Safety-Assured Formal Model-Driven Design of the Multifunction Vehicle Bus Controller

  • Yu JiangEmail author
  • Han Liu
  • Houbing Song
  • Hui Kong
  • Ming Gu
  • Jiaguang Sun
  • Lui Sha
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9995)


In this paper, we present a formal model-driven engineering approach to establishing a safety-assured implementation of Multifunction vehicle bus controller (MVBC) based on the generic reference models and requirements described in the International Electrotechnical Commission (IEC) standard IEC-61375. First, the generic models described in IEC-61375 are translated into a network of timed automata, and some safety requirements tested in IEC-61375 are formalized as timed computation tree logic (TCTL) formulas. With the help of Uppaal, we check and debug whether the timed automata satisfy the formulas or not. Within this step, several logic inconsistencies in the original standard are detected and corrected. Then, we apply the tool Times to generate C code from the verified model, which was later synthesized into a real MVBC chip. Finally, the runtime verification tool RMOR is applied to verify some safety requirements at the implementation level. We set up a real platform with worldwide mostly used MVBC D113, and verify the correctness and the scalability of the synthesized MVBC chip more comprehensively. The errors in the standard has been confirmed and the resulted MVBC has been deployed in real train communication network.


International Electrotechnical Commission Runtime Verification Automatical Code Generation VHDL Code Design Verifier 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This research is sponsored in part by NSFC Program (No. 91218302, No. 61527812), National Science and Technology Major Project (No. 2016ZX01038101), Tsinghua University Initiative Scientific Research Program (20131089331), MIIT IT funds (Research and application of TCN key technologies) of China, and the National Key Technology R&D Program (No. 2015BAG14B01-02), Austrian Science Fund (FWF) under grants S11402-N23 (RiSE/SHiNE) and Z211-N23.


  1. 1.
    Amnell, T., Fersman, E., Mokrushin, L., Pettersson, P., Yi, W.: TIMES b— A tool for modelling and implementation of embedded systems. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, pp. 460–464. Springer, Heidelberg (2002). doi: 10.1007/3-540-46002-0_32 CrossRefGoogle Scholar
  2. 2.
    Behrmann, G., David, A., Larsen, K.G.: A tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30080-9_7 CrossRefGoogle Scholar
  3. 3.
    International Electrotechnical Commission et al.: IEC 61375-1, Train Communication Network (2011)Google Scholar
  4. 4.
    Havelund, K.: Runtime verification of C programs. In: Suzuki, K., Higashino, T., Ulrich, A., Hasegawa, T. (eds.) FATES/TestCom -2008. LNCS, vol. 5047, pp. 7–22. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-68524-1_3 CrossRefGoogle Scholar
  5. 5.
    Iturbe, X., Zuloaga, A., Jiménez, J., Lázaro, J., Martín, J.L.: A novel SoC architecture for a MVB slave node. In: IECON 2008. IEEE (2008)Google Scholar
  6. 6.
    Jiang, Y., Gu, M., Sun, J.: Verification and implementation of the protocol standard in train control system. In: IEEE 37th Annual Computer Software and Applications Conference (COMPSAC), pp. 549–558 (2014)Google Scholar
  7. 7.
    Song, H., et al.: Data-centered runtime verification of wireless medical cyber-physical system. IEEE Transactions on Industry Informatics (2016)Google Scholar
  8. 8.
    Yang, Y., et al.: From stateflow simulation to verified implementation: a verification approach and a real-time train controller design. In: 2016 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS) (2016)Google Scholar
  9. 9.
    Zhang, H., et al.: Design and optimization of multi-clocked embedded systems using formal technique. IEEE Trans. Ind. Electron. 62(2), 1270–1278 (2014)Google Scholar
  10. 10.
    Jiang, Y., et al.: Design of mixed synchronous/asynchronous systems with multiple clocks. IEEE Trans. Parallel Distrib. Syst. 26, 2220–2232 (2014)CrossRefGoogle Scholar
  11. 11.
    Aarthipriya, R., Chitrapreyanka, S.: FPGA implementation of multifunction vehicle bus controller with class 2 interface and verification using Beaglebone Black (2015)Google Scholar
  12. 12.
    Yunxiao, F., Zhi, L., Jingjing, P., Hongyu, L., Jiang, S.: Applying systems thinking approach to accident analysis in China: case study of “7.23” Yong-Tai-Wen high-speed train accident. Saf. Sci. 76, 190–201 (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Yu Jiang
    • 1
    Email author
  • Han Liu
    • 1
  • Houbing Song
    • 2
  • Hui Kong
    • 3
  • Ming Gu
    • 1
  • Jiaguang Sun
    • 1
  • Lui Sha
    • 4
  1. 1.TNLIST, KLISS, School of SoftwareTsinghua UniversityBeijingChina
  2. 2.Department of Electrical and Computer EngineeringWest Virginia UniversityMorgantownUSA
  3. 3.Institute of Science and Technology AustriaKlosterneuburgAustria
  4. 4.Department of Computer ScienceUIUCChampaignUSA

Personalised recommendations