EP3175363A1 - Verfahren zur automatischen bestimmung der ursachen der fehlfunktion eines systems aus einer vielzahl von hardware- oder software-komponenten - Google Patents

Verfahren zur automatischen bestimmung der ursachen der fehlfunktion eines systems aus einer vielzahl von hardware- oder software-komponenten

Info

Publication number
EP3175363A1
EP3175363A1 EP15753735.8A EP15753735A EP3175363A1 EP 3175363 A1 EP3175363 A1 EP 3175363A1 EP 15753735 A EP15753735 A EP 15753735A EP 3175363 A1 EP3175363 A1 EP 3175363A1
Authority
EP
European Patent Office
Prior art keywords
components
subset
model
component
execution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP15753735.8A
Other languages
English (en)
French (fr)
Inventor
Gregor GÖSSLER
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institut National de Recherche en Informatique et en Automatique INRIA
Original Assignee
Institut National de Recherche en Informatique et en Automatique INRIA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institut National de Recherche en Informatique et en Automatique INRIA filed Critical Institut National de Recherche en Informatique et en Automatique INRIA
Publication of EP3175363A1 publication Critical patent/EP3175363A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0736Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in functional embedded systems, i.e. in a data processing system designed as a combination of hardware and software dedicated to performing a certain function
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/079Root cause analysis, i.e. error or fault diagnosis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3608Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation

Definitions

  • the present invention relates to a method for automatically determining causes of malfunction of a system composed of a plurality of hardware or software components and an associated device.
  • the invention lies in the field of malfunction analysis of systems comprising several software or hardware components, or combining software components and hardware, which interact.
  • interconnected hardware and / or software components distributed over several subsystems, and possibly embedded.
  • treatment systems are composed of interconnected devices, for example pacemakers or infusors connected to surveillance systems.
  • control and monitoring systems use interconnected components, such as speed controllers.
  • This method requires the computation of cones of influence between observed events, and uses an execution graph for the implementation. It is complex from a computational point of view and implies an over-estimation of the influence of the failures of some components on the entire system. Moreover, this method is not adapted to the case of the analysis of the causes of malfunction of a real-time system.
  • the invention proposes, according to a first aspect, a method of automatically determining the necessary or sufficient causality of malfunction of a system composed of a plurality of hardware or software components, each component having a specification of associated smooth operation, said malfunction being observed in the form of violation of a global property of the system during execution of said system.
  • obtaining a subset of tested components comprising at least one component whose execution trace has at least one nonconformity with the specification of the proper functioning of said component, and a subset of components processed according to said subset of components tested;
  • each prefix comprising events compliant with the functional specification of the associated component
  • the method of the invention makes it possible to determine one or more components whose malfunction is necessary or sufficient to cause a malfunction of the system in a system of components for which a specification of good operation is known, thanks to the generation of a Counterfactual model, calculated from observed execution traces and able to generate traces of execution in accordance with the specifications of good operation of the components.
  • the method according to the invention may have one or more of the features below.
  • the step of computing, for each of the system components, an execution trace prefix not affected by non-specification-compliant events observed for components of the processed component subset includes:
  • the calculation of an extension model, for a given component, for generating an execution trace prefix comprises, for a said execution trace prefix comprising a number k of elements, the generation of a model generator for generating the first k-1 elements of said execution trace prefix and the combination of said generator model with a model according to the specification of good operation of said component.
  • the calculation step further comprises a step of composing the calculated extension models.
  • the calculation of a non-conforming event trace prefix not affected by the specification, observed for components of the processed subset of components, uses a result of the composition of the calculated extension models.
  • each component is modeled as a finite state machine model, the states of the model being linked by transitions, said transitions being defined from said performance specification.
  • extension models and the counterfactual model are modeled as finite state machines.
  • said processed subset of components is equal to the tested subset of components and at the causality determination step, the tested subset of components is determined as the cause. necessary to malfunction of the system if and only if the counterfactual model determined respects said overall property of the system.
  • said treated subset of components is equal to the subset of components complementary to said tested subset of components, and to the causality determination step, the subset of components set of components tested is determined as the cause sufficient dysfunction of the system if and only if the determined counterfactual model inevitably violates said overall property of the system.
  • the method according to the invention applies in particular when the system comprises hardware components and / or software components.
  • the invention relates to a device for automatically determining necessary or sufficient causality of malfunction of a system composed of a plurality of hardware or software components, each component having an associated performance specification, said dysfunction being observed. in the form of the violation of a global property of the system during an execution of said system, comprising a processor or a programmable circuit.
  • the device comprises units adapted to:
  • obtaining a subset of tested components comprising at least one component whose execution trace has at least one nonconformity with the specification of good operation of said component, and a subset of components processed according to said subset tested components;
  • each prefix comprising events compliant with the specification of the functioning of the associated component
  • the invention relates to a computer program comprising instructions for implementing the steps of a method for automatically determining the necessary or sufficient causality of malfunction of a system composed of a plurality of hardware components or software such as briefly presented above when executing the program by a processor or a programmable circuit of a programmable device.
  • the invention relates to an information recording medium, characterized in that it comprises instructions for executing a method for automatically determining the necessary or sufficient causality of malfunction of a compound system. of a plurality of hardware or software components as presented above, when these instructions are executed by a programmable device.
  • FIG. 1 is an example of a system implementing the invention
  • FIG. 2 is a flowchart of a necessary and / or sufficient method of determining causality of malfunction according to one embodiment of the invention
  • FIGS. 3, 4 and 5 schematically illustrate models of representation of components according to an example of implementation
  • FIG. 6 represents an exemplary execution trace of a system comprising components modeled according to the models of FIGS. 3 to 5;
  • FIG. 7 is a flowchart of a necessary causality determination method according to an embodiment of the invention.
  • FIG. 8 represents a set of truncated execution traces
  • FIG. 9 represents a plurality of extension models calculated from the truncated execution traces of FIG. 8;
  • FIG. 10 represents a set of unassigned execution prefixes calculated by applying the extension models of FIG. 8;
  • FIG. 11 schematically illustrates a calculated counterfactual model
  • FIG. 12 is a flowchart of a sufficient causality determination method according to one embodiment of the invention.
  • the invention is not limited to this example of application and can be applied to any type of system based on components able to communicate with each other according to a given communication model.
  • the invention finds applications in particular in medical device systems integrating software components, in embedded systems in vehicles or trains, in aeronautics and aerospace, in power plants, in distribution networks. energy and in web services.
  • the invention can be applied during or after the execution of a system. It can also be applied when validating a system; in this case it identifies the components that caused the malfunctions observed during tests.
  • the invention can be applied while running a system when a malfunction is observed, thereby allowing identification of the component (s) causing the malfunction.
  • FIG. 1 illustrates a system 1 embodying the invention, comprising a three-component communication system 2, 4, 6, 8, which are able to communicate with one another by means of communication messages, represented by arrows in the figure.
  • the number of components is limited to three in Figure 1 for ease of explanation, but in practice, the invention makes it possible to process any number of components.
  • the components 4, 6 and 8 shown in Figure 1 are all connected to each other by transmitting / receiving connections, such an architecture is not necessary, the components can be only partially connected to each other.
  • an event sequence is stored in an execution log stored in a respective file 10, 12, 14.
  • each component has an associated execution log, stored separately. .
  • only one execution log is stored for all or a subset of system components 2.
  • the components are considered as "black boxes", of which only the inputs and outputs are known, as well as a specification of good operation, and it is this information that is useful for the determination of causality of malfunction.
  • the events and data stored in the execution logs relate for example to the communications, that is to say the messages sent and received, on function calls, on the writing and reading of shared variables, and / or on a summary of internal calculation steps such as the functions executed with parameter values and return values.
  • the stored execution logs, including the observed event sequences for each component, are then used in a device 16 for automatically determining causes of malfunction.
  • the device 16 implements a necessary and / or sufficient causality determination method according to the invention, and indicates at the output 18 one or more failed components among all the components of the system.
  • the device 16 is a programmable device and comprises in particular a processor or a programmable circuit capable of implementing modules for automatically determining causes of necessary and / or sufficient malfunction of the analyzed system.
  • FIG. 2 illustrates an embodiment of a method for determining the necessary and / or sufficient causality of dysfunction of a system according to the invention, in the case where a malfunction is observed, during the execution of the system or after system execution.
  • the method is implemented by a programmable device such as a computer, comprising in particular a programmable circuit or a processor capable of executing control program instructions when the device is powered up and information storage means capable of storing executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
  • a programmable device such as a computer, comprising in particular a programmable circuit or a processor capable of executing control program instructions when the device is powered up and information storage means capable of storing executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
  • the method for determining causes of malfunction according to the invention uses a mathematical formalization of the behavior of a system, thus allowing application to any type of system with hardware or software components.
  • the invention applies to any model of system behavior, but will be described hereinafter in one embodiment, in which the behavior of such a system and its components is modeled by a system of labeled transitions (labeled transition). system, LTS).
  • LTS labeled transition
  • An LTS B (Q, ⁇ , - » q 0 ) consists of a set of states Q, an event alphabet ⁇ , a transition relation denoted by -», where -> ç gx ⁇ xg and 0 a state initial.
  • q ⁇ q ' for the triplet (q, a, q') e-> which represents a transition labeled by the event a between a first state q and a second state q '.
  • the model of good operation of the system S is obtained by a composition of the models of the components of the system.
  • the composition of models is noted II.
  • the alphabet of the composition of the C models is the union of the alphabets of the models; C can make a transition labeled a if and only if all the models that have in their alphabet are ready to make a transition in their current state.
  • P be a global property of good functioning of the system S, the violation of which constitutes a dysfunction, such that if all the components of S satisfy their specification, then P is respected.
  • a system comprising three components: a plant plant using a reactor whose temperature must be maintained at a certain level; a supervisor supervisory component that measures the temperature and activates either heating or cooling; an Env component that models the evolution of the temperature according to the actions of the supervision component.
  • the system S is thus formed of three components which are respectively the Supervisor supervisory component, the Plant reactor plant and the Env environment component.
  • Figures 3, 4 and 5 schematically illustrate, for the example discussed, the performance specifications of the Supervisor, Plant components and a Env environment model including a state indicating a violation of property of operation, noted _L.
  • the Supervisor component interacts with the Env component to collect the current reactor temperature in the Q state. If the temperature is between preset thresholds T m in, T ma x, denoted med for medium temperature, the Supervisor component performs a med transition to a Ql state, waits for a delay time (transition t), and returns to the state Q; no action with the Plant component is required.
  • the Supervisor component performs a low transition to the Q S 3 state , followed by a beat transition to the Q 2 state.
  • the Supervisor component makes a high transition to the Q S A state , followed by a cool transition to the Q 2 state.
  • the transition f carries out the delay and the return to the received temperature reception state Q.
  • the Plant component is, in a first state Q p l , in a mode where the temperature of the reactor increases.
  • the Plant component makes a transition f to the state Q P 2 from which a transition inc, representing an increase in temperature, makes it possible to go back to the first state Q p l .
  • the Plant component transitions to the Q p state.
  • a transition f leads to the state Q p , from where a transition dec makes it possible to return to the state Q p ; this models a decrease in the temperature of the reactor at each unit of time.
  • the state Q p l can be reached by a beat command received from the Supervisor component.
  • the component Env has six associated operating states, denoted Q E 1 , Q 2 ,
  • the states Q E 1 and Q E A are associated with a temperature sensed Temp provided by sensors. If the temperature Temp is in the operating range [T m in, Tmax], the state Q is maintained by a sequence of med transitions (transmission of the temperature sensed to the Supervisor) followed by f.
  • the component goes to the state Q E 2 by a transition T.
  • the component remains in the states Q E 2 and Q E 5 (transitions low; t).
  • the component passes from the state Q E I to the state Q by a transition inc. As long as the sensed temperature is greater than T ma x, the component remains in states Q and Q E 6 (high transitions; t).
  • an execution of the system providing an execution log comprising a set of traces tn for each of the system components is applied.
  • each component has an associated execution log, also called component trace and noted tn.
  • the execution log includes a sequence of events observed, each event corresponding to a transition between states of the component as defined above.
  • a first portion of the component trace is called a prefix of said trace.
  • a prefix of an execution trace is a truncation of the trace.
  • tr ⁇ ⁇ ⁇ a 2 - ... a k is a sequence of events. It is accepted by B if there exists a sequence of transitions passing B from an initial state q to a state q 'such that: ⁇ , ⁇ ... ⁇ q k _ y -, the states q l , .. ., _ q k l e Q.
  • the execution logs or traces tn are stored during a system execution and are read into a memory of the programmable device implementing the invention.
  • the execution logs or tn traces are used while the system is running.
  • the causality analysis is performed while running, the event sequences that occurred up to the time of analysis are used.
  • step 22 includes extracting the component-by-component tn logs from one or more such files storing event sequences for multiple components.
  • the method of the invention is used when an execution of the system is incorrect, or, in other words, when for the execution of the system there is a malfunction, which is a nonconformity at one or more overall properties of the P system.
  • FIG. 3 An exemplary exemplary system execution log S, the component models of which are illustrated in FIGS. 3, 4 and 5, is illustrated in FIG.
  • a table T illustrates respective execution traces of the Supervisor, Plant, Env components, denoted tr_S, tr_P, and tr_E.
  • the trace trace tr_S Supervisor component includes an event that does not conform to the model shown in Figure 3: it is the event f surrounded in Table T.
  • the execution trace tr_P of the Plant component comprises an event that does not conform to the model illustrated in FIG. 4: it is the event f surrounded in the table T.
  • the system S has a malfunction and a violation of the specification, since for the Env component, the high transition is followed by inc, which is contrary to the overall property of good operation (see Figure 5).
  • the step 22 for obtaining execution traces is followed by a step 24 of detecting a malfunction, that is to say of non-conformity with a global property P of the system. which applies regardless of the modeling of the behavior of the system.
  • step 26 In case of detection of malfunction in step 24, this step is followed by a step 26 of selecting a subset / components, each having an execution trace including an event not conforming to the model.
  • the subset / ⁇ ' 1 .., ⁇ ⁇ ⁇ has R indices, R> 1, and R ⁇ N, where N is the total number of components of the system S observed.
  • the subset / of components is the subset whose necessary and / or sufficient causality with respect to the observed dysfunction is tested, and is called subset of tested components.
  • the method analyzes the joint causality of the subset / tested components. It should be noted that the method of the invention is theoretically applicable with a subset / of components having no nonconformity in the execution trace, but such a case is of no interest in practice. Indeed, the method aims to determine which of the components of the studied system is the cause of the observed dysfunction.
  • the invention makes it possible to determine, by testing several subsets of components /, accurately, the components whose malfunction is necessary and / or sufficient to find the overall malfunction of the system with respect to the property P.
  • Fig. 7 illustrates an embodiment of the necessary causality determination step of the subset / components.
  • the method illustrated schematically in FIG. 7 is implemented by a programmable device such as a computer, notably comprising a programmable circuit or a processor able to execute control program instructions when the device is powered up and storage means information, able to store executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
  • a programmable device such as a computer, notably comprising a programmable circuit or a processor able to execute control program instructions when the device is powered up and storage means information, able to store executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
  • a truncated execution log is obtained.
  • steps 32 to 40 apply to this subset of components, as explained below.
  • the execution trace tr. is truncated to retain only the prefix tr. conform to the Qk component model.
  • the prefix comprises the sequence of events tr t above the non-conforming to the detected event model, also called error relative to the performance of the component concerned.
  • Figure 8 illustrates the truncated execution log, shown in a table T, for the developed example and for the subset / including the Supervisor component.
  • the tr'_S prefix comprises only the first three elements of the tr_S execution trace for the Supervisor component, and the tr'_P and tr'_E traces / prefixes are unchanged for both. other components.
  • an extension model is determined, making it possible to generate all the execution traces comprising the prefix tr) and conform to the model of the component Ci.
  • T (tr) an LTS model making it possible to generate exactly the trace tr, called the generator model of tr.
  • the generator model T (tr) is defined as follows:
  • T (tr) ( ⁇ q 0 , ..., q k ⁇ , ⁇ a,, ..., a k q 0 )
  • T (tr ') (Q', ⁇ ', ⁇ ', q 0 ).
  • the trace extension model tr is obtained by composition of the generator model T (tr p ) of the prefix tr p of the trace tr, corresponding to the trace tr without its last event a k and of the set of conformal transitions to model B making it possible to pass from the state q k _ x of the generating model T (tr p ) to a state q of model B.
  • B the behavioral model of the component of index i
  • S its model of good functioning (thus, the behaviors of S, are included in those represented by B,).
  • the extension model M (tr p ) of tr is calculated as Refine_Si (tr p ) when tr p is according to S,; M (tr p ) is calculated as Refine_Bi (tr p ) when tr p is not consistent and a behavioral model B is available; M (tr p ) is calculated as T (tr p ) when tr is not compliant and no behavioral model of component i is known.
  • the obtaining of the trace extension model applies regardless of the modeling of the behavior of the system.
  • an extension model. (.) is obtained for each prefix of the truncated execution log.
  • Figure 9 illustrates the extension templates Ms, MP, ME obtained from the prefixes of the truncated execution log illustrated in Figure 8.
  • the extension models are in fact the generator models of the respective tr'_P and tr'_E traces.
  • the extension model is a combination of the tr'_S trace generator model, deprived of the last transition ⁇ high ⁇ (we note tr'_S ⁇ ⁇ high ⁇ ), and the high transition to the corresponding model Cs shown in FIG.
  • the step 34 of generating extension models is followed by a step 36 of constructing a set of prefixes not affected by the error or the errors of the components of the subset /, denoted ⁇ tr * i ⁇ .
  • this set is performed by truncation of all prefixes ⁇ tr. in step 32 as a function of the combination of extension models calculated in step 34.
  • extension models M ⁇ tr The combination of extension models M ⁇ tr) computed in step 34 provides a model:
  • step 34 Two embodiments are envisaged for step 34.
  • the combination with B is optional.
  • the components are considered in a predetermined order, for example the increasing order of the indices; after obtaining each unassigned prefix its extension model is updated in the composition before calculating the unassigned prefix of the next trace.
  • FIG. 10 illustrates the set T * of unassigned prefixes ⁇ tri ⁇ obtained in the exemplary embodiment, obtained by using the extension models of FIG. 9 according to the first embodiment of step 36 described above. above.
  • the set T * obtained is the set of prefixes of maximum length that could have been observed in the absence of the execution errors of the system S.
  • step 36 of constructing the set of unassigned prefixes is followed by a step 38 of constructing an MC (I) model, called a counterfactual model constructed with respect to the subset of components.
  • the MC (I) model is obtained by composing the extension models of each of the unaffected prefixes (tri), which depend on the respective LTS models of each of the components.
  • B * tr * denotes the corresponding extension model, obtained as explained above in step 34.
  • Counterfactual model MC (I) is the composition of extension models
  • the counterfactual model MC (I) is the composition of the extension models B ⁇ tr * ) without model B of the overall behavior of the system.
  • the counterfactual model MC (I) is a model of the fictitious execution traces, which could have been observed in the absence of errors of the components of the subset / considered.
  • the counterfactual model of the treated subassembly makes it possible to generate all the possible behaviors starting with the unassigned prefixes, in the absence of malfunctions of the components of the subset of components processed.
  • a property P is also represented by an LTS model:
  • the transitions of the observation model include the transitions defined for the model of the property P and the transitions which, accepting an event that does not conform to the property tested, lead to an error state. .
  • the tested model MC (I) satisfies the property P if and only if there is no state egx jl ⁇ such that (q 0 , q °) -> * q where -> * is the transitive closure of -> .
  • the counterfactual model MC (/) satisfies the property P if no sequence of events generated by the model results in the error state _L.
  • step 42 Based on the result of the property satisfaction check step P by the counterfactual model MC (/), a decision on the necessary causality of the subset / component error is returned to step 42, which that is the modeling of the system.
  • Figure 11 illustrates the counterfactual model obtained for the example developed, considering the Supervisor component as a subset of tested components.
  • the counterfactual model is obtained by composing the extension models.
  • the counterfactual model obtained satisfies the property P, which makes it possible to deduce that the error found in the execution trace of the Supervisor component is a necessary cause of the malfunction of the system.
  • Fig. 12 illustrates an embodiment of the sufficient causality determination step of the subset / components.
  • the method illustrated schematically in FIG. 12 is implemented by a programmable device such as a computer, notably comprising a programmable circuit or a processor capable of executing control program instructions when the device is powered up and storage means being used. information, able to store executable code instructions allowing the implementation of programs capable of implementing the method according to the invention.
  • a subset I e comprising the indices of the components of the system S and which are not part of the subset / is determined.
  • steps 52, 54, 56, 58 are analogous to steps 32, 34, 36, 38 previously described, considering the subset I e as a subset of components processed in place of the subset /.
  • the verification step 60 consists of checking whether the counterfactual model MC (/ C ) systematically violates the property P, therefore if all the traces obtained according to this model comprise a chain of events that does not conform to P.
  • step 62 If the counterfactual model MC (/ C ) inevitably violates the property P, it is determined in step 62 that the subset of components / is a sufficient cause of system malfunction.
  • step 62 If at least some of the traces that can be obtained by applying the counterfactual model MC (/ C ) satisfy P, then it is determined in step 62 that the subset of components / is not a sufficient cause of malfunction. of the system.
  • the behavior of the system and its components is modeled by timed automata.
  • the invention applies more generally to any modeling of a system and its components that makes it possible to construct tools for:
  • the invention nonetheless applies to complex systems with multiple components, and makes it possible to automatically and systematically determine the causes of dysfunction that are necessary and / or sufficient in these complex systems.
  • the method can be used in a systematic search for causality, in which all the events or sequences of events that may cause a malfunction among the events observed are analyzed.
  • the method described is implemented for each subset / considered as likely to be a necessary and / or sufficient cause of dysfunction, or for a part of these subsets, and makes it possible to determine in particular the sub-assembly. minimal set of components whose observed behavior is a necessary and / or sufficient cause for the observed dysfunction.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Debugging And Monitoring (AREA)
EP15753735.8A 2014-07-31 2015-07-31 Verfahren zur automatischen bestimmung der ursachen der fehlfunktion eines systems aus einer vielzahl von hardware- oder software-komponenten Withdrawn EP3175363A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1457464A FR3024567B1 (fr) 2014-07-31 2014-07-31 Procede de determination automatique de causes de dysfonctionnement d'un systeme compose d'une pluralite de composants materiels ou logiciels
PCT/FR2015/052124 WO2016016587A1 (fr) 2014-07-31 2015-07-31 Procédé de détermination automatique de causes de dysfonctionnement d'un système composé d'une pluralité de composants matériels ou logiciels

Publications (1)

Publication Number Publication Date
EP3175363A1 true EP3175363A1 (de) 2017-06-07

Family

ID=52450248

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15753735.8A Withdrawn EP3175363A1 (de) 2014-07-31 2015-07-31 Verfahren zur automatischen bestimmung der ursachen der fehlfunktion eines systems aus einer vielzahl von hardware- oder software-komponenten

Country Status (4)

Country Link
US (1) US10437656B2 (de)
EP (1) EP3175363A1 (de)
FR (1) FR3024567B1 (de)
WO (1) WO2016016587A1 (de)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10474523B1 (en) * 2017-10-27 2019-11-12 EMC IP Holding Company LLC Automated agent for the causal mapping of complex environments
US11032152B2 (en) 2018-04-25 2021-06-08 Dell Products L.P. Machine-learning based self-populating dashboard for resource utilization monitoring in hyper-converged information technology environments

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5528516A (en) * 1994-05-25 1996-06-18 System Management Arts, Inc. Apparatus and method for event correlation and problem reporting
US6807583B2 (en) * 1997-09-24 2004-10-19 Carleton University Method of determining causal connections between events recorded during process execution
US20030121027A1 (en) * 2000-06-23 2003-06-26 Hines Kenneth J. Behavioral abstractions for debugging coordination-centric software designs
US8001527B1 (en) * 2004-12-21 2011-08-16 Zenprise, Inc. Automated root cause analysis of problems associated with software application deployments
US8069374B2 (en) * 2009-02-27 2011-11-29 Microsoft Corporation Fingerprinting event logs for system management troubleshooting
US8612377B2 (en) * 2009-12-17 2013-12-17 Oracle International Corporation Techniques for generating diagnostic results

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2016016587A1 *

Also Published As

Publication number Publication date
FR3024567A1 (fr) 2016-02-05
WO2016016587A1 (fr) 2016-02-04
FR3024567B1 (fr) 2016-09-02
US10437656B2 (en) 2019-10-08
US20170308424A1 (en) 2017-10-26

Similar Documents

Publication Publication Date Title
EP3126659B1 (de) Verfahren und system zur überwachung eines parameters eines raketenmotors
CA2943397C (fr) Procede d'estimation du caractere normal ou non d'une valeur mesuree d'un parametre physique d'un moteur d'aeronef
WO2015101570A1 (fr) Procede, dispositif et systeme d'estimation de l'etat de sante d'une batterie d'un vehicule electrique ou hybride en condition d'utilisation, et procede de construction d'un modele pour une telle estimation
EP3665490A1 (de) Computer-implementiertes verfahren zur rekonstruktion der topologie eines kabelnetzwerks unter verwendung eines genetischen algorithmus
EP3559767B1 (de) Verfahren zur fehlercharakterisierung in einem system
FR3035232A1 (fr) Systeme de surveillance de l'etat de sante d'un moteur et procede de configuration associe
WO2016016587A1 (fr) Procédé de détermination automatique de causes de dysfonctionnement d'un système composé d'une pluralité de composants matériels ou logiciels
WO2011117528A1 (fr) Procede, programme d'ordinateur et dispositif de validation d'execution de taches dans des systemes informatiques evolutifs
EP2677454B1 (de) Rechner, Kommunikationseinheit, die einen solchen Rechner umfasst, Eisenbahn-Steuerungssystem, das eine solche Einheit umfasst, und Verfahren zur Erhöhung der Zuverlässigkeit der Daten in einem Rechner
CA2837523A1 (fr) Systeme de prescription de maintenance d'un moteur d'helicoptere
FR2997774A1 (fr) Procede, dispositif et programme d'ordinateur de placement de taches dans un systeme multi-cœurs
FR3012636A1 (fr) Procede de non-regression d'un outil de conception d'un systeme de surveillance de moteur d'aeronef
EP3729302B1 (de) Verfahren und system zur unterstützung der fehlersuche eines komplexes systems
FR2957170A1 (fr) Outil de conception d'un systeme de surveillance d'un moteur d'aeronef
FR3010200A1 (fr) Procede et dispositif de normalisation de valeurs de parametres de fonctionnement d'un moteur d'aeronef
FR3099830A1 (fr) Procédé et système de surveillance d’un réseau de câbles, par analyse en composantes principales
FR3003663A1 (fr) Procede de determination automatique de causes de dysfonctionnement d'un systeme compose d'une pluralite de composants materiels ou logiciels
EP3265915B1 (de) Simulationsvorrichtung
WO2019034497A1 (fr) Procede, mis en oeuvre par ordinateur, de reconstruction de la topologie d'un reseau de cables
EP2686768B1 (de) Filterungsvorrichtung und verfahren zur aufrechterhaltung einer kodierten eingangs-/ausgangsstroms
FR3025889A1 (fr) Gestion de la recharge de la batterie d'un vehicule electrique
WO2017108924A1 (fr) Procédé de détection de problèmes de testabilité d'un module informatique
EP4379486A1 (de) Frugales prädiktives wartungsverfahren, entsprechendes computerprogrammprodukt und computerlesbares medium
WO2019201957A1 (fr) Procédés de mise en oeuvre d'algorithmes d'analyse statistique de données caractérisant le comportement d'un ensemble d'éléments et système associé
WO2023144488A1 (fr) Procede de controle d'un systeme comportant un post-traitement d'une commande predictive

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

17P Request for examination filed

Effective date: 20170127

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20200730

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230527

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20231117