Ji-liang LUO,Hui SHAO,Wei-min WU,Hong-ye SU

DOI: https://doi.org/10.7641/CTA.2017.60929

2018-01-01

Abstract:More and more control elements are incorporated into a single system by the information technology such as internet of things.Consequently,the scale of a control system increases quickly,and the control specification becomes more and more complicated.Any logic mistake that violates a given control specification may lead to a serious industrial failure and even security issue.Besides,there is a"state space explosion"for discrete event systems.These make a challenge for designing and debugging programs running in programmable logic controllers(PLCs)or field programmable gate arrays (FPGAs).The supervisory control theory of discrete event systems is to implement a given complicated logic specification by formal methods. The specification such as interlock,sequence,mutual exclusion,and language is expressed by a Petri net or automata.It is in turn translated into codes that can be executed by a PLC or FPGA.This paper surveys these formal methods for synthesis of logical controller,which are to shorten the costed time for control programs,to ease the reuse of them,and to increase the safety and reliability of them.

A. Tiwari,N. Shankar,J. Rushby

DOI: https://doi.org/10.1109/jproc.2002.805818

IF: 20.6

2003-01-01

Proceedings of the IEEE

Abstract:Embedded control systems typically comprise continuous control laws combined with discrete mode logic. These systems are modeled using a hybrid automaton formalism, which is obtained by combining the discrete transition system formalism with continuous dynamical systems. This paper develops automated analysis techniques for asserting correctness of hybrid system designs. Our approach is based on symbolic representation of the state space of the system using mathematical formulas in an appropriate logic. Such formulas are manipulated using symbolic theorem proving techniques. It is important that formal analysis should be unobtrusive and acceptable to engineering practice. We motivate a methodology called invisible formal methods that provides a graded sequence of formal analysis technologies ranging from extended typechecking, through approximation and abstraction, to model checking and theorem proving. As an instance of invisible formal methods, we describe techniques to check inductive invariants, or extended types, for hybrid systems and compute discrete finite state abstractions automatically to perform reachability set computation. The abstract system is sound with respect to the formal semantics of hybrid automata. We also discuss techniques for performing analysis on nonstandard semantics of hybrid automata. We also briefly discuss the problem of translating models in Simulink/Stateflow language, which is widely used in practice, into the modeling formalisms, like hybrid automata, for which analysis tools are being developed.

engineering, electrical & electronic

Feng Xia,Youxian Sun

DOI: https://doi.org/10.48550/arxiv.0806.1385

2008-01-01

Abstract:Despite rapid evolution, embedded computing systems increasingly feature resource constraints and workload uncertainties. To achieve much better system performance in unpredictable environments than traditional design approaches, a novel methodology, control-scheduling codesign, is emerging in the context of integrating feedback control and real-time computing. The aim of this work is to provide a better understanding of this emerging methodology and to spark new interests and developments in both the control and computer science communities. The state of the art of control-scheduling codesign is captured. Relevant research efforts in the literature are discussed under two categories, i.e., control of computing systems and codesign for control systems. Critical open research issues on integrating control and computing are also outlined.

Eric Feron,Fernando Alegre

DOI: https://doi.org/10.48550/arXiv.0809.4812

2008-09-28

Abstract:As the digital world enters further into everyday life, questions are raised about the increasing challenges brought by the interaction of real-time software with physical devices. Many accidents and incidents encountered in areas as diverse as medical systems, transportation systems or weapon systems are ultimately attributed to "software failures". Since real-time software that interacts with physical systems might as well be called control software, the long litany of accidents due to real-time software failures might be taken as an equally long list of opportunities for control systems engineering. In this paper, we are interested only in run-time errors in those pieces of software that are a direct implementation of control system specifications: For well-defined and well-understood control architectures such as those present in standard textbooks on digital control systems, the current state of theoretical computer science is well-equipped enough to address and analyze control algorithms. It appears that a central element to these analyses is Lyapunov stability theory, which translate into invariant theory in computer implementations.

Software Engineering

Jan Olaf Blech,Sidi Ould Biha

DOI: https://doi.org/10.48550/arXiv.1301.3047

2013-01-14

Software Engineering

Abstract:Programmable Logic Controllers (PLC) and its programming standard IEC 61131-3 are widely used in embedded systems for the industrial automation domain. We propose a framework for the formal treatment of PLC based on the IEC 61131-3 standard. A PLC system description typically combines code written in different languages that are defined in IEC 61131-3. For the top-level specification we regard the Sequential Function Charts (SFC) language, a graphical high-level language that allows to describe the main control-flow of the system. In addition to this, we describe the Instruction List (IL) language -- an assembly like language -- and two other graphical languages: Ladder Diagrams (LD) and Function Block Diagrams (FBD). IL, LD, and FBD are used to describe more low level structures of a PLC. We formalize the semantics of these languages and describe and prove relations between them. Formalization and associated proofs are carried out using the proof assistant Coq. In addition to this, we present work on a tool for automatically generating SFC representations from a graphical description -- the IL and LD languages can be handled in Coq directly -- and its usage for verification purposes. We sketch possible usages of our formal framework, and present an example application for a PLC in a project demonstrator and prove safety properties.

Feng Xia,You-xian Sun

2008-01-01

Abstract:With emphasis on flexible resource management in networked and embedded real-time control systems operating in dynamic environments with uncertainty, Control and Scheduling Codesign is devoted to the integration of control with computing and communication. It covers the authors' recent and original research results within a unified framework of feedback scheduling. New approaches with respect to CPU scheduling, energy management, and network bandwidth allocation promote the developments in the area of control and scheduling codesign. The book also contains rich examples, case studies, and extensive references to the literature. It is a useful reference for researchers, practitioners, and graduate students in systems, control, computer, and communication engineering. The audience will appreciate the multidisciplinary codesign framework and methods that explore the interplay between control and scheduling, as well as new insights into research and development in networked and embedded systems.

Ryan Carey,Tom Everitt

2023-05-31

Abstract:How can humans stay in control of advanced artificial intelligence systems? One proposal is corrigibility, which requires the agent to follow the instructions of a human overseer, without inappropriately influencing them. In this paper, we formally define a variant of corrigibility called shutdown instructability, and show that it implies appropriate shutdown behavior, retention of human autonomy, and avoidance of user harm. We also analyse the related concepts of non-obstruction and shutdown alignment, three previously proposed algorithms for human control, and one new algorithm.

Artificial Intelligence

Andy King

DOI: https://doi.org/10.48550/arXiv.0903.2353

2009-03-13

Abstract:Logic programming is sometimes described as relational programming: a paradigm in which the programmer specifies and composes n-ary relations using systems of constraints. An advanced logic programming environment will provide tools that abstract these relations to transform, optimise, or even verify the correctness of a logic program. This talk will show that these concepts, namely relations, constraints and abstractions, turn out to also be important in the reverse engineer process that underpins the discovery of bugs within the security industry.

Programming Languages

Patrik Christen

DOI: https://doi.org/10.48550/arXiv.2202.13830

2022-02-28

Software Engineering

Abstract:Self-modifying code has many intriguing applications in a broad range of fields including software security, artificial general intelligence, and open-ended evolution. Having control over self-modifying code, however, is still an open challenge since it is a balancing act between providing as much freedom as possible so as not to limit possible solutions, while at the same time imposing restriction to avoid security issues and invalid code or solutions. In the present study, I provide a prototype implementation of how one might curb self-modifying code by introducing control mechanisms for code modifications within specific regions and for specific transitions between code and data. I show that this is possible to achieve with the so-called allagmatic method - a framework to formalise, model, implement, and interpret complex systems inspired by Gilbert Simondon's philosophy of individuation and Alfred North Whitehead's philosophy of organism. Thereby, the allagmatic method serves as guidance for self-modification based on concepts defined in a metaphysical framework. I conclude that the allagmatic method seems to be a suitable framework for control mechanisms in self-modifying code and that there are intriguing analogies between the presented control mechanisms and gene regulation.

Vinod Chandra,Z. Huang,Ratnesh Kumar

DOI: https://doi.org/10.1109/tsmcc.2003.813152

2003-01-01

Abstract:The design of logic controllers for event-driven systems continue to rely largely on intuitive methods rather than on formal techniques. This approach results in a control code that requires extensive verification, is hard to maintain and modify, and may even fail at times. Supervisory control theory (SCT) provides a formal approach to logic control synthesis. In order to demonstrate the usefulness of the supervisory control theory in manufacturing systems, an educational test-bed that simulates an automated car assembly line has been built using LEGO/spl reg/ blocks. Finite state machines (FSMs) are used for modeling operations of the assembly line, and for the specifications that accomplish the task of successfully completing the assembly repeatedly. Using the technique of SCT, we derive a supervisor that enforces the specifications while offering the maximum flexibility of assembly. Subsequently a controller is extracted from the maximally permissive supervisor for the purpose of implementing the control by selecting, when possible, at most one controllable event from among the ones allowed by the supervisor. Testing to check the correctness of the control code is reduced, since the controller is guaranteed to enforce the specifications.

B. Kiepuszewski,A.H.M. ter Hofstede,W.M.P. van der Aalst

DOI: https://doi.org/10.1007/s00236-002-0105-4

2003-01-01

Acta Informatica

Abstract:. Although workflow management emerged as a research area well over a decade ago, little consensus has been reached as to what should be essential ingredients of a workflow specification language. As a result, the market is flooded with workflow management systems, based on different paradigms and using a large variety of concepts. The goal of this paper is to establish a formal foundation for control-flow aspects of workflow specification languages, that assists in understanding fundamental properties of such languages, in particular their expressive power. Workflow languages can be fully characterized in terms of the evaluation strategy they use, the concepts they support, and the syntactic restrictions they impose. A number of results pertaining to this classification will be proven. This should not only aid those developing workflow specifications in practice, but also those developing new workflow engines.

Yuri Gil Dantas,Antoaneta Kondeva,Vivek Nigam

DOI: https://doi.org/10.48550/arXiv.2009.10251

2020-09-22

Systems and Control

Abstract:The development of safety-critical systems requires the control of hazards that can potentially cause harm. To this end, safety engineers rely during the development phase on architectural solutions, called safety patterns, such as safety monitors, voters, and watchdogs. The goal of these patterns is to control (identified) faults that can trigger hazards. Safety patterns can control such faults by e.g., increasing the redundancy of the system. Currently, the reasoning of which pattern to use at which part of the target system to control which hazard is documented mostly in textual form or by means of models, such as GSN-models, with limited support for automation. This paper proposes the use of logic programming engines for the automated reasoning about system safety. We propose a domain-specific language for embedded system safety and specify as disjunctive logic programs reasoning principles used by safety engineers to deploy safety patterns, e.g., when to use safety monitors, or watchdogs. Our machinery enables two types of automated safety reasoning: (1) identification of which hazards can be controlled and which ones cannot be controlled by the existing safety patterns; and (2) automated recommendation of which patterns could be used at which place of the system to control potential hazards. Finally, we apply our machinery to two examples taken from the automotive domain: an adaptive cruise control system and a battery management system.

Ruggero Lanotte,Massimo Merro,Andrei Munteanu

DOI: https://doi.org/10.48550/arXiv.2105.10668

2021-11-18

Abstract:With the advent of Industry 4.0, industrial facilities and critical infrastructures are transforming into an ecosystem of heterogeneous physical and cyber components, such as programmable logic controllers, increasingly interconnected and therefore exposed to cyber-physical attacks, i.e., security breaches in cyberspace that may adversely affect the physical processes underlying industrial control systems. In this paper, we propose a formal approach based on runtime enforcement to ensure specification compliance in networks of controllers, possibly compromised by colluding malware that may tamper with actuator commands, sensor readings, and inter-controller communications. Our approach relies on an ad-hoc sub-class of Ligatti et al.'s edit automata to enforce controllers represented in Hennessy and Regan's Timed Process Language. We define a synthesis algorithm that, given an alphabet $P$ of observable actions and a timed correctness property $e$, returns a monitor that enforces the property $e$ during the execution of any (potentially corrupted) controller with alphabet $P$, and complying with the property $e$. Our monitors correct and suppress incorrect actions coming from corrupted controllers and emit actions in full autonomy when the controller under scrutiny is not able to do so in a correct manner. Besides classical requirements, such as transparency and soundness, the proposed enforcement enjoys deadlock- and diverge-freedom of monitored controllers, together with scalability when dealing with networks of controllers. Finally, we test the proposed enforcement mechanism on a non-trivial case study, taken from the context of industrial water treatment systems, in which the controllers are injected with different malware with different malicious goals.

Cryptography and Security,Formal Languages and Automata Theory,Systems and Control

Sean Kauffman,Carlos Moreno,Sebastian Fischmeister

2024-07-05

Abstract:Control flow coverage criteria are an important part of the process of qualifying embedded software for safety-critical systems. Criteria such as modified condition/decision coverage (MC/DC) as defined by DO-178B are used by regulators to judge the adequacy of testing and by QA engineers to design tests when full path coverage is impossible. Despite their importance, these coverage criteria are often misunderstood. One problem is that their definitions are typically written in natural language specification documents, making them imprecise. Other works have proposed formal definitions using binary predicate logic, but these definitions are difficult to apply to the analysis of real programs. Control-Flow Graphs (CFGs) are the most common model for analyzing program logic in compilers, and seem to be a good fit for defining and analyzing coverage criteria. However, CFGs discard the explicit concept of a decision, making their use for this task seem impossible. In this paper, we show how to annotate a CFG with decision information inferred from the graph itself. We call this annotated model a Control-Flow Decision Graph (CFDG) and we use it to formally define several common coverage criteria. We have implemented our algorithms in a tool which we show can be applied to automatically annotate CFGs output from popular compilers.

Software Engineering

Julien Calbert,Antoine Girard,Raphaël M. Jungers

2024-10-08

Abstract:Abstraction-based control design is a promising approach for ensuring safety-critical control of complex cyber-physical systems. A key aspect of this methodology is the relation between the original and abstract systems, which ensures that the abstract controller can be transformed into a valid controller for the original system through a concretization procedure. In this paper, we provide a comprehensive and systematic framework that characterizes various simulation relations, through their associated concretization procedures. We introduce the concept of augmented system, which universally enables a feedback refinement relation with the abstract system. This augmented system encapsulates the specific characteristics of each simulation relation within an interface, enabling a plug-and-play control architecture. Our results demonstrate that the existence of a particular simulation relation between the concrete and abstract systems is equivalent to the implementability of a specific control architecture, which depends on the considered simulation relation. This allows us to introduce new types of relations, and to establish the advantages and drawbacks of different relations, which we exhibit through detailed examples.

Systems and Control,Dynamical Systems

Heiko Koziolek,Anne Koziolek

2023-11-17

Abstract:LLM-based code generation could save significant manual efforts in industrial automation, where control engineers manually produce control logic for sophisticated production processes. Previous attempts in control logic code generation lacked methods to interpret schematic drawings from process engineers. Recent LLMs now combine image recognition, trained domain knowledge, and coding skills. We propose a novel LLM-based code generation method that generates IEC 61131-3 Structure Text control logic source code from Piping-and-Instrumentation Diagrams (P&IDs) using image recognition. We have evaluated the method in three case study with industrial P&IDs and provide first evidence on the feasibility of such a code generation besides experiences on image recognition glitches.

Software Engineering

Zhe Chen,Gilles Motet

DOI: https://doi.org/10.1109/depend.2009.18

2009-06-01

Abstract:Safety is an important element of dependability. It is defined as the absence of accidents. Most accidents involving software-intensive systems have been system accidents, which are caused by unsafe inter-system or inter-component interactions. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components. This paper proposes such a formalism, namely interface control systems (or shortly C-Systems). An interface C-System is composed of an interface automaton and a controlling automaton, which formalizes safe interactions and restricts system behavior at the meta level. This framework differs from the framework of traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing safety requirements and a way of automatically ensuring system safety.

Rolf Andreas Rasenack,Karsten Wolke,Kostyantyn Yermashov,Karl Hayo Siemsen

DOI: https://doi.org/10.48550/arXiv.0904.3698

2009-04-23

Abstract:Control systems are sets of interconnected hardware and software components which regulate the behaviour of processes. The software of modern control systems rises for some years by requirements regarding the flexibility and functionality. Thus the force of innovation grows on enterprises, since ever newer products in ever shorter time intervals must be made available. Associated hereby is the crucial shortening of the product life cycle, whose effects show up in reduced care of the software and the spares inventory. The aim, the concept presented here and developed in a modeling environment, is proved and ensures a minimum functionality of software components. Replacing software components of a control system verified for functionality by a framework at run-time and if necessary the software conditions will become adapted. Quintessential point of this implementation is the usage of an abstract syntax tree. Within its hierarchical structure meta information is attached to nodes and processed by the framework. With the development of the concept for semantic proving of software components the lifetime of software-based products is increased.

Software Engineering

Youngju Song,Minki Cho,Dongjae Lee,Chung-Kil Hur

DOI: https://doi.org/10.48550/arXiv.2109.02991

2021-09-07

Abstract:Contextual refinement and separation logics are successful verification techniques that are very different in nature. First, the former guarantees behavioral refinement between a concrete program and an abstract program while the latter guarantees safety of a concrete program under certain conditions (expressed in terms of pre and post conditions). Second, the former does not allow any assumption about the context when locally reasoning about a module while the latter allows rich assumptions. In this paper, we present a new verification technique, called abstraction logic (AL), that inherently combines contextual refinement and separation logics such as Iris and VST, thereby taking the advantages of both. Specifically, AL allows us to locally verify a concrete module against an abstract module under separation-logic-style pre and post conditions about external modules. AL are fully formalized in Coq and provides a proof mode that supports a combination of simulation-style reasoning using our own tactics and SL-style reasoning using IPM (Iris Proof Mode). Using the proof mode, we verified various examples to demonstrate reasoning about ownership (based on partial commutative monoids) and purity ($i.e.$, termination with no system call), cyclic and higher-order reasoning about mutual recursion and function pointers, and reusable and gradual verification via intermediate abstractions. Also, the verification results are combined with CompCert, so that we formally establish behavioral refinement from top-level abstract programs, all the way down to their assembly code.

Programming Languages

Aron Schnakenbeck,Robin Mroß,Marcus Völker,Stefan Kowalewski,Alexander Fay

DOI: https://doi.org/10.1109/INDIN51400.2023.10218176

2023-08-25

Abstract:The graphical modeling language GRAFCET is used as a formal specification language in industrial control design. This paper proposes a static analysis approach based on the control flow of GRAFCET using abstract interpretation to allow verification on specification level. GRAFCET has different elements leading to concurrent behavior, which in general results in a large state space. To get precise results and reduce the state space, we propose an analysis suitable for GRAFCET instances without concurrent behavior. We point out how to check for the absence of concurrency and present a flow-sensitive analysis for these GRAFCET instances. The proposed approach is evaluated on an industrial-sized example.

Programming Languages,Logic in Computer Science,Systems and Control