model approach. Part I: causes. Br. J. Philos. Sci. 56(4), 743–887 (2005)zbMATHGoogle Scholar
  11. 11.
    Jose, M., Majumdar, R.: Cause clue clauses: error localization using maximum satisfiability. SIGPLAN Not. 46(6), 437–446 (2011)CrossRefGoogle Scholar
  12. 12.
    King, A., Procter, S., Andresen, D., Hatcliff, J., Warren, S., Spees, W., Jetley, R.P., Jones, P.L., Weininger, S.: An open test bed for medical device integration and coordination. In: ICSE Companion, pp. 141–151. IEEE (2009)Google Scholar
  13. 13.
    Kuntz, M., Leitner-Fischer, F., Leue, S.: From probabilistic counterexamples via causality to fault trees. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 71–84. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  14. 14.
    Leitner-Fischer, F., Leue, S.: On the synergy of probabilistic causality computation and causality checking. In: Bartocci, E., Ramakrishnan, C.R. (eds.) SPIN 2013. LNCS, vol. 7976, pp. 246–263. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  15. 15.
    Lewis, D.: Counterfactuals, 2nd edn. Wiley-Blackwell, New York (2001) zbMATHGoogle Scholar
  16. 16.
    Reiter, R.: A theory of diagnosis from first principles. Artif. Intell. 32(1), 57–95 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Renieris, M., Reiss, S.P.: Fault localization with nearest neighbor queries. In: ASE 2003, pp. 30–39 (2003)Google Scholar
  18. 18.
    Wang, S., Ayoub, A., Ivanov, R., Sokolsky, O., Lee, I.: Contract-based blame assignment by trace analysis. In: HiCoNS 2013, pp. 117–125 (2013)Google Scholar
  19. 19.
    Wang, S., Ayoub, A., Kim, B.G., Gössler, G., Sokolsky, O., Lee, I.: A causality analysis framework for component-based real-time systems. In: Legay, A., Bensalem, S. (eds.) RV 2013. LNCS, vol. 8174, pp. 285–303. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  20. 20.
    Zeller, A.: Isolating cause-effect chains from computer programs. In: ACM International Symposium on Foundations of Software Engineering, pp. 1–10 (2002)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Shaohui Wang
    • 1
    Email author
  • Yoann Geoffroy
    • 2
  • Gregor Gössler
    • 2
  • Oleg Sokolsky
    • 1
  • Insup Lee
    • 1
  1. 1.Department of Computer and Information ScienceUniversity of PennsylvaniaPhiladelphiaUSA
  2. 2.INRIA Grenoble – Rhône-Alpes and Univ. Grenoble AlpesGrenobleFrance

Personalised recommendations