About
152
Publications
38,034
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,162
Citations
Introduction
István Majzik works at the Budapest University of Technology and Economics, Department of Artificial Intelligence and Systems Engineering, as member of the Critical Systems Research Group (ftsrg). István does research in software verification, dependable computing, and safety critical computer systems. He is independent safety assessor in railway control software development.
Current institution
Additional affiliations
December 1994 - present
January 1998 - present
Education
September 1987 - August 1992
Publications
Publications (152)
Analysis of Markov Decision Processes (MDP) is often hindered by state space explosion. Abstraction is a well-established technique in model checking to mitigate this issue. This paper presents a novel lazy abstraction method for MDP analysis based on adaptive simulation graphs. Refinement is performed only when new parts of the state space are exp...
Programmable controllers are gaining prevalence even in distributed safety-critical infrastructures, e.g., in the railway and aerospace industries. Such systems are generally integrated using multiple loosely-coupled reactive components and must satisfy various critical requirements. Thus, their systematic testing is an essential task, which can be...
Distributed programmable controllers are getting prevalence in critical infrastructure, among others, in railway interlocking systems (RIS). Generally, such systems are integrated using various reactive components and must carry out critical tasks. Accordingly, their systematic testing is vital, which can be hindered by their complexity and distrib...
Probabilistic programs that can represent both probabilistic and non-deterministic choices are useful for creating reliability models of complex safety-critical systems that interact with humans or external systems. Such models are often quite complex, so their analysis can be hindered by state-space explosion. One common approach to deal with this...
Control systems are typically tightly embedded into their environment to enable adaptation to environmental effects. As the complexity of such adaptive systems is rapidly increasing, there is a strong need for coherent tool‐centric approaches to aid their systematic development. This paper proposes an end‐to‐end component‐based specification, desig...
Algorithms and protocols with time dependent behavior are often specified formally using timed automata. For practical real-time systems, besides real-valued clock variables, these specifications typically contain discrete data variables with nontrivial data flow. In this paper, we propose a configurable lazy abstraction framework for the location...
Control systems in railway, automotive or industrial robotic applications are generally tightly integrated into their environment to allow adapting to environmental changes. This paper proposes a contract-based specification and testing approach for adaptive systems based on the combination of a high-level scenario language (LSC variant) and an ada...
The increasing complexity of reactive systems can be mitigated with the use of components and composition languages in model-driven engineering. Designing composition languages is a challenge itself as both practical applicability (support for different composition approaches in various application domains), and precise formal semantics (support fo...
Communication protocols are often designed on the basis of state-based models. During protocol design, the use of formal verification is indispensable, as concurrent behavior is notorious for hidden and sophisticated bugs. This paper presents a formal verification approach to verify an industrial communication protocol using the Gamma Statechart Co...
The saturation algorithm for symbolic state space generation has proved to be an efficient way to tackle the state space explosion problem in the verification of concurrent, asynchronous systems. Since its original publication in 2001, several variants and extensions have been introduced. The reason for altering the algorithm in these variants is o...
Formal methods (in a broad sense) have been around almost since the beginning of computer science. Nonetheless, there is a perception in the formal methods community that take-up by industry is low considering the potential benefits. We take a look at possible reasons and give candidate explanations for this effect. To address the issue, we propose...
Systems and software with time dependent behavior are often formally specified using timed automata. For practical real-time systems, these specifications typically contain discrete data variables with nontrivial data flow besides real-valued clock variables. In this paper, we propose a lazy abstraction method for the location reachability problem...
The Gamma Statechart Composition Framework is an integrated tool to support the design, verification and validation as well as code generation for component-based reactive systems. The behavior of each component is captured by a statechart, while assembling the system from components is driven by a domain-specific composition language. Gamma automa...
In this paper, we present THETA, a configurable model checking framework. The goal of the framework is to support the design, execution and evaluation of abstraction refinement-based reachability analysis algorithms for models of different formalisms. It enables the definition of input formalisms , abstract domains, model interpreters, and strategi...
Testing is a common technique to assess quality of systems. Regression testing comes into view, when changes are introduced to the system under test and re-running all tests is not practical. Numerous techniques have been introduced to select tests only relevant to a given set of changes. These are typically based on source code, however, model-bas...
Since their invention, Petri nets have provided modelling and analysis methods to support the design of correct, reliable and robust systems. This motivated our work to develop PetriDotNet, a Petri net editor and analysis tool. In this paper we overview the supported modelling formalisms and the analysis methods included in PetriDotNet. Next, we pr...
To solve the reachability problem for timed automata, model checkers usually apply forward search and zone abstraction. To ensure efficiency and termination, the computed zones are generalized using maximal constants obtained from guards either by static analysis or lazily for a given path. In this paper, we propose a lazy method based on zone abst...
The behavior of practical safety critical systems often combines real-time behavior with structured data flow. To ensure correctness of such systems, both aspects have to be modeled and formally verified. Time related behavior can be efficiently modeled and analyzed in terms of timed automata. At the same time, program verification techniques like...
Prioritised Petri net is a powerful modelling language that often constitutes the core of even more expressive modelling languages such as GSPNs (Generalized Stochastic Petri nets). The saturation state space traversal algorithm has proved to be efficient for non-prioritised concurrent models. Previous works showed that priorities may be encoded in...
Programmable logic controllers are typically programmed in one of the five languages defined in the IEC 61131 standard. While the ability to choose the appropriate language for each program unit may be an advantage for the developers, it poses a serious challenge to verification methods. In this paper we analyse and compare these languages to show...
Failure Mode and Effects Analysis (FMEA) is a systematic technique to explore the possible failure modes of individual components or subsystems and determine their potential effects at the system level. Applications of FMEA are common in case of hardware and communication failures, but analyzing software failures (SW-FMEA) poses a number of challen...
Statecharts are frequently used as a modeling formalism in the design of state-based systems. Formal verification techniques are also often applied to prove certain properties about the behavior of the system. One of the most efficient techniques for formal verification is Counterexample-Guided Abstraction Refinement (CEGAR), which reduces the comp...
Statecharts are frequently used as a modeling formalism in the design of state-based systems. Formal verification techniques are also often applied to prove certain properties about the behavior of the system. One of the most efficient techniques for formal verification is Counterexample-Guided Abstraction Refinement (CEGAR), which reduces the comp...
The complexity and quality needs of PLC-based control system software have largely increased. Formal specification methods can help to cope with these needs. Besides formal verification, another benefit of a formal specification language is the possibility to provide automatic generation of the final source code. This paper overviews PLCspecif, our...
Stochastic Petri nets are widely used for the modeling and analysis of non-functional properties of critical systems. The state space explosion problem often inhibits the numerical analysis of such models. Symbolic techniques exist to explore the discrete behavior of even complex models, while block Kronecker decomposition provides memory-efficient...
PetriDotNet is an extensible Petri net editor and analysis tool originally developed to support the education of formal methods. The ease of use and simple extensibility fostered more and more algorithmic developments. Thanks to the continuous interest of developers (especially M.Sc. and Ph.D. students who choose PetriDotNet as the framework of the...
Correctness of software components in a distributed system is a key issue to ensure overall reliability. Formal verification techniques such as model checking can show design flaws at early stages of development. Abstraction is a key technique for reducing complexity by hiding information, which is not relevant for verification. Counterexample-Guid...
Programmable Logic Controllers (PLCs) are widely used in the industry for various industrial automation tasks. Besides non-safety applications, the usage of PLCs became accepted in safety-critical installations, where the cost of failure is high. In these cases the used hardware is special (so-called fail-safe or safety PLCs), but also the software...
Stochastic aspects of complex systems require more and more involved analysis approaches. Answering reachability and related analysis questions can often be reduced to steady-state, transient, reward or sensitivity value analysis of stochastic models. In this paper we introduce a configurable stochastic analysis framework which supports the user to...
Since visual modeling languages are getting more and more popular, automatic generation of program code on the basis of high-level models is an important issue. This article discusses implementation possibilities of statecharts, the graphical notation for describing state-based event-driven behavior in the Unified Modeling Language (UML). The first...
Efficient symbolic and explicit-state model checking approaches have been developed for the verification of linear time temporal logic (LTL) properties. Several attempts have been made to combine the advantages of the various algorithms. Model checking LTL properties usually poses two challenges: one must compute the synchronous product of the stat...
The correctness of the software used in control systems has been always a high priority, as a failure can cause serious expenses, injuries or loss of reputation. To improve the quality of these applications, various development and verification methods exist. All of them necessitate a deep understanding of the requirements which can be achieved by...
Formal methods, especially model checking techniques, are often used for the verification of the resilience of safety critical systems. The usual complexity of the verification problem in real life systems (due to state space explosion and the handling of time dependent behavior) demands efficient techniques. In this paper we propose a decompositio...
Formal methods have an important role in ensuring the correctness of safety critical systems. However, their application in industry is always cumbersome: the lack of experts and the complexity of formal languages prevents the efficient application of formal verification techniques. In this paper we take a step in the direction of making formal mod...
This book constitutes the refereed proceedings of the 6th International Workshop on Software Engineering for Resilient Systems, SERENE 2014, held in Budapest, Hungary, in October 2014. The 11 revised technical papers presented together with one project paper and one invited talk were carefully reviewed and selected from 22 submissions. The papers a...
Nowadays, safety critical systems are often complex, real-time systems requiring formal methods to prove the correctness of their behavior. This work presents a framework that supports modeling and model checking such systems. We adapted an existing formalism to provide better modeling and model checking support. Using this formalism, we extended a...
This chapter provides an overview of the state of knowledge related to stochastic model-based assessment approaches, which are most commonly used for resiliency evaluation of current computing systems. The chapter first introduces a set of representative surveys developed in recent European projects, and then it provides a deeper description of com...
Robustness is an attribute of resilience that measures the behaviour of the system under non-standard conditions. Robustness is defined as the degree to which a system operates correctly in the presence of exceptional inputs or stressful environmental conditions. As triggering robustness faults could in the worst case scenario even crash the system...
Autonomous systems are used nowadays in more and more sectors from vehicles to domestic robots. They can make decisions on their own or interact with humans, thus their robustness and safety are properties of crucial importance. Due to the adaptive and context-aware nature of these systems, the testing of such properties is especially challenging....
Our paper outlines the application of two data mining techniques for the automatic processing of failure data. The first solutions aims at identifying those parts of a complex HW/SW system built up of COTS components whose incom-patibilities or undesired interactions lead to system failures. The second approach is proposed for automatic discovery o...
This paper presents how the platform-specific development environment of time-triggered (TT) systems can be integrated with a visual design toolkit based on UML. The modeling extensions introduced by us enable the unification of the advantages provided by both the embedded development environment and the UML CASE tools. UML offers visual design, au...
Software testing is the process of evaluating the quality of the software under test (SUT) by controlled execution, with the primary aim to reveal inadequate behavior. Despite the automation offered by modern development environments, the process of test data generation remains a largely manual task. In this paper we present a model-based approach...
Dealing with large, critical mobile systems and infrastructures where ongoing changes and resilience are paramount leads to very complex and difficult challenges for system evaluation. These challenges call for approaches that are able to integrate several evaluation methods for the quantitative assessment of QoS indicators which have been applied...
Dealing with large, critical mobile systems and infrastructures where ongoing changes and resilience are paramount leads to very complex and difficult challenges for system evaluation. These challenges call for approaches that are able to integrate several evaluation methods for the quantitative assessment of QoS indicators which have been applied...
System development processes are typically supported by dozens of different tools that assist the designer in various phases
of development like modeling, verification, source code generation, testing. Tool-chains can be formed by the integration
of tools that are related to the subsequent steps of the process. In this paper, we present a service-o...
System development processes - especially in case of model-based development - are typically supported by dozens of different tools that assist the designer in the modeling, verification, source code generation, and testing tasks. Tool-chains can be formed by the integration of tools that are related to the subsequent steps of the development proce...
This paper presents the design and implementation of a run-time verification approach for distributed embedded systems. We developed a technology for the integrated synthesis of the source code of the running applications and the source code of the monitors for run-time verification, based on formal models (timed automata) and formal property speci...
The design of safety-critical systems and business-critical services necessitates to coordinate between a large variety of
tools used in different phases of the development process. As certification frequently prescribes to achieve justified compliance
with regulations of authorities, integrated tool chain should strictly adhere to the development...
Model based dependability analysis can be used to evaluate the effects of architectural choices on system level availability and reliability. In component based systems the dependability model is built typically from sub-models that are assigned to components or subsystems and represent the local fault occurrences and error propagation. We describe...
Formal methods can effectively support the model driven develoment and analysis of IT applications in many domains. Typically, the domain-specific engineering models are transformed to formal analysis models (to compute measures that help the designer in verifying the design decisions) and verified models are mapped to test and implementation relat...
Dependability is a fundamental property of computer systems operating in critical environment. The measurement of dependability (and thus the assessment of the solutions applied to improve dependability) typically relies on controlled fault injection experiments that are able to reveal the behavior of the system in case of faults (to test error han...
Cost pressure, short time to market, and increased complexity are responsible for an evident increase of the failure rate of computing systems, while the cost of failures is growing rapidly, as a result of an unprecedented degree of dependence of our society on computing systems. The combination of these factors has created a dependability and secu...
Driver Machine Interface (DMI) is a slave unit of the train onboard computer in the ERTMS automatic train control system. The SAFEDMI project aimed at the devel-opment of a DMI which fulfills the requirements of Safety Integrity Level 2 according to the CENELEC development standards. The main challenges were (i) the reduction of the hardware comple...
Application of computer based systems in safety critical areas like automotive on-board equipments, railway control, etc. poses high dependability requirements againts software artifacts. This paper outlines a coherent tool-chain providing formally well-established support for the key phases of developing dependable software involving simulation, s...
Current distributed mobile systems are usually characterized by a huge number of nodes, different network domains, different applications running, variability of the users' behavior, and dynamicity and heterogeneity of the communication networks. A typical example can be found in the automotive context, considering car-to-car and car-to-infrastruct...
The ERTMS-ATC system is a distributed system where the Driver Machine Interface (DMI) is a slave unit of the train onboard vital computer (EVC). In this paper we analyze two types of communication protocols for the EVC-DMI interactions, based, respectively, on cyclic and acyclic messages’ exchange. Adopting a modular modeling methodology, we assess...
This workshop summary gives a brief overview of the workshop on ldquoResilience Assessment and Dependability Benchmarkingrdquo held in conjunction with the 38th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2008). The workshop aims at the presentation and exchange of ideas from the world wide research community and fost...
The ERTMS-ATC system is a distributed system where the Driver Machine Interface (DMI) is a slave unit of the train onboard vital computer (EVC). Consequently, as for the information visualization and the input data acquisition, the data transfer between DMI and EVC must also be safe. A safe communication protocol stack has therefore to be provided...
This paper proposes the application of On-Line Analytical Processing (OLAP) and data mining approaches to analyse the large amount of raw data collected in fault injection campaigns and dependability benchmarking experiments. We use data warehousing technologies to store raw results from different experiments in a multidimensional structure where r...
A new equipment of safety relevance has been developed to upgrade ageing relay-based railway interlocking systems in Hungary. In course of the design process formal methods have been used in the development of a module realising a well-separable function of the system. Namely, the UML-based design process was extended by model based analysis and va...
Driver Machine Interface (DMI) is a slave unit of the train onboard computer (EVC) in the ERTMS-ATC system. The SAFEDMI project aimed at the development of a DMI which fulfills the requirements of Safety Integrity Level 2 according to the CENELEC development standards. Formal methods were successfully applied in the quantitative evaluation of the D...
The development standard for railway control software requires several design and verification methods. To support these methods
we elaborated a coherent set of tools based on UML state diagrams. To avoid the problems of the ambiguous UML semantics, we
propose a subset of UML state machines that includes the practical modeling concepts and has well...
This chapter presents two runtime error detection techniques for UML 2.0 statechart implementations. The first technique aims at detecting errors caused by model refinement faults (introduced in early phases of the development) by proposing a temporal logic language to be used for defining and checking temporal correctness criteria on statecharts....
To enable the interoperability of high availability (HA) middleware systems the Service Availability Forum has released a set of open specifications. The benefit of having open specifications is the choice of implementations available from different vendors. When one chooses a product, one of the selection criteria (besides performance) is the robu...
Our paper presents a method for the automatic generation of program source code for embedded systems on the basis of behavioral models. The solution is based the UML's statechart formalism focusing on embedded systems with limited computing resources as target platform. Our approach follows OMG's Model Driven Architecture (MDA) initiative by (i) fi...
In this paper we introduce an approach of aspect-oriented modelling and analysis of information systems. First we give an overview of the concepts of Aspect Oriented Programming and provide an outlook to model aspect-oriented programs. On the basis of this introduction, we describe a method of using aspects at the modelling level and weaving them i...
Application of computer based systems in such safety critical areas like automotive on-board equipments, railway control systems etc. poses high dependability requirements against the corresponding software artifacts. This paper outlines a coherent tool-chain providing formally well-established support for the key phases of developing dependable so...
To increase the interoperability of availability management software (also known as high availability middleware) the Service Availability Forum has released a set of open specifications. With the development of a common interface the comparison of multiple products can be achieved. For high availability (HA) solutions, assessing the robustness of...
Testing is an essential, but time and resource consuming activity in the software development process. In the case of model-based development, among other subtasks test construction and test execution can be partially automated. Our paper describes the implementation of a test generator framework that uses an external model checker to construct tes...
Aspect-oriented modeling is proposed to design the architecture of fault tolerant systems. Notations are introduced that support the separate and modularized design of functional and dependability aspects in UML class diagrams. This notation designates sensitive parts of the architecture and selected architecture patterns that implement common redu...
Checking various temporal requirements is a key dependability concern in safety-critical systems. As model-checking approaches do not scale well to systems of high complexity the runtime verification of temporal requirements has received a growing attention recently. This paper presents a code-generation based method for runtime evaluation of linea...
Our paper introduces a runtime verification framework for concurrent monitoring of applications specified by UML statecharts. The approach offers a considerable degree of granularity
by (i) enabling the modeler to focus on specific key dependability criteria by defining temporal logic formulae over a behavioral model that is available even in early...
Our paper presents a novel approach for identifying the key infra- structural factors determining the behavior of systems in the presence of faults by the application of intelligent data processing methods on data sets obtained from dependability benchmarking experiments. Our approach does not rely on a-priori assumptions or human intuition about t...
This paper describes methods and tools for safety analysis of UML statechart specifications. A comprehensive set of general safety criteria including completeness and consistency is applied in automated analysis. Analysis techniques are based on OCL expressions, graph transformations and reachability analysis. Two canonical intermediate representat...
Our paper aims at proposing a framework that allows programmers to exploit the benefits of exception handling throughout the entire development chain of Java programs by modeling exception handling in the abstract UML statechart model of the application, enabling the use of automatic model check- ers for checking the behavioral model for correctnes...
The work in this paper is devoted to the definition of a dependability modeling and model based evaluation approach based on UML models. It is to be used in the early phases of the system design to capture system dependability attributes like reliability and availability, thus providing guidelines for the choice among different architectural and de...
This paper presents how the platform-specific development environment of time-triggered (TT) systems can be integrated with a visual design toolkit based on UML. The built-in facilities of UML and the modeling extensions introduced by us enable the unification of the advantages provided by both the embedded development environment and the UML tools...
