EP3175363A1 - Verfahren zur automatischen bestimmung der ursachen der fehlfunktion eines systems aus einer vielzahl von hardware- oder software-komponenten - Google Patents
Verfahren zur automatischen bestimmung der ursachen der fehlfunktion eines systems aus einer vielzahl von hardware- oder software-komponentenInfo
- Publication number
- EP3175363A1 EP3175363A1 EP15753735.8A EP15753735A EP3175363A1 EP 3175363 A1 EP3175363 A1 EP 3175363A1 EP 15753735 A EP15753735 A EP 15753735A EP 3175363 A1 EP3175363 A1 EP 3175363A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- components
- subset
- model
- component
- execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000007257 malfunction Effects 0.000 title claims abstract description 55
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000006399 behavior Effects 0.000 claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 7
- 230000007704 transition Effects 0.000 claims description 44
- 230000004064 dysfunction Effects 0.000 claims description 15
- 230000003542 behavioural effect Effects 0.000 claims description 5
- 230000000295 complement effect Effects 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 abstract description 5
- 241000196324 Embryophyta Species 0.000 description 12
- 238000004458 analytical method Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000007423 decrease Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 208000022936 Chronic acquired demyelinating polyneuropathy Diseases 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 230000001364 causal effect Effects 0.000 description 2
- 238000012512 characterization method Methods 0.000 description 2
- 150000001875 compounds Chemical class 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000009897 systematic effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000001816 cooling Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010438 heat treatment Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/0736—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/079—Root cause analysis, i.e. error or fault diagnosis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
Definitions
- the present invention relates to a method for automatically determining causes of malfunction of a system composed of a plurality of hardware or software components and an associated device.
- the invention lies in the field of malfunction analysis of systems comprising several software or hardware components, or combining software components and hardware, which interact.
- interconnected hardware and / or software components distributed over several subsystems, and possibly embedded.
- treatment systems are composed of interconnected devices, for example pacemakers or infusors connected to surveillance systems.
- control and monitoring systems use interconnected components, such as speed controllers.
- This method requires the computation of cones of influence between observed events, and uses an execution graph for the implementation. It is complex from a computational point of view and implies an over-estimation of the influence of the failures of some components on the entire system. Moreover, this method is not adapted to the case of the analysis of the causes of malfunction of a real-time system.
- the invention proposes, according to a first aspect, a method of automatically determining the necessary or sufficient causality of malfunction of a system composed of a plurality of hardware or software components, each component having a specification of associated smooth operation, said malfunction being observed in the form of violation of a global property of the system during execution of said system.
- obtaining a subset of tested components comprising at least one component whose execution trace has at least one nonconformity with the specification of the proper functioning of said component, and a subset of components processed according to said subset of components tested;
- each prefix comprising events compliant with the functional specification of the associated component
- the method of the invention makes it possible to determine one or more components whose malfunction is necessary or sufficient to cause a malfunction of the system in a system of components for which a specification of good operation is known, thanks to the generation of a Counterfactual model, calculated from observed execution traces and able to generate traces of execution in accordance with the specifications of good operation of the components.
- the method according to the invention may have one or more of the features below.
- the step of computing, for each of the system components, an execution trace prefix not affected by non-specification-compliant events observed for components of the processed component subset includes:
- the calculation of an extension model, for a given component, for generating an execution trace prefix comprises, for a said execution trace prefix comprising a number k of elements, the generation of a model generator for generating the first k-1 elements of said execution trace prefix and the combination of said generator model with a model according to the specification of good operation of said component.
- the calculation step further comprises a step of composing the calculated extension models.
- the calculation of a non-conforming event trace prefix not affected by the specification, observed for components of the processed subset of components, uses a result of the composition of the calculated extension models.
- each component is modeled as a finite state machine model, the states of the model being linked by transitions, said transitions being defined from said performance specification.
- extension models and the counterfactual model are modeled as finite state machines.
- said processed subset of components is equal to the tested subset of components and at the causality determination step, the tested subset of components is determined as the cause. necessary to malfunction of the system if and only if the counterfactual model determined respects said overall property of the system.
- said treated subset of components is equal to the subset of components complementary to said tested subset of components, and to the causality determination step, the subset of components set of components tested is determined as the cause sufficient dysfunction of the system if and only if the determined counterfactual model inevitably violates said overall property of the system.
- the method according to the invention applies in particular when the system comprises hardware components and / or software components.
- the invention relates to a device for automatically determining necessary or sufficient causality of malfunction of a system composed of a plurality of hardware or software components, each component having an associated performance specification, said dysfunction being observed. in the form of the violation of a global property of the system during an execution of said system, comprising a processor or a programmable circuit.
- the device comprises units adapted to:
- obtaining a subset of tested components comprising at least one component whose execution trace has at least one nonconformity with the specification of good operation of said component, and a subset of components processed according to said subset tested components;
- each prefix comprising events compliant with the specification of the functioning of the associated component
- the invention relates to a computer program comprising instructions for implementing the steps of a method for automatically determining the necessary or sufficient causality of malfunction of a system composed of a plurality of hardware components or software such as briefly presented above when executing the program by a processor or a programmable circuit of a programmable device.
- the invention relates to an information recording medium, characterized in that it comprises instructions for executing a method for automatically determining the necessary or sufficient causality of malfunction of a compound system. of a plurality of hardware or software components as presented above, when these instructions are executed by a programmable device.
- FIG. 1 is an example of a system implementing the invention
- FIG. 2 is a flowchart of a necessary and / or sufficient method of determining causality of malfunction according to one embodiment of the invention
- FIGS. 3, 4 and 5 schematically illustrate models of representation of components according to an example of implementation
- FIG. 6 represents an exemplary execution trace of a system comprising components modeled according to the models of FIGS. 3 to 5;
- FIG. 7 is a flowchart of a necessary causality determination method according to an embodiment of the invention.
- FIG. 8 represents a set of truncated execution traces
- FIG. 9 represents a plurality of extension models calculated from the truncated execution traces of FIG. 8;
- FIG. 10 represents a set of unassigned execution prefixes calculated by applying the extension models of FIG. 8;
- FIG. 11 schematically illustrates a calculated counterfactual model
- FIG. 12 is a flowchart of a sufficient causality determination method according to one embodiment of the invention.
- the invention is not limited to this example of application and can be applied to any type of system based on components able to communicate with each other according to a given communication model.
- the invention finds applications in particular in medical device systems integrating software components, in embedded systems in vehicles or trains, in aeronautics and aerospace, in power plants, in distribution networks. energy and in web services.
- the invention can be applied during or after the execution of a system. It can also be applied when validating a system; in this case it identifies the components that caused the malfunctions observed during tests.
- the invention can be applied while running a system when a malfunction is observed, thereby allowing identification of the component (s) causing the malfunction.
- FIG. 1 illustrates a system 1 embodying the invention, comprising a three-component communication system 2, 4, 6, 8, which are able to communicate with one another by means of communication messages, represented by arrows in the figure.
- the number of components is limited to three in Figure 1 for ease of explanation, but in practice, the invention makes it possible to process any number of components.
- the components 4, 6 and 8 shown in Figure 1 are all connected to each other by transmitting / receiving connections, such an architecture is not necessary, the components can be only partially connected to each other.
- an event sequence is stored in an execution log stored in a respective file 10, 12, 14.
- each component has an associated execution log, stored separately. .
- only one execution log is stored for all or a subset of system components 2.
- the components are considered as "black boxes", of which only the inputs and outputs are known, as well as a specification of good operation, and it is this information that is useful for the determination of causality of malfunction.
- the events and data stored in the execution logs relate for example to the communications, that is to say the messages sent and received, on function calls, on the writing and reading of shared variables, and / or on a summary of internal calculation steps such as the functions executed with parameter values and return values.
- the stored execution logs, including the observed event sequences for each component, are then used in a device 16 for automatically determining causes of malfunction.
- the device 16 implements a necessary and / or sufficient causality determination method according to the invention, and indicates at the output 18 one or more failed components among all the components of the system.
- the device 16 is a programmable device and comprises in particular a processor or a programmable circuit capable of implementing modules for automatically determining causes of necessary and / or sufficient malfunction of the analyzed system.
- FIG. 2 illustrates an embodiment of a method for determining the necessary and / or sufficient causality of dysfunction of a system according to the invention, in the case where a malfunction is observed, during the execution of the system or after system execution.
- the method is implemented by a programmable device such as a computer, comprising in particular a programmable circuit or a processor capable of executing control program instructions when the device is powered up and information storage means capable of storing executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
- a programmable device such as a computer, comprising in particular a programmable circuit or a processor capable of executing control program instructions when the device is powered up and information storage means capable of storing executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
- the method for determining causes of malfunction according to the invention uses a mathematical formalization of the behavior of a system, thus allowing application to any type of system with hardware or software components.
- the invention applies to any model of system behavior, but will be described hereinafter in one embodiment, in which the behavior of such a system and its components is modeled by a system of labeled transitions (labeled transition). system, LTS).
- LTS labeled transition
- An LTS B (Q, ⁇ , - » q 0 ) consists of a set of states Q, an event alphabet ⁇ , a transition relation denoted by -», where -> ç gx ⁇ xg and 0 a state initial.
- q ⁇ q ' for the triplet (q, a, q') e-> which represents a transition labeled by the event a between a first state q and a second state q '.
- the model of good operation of the system S is obtained by a composition of the models of the components of the system.
- the composition of models is noted II.
- the alphabet of the composition of the C models is the union of the alphabets of the models; C can make a transition labeled a if and only if all the models that have in their alphabet are ready to make a transition in their current state.
- P be a global property of good functioning of the system S, the violation of which constitutes a dysfunction, such that if all the components of S satisfy their specification, then P is respected.
- a system comprising three components: a plant plant using a reactor whose temperature must be maintained at a certain level; a supervisor supervisory component that measures the temperature and activates either heating or cooling; an Env component that models the evolution of the temperature according to the actions of the supervision component.
- the system S is thus formed of three components which are respectively the Supervisor supervisory component, the Plant reactor plant and the Env environment component.
- Figures 3, 4 and 5 schematically illustrate, for the example discussed, the performance specifications of the Supervisor, Plant components and a Env environment model including a state indicating a violation of property of operation, noted _L.
- the Supervisor component interacts with the Env component to collect the current reactor temperature in the Q state. If the temperature is between preset thresholds T m in, T ma x, denoted med for medium temperature, the Supervisor component performs a med transition to a Ql state, waits for a delay time (transition t), and returns to the state Q; no action with the Plant component is required.
- the Supervisor component performs a low transition to the Q S 3 state , followed by a beat transition to the Q 2 state.
- the Supervisor component makes a high transition to the Q S A state , followed by a cool transition to the Q 2 state.
- the transition f carries out the delay and the return to the received temperature reception state Q.
- the Plant component is, in a first state Q p l , in a mode where the temperature of the reactor increases.
- the Plant component makes a transition f to the state Q P 2 from which a transition inc, representing an increase in temperature, makes it possible to go back to the first state Q p l .
- the Plant component transitions to the Q p state.
- a transition f leads to the state Q p , from where a transition dec makes it possible to return to the state Q p ; this models a decrease in the temperature of the reactor at each unit of time.
- the state Q p l can be reached by a beat command received from the Supervisor component.
- the component Env has six associated operating states, denoted Q E 1 , Q 2 ,
- the states Q E 1 and Q E A are associated with a temperature sensed Temp provided by sensors. If the temperature Temp is in the operating range [T m in, Tmax], the state Q is maintained by a sequence of med transitions (transmission of the temperature sensed to the Supervisor) followed by f.
- the component goes to the state Q E 2 by a transition T.
- the component remains in the states Q E 2 and Q E 5 (transitions low; t).
- the component passes from the state Q E I to the state Q by a transition inc. As long as the sensed temperature is greater than T ma x, the component remains in states Q and Q E 6 (high transitions; t).
- an execution of the system providing an execution log comprising a set of traces tn for each of the system components is applied.
- each component has an associated execution log, also called component trace and noted tn.
- the execution log includes a sequence of events observed, each event corresponding to a transition between states of the component as defined above.
- a first portion of the component trace is called a prefix of said trace.
- a prefix of an execution trace is a truncation of the trace.
- tr ⁇ ⁇ ⁇ a 2 - ... a k is a sequence of events. It is accepted by B if there exists a sequence of transitions passing B from an initial state q to a state q 'such that: ⁇ , ⁇ ... ⁇ q k _ y -, the states q l , .. ., _ q k l e Q.
- the execution logs or traces tn are stored during a system execution and are read into a memory of the programmable device implementing the invention.
- the execution logs or tn traces are used while the system is running.
- the causality analysis is performed while running, the event sequences that occurred up to the time of analysis are used.
- step 22 includes extracting the component-by-component tn logs from one or more such files storing event sequences for multiple components.
- the method of the invention is used when an execution of the system is incorrect, or, in other words, when for the execution of the system there is a malfunction, which is a nonconformity at one or more overall properties of the P system.
- FIG. 3 An exemplary exemplary system execution log S, the component models of which are illustrated in FIGS. 3, 4 and 5, is illustrated in FIG.
- a table T illustrates respective execution traces of the Supervisor, Plant, Env components, denoted tr_S, tr_P, and tr_E.
- the trace trace tr_S Supervisor component includes an event that does not conform to the model shown in Figure 3: it is the event f surrounded in Table T.
- the execution trace tr_P of the Plant component comprises an event that does not conform to the model illustrated in FIG. 4: it is the event f surrounded in the table T.
- the system S has a malfunction and a violation of the specification, since for the Env component, the high transition is followed by inc, which is contrary to the overall property of good operation (see Figure 5).
- the step 22 for obtaining execution traces is followed by a step 24 of detecting a malfunction, that is to say of non-conformity with a global property P of the system. which applies regardless of the modeling of the behavior of the system.
- step 26 In case of detection of malfunction in step 24, this step is followed by a step 26 of selecting a subset / components, each having an execution trace including an event not conforming to the model.
- the subset / ⁇ ' 1 .., ⁇ ⁇ ⁇ has R indices, R> 1, and R ⁇ N, where N is the total number of components of the system S observed.
- the subset / of components is the subset whose necessary and / or sufficient causality with respect to the observed dysfunction is tested, and is called subset of tested components.
- the method analyzes the joint causality of the subset / tested components. It should be noted that the method of the invention is theoretically applicable with a subset / of components having no nonconformity in the execution trace, but such a case is of no interest in practice. Indeed, the method aims to determine which of the components of the studied system is the cause of the observed dysfunction.
- the invention makes it possible to determine, by testing several subsets of components /, accurately, the components whose malfunction is necessary and / or sufficient to find the overall malfunction of the system with respect to the property P.
- Fig. 7 illustrates an embodiment of the necessary causality determination step of the subset / components.
- the method illustrated schematically in FIG. 7 is implemented by a programmable device such as a computer, notably comprising a programmable circuit or a processor able to execute control program instructions when the device is powered up and storage means information, able to store executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
- a programmable device such as a computer, notably comprising a programmable circuit or a processor able to execute control program instructions when the device is powered up and storage means information, able to store executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
- a truncated execution log is obtained.
- steps 32 to 40 apply to this subset of components, as explained below.
- the execution trace tr. is truncated to retain only the prefix tr. conform to the Qk component model.
- the prefix comprises the sequence of events tr t above the non-conforming to the detected event model, also called error relative to the performance of the component concerned.
- Figure 8 illustrates the truncated execution log, shown in a table T, for the developed example and for the subset / including the Supervisor component.
- the tr'_S prefix comprises only the first three elements of the tr_S execution trace for the Supervisor component, and the tr'_P and tr'_E traces / prefixes are unchanged for both. other components.
- an extension model is determined, making it possible to generate all the execution traces comprising the prefix tr) and conform to the model of the component Ci.
- T (tr) an LTS model making it possible to generate exactly the trace tr, called the generator model of tr.
- the generator model T (tr) is defined as follows:
- T (tr) ( ⁇ q 0 , ..., q k ⁇ , ⁇ a,, ..., a k q 0 )
- T (tr ') (Q', ⁇ ', ⁇ ', q 0 ).
- the trace extension model tr is obtained by composition of the generator model T (tr p ) of the prefix tr p of the trace tr, corresponding to the trace tr without its last event a k and of the set of conformal transitions to model B making it possible to pass from the state q k _ x of the generating model T (tr p ) to a state q of model B.
- B the behavioral model of the component of index i
- S its model of good functioning (thus, the behaviors of S, are included in those represented by B,).
- the extension model M (tr p ) of tr is calculated as Refine_Si (tr p ) when tr p is according to S,; M (tr p ) is calculated as Refine_Bi (tr p ) when tr p is not consistent and a behavioral model B is available; M (tr p ) is calculated as T (tr p ) when tr is not compliant and no behavioral model of component i is known.
- the obtaining of the trace extension model applies regardless of the modeling of the behavior of the system.
- an extension model. (.) is obtained for each prefix of the truncated execution log.
- Figure 9 illustrates the extension templates Ms, MP, ME obtained from the prefixes of the truncated execution log illustrated in Figure 8.
- the extension models are in fact the generator models of the respective tr'_P and tr'_E traces.
- the extension model is a combination of the tr'_S trace generator model, deprived of the last transition ⁇ high ⁇ (we note tr'_S ⁇ ⁇ high ⁇ ), and the high transition to the corresponding model Cs shown in FIG.
- the step 34 of generating extension models is followed by a step 36 of constructing a set of prefixes not affected by the error or the errors of the components of the subset /, denoted ⁇ tr * i ⁇ .
- this set is performed by truncation of all prefixes ⁇ tr. in step 32 as a function of the combination of extension models calculated in step 34.
- extension models M ⁇ tr The combination of extension models M ⁇ tr) computed in step 34 provides a model:
- step 34 Two embodiments are envisaged for step 34.
- the combination with B is optional.
- the components are considered in a predetermined order, for example the increasing order of the indices; after obtaining each unassigned prefix its extension model is updated in the composition before calculating the unassigned prefix of the next trace.
- FIG. 10 illustrates the set T * of unassigned prefixes ⁇ tri ⁇ obtained in the exemplary embodiment, obtained by using the extension models of FIG. 9 according to the first embodiment of step 36 described above. above.
- the set T * obtained is the set of prefixes of maximum length that could have been observed in the absence of the execution errors of the system S.
- step 36 of constructing the set of unassigned prefixes is followed by a step 38 of constructing an MC (I) model, called a counterfactual model constructed with respect to the subset of components.
- the MC (I) model is obtained by composing the extension models of each of the unaffected prefixes (tri), which depend on the respective LTS models of each of the components.
- B * tr * denotes the corresponding extension model, obtained as explained above in step 34.
- Counterfactual model MC (I) is the composition of extension models
- the counterfactual model MC (I) is the composition of the extension models B ⁇ tr * ) without model B of the overall behavior of the system.
- the counterfactual model MC (I) is a model of the fictitious execution traces, which could have been observed in the absence of errors of the components of the subset / considered.
- the counterfactual model of the treated subassembly makes it possible to generate all the possible behaviors starting with the unassigned prefixes, in the absence of malfunctions of the components of the subset of components processed.
- a property P is also represented by an LTS model:
- the transitions of the observation model include the transitions defined for the model of the property P and the transitions which, accepting an event that does not conform to the property tested, lead to an error state. .
- the tested model MC (I) satisfies the property P if and only if there is no state egx jl ⁇ such that (q 0 , q °) -> * q where -> * is the transitive closure of -> .
- the counterfactual model MC (/) satisfies the property P if no sequence of events generated by the model results in the error state _L.
- step 42 Based on the result of the property satisfaction check step P by the counterfactual model MC (/), a decision on the necessary causality of the subset / component error is returned to step 42, which that is the modeling of the system.
- Figure 11 illustrates the counterfactual model obtained for the example developed, considering the Supervisor component as a subset of tested components.
- the counterfactual model is obtained by composing the extension models.
- the counterfactual model obtained satisfies the property P, which makes it possible to deduce that the error found in the execution trace of the Supervisor component is a necessary cause of the malfunction of the system.
- Fig. 12 illustrates an embodiment of the sufficient causality determination step of the subset / components.
- the method illustrated schematically in FIG. 12 is implemented by a programmable device such as a computer, notably comprising a programmable circuit or a processor capable of executing control program instructions when the device is powered up and storage means being used. information, able to store executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
- a subset I e comprising the indices of the components of the system S and which are not part of the subset / is determined.
- steps 52, 54, 56, 58 are analogous to steps 32, 34, 36, 38 previously described, considering the subset I e as a subset of components processed in place of the subset /.
- the verification step 60 consists of checking whether the counterfactual model MC (/ C ) systematically violates the property P, therefore if all the traces obtained according to this model comprise a chain of events that does not conform to P.
- step 62 If the counterfactual model MC (/ C ) inevitably violates the property P, it is determined in step 62 that the subset of components / is a sufficient cause of system malfunction.
- step 62 If at least some of the traces that can be obtained by applying the counterfactual model MC (/ C ) satisfy P, then it is determined in step 62 that the subset of components / is not a sufficient cause of malfunction. of the system.
- the behavior of the system and its components is modeled by timed automata.
- the invention applies more generally to any modeling of a system and its components that makes it possible to construct tools for:
- the invention nonetheless applies to complex systems with multiple components, and makes it possible to automatically and systematically determine the causes of dysfunction that are necessary and / or sufficient in these complex systems.
- the method can be used in a systematic search for causality, in which all the events or sequences of events that may cause a malfunction among the events observed are analyzed.
- the method described is implemented for each subset / considered as likely to be a necessary and / or sufficient cause of dysfunction, or for a part of these subsets, and makes it possible to determine in particular the sub-assembly. minimal set of components whose observed behavior is a necessary and / or sufficient cause for the observed dysfunction.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Debugging And Monitoring (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1457464A FR3024567B1 (fr) | 2014-07-31 | 2014-07-31 | Procede de determination automatique de causes de dysfonctionnement d'un systeme compose d'une pluralite de composants materiels ou logiciels |
PCT/FR2015/052124 WO2016016587A1 (fr) | 2014-07-31 | 2015-07-31 | Procédé de détermination automatique de causes de dysfonctionnement d'un système composé d'une pluralité de composants matériels ou logiciels |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3175363A1 true EP3175363A1 (de) | 2017-06-07 |
Family
ID=52450248
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP15753735.8A Withdrawn EP3175363A1 (de) | 2014-07-31 | 2015-07-31 | Verfahren zur automatischen bestimmung der ursachen der fehlfunktion eines systems aus einer vielzahl von hardware- oder software-komponenten |
Country Status (4)
Country | Link |
---|---|
US (1) | US10437656B2 (de) |
EP (1) | EP3175363A1 (de) |
FR (1) | FR3024567B1 (de) |
WO (1) | WO2016016587A1 (de) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10474523B1 (en) * | 2017-10-27 | 2019-11-12 | EMC IP Holding Company LLC | Automated agent for the causal mapping of complex environments |
US11032152B2 (en) | 2018-04-25 | 2021-06-08 | Dell Products L.P. | Machine-learning based self-populating dashboard for resource utilization monitoring in hyper-converged information technology environments |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5528516A (en) * | 1994-05-25 | 1996-06-18 | System Management Arts, Inc. | Apparatus and method for event correlation and problem reporting |
US6807583B2 (en) * | 1997-09-24 | 2004-10-19 | Carleton University | Method of determining causal connections between events recorded during process execution |
US20030121027A1 (en) * | 2000-06-23 | 2003-06-26 | Hines Kenneth J. | Behavioral abstractions for debugging coordination-centric software designs |
US8001527B1 (en) * | 2004-12-21 | 2011-08-16 | Zenprise, Inc. | Automated root cause analysis of problems associated with software application deployments |
US8069374B2 (en) * | 2009-02-27 | 2011-11-29 | Microsoft Corporation | Fingerprinting event logs for system management troubleshooting |
US8612377B2 (en) * | 2009-12-17 | 2013-12-17 | Oracle International Corporation | Techniques for generating diagnostic results |
-
2014
- 2014-07-31 FR FR1457464A patent/FR3024567B1/fr active Active
-
2015
- 2015-07-31 US US15/500,791 patent/US10437656B2/en active Active
- 2015-07-31 WO PCT/FR2015/052124 patent/WO2016016587A1/fr active Application Filing
- 2015-07-31 EP EP15753735.8A patent/EP3175363A1/de not_active Withdrawn
Non-Patent Citations (2)
Title |
---|
None * |
See also references of WO2016016587A1 * |
Also Published As
Publication number | Publication date |
---|---|
FR3024567A1 (fr) | 2016-02-05 |
WO2016016587A1 (fr) | 2016-02-04 |
FR3024567B1 (fr) | 2016-09-02 |
US10437656B2 (en) | 2019-10-08 |
US20170308424A1 (en) | 2017-10-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3126659B1 (de) | Verfahren und system zur überwachung eines parameters eines raketenmotors | |
CA2943397C (fr) | Procede d'estimation du caractere normal ou non d'une valeur mesuree d'un parametre physique d'un moteur d'aeronef | |
WO2015101570A1 (fr) | Procede, dispositif et systeme d'estimation de l'etat de sante d'une batterie d'un vehicule electrique ou hybride en condition d'utilisation, et procede de construction d'un modele pour une telle estimation | |
EP3665490A1 (de) | Computer-implementiertes verfahren zur rekonstruktion der topologie eines kabelnetzwerks unter verwendung eines genetischen algorithmus | |
EP3559767B1 (de) | Verfahren zur fehlercharakterisierung in einem system | |
FR3035232A1 (fr) | Systeme de surveillance de l'etat de sante d'un moteur et procede de configuration associe | |
WO2016016587A1 (fr) | Procédé de détermination automatique de causes de dysfonctionnement d'un système composé d'une pluralité de composants matériels ou logiciels | |
WO2011117528A1 (fr) | Procede, programme d'ordinateur et dispositif de validation d'execution de taches dans des systemes informatiques evolutifs | |
EP2677454B1 (de) | Rechner, Kommunikationseinheit, die einen solchen Rechner umfasst, Eisenbahn-Steuerungssystem, das eine solche Einheit umfasst, und Verfahren zur Erhöhung der Zuverlässigkeit der Daten in einem Rechner | |
CA2837523A1 (fr) | Systeme de prescription de maintenance d'un moteur d'helicoptere | |
FR2997774A1 (fr) | Procede, dispositif et programme d'ordinateur de placement de taches dans un systeme multi-cœurs | |
FR3012636A1 (fr) | Procede de non-regression d'un outil de conception d'un systeme de surveillance de moteur d'aeronef | |
EP3729302B1 (de) | Verfahren und system zur unterstützung der fehlersuche eines komplexes systems | |
FR2957170A1 (fr) | Outil de conception d'un systeme de surveillance d'un moteur d'aeronef | |
FR3010200A1 (fr) | Procede et dispositif de normalisation de valeurs de parametres de fonctionnement d'un moteur d'aeronef | |
FR3099830A1 (fr) | Procédé et système de surveillance d’un réseau de câbles, par analyse en composantes principales | |
FR3003663A1 (fr) | Procede de determination automatique de causes de dysfonctionnement d'un systeme compose d'une pluralite de composants materiels ou logiciels | |
EP3265915B1 (de) | Simulationsvorrichtung | |
WO2019034497A1 (fr) | Procede, mis en oeuvre par ordinateur, de reconstruction de la topologie d'un reseau de cables | |
EP2686768B1 (de) | Filterungsvorrichtung und verfahren zur aufrechterhaltung einer kodierten eingangs-/ausgangsstroms | |
FR3025889A1 (fr) | Gestion de la recharge de la batterie d'un vehicule electrique | |
WO2017108924A1 (fr) | Procédé de détection de problèmes de testabilité d'un module informatique | |
EP4379486A1 (de) | Frugales prädiktives wartungsverfahren, entsprechendes computerprogrammprodukt und computerlesbares medium | |
WO2019201957A1 (fr) | Procédés de mise en oeuvre d'algorithmes d'analyse statistique de données caractérisant le comportement d'un ensemble d'éléments et système associé | |
WO2023144488A1 (fr) | Procede de controle d'un systeme comportant un post-traitement d'une commande predictive |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
17P | Request for examination filed |
Effective date: 20170127 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20200730 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230527 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20231117 |