Causality Analysis for Concurrent Reactive Systems (Extended Abstract)
Rayna Dimitrova (University of Leicester), Rupak Majumdar (MPI-SWS),, Vinayak S. Prabhu (Colorado State University)

TL;DR
This paper introduces a formal language-theoretic framework for causality analysis in concurrent reactive systems, enabling explanation of safety violations and comparison of causality notions for debugging and system design.
Contribution
It provides a unified formalization of causality notions, new definitions, and automata-based algorithms for causal analysis in concurrent reactive systems.
Findings
Unified causality framework for concurrent systems
Automata-based algorithms for causal set computation
Analysis of causality notions for debugging and liability
Abstract
We present a comprehensive language theoretic causality analysis framework for explaining safety property violations in the setting of concurrent reactive systems. Our framework allows us to uniformly express a number of causality notions studied in the areas of artificial intelligence and formal methods, as well as define new ones that are of potential interest in these areas. Furthermore, our formalization provides means for reasoning about the relationships between individual notions which have mostly been considered independently in prior work; and allows us to judge the appropriateness of the different definitions for various applications in system design. In particular, we consider causality analysis notions for debugging, error resilience, and liability resolution in concurrent reactive systems. Finally, we present automata-based algorithms for computing various causal sets based…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Causality Analysis for Concurrent Reactive Systems
(Extended Abstract)
Rayna Dimitrova University of Leicester
Leicester, UK [email protected] MPI-SWS
Keiserslautern and Saarbrücken, GermanyColorado State University
Fort Collins, Colorado, United States
Rupak Majumdar MPI-SWS
Keiserslautern and Saarbrücken, Germany [email protected] Colorado State University
Fort Collins, Colorado, United States
Vinayak S. Prabhu Colorado State University
Fort Collins, Colorado, United States [email protected]
Abstract
We present a comprehensive language theoretic causality analysis framework for explaining safety property violations in the setting of concurrent reactive systems. Our framework allows us to uniformly express a number of causality notions studied in the areas of artificial intelligence and formal methods, as well as define new ones that are of potential interest in these areas. Furthermore, our formalization provides means for reasoning about the relationships between individual notions which have mostly been considered independently in prior work; and allows us to judge the appropriateness of the different definitions for various applications in system design. In particular, we consider causality analysis notions for debugging, error resilience, and liability resolution in concurrent reactive systems. Finally, we present automata-based algorithms for computing various causal sets based on our language-theoretic encoding, and derive the algorithmic complexities.
Causality analysis, which investigates questions of the form “Does event cause event ?” plays an important role in many areas of science, medicine and law. In formal methods, causality analysis has been used to determine the coverage of specifications [5] (that is, which parts of the system under scrutiny are relevant for the satisfaction of a specification), to explain counterexamples [2] (identify points in a counterexample trace that are relevant for the failure of a temporal specification), to construct fault trees [10], and to automatically refine system abstractions [4]. In artificial intelligence, causality-based explanation finding has applications in natural language processing, automated medical diagnosis, vision processing, and planning. Resolving liabilities in a legal setting often relies on establishing the causal relations between potential causes and the occurred damage [3].
Causality definitions based on counterfactuals, which are alternative scenarios where the suspected cause of did not happen, date back to [9] and have been extensively studied in philosophy [11]. In computer science, the most prominent and widely used definition of causality is that of [8], in which the authors write “… while it is hard to argue that our definition (or any other definition, for that matter) is the right definition, we show that it deals with the difficulties that have plagued other approaches in the past …”. Halpern and Pearl’s approach is based on structural equations, which describe causal dependencies between Boolean variables. We extend the Boolean study of causality to the temporal setting; specifically, we formalize notions of causality in concurrent reactive systems whose behaviors evolve over time. A concurrent reactive system is a composition of interacting components; the system behavior is determined by the repeated interaction between the components over time. Moreover, we consider the setting where component implementations are not available for analysis and the designer has only access to specifications of their expected behavior. Thus, when analyzing an error trace (an execution of the system that violates a desired system-level property), the only available information about the system consists of the components’ specifications and the observed trace.
In our framework, a concurrent reactive system is a composition of components . Each component is specified as a tuple , where
- •
is the set of variables of the component, consisting of the input variables and the output variables (the sets of input and output variables being disjoint);
- •
is the alphabet, consisting of all possible valuations of the variables ;
- •
is a non-empty prefix-closed language over , specifying the set of correct behaviours of .
The composite system has an associated prefix-closed specification such that contains . Thus, the global requirement is more relaxed than the promised behaviors of the individual components. In other words, the system promises to implement or refine the global requirement .
Consider a trace of the system in which the system requirement is violated. Let be the components which violate their local specifications . The causality analysis problem is to determine which component set is liable for the global system requirement violation in . Our analysis reasons about two classes of scenarios to determine if is a cause:
- •
Fault Mitigation Capability analysis asks whether the correct behavior of the components in the set is enough to mitigate the faults of all components (including those of components not in ), by ensuring that the required system property holds.
- •
Fault Manifestation analysis asks whether the observed faulty behavior of the components in the set is enough to manifest a global fault (i.e., a system behavior violating the global property), even if the components not in were to behave correctly.
These two classifications parallel the classifications of [7, 6] of causes into necessary causes and sufficient causes. However, our analysis is not limited to specific definitions of counterfactual sets. In contrast, we provide a reasoning framework based on generic counterfactual sets, and introduce several natural instantiations. We demonstrate that the generality and modularity of our definition of causality allow us to seamlessly extend causality analysis to the case of heterogeneous fault models, where different components are examined under different fault scenarios. Finally, we present an automata-based method for determining various causal sets in the setting of heterogeneous component-fault models, and derive its algorithmic complexity.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1]
- 2[2] Ilan Beer, Shoham Ben-David, Hana Chockler, Avigail Orni & Richard J. Trefler (2012): Explaining counterexamples using causality . Formal Methods in System Design 40(1), pp. 20–40, 10.1007/s 10703-011-0132-2 . · doi ↗
- 3[3] Francesco D. Busnelli, Giovanni Comandé, Herman Cousy, Dan B. Dobbs, Bill W. Dufwa, Michael G. Faure, Israel Gilead, Michael D. Green, Konstantinos D. Kerameus, Bernhard A. Koch, Helmut Koziol, Ulrich Magnus, Miquel Martín-Casals, Olivier Moréteau, Johann Neethling, W. V. Horton Rogers, Jorge Ferreira Sinde Monteiro, Jaap Spier, Lubos Tichy & Pierre Widmer (2005): Causation , pp. 43–63. Springer Vienna, Vienna, 10.1007/3-211-27751-X 4 . · doi ↗
- 4[4] Hana Chockler, Orna Grumberg & Avi Yadgar (2008): Efficient Automatic STE Refinement Using Responsibility . In C. R. Ramakrishnan & Jakob Rehof, editors: Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings , Lecture Notes in Computer Science 4963, Springer, pp. 233–248, 10.10 · doi ↗
- 5[5] Hana Chockler, Joseph Y. Halpern & Orna Kupferman (2008): What causes a system to satisfy a specification? ACM Trans. Comput. Log. 9(3), pp. 20:1–20:26, 10.1145/1352582.1352588 . · doi ↗
- 6[6] Gregor Gößler & Daniel Le Métayer (2013): A General Trace-Based Framework of Logical Causality . In José Luiz Fiadeiro, Zhiming Liu & Jinyun Xue, editors: Formal Aspects of Component Software - 10th International Symposium, FACS 2013, Nanchang, China, October 27-29, 2013, Revised Selected Papers , Lecture Notes in Computer Science 8348, Springer, pp. 157–173, 10.1007/978-3-319-07602-711 . · doi ↗
- 7[7] Gregor Gößler, Daniel Le Métayer & Jean-Baptiste Raclet (2010): Causality Analysis in Contract Violation . In Howard Barringer, Yliès Falcone, Bernd Finkbeiner, Klaus Havelund, Insup Lee, Gordon J. Pace, Grigore Rosu, Oleg Sokolsky & Nikolai Tillmann, editors: Runtime Verification - First International Conference, RV 2010, St. Julians, Malta, November 1-4, 2010. Proceedings , Lecture Notes in Computer Science 6418, Springer, pp. 270–284, 10.1007/978-3-642-16612-921 . · doi ↗
- 8[8] J.Y. Halpern & J. Pearl (2005): Causes and explanations: A structural-model approach. Part I: Causes . The British journal for the philosophy of science 56(4), pp. 843–887, 10.1093/bjps/axi 147 . · doi ↗
