research-article

Safety-Assured Model-Driven Design of the Multifunction Vehicle Bus Controller

Authors:

Lui ShaAuthors Info & Claims

IEEE Transactions on Intelligent Transportation Systems, Volume 19, Issue 10

Pages 3320 - 3333

https://doi.org/10.1109/TITS.2017.2778077

Published: 01 October 2018 Publication History

Abstract

In this paper, we present a formal model-driven design approach to establish a safety-assured implementation of multifunction vehicle bus controller (MVBC), which controls the data transmission among the devices of the vehicle. First, the generic models and safety requirements described in International Electrotechnical Commission Standard 61375 are formalized as time automata and timed computation tree logic formulas, respectively. With model checking tool Uppaal, we verify whether or not the constructed timed automata satisfy the formulas and several logic inconsistencies in the original standard are detected and corrected. Then, we apply the code generation tool Times to generate C code from the verified model, which is later synthesized into a real MVBC chip, with some handwriting glue code. Furthermore, the runtime verification tool RMOR is applied on the integrated code, to verify some safety requirements that cannot be formalized on the timed automata. For evaluation, we compare the proposed approach with existing MVBC design methods, such as BeagleBone, Galsblock, and Simulink. Experiments show that more ambiguousness or bugs in the standard are detected during Uppaal verification, and the generated code of Times outperforms the C code generated by others in terms of the synthesized binary code size. The errors in the standard have been confirmed and the resulting MVBC has been deployed in the real train communication network.

References

[1]

R. Alur, C. Courcoubetis, and D. Dill, “Model-checking for real-time systems,” in Proc. 5th Annu. IEEE Symp. Logic Comput. Sci. (LICS), Jun. 1990, pp. 414–425.

[2]

R. Alur and D. L. Dill, “A theory of timed automata,” Theor. Comput. Sci., vol. 126, no. 2, pp. 183–235, 1994.

Digital Library

[3]

T. Amnell, “Code synthesis for timed automata,” Dept. Comput. Sci., Uppsala Univ., Uppsala, Sweden, White Paper up-te-11102, 2003.

[4]

T. Amnell, E. Fersman, L. Mokrushin, P. Pettersson, and W. Yi, “TIMES—A tool for modelling and implementation of embedded systems,” in Proc. Int. Conf. Tools Algorithms Construction Anal. Syst., 2002, pp. 460–464.

[5]

F. Balarin, Y. Watanabe, H. Hsieh, L. Lavagno, C. Passerone, and A. Sangiovanni-Vincentelli, “Metropolis: An integrated electronic system design environment,” Computer, vol. 36, no. 4, pp. 45–52, Apr. 2003.

Digital Library

[6]

G. Behrmann, A. David, and K. G. Larsen, “A tutorial on uppaal,” in Formal Methods for the Design of Real-Time Systems. IL, USA: Springer, 2004, pp. 200–236.

[7]

G. Berry, “SCADE: Synchronous design and validation of embedded control software,” in Proc. Workshop Next Generat. Design Verification Methodol. Distrib. Embedded Control Syst., 2007, pp. 19–33.

[8]

A. Besseyet al., “A few billion lines of code later: Using static analysis to find bugs in the real world,” Commun. ACM, vol. 53, no. 2, pp. 66–75, 2010.

Digital Library

[9]

J. T. Buck, S. Ha, E. A. Lee, and D. G. Messerschmitt, “Ptolemy: A framework for simulating and prototyping heterogeneous systems,” Int. J. Comput. Simul., vol. 4, pp. 155–182, Aug. 1994.

[10]

Train Communication Network, IEC Standard IEC 61375-1, Int. Electrotech. Commission, Geneva, Switzerland, 2011.

[11]

G. Hamon and J. Rushby, “An operational semantics for stateflow,” in Fundamental Approaches to Software Engineering. Pisa, Italy: Springer, 2004, pp. 229–243.

[12]

K. Havelund, “Runtime verification of c programs,” in Testing of Software and Communicating Systems. Springer, 2008, pp. 7–22.

Digital Library

[13]

X. Iturbe, A. Zuloaga, J. Jiménez, J. Lázaro, and J. L. Martín, “A novel SoC architecture for a MVB slave node,” in Proc. 34th Annu. Conf. IEEE Ind. Electron. (IECON), 2008, pp. 1455–1460.

[14]

F. Jahanian and A. K.-L. Mok, “Safety analysis of timing properties in real-time systems,” IEEE Trans. Softw. Eng., vol. SE-12, no. 9, pp. 890–904, Sep. 1986.

Digital Library

[15]

Y. Jianget al., “Design of mixed synchronous/asynchronous systems with multiple clocks,” IEEE Trans. Parallel Distrib. Syst., vol. 26, no. 8, pp. 2220–2232, Aug. 2014.

[16]

Y. Jianget al., “Design and optimization of multiclocked embedded systems using formal techniques,” IEEE Trans. Ind. Electron., vol. 62, no. 2, pp. 1270–1278, Feb. 2014.

[17]

J. Jiménez, J. Arias, J. Andreu, C. Cuadrado, and I. Kortabarria, “Design methodology for multifunction vehicle bus devices,” in Proc. 5th WSEAS Int. Conf. Syst. Sci. Simulation Eng., 2006, pp. 352–357.

[18]

D. Kroening and M. Tautschnig, “CBMC—C bounded model checker,” in Proc. Int. Conf. Tools Algorithms Construction Anal. Syst., 2014, pp. 389–391.

[19]

J.-H. Lee, J.-G. Hwang, and G.-T. Park, “Performance evaluation and verification of communication protocol for railway signaling systems,” Comput. Standards Inter., vol. 27, no. 3, pp. 207–219, 2005.

Digital Library

[20]

N. G. Leveson and J. L. Stolzy, “Safety analysis using Petri nets,” IEEE Trans. Softw. Eng., vol. SE-13, no. 3, pp. 386–397, Mar. 1987.

Digital Library

[21]

Z. Li, F. Yang, and Q. Xing, “Design of multifunction vehicle bus controller,” in Computer and Computing Technologies in Agriculture IV. Shenzhen, China: Springer, 2010, pp. 177–183.

[22]

P. Louridas, “Static code analysis,” IEEE Softw., vol. 23, no. 4, pp. 58–61, Jul. 2006.

Digital Library

[23]

User Manual for Stateflow, Simulink Inc., Natick, MA, USA, 2010.

[24]

P. Petersen, “Intel parallel inspector,” in Encyclopedia of Parallel Computing. CA, USA: Springer, 2011, pp. 944–949.

[25]

R. Aarthipriya and S. Chitrapreyanka, “FPGA implementation of multifunction vehicle bus controller with class 2 interface and verification using beaglebone black,” Int. J. Sci. Eng. Res., vol. 3, no. 5, pp. 3221–3225, 2015.

[26]

S. G. Shon and H. J. Byun, “Design and implementation of embedded MVB-ethernet interface,” in Proc. ACM Symp. Res. Appl. Comput., 2011, pp. 93–96.

[27]

H. Songet al., “Safety-assured formal model-driven design of the multifunction vehicle bus controller,” in Proc. 21st Int. Symp. Formal Methods, 2016, pp. 757–763.

[28]

W. Sun, F. R. Yu, T. Tang, and B. Bu, “Energy-efficient communication-based train control systems with packet delay and loss,” IEEE Trans. Intell. Transp. Syst., vol. 12, no. 9, p. 452–468, Feb. 2016.

[29]

F. Tan, Y. Wang, Q. Wang, L. Bu, and N. Suri, “A lease based hybrid design pattern for proper-temporal-embedding of wireless CPS interlocking,” IEEE Trans. Parallel Distrib. Syst., vol. 26, no. 10, pp. 2630–2642, Oct. 2015.

Digital Library

[30]

F. Tan, Y. Wang, Q. Wang, L. Bu, R. Zheng, and N. Suri, “Guaranteeing proper-temporal-embedding safety rules in wireless cps: A hybrid formal modeling approach,” in Proc. 43rd Annu. IEEE/IFIP Int. Conf. Dependable Syst. Netw. (DSN), Jun. 2013, pp. 1–12.

[31]

D. Wang, F. He, Y. Deng, C. Su, M. Gu, and J. Sun, “Deadlock detection in FPGA design: A practical approach,” Tsinghua Sci. Technol., vol. 20, no. 2, pp. 212–218, 2015.

[32]

Y. Wang, Y. Song, H. Gao, and F. L. Lewis, “Distributed fault-tolerant control of virtually and physically interconnected systems with application to high-speed trains under traction/braking failures,” IEEE Trans. Intell. Transp. Syst., vol. 17, no. 2, p. 535–545, Feb. 2015.

[33]

WIKIPEDIA. (2015). Philadelphia Train Derailment. [Online]. Available: https://en.wikipedia.org/wiki/2015_Philadelphia_train_derailment

[34]

W. Wu and T. Kelly, “Safety tactics for software architecture design,” in Proc. 28th Annu. Int. Comput. Softw. Appl. Conf. (COMPSAC), Sep. 2004, pp. 368–375.

[35]

F. Yunxiao, L. Zhi, P. Jingjing, L. Hongyu, and S. Jiang, “Applying systems thinking approach to accident analysis in China: Case study of ‘7.23’ Yong-Tai-Wen high-speed train accident,” Safety Sci., vol. 76, pp. 190–201, Jul. 2015.

[36]

L. Zhao, B. Cai, J. Xu, and Y. Ran, “Study of the track–train continuous information transmission process in a high-speed railway,” IEEE Trans. Intell. Transp. Syst., vol. 15, no. 1, pp. 112–121, Feb. 2014.

Digital Library

Cited By

Cheng YYu ZSu ZChen TZhang XJiang YDe V(2024)AccMoS: Accelerating Model Simulation for Simulink via Code GenerationProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3656218(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3656218
Yu ZSu ZJiang YCui AWang RDe V(2024)Efficient Code Generation for Data-Intensive Simulink Models via Redundancy EliminationProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3656217(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3656217
Kim YChoi Y(2024)PBE-Based Selective Abstraction and Refinement for Efficient Property Falsification of Embedded SoftwareProceedings of the ACM on Software Engineering10.1145/36437401:FSE(293-315)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643740
Show More Cited By

Index Terms

Safety-Assured Model-Driven Design of the Multifunction Vehicle Bus Controller

Index terms have been assigned to the content through auto-classification.

Recommendations

Improving Software Quality in Safety-Critical Applications by Model-Driven Verification

We propose a new development scheme for quality-aware applications, quality-driven development (QDD), based on the Model-Driven Architecture (MDA) of Object Management Group OMG. We argue that software development in areas, such as real-time systems, ...
Model driven code checking

Model checkers were originally developed to support the formal verification of high-level design models of distributed system designs. Over the years, they have become unmatched in precision and performance in this domain. Research in model checking has ...
Beyond safety: customized SAT-based model checking
DAC '05: Proceedings of the 42nd annual Design Automation Conference

Model checking of safety properties has taken a significant lead over non-safety properties in recent years. To bridge the gap, we propose dedicated SAT-based model checking algorithms for properties beyond safety. Previous bounded model checking (BMC) ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Intelligent Transportation Systems

IEEE Transactions on Intelligent Transportation Systems Volume 19, Issue 10

Oct. 2018

342 pages

ISSN:1524-9050

Issue’s Table of Contents

1524-9050 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

Publisher

IEEE Press

Publication History

Published: 01 October 2018

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cheng YYu ZSu ZChen TZhang XJiang YDe V(2024)AccMoS: Accelerating Model Simulation for Simulink via Code GenerationProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3656218(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3656218
Yu ZSu ZJiang YCui AWang RDe V(2024)Efficient Code Generation for Data-Intensive Simulink Models via Redundancy EliminationProceedings of the 61st ACM/IEEE Design Automation Conference10.1145/3649329.3656217(1-6)Online publication date: 23-Jun-2024
https://dl.acm.org/doi/10.1145/3649329.3656217
Kim YChoi Y(2024)PBE-Based Selective Abstraction and Refinement for Efficient Property Falsification of Embedded SoftwareProceedings of the ACM on Software Engineering10.1145/36437401:FSE(293-315)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643740
Su ZWang DYu ZYang YJiang YWang RChang WLi WCui ASun J(2023)PHCG: Optimizing Simulink Code Generation for Embedded System With SIMD InstructionsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.319750442:4(1072-1084)Online publication date: 1-Apr-2023
https://dl.acm.org/doi/10.1109/TCAD.2022.3197504
Yu ZSu ZYang YLiang JJiang YCui AChang WWang R(2022)Mercury: Instruction Pipeline Aware Code Generation for Simulink ModelsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.319996741:11(4504-4515)Online publication date: 1-Nov-2022
https://dl.acm.org/doi/10.1109/TCAD.2022.3199967
Su ZWang DYang YYu ZChang WLi WCui AJiang YSun J(2022)MDD: A Unified Model-Driven Design Framework for Embedded Control SoftwareIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2021.313256441:10(3252-3265)Online publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1109/TCAD.2021.3132564
Su ZWang DYang YJiang YChang WFang LLi WSun J(2022)Code Synthesis for Dataflow-Based Embedded Software DesignIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2021.305548741:1(49-61)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1109/TCAD.2021.3055487

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents