So far, I have implemented a prototype for visualizing the events at different levels. at that implementation, I used state tree to store every states. The linking between events at different levels are based on time fields: start time and end time of the events. That means, for each process a high level event and all of low level events that exist in a same time range are related together. It gives us an event linking schema but still is not enough. Because we can have some low level events in same time range but unrelated (e. g. having two interleaving file operations for a process leads to two abstract "file operation" events with same time range but the low level events are related to one of them and not to both of those abstract events.)
Therefore we need to store some real pointers between high level states and low level states and events. Last week I was working on a modified state system that supports this requirement. In this modified version, for each state (interval) in the history tree, we add a pointer to another structure "state-node" or briefly "s-node" that contains pointers to the children of that state. The state-node contains name, arguments, type, level and mainly, pointers to the containing states (or a time range in raw events for the lowest level states). With this design, the main part of the history tree will remain unchanged and will support the previous version. Also the s-node structure will be used only when user wants to go deep and see related low level information.
I had worked on this structure before but now I am working to prototype this data structure to see how efficient it can be!