From Probabilistic Counterexamples via Causality to Fault Trees

  • Matthias Kuntz
  • Florian Leitner-Fischer
  • Stefan Leue
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6894)


In recent years, several approaches to generate probabilistic counterexamples have been proposed. The interpretation of stochastic counterexamples, however, continues to be problematic since they have to be represented as sets of paths, and the number of paths in this set may be very large. Fault trees (FTs) are a well-established industrial technique to represent causalities for possible system hazards resulting from system or system component failures. In this paper we suggest a method to automatically derive FTs from counterexamples, including a mapping of the probability information onto the FT. We extend the structural equation approach by Pearl and Halpern, which is based on Lewis counterfactuals, so that it serves as a justification for the causality that our proposed FT derivation rules imply. We demonstrate the usefulness of our approach by applying it to an industrial case study.


Model Check Actual World Causal Process Basic Event Fault Tree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aljazzar, H., Fischer, M., Grunske, L., Kuntz, M., Leitner-Fischer, F., Leue, S.: Safety Analysis of an Airbag System Using Probabilistic FMEA and Probabilistic Counterexamples. In: Proc. of QEST 2009. IEEE Computer Society, Los Alamitos (2009)Google Scholar
  2. 2.
    Aljazzar, H., Leue, S.: Debugging of Dependability Models Using Interactive Visualization of Counterexamples. In: Proc. of QEST 2008. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  3. 3.
    Aljazzar, H., Leue, S.: Directed explicit state-space search in the generation of counterexamples for stochastic model checking. IEEE Trans. Soft. Eng. (2009)Google Scholar
  4. 4.
    Baier, C., Haverkort, B., Hermanns, H., Katoen, J.-P.: Model-checking algorithms for continuous-time Markov chains. IEEE Trans. Soft. Eng. (2003)Google Scholar
  5. 5.
    Beer, I., Ben-David, S., Chockler, H., Orni, A., Trefler, R.: Explaining counterexamples using causality. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 94–108. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  6. 6.
    Böde, E., Peikenkamp, T., Rakow, J., Wischmeyer, S.: Model Based Importance Analysis for Minimal Cut Sets. In: Cha, S(S.), Choi, J.-Y., Kim, M., Lee, I., Viswanathan, M. (eds.) ATVA 2008. LNCS, vol. 5311, pp. 303–317. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Bozzano, M., Cimatti, A., Tapparo, F.: Symbolic Fault Tree Analysis for Reactive Systems. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 162–176. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Chen, B., Avrunin, G., Clarke, L., Osterweil, L.: Automatic Fault Tree Derivation From Little-Jil Process Definitions. In: Wang, Q., Pfahl, D., Raffo, D.M., Wernick, P. (eds.) SPW 2006 and ProSim 2006. LNCS, vol. 3966, pp. 150–158. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Collins, J. (ed.): Causation and Counterfactuals. MIT Press, Cambridge (2004)Google Scholar
  10. 10.
    Dugan, J., Bavuso, S., Boyd, M.: Dynamic Fault Tree Models for Fault Tolerant Computer Systems. IEEE Trans. Reliability (1992)Google Scholar
  11. 11.
    Eiter, T., Lukasiewicz, T.: Complexity results for structure-based causality. Artificial Intelligence (2002)Google Scholar
  12. 12.
    Halpern, J., Pearl, J.: Causes and explanations: A structural-model approach. Part I: Causes. The British Journal for the Philosophy of Science (2005)Google Scholar
  13. 13.
    Han, T., Katoen, J.-P., Damman, B.: Counterexample generation in probabilistic model checking. IEEE Trans. Softw. Eng. (2009)Google Scholar
  14. 14.
    Hinton, A., Kwiatkowska, M., Norman, G., Parker, D.: PRISM: A Tool for Automatic Verification of Probabilistic Systems. In: Hermanns, H. (ed.) TACAS 2006. LNCS, vol. 3920, pp. 441–444. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Kuntz, M., Leitner-Fischer, F., Leue, S.: From probabilistic counterexamples via causality to fault trees. Technical Report soft-11-02, Chair for Software Engineering, University of Konstanz (2011),
  16. 16.
    Leitner-Fischer, F., Leue, S.: QuantUM: Quantitative safety analysis of UML models. In: Proc. of QAPL 2011 (2011)Google Scholar
  17. 17.
    Lewis, D.: Counterfactuals. Wiley-Blackwell, Chichester (2001)zbMATHGoogle Scholar
  18. 18.
    McKelvin Jr, M., Eirea, G., Pinello, C., Kanajan, S., Sangiovanni-Vincentelli, A.: A Formal Approach to Fault Tree Synthesis for the Analysis of Distributed Fault Tolerant Systems. In: Proc. of EMSOFT 2005. ACM, New York (2005)Google Scholar
  19. 19.
    Pai, G., Dugan, J.: Automatic synthesis of dynamic fault trees from UML system models. In: Proc. of ISSRE 2002. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  20. 20.
    Schellhorn, G., Thums, A., Reif, W.: Formal fault tree semantics. In: Proc. IDPT 2002. Society for Design and Process Science (2002)Google Scholar
  21. 21.
    U.S. Nuclear Regulatory Commission. Fault Tree Handbook, NUREG-0492 (1981)Google Scholar
  22. 22.
    Zeller, A.: Why Programs Fail: A Guide to Systematic Debugging. Elsevier, Amsterdam (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Matthias Kuntz
    • 1
  • Florian Leitner-Fischer
    • 2
  • Stefan Leue
    • 2
  1. 1.TRW Automotive GmbHGermany
  2. 2.University of KonstanzGermany

Personalised recommendations