Counterfactual Causality from First Principles?

In this position paper we discuss three main shortcomings of existing approaches to counterfactual causality from the computer science perspective, and sketch lines of work to try and overcome these issues: (1) causality definitions should be driven by a set of precisely specified requirements rather than specific examples; (2) causality frameworks should support system dynamics; (3) causality analysis should have a well-understood behavior in presence of abstraction.Comment: In Proceedings CREST 2017, arXiv:1710.0277

Robustness in Interaction Systems

We treat the effect of absence/failure of ports or components on properties of component-based systems. We do so in the framework of interaction systems, a formalism for component-based systems that strictly separates the issues of local behavior and interaction, for which ideas to establish properties of systems where developed. We propose to adapt these ideas to analyze how the properties behave under absence or failure of certain components or merely some ports of components. We demonstrate our approach for the properties local and global deadlock-freedom as well as liveness and local progress

Formal Techniques for Component-based Design of Embedded Systems

Embedded systems have become ubiquitous - from avionics and automotive over consumer electronics to medical devices. Failures may entailmaterial damage or compromise safety of human beings. At the same time, shorter product cycles, together with fast growing complexity of the systems to be designed, create a tremendous need for rigorous design techniques. The goal of component-based construction is to build complex systems from simpler components that are well understood and can be (re)used so as to accelerate the design process. This document presents a summary of the formal techniques for component-based design of embedded systems I have (co-)developed

Reach Scheduling for Embedded Systems

Projet POP_ARTReachability of a state in an embedded system, and steering the system into that state, are a frequent requirement. The technique we propose ensures reachability by construction. It pre-computes a set of local schedulers which are chosen at run-time depending on the current system state and on a predicate characterizing the set of states to be reached. This quasi-static scheduling approach combines the efficiency of pre-computed schedulers with flexibility during execution, making it possible to change at run-time the predicate to be reached. Our method uses both local controller synthesis and sufficient conditions to compositionally ensure reachability properties, in order to ensure a small memory footprint and efficient execution. The constructed schedulers are composable with further constraints and scheduling policies, which enables an incremental construction. The underlying component model uses transition systems to express the component behaviors, and composition and restriction to express coordination and constraints between components, and allow for heterogeneous models. The results have been implemented and validated in several case studies

Priority Systems

Projet POP_ARTWe present a framework for the incremental construction of deadlock-free systems meeting given safety properties. The framework borrows concepts and basic results from the controller synthesis paradigm by considering a step in the construction process as a controller synthesis problem. We show that priorities are expressive enough to represent restrictions induced by deadlock-free controllers preserving safety properties. We define a correspondence between such restrictions and priorities and provide compositionality results about the preservation of this correspondence by operations on safety properties and priorities. Finally, we provide an example illustrating an application of the results

Blaming in component-based real-time systems

International audienceIn component-based safety-critical real-time systems it is crucial to determine which com-ponent(s) caused the violation of a required system-level safety property, be it to issue a precise alert, or to determine liability of component providers. In this paper we present an approach for blaming in real-time systems whose component specifications are given as timed automata. The analysis is based on a single execution trace violating a safety property P. We formalize blaming using counterfactual reasoning ("what would have been the outcome if component C had behaved correctly?") to distinguish component failures that actually con-tributed to the outcome from failures that had no impact on the violation of P. We then show how to effectively implement blaming by reducing it to a model-checking problem for timed automata, and demonstrate the feasibility of our approach on the models of a pacemaker and of a chemical reactor

Tedis ducalibus, illustrissimi, et celsissimi principis, ac domini, domini Friderici Casimiri, in Livonia Curlandiae, et Semgalliae ducis, principis, & domini sui clementissimi, cùm serenissima principe, et domina, domina Elisabetha Sophia, marchionissâ, et principissâ natâ Electorali-Brandenburgicâ, etc. etc. etc. in Livonia, Curlandiae, et Semgalliae ducissa, principe ac dominâ sua clementissimâ, feliciter iteratis devoto animi culto applaudit / subjectissimus Onuphrius Gössler

http://tartu.ester.ee/record=b1347500~S1*es

A general framework for blaming in component-based systems

International audienceIn component-based safety-critical embedded systems it is crucial to determine the cause(s) of the violation of a safety property, be it to issue a precise alert, to steer the system into a safe state, or to determine liability of component providers. In this paper we present an approach to blame components based on a single execution trace violating a safety property P. The diagnosis relies on counterfactual reasoning (" what would have been the outcome if component C had behaved correctly? ") to distinguish component failures that actually contributed to the outcome from failures that had little or no impact on the violation of P

Causality Analysis and Fault Ascription in Component-Based Systems

This article introduces a general framework for fault ascription, which consists in identifying, within a multi-component system, the components whose faulty behavior has caused the failure of said system. Our framework uses configuration structures as a general semantical model to handle truly concurrent executions, partial and distributed observations in a uniform way. We define a set of expected properties for counterfactual analysis, and present a refined analysis that conforms to our requirements. This contrasts with current practice of evaluating definitions of counterfactual causality a posteriori on a set of toy examples. As an early study of the behavior of our analysis under abstraction we establish its monotony under refinement.Cet article introduit un cadre général pour l’attribution de fautes qui consiste à identifier, dans un système à composants, les composants dont le comportement incorrect a causé le dysfonctionnement du système. Nous définissons un ensemble de propriétés attendues de l’analyse contrefactuelle, et nous présentons une analyse raffinée qui satisfait ces besoins. Ceci contraste avec la pratique courante d’évaluer les définitions de causalité contrefactuelle a posteriori sur un ensemble d’exemples jouets. Nous établissons la monotonie de notre analyse sous différentes notions de raffinement