Published: 10th October 2017
DOI: 10.4204/EPTCS.259
ISSN: 2075-2180


Proceedings 2nd International Workshop on
Causal Reasoning for Embedded and safety-critical Systems Technologies
Uppsala, Sweden, 29th April 2017

Edited by: Alex Groce and Stefan Leue

Alex Groce and Stefan Leue
On Preemption and Overdetermination in Formal Theories of Causality
Sjur K Dyrkolbotn
ACCBench: A Framework for Comparing Causality Algorithms
Simon Rehwald, Amjad Ibrahim, Kristian Beckers and Alexander Pretschner
Causality-based Model Checking
Bernd Finkbeiner and Andrey Kupriyanov
Causality and Temporal Dependencies in the Design of Fault Management Systems
Marco Bozzano
Counterfactual Causality from First Principles?
Gregor Gössler, Oleg Sokolsky and Jean-Bernard Stefani
Invited Presentation: Combining Epistemic and Operational Aspects in Compositional Verification of Protocols
Mohammad Reza Mousavi
Incorporating Epistemic Uncertainty into the Safety Assurance of Socio-Technical Systems
Chris Leong, Tim Kelly and Rob Alexander


Alex Groce
Northern Arizona University, USA
Stefan Leue
University of Konstanz, Germany

The second international CREST workshop continued the focus of the first CREST workshop: addressing approaches to causal reasoning in engineering complex embedded and safety-critical systems. Relevant approaches to causal reasoning have been (usually independently) proposed by a variety of communities: AI, concurrency, model-based diagnosis, software engineering, security engineering, and formal methods. The goal of CREST is to bring together researchers and practitioners from these communities to exchange ideas, especially between communities, in order to advance the science of determining root cause(s) for failures of critical systems. The growing complexity of failures such as power grid blackouts, airplane crashes, security and privacy violations, and malfunctioning medical devices or automotive systems makes the goals of CREST more relevant than ever before.

This year’s workshop consisted of two keynotes, three invited presentations, and four contributed papers. The first keynote, presented by Samantha Kleinberg (Stevens Institute of Technology), showed how temporal logic can represent and test rich causal relationships in massive observational datasets. The keynote of Marco Bolzanno (Fondazione Bruno Kessler) proposed a formal approach to fault management for complex systems, including a framework for specification and analysis of diagnosability and the design of fault detection and identification components as well as recent advances in fault propagation analysis. Invited presentations explored causality-based model checking, fault detection and isolation in spacecraft data acquistion systems, and compositional verification of protocols. The contributed papers also covered a variety of topics, including preemption and overdetermination, comparison of causality algorithms, counterfactuals, and epistemic uncertainty.

We wish to thank the keynote speakers and authors of all invited and contributed presentations, who caused the CREST workshop to have its actual substance. The program committee also causally contributed to the successful event, by providing thorough evaluations of the contributions, and useful feedback to authors. The ETAPS organizational committee and chairs of last year’s workshop also produced highly beneficial effects, such as logistical support.

Alex Groce, Northern Arizona University
Stefan Leue, University of Konstanz, Germany

Program Committee:

Georgiana Caltais University of Konstanz Germany
Hana Chockler King’s College London UK
Anupam Datta Carnegie Mellon University USA
Grschwin Fey University of Bremen Germany
Gregor Goessler Inria France
Alex Groce Northern Arizona University USA (co-chair)
Sylvain Hall Universit du Qubec Chicoutimi Canada
Joseph Halpern Cornell University USA
Jeff Huang Texas A&M University USA
Samantha Kleinberg Stevens Institute of Technology USA
Peter Ladkin University of Bielefeld Germany
Stefan Leue University of Konstanz Germany (co-chair)
Peter Lucas Radboud University Nijmegen Netherlands
Mohammad Reza Mousavi Halmstad University Sweden
Andy Podgurski Case Western Reserve University USA
Oleg Sokolsky University of Pennsylvania USA
Joost Vennekens K.U. Leuven Belgium
Willem Visser Stellenbosch University South Africa
Georg Weissenbacher Vienna University of TechnologyAustria
Thomas Wies New York University USA

Combining Epistemic and Operational Aspects in Compositional Verification of Protocols

Mohammad Reza Mousavi (Halmstad University and University of Leicester)

Communication protocols are often described by patterns of actions and interactions; such patterns can be captured by various forms of (communicating) state machines, sequence diagram, or labeled transition systems. Several properties of such protocols such as secrecy, privacy, and authentication are best expressed by notions such as knowledge and belief in epistemic logic or various extensions thereof (5). There have been several proposals to merge these two realms, i.e., the operational realm of protocol specification and the epistemic realm of reasoning. Two significant classes of such approaches are the frameworks based on Dynamic Epistemic Logic (3, 8) and Temporal Epistemic Logic (9), respectively. Some of these frameworks come equipped with mechanized verification tools (4, 15). In (6, 7), we proposed a specification framework based on process algebra furnished with a semantics that allows for verification of properties in a rich logic combining the modal mu-calculus with epistemic logic. Compositional verification for this framework was studied in (1), where the histories of protocols are decomposed into those of their constituent processes.

Another, seemingly different, issue in protocol verification is finding the root causes for a particular violation of a (functional) property. There is a sizeable literature on defining the notion of cause (11, 12, 13, 14), as well as on devising efficient algorithms and tools for finding (minimal) causes (2, 10). In (5), we introduced a notion of causality based on labeled transition systems and Hennessy Milner Logic. There, we also explored some initial ideas regarding the compositionality of calculating causes.

In this talk, we first provide an overview of the above-mentioned two areas. Subsequently, we show how the idea of calculating a cause is similar to checking an epistemic formula: both calculations involve relating different traces leading to a state satisfying a particular property. This leads us to an outline of our approach to decompose causality checking by decomposing the global causality calculation on a parallel composition into local calculations on the constituent processes. We show that finding a minimal cause may still require a calculation at the global (composed process) level; however, this time the calculation can be done on the parallel composition of the projected and reduced processes rather than the original processes. This brings about the potential of reducing the effort in calculating causes.


This talk reports on the past joint work with Francien Dechesne and Simona Orzan and ongoing joint work with Georgiana Caltais and Stefan Leue. The work of M. R. Mousavi has been partially supported by the Swedish Research Council (Vetenskapsradet) award number: 621-2014- 5057 (Effective Model-Based Testing of Concurrent Systems) and the Swedish Knowledge Foundation (Stiftelsen for Kunskaps- och Kompetensutveckling) in the context of the AUTO-CAAS HöG project (number: 20140312) and the Strategic Research Environment ELLIIT. 2 Combining Epistemic and Operational Aspects


  1. Luca Aceto, Arnar Birgisson, Anna Ingólfsdóttir & Mohammad Reza Mousavi (2011): Decompositional Reasoning about the History of Parallel Processes. In: Revised Selected Papers from the 4th IPM International Conference on Fundamentals of Software Engineering (FSEN 2011), Lecture Notes in Computer Science 7141. Springer, pp. 32–47, doi:10.1007/978-3-642-29320-7_3.
  2. Adrian Beer, Stephan Heidinger, Uwe Kühne, Florian Leitner-Fischer & Stefan Leue (2015): Symbolic Causality Checking Using Bounded Model Checking. In: Bernd Fischer & Jaco Geldenhuys: Proceedings of the 22nd International Symposium on Model Checking Software (SPIN 2015), Lecture Notes in Computer Science 9232. Springer, pp. 203–221, doi:10.1007/978-3-319-23404-5_14.
  3. Johan van Benthem (2011): Logical Dynamics of Information and Interaction. Cambridge University Press, doi:10.1017/CBO9780511974533.
  4. Johan van Benthem, Jan van Eijck, Malvin Gattinger & Kaile Su (2015): Symbolic Model Checking for Dynamic Epistemic Logic. In: Wiebe van der Hoek, Wesley H. Holliday & Wen-Fang Wang: Proceedings of the 5th International Workshop on Logic, Rationality, and Interaction (LORI 2015), Lecture Notes in Computer Science 9394. Springer, pp. 366–378, doi:10.1007/978-3-662-48561-3_30.
  5. Georgiana Caltais, Stefan Leue & Mohammad Reza Mousavi: (De-)Composing Causality in Labeled Transition Systems. In: Proceedings of the 1st Workshop on Causal Reasoning for Embedded and safety-critical Systems Technologies (CREST 2016, Electronic Proceedings in Theoretical Computer Science 224, pp. 10–24, doi:10.4204/EPTCS.224.3.
  6. Francien Dechesne & Mohammad Reza Mousavi (2013): Interpreted Systems Semantics for Process Algebra with Identity Annotations. In: Guram Bezhanishvili, Sebastian Löbner, Vincenzo Marra & Frank Richter: Revised Selected Papers from the 9th International Tbilisi Symposium on Logic, Language, and Computation (TbiLLC 2011), Lecture Notes in Computer Science 7758. Springer, pp. 182–205, doi:10.1007/978-3-642-36976-6_13.
  7. Francien Dechesne, Mohammad Reza Mousavi & Simona Orzan (2007): Operational and Epistemic Approaches to Protocol Analysis: Bridging the Gap. In: Nachum Dershowitz & Andrei Voronkov: Proceedings of the 14th International ConferenceLogic for Programming, Artificial Intelligence, and Reasoning (LPAR 2007), Lecture Notes in Computer Science 4790. Springer, pp. 226–241, doi:10.1007/978-3-540-75560-9_18.
  8. Hans van Ditmarsch, Wiebe van der Hoek & Barteld Kooi (2008): Dynamic Epistemic Logic. Springer.
  9. Ronald Fagin, Joseph Y. Halpern, Yoram Moses & Moshe Vardi (2004): Reasoning About Knowledge. MIT Press.
  10. Gregor Gößler & Daniel Le Métayer (2015): A general framework for blaming in component-based systems. Sci. Comput. Program. 113, pp. 223–235, doi:10.1016/j.scico.2015.06.010.
  11. Gregor Gößler, Daniel Le Métayer & Jean-Baptiste Raclet (2010): Causality Analysis in Contract Violation. In: Runtime Verification - First International Conference, RV 2010, Lecture Notes in Computer Science 6418. Springer, pp. 270–284, doi:10.1007/978-3-642-16612-9_21.
  12. Joseph Y. Halpern & Judea Pearl (2005): Causes and explanations: A structural-model approach. Part I: Causes. The British Journal for the Philosophy of Science 56(4), pp. 843–887, doi:10.1093/bjps/axi147.
  13. Florian Leitner-Fischer & Stefan Leue (2013): Causality Checking for Complex System Models. In: Roberto Giacobazzi, Josh Berdine & Isabella Mastroeni: Proceedings of 14th International Conference on Verification, Model Checking, and Abstract Interpretation, (VMCAI 2013), Lecture Notes in Computer Science 7737. Springer, pp. 248–267, doi:10.1007/978-3-642-35873-9_16.
  14. David Lewis (1973): Causation. Journal of Philosopy 70, pp. 556–567, doi:10.2307/2025310.
  15. Alessio Lomuscio, Hongyang Qu & Franco Raimondi (2017): MCMAS: an open-source model checker for the verification of multi-agent systems. International Journal on Software Tools for Technology Transfer 19(1), pp. 9–30, doi:10.1007/s10009-015-0378-x.