H. Wan,G. Chen,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen.2010.0002

2011-01-01

IET Software

Abstract:Programmable logic controllers (PLCs) are widely used in embedded systems. Timers play a pivotal role in PLC real-time applications. The formalisation of timers is of great importance. The study presents a formalisation of PLC timers in the theorem proving system Coq, in which the behaviours of timers are characterised by a set of axioms at an abstract level. The authors discuss how to model timers at a proper and sound abstract level. PLC programs with timers are modelled. As a case study, a quiz machine problem with a timer is investigated. This work demonstrates the complexity of formal timer modelling.

Hai Wan,Gang Chen,Xiaoyu Song,Ming Gu

DOI: https://doi.org/10.1109/COMPSAC.2009.49

2009-01-01

Abstract:Programmable logic controllers (PLCs) are widely used in embedded systems. A timer plays a pivotal role in PLC real-time applications.The paper presents a formalization of TON-timers of PLC programs in the theorem proving system Coq. The behavior of a timer is characterized by a set of axioms at an abstract level. PLC programs with timers are modeled in Coq. As a case study, the quiz machine problem with timer is investigated. Relevant timing properties of practical interests are proposed and proven in Coq. This work unveils the hardness of timer modeling in embedded systems. It is an attempt of formally proving the correctness of PLC programs with timer control.

Rui Wang,Ming Gu,Xiaoyu Song,Hehua Zhang

DOI: https://doi.org/10.1109/sies.2008.4577704

2008-01-01

Abstract:Functional and nonfunctional validation is an important task in complex embedded system developments. This paper proposes a method of applying model checking techniques to validate programable logic controllers (PLCs). Abstraction is used to ameliorate the state explosion problem. The experiment results of an industry application demonstrate the effectiveness of our approach.

Ji-liang LUO,Hui SHAO,Wei-min WU,Hong-ye SU

DOI: https://doi.org/10.7641/CTA.2017.60929

2018-01-01

Abstract:More and more control elements are incorporated into a single system by the information technology such as internet of things.Consequently,the scale of a control system increases quickly,and the control specification becomes more and more complicated.Any logic mistake that violates a given control specification may lead to a serious industrial failure and even security issue.Besides,there is a"state space explosion"for discrete event systems.These make a challenge for designing and debugging programs running in programmable logic controllers(PLCs)or field programmable gate arrays (FPGAs).The supervisory control theory of discrete event systems is to implement a given complicated logic specification by formal methods. The specification such as interlock,sequence,mutual exclusion,and language is expressed by a Petri net or automata.It is in turn translated into codes that can be executed by a PLC or FPGA.This paper surveys these formal methods for synthesis of logical controller,which are to shorten the costed time for control programs,to ease the reuse of them,and to increase the safety and reliability of them.

R. Wang,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen:20070009

2007-01-01

IET Software

Abstract:Validation is an important task in complex embedded system designs. A method of modelling and analysing embedded systems with programmable logic controllers is presented. Controllers and physical plants are modelled using timed automata. The system requirements are specified and formalised as computational tree logic properties. It is demonstrated that the designed model satisfies the required properties by resorting to a symbolic model checker, Uppaal, for real-time systems. A realistic example, the steeve controller of a theatre, illustrates the strategies. The safety and time constraint requirements are validated by Uppaal. The experimental results demonstrate the effectiveness of the approach presented here.

Rui Wang,Xiaoyu Song,Jianzhong Zhu,Ming Gu

DOI: https://doi.org/10.1016/j.compind.2010.05.015

IF: 10

2011-01-01

Computers in Industry

Abstract:Programmable logic controllers (PLCs) are complex cyber-physical systems which are widely used in industry. This paper presents a robust approach to design and implement PLC-based embedded systems. Timed automata are used to model the controller and its environment. We validate the design model with resort to model checking techniques. We propose an algorithm to generate PLC code from timed automata and implement this algorithm with a prototype tool. This method can condense the developing process and guarantee the correctness of PLC programs. A case study demonstrates the effectiveness of the method.

Rui Wang,Ming Gu,Xiaoyu Song,Hai Wan

DOI: https://doi.org/10.1109/iceccs.2009.41

2009-01-01

Abstract:Programable logic controllers (PLCs) are complex cyber-physical systems which are widely used in industry. This paper presents a robust approach to design and implement PLC-based embedded systems. Timed automata are used to model the controller and its environment. We validate the design model with resort to model checking techniques. We propose an algorithm to generate PLC code from timed automata and implement this algorithm with a prototype tool. This method can condense the developing process and guarantee the correctness of PLC programs. A case study demonstrates the effectiveness of our method.

赵千川,王达,薛文轩

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2011.11.001

2011-01-01

Abstract:Programmable logic controllers （PLC） are widely used in various industries. The increasing size and complexity of PLC programs make testing and validation challenging. The testing and validation of PLC programs are analyzed to describe the research progress on verification and testing. The basic idea of each method is described with the advantages. Future trends for testing and validation of PLC programs are given. All existing testing and validation methods for PLC programs have limitations and need further study. Structural testing and fusion of different testing methods are some possible new directions.

Peizun Liu,Guiming Luo,Mo Xia,Maosong He

DOI: https://doi.org/10.1109/IWACI.2011.6160012

2011-01-01

Abstract:Execution environment and temporal performance are very important for modeling a real PLC system. They also become two impediments when verifying with model checking. This paper presents a methodology for modeling a PLC system including time and environment. In order to take into account interaction of PLC controller with execution environment, the proposed method extends the modeling method with an event-driven mechanism. The heterogeneous environments are abstracted as concurrent entities and further formalized into state graphs. A timed abstraction method is proposed to deal with real-time features which specified as timer on delay (TON). We have validated our approach on a concrete case study, a controller for steel plate transfer devices, and report on the results obtained for this case study.

Litian Xiao,Rui Wang,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1016/j.mcm.2011.11.038

2012-01-01

Mathematical and Computer Modelling

Abstract:PLC is widely used in the field of automatic control. To use formal methods to verify the correctness of PLC programs, semantic characterization of PLC programs are needed. Based on the extended λ-calculus definition, this paper presents a novel semantic modeling of PLC programs. The results lay the solid underpinnings for theorem proving and modeling checking for PLC systems.

Hai Wan,Xiaoyu Song,Ming Gu

DOI: https://doi.org/10.1109/tase.2010.12

2010-01-01

Abstract:Programmable logic controllers (PLCs) represent a typical class of embedded software systems. They are widely used in safety-critical industrial applications, such as railways, automotive applications, etc. The paper presents a novel method to specify and verify PLC software systems with the theorem proving system Coq. Dependent inductive data types are harnessed to represent the component specifications. Modular and parameterized specification and verification are proposed. An illustrative example demonstrates the effectiveness of the method.

Min Zhou,Fei He,Ming Gu,Xiaoyu Song

DOI: https://doi.org/10.1109/COMPSAC.2009.80

2009-01-01

Abstract:In this paper, we focus on modeling and verification of PLC systems, which are widespread in industry and manufacture. Our approach is based on a translation procedure from PLC programs to timed automata. The resulting model consists of several kinds of modules. Besides the main module which depicts the behaviors of the PLC programs, a dedicated module is constructed to simulate the cyclical running mode of PLC systems, and another module is involved for specifying the environment behaviors. After all modules are constructed, the model checker Uppaal is adapted to perform the model checking. Experimental results show promising performance of our approach. Compared with existing approaches, our method supports extensive instructions, including not only the time-related instructions, such as timer and counter, but also the subroutine and interruption instructions. In addition, the structure of whole model is more compact, and the translation procedure is more efficient, which results in a reduced verification model.

Rui Wang,Yong Guan,Min Zhou,Jie Zhang,Xiaoyu Song

DOI: https://doi.org/10.1155/2014/127618

IF: 2.1

2014-01-01

Advances in Mechanical Engineering

Abstract:Programmable logic controllers (PLCs) are complex embedded systems that are widely used in industry. This paper presents a component-based modeling and validation method for PLC systems using the behavior-interaction-priority (BIP) framework. We designed a general system architecture and a component library for a type of device control system. The control software and hardware of the environment were all modeled as BIP components. System requirements were formalized as monitors. Simulation was carried out to validate the system model. A realistic example from industry of the gates control system was employed to illustrate our strategies. We found a couple of design errors during the simulation, which helped us to improve the dependability of the original systems. The results of experiment demonstrated the effectiveness of our approach.

Yueshan Zheng,Guiming Luo,Junbo Sun,Junjie Zhang,Zhenfeng Wang

DOI: https://doi.org/10.4236/jsea.2010.311124

2010-01-01

Abstract:High reliability is the key to performance of electrical control equipment. PLC combines computer technology, automatic control technology and communication technology and becomes widely used for automation of industrial processes. Some requirements of complex PLC systems cannot be satisfied by the traditional verification methods. In this paper, an efficient method for the PLC systems modeling and verification is proposed. To ensure the high-speed property of PLC, we proposed a technique of “Time interval model” and “notice-waiting”. It could reduce the state space and make it possible to verify some complex PLC systems. Also, the conversion from the built PLC model to the Promela language is obtained and a tool PLC-Checker for modeling and checking PLC systems are designed. Using PLC-Checker to check a classical PLC example, a counter-example is found. Although the probability of this logic error occurs very small, it could result in system crash fatally.

Rui Wang,Min Zhou,Liangze Yin,Lianyi Zhang,Jiaguang Sun,Ming Gu,Marius Bozga

DOI: https://doi.org/10.1109/tase.2012.33

2012-01-01

Abstract:Programable logic controllers (PLCs) are complex cyber-physical systems which are widely used in industry. This paper shows the modeling and validation work of a typical PLC control system using the Behavior-Interaction-Priority(BIP) component framework. The gate control system based on PLC is a real industry application. We design general system architecture for this kind of device control system. The control software and hardware of environment are all modeled as BIP components. Their interactions are described by BIP connectors. System requirements are formalized as monitors. Simulation is applied on the system model. We found a couple of design errors in simulation, which help us to improve the dependability of the original systems.

Jianyong Zhao,Zhe Tao

DOI: https://doi.org/10.1109/access.2021.3133630

IF: 3.9

2021-01-01

IEEE Access

Abstract:Programmable logic controllers (PLCs) are widely used in industrial electronic systems. With the augmenting complexity of system, the reliability poses a crucial challenge in safety critical applications. This paper proposes a formal modeling and verification approach for programming function block diagrams. Function block diagrams are formalized in a logic specification system. We consider the equivalence checking problem which occurs frequently between design implementations under different performance constraints. We present a novel method to harness a powerful co-induction proof strategy with bisimulation to establish the equivalence in a higher-order logic theorem proving system. We validate the effectiveness of our approach by a real industry application example with key scenarios. The soundness and the completeness of our approach are substantiated.

Jan Olaf Blech,Sidi Ould Biha

DOI: https://doi.org/10.48550/arXiv.1301.3047

2013-01-14

Software Engineering

Abstract:Programmable Logic Controllers (PLC) and its programming standard IEC 61131-3 are widely used in embedded systems for the industrial automation domain. We propose a framework for the formal treatment of PLC based on the IEC 61131-3 standard. A PLC system description typically combines code written in different languages that are defined in IEC 61131-3. For the top-level specification we regard the Sequential Function Charts (SFC) language, a graphical high-level language that allows to describe the main control-flow of the system. In addition to this, we describe the Instruction List (IL) language -- an assembly like language -- and two other graphical languages: Ladder Diagrams (LD) and Function Block Diagrams (FBD). IL, LD, and FBD are used to describe more low level structures of a PLC. We formalize the semantics of these languages and describe and prove relations between them. Formalization and associated proofs are carried out using the proof assistant Coq. In addition to this, we present work on a tool for automatically generating SFC representations from a graphical description -- the IL and LD languages can be handled in Coq directly -- and its usage for verification purposes. We sketch possible usages of our formal framework, and present an example application for a PLC in a project demonstrator and prove safety properties.

Xia Mao,Xin Li,Yanhong Huang,Jianqi Shi,Yueling Zhang

DOI: https://doi.org/10.1109/tii.2021.3123194

IF: 12.3

2022-07-01

IEEE Transactions on Industrial Informatics

Abstract:Programmable logic controllers (PLC), which are widely applied in modern industrial control systems (ICS), work as the controller of sensors and actuators in ICS. These systems require strict correctness, especially for safety-critical systems. Currently, increasingly ICS move to come online scenarios to enhance cyber-physical features, but it makes them more vulnerable due to acquiring increased interconnection accompanied by weakening physical isolation. Moreover, with the more complex controlling environment, such as hundreds of more I/O points and more diverse field buses, the incorrect executions of PLC might cause the failure of the overall ICS. In this article, we examine how the security and safety of running PLC could be enhanced in both developing and deploying stages of ICS. We propose a novel application of runtime verification to guarantee the security and safety of real-world ICS. As a variant of temporal logic, PLC past linear temporal logic (PPLTL) is proposed to specify the security and safety properties of PLC. Using PPLTL, we synthesize monitors to improve the PLC programs security and safety as a partner of testing and static verification. Our monitors provide twofold processing in a nonintrusive manner: One is filtering abnormal input data before invading the original programs, the other is double-checking the output signals before driving the actuators. We use several case studies and benchmarks to demonstrate the efficiency of the approach. The empirical results show that the time overhead and memory occupation are tiny.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Mo Xia,Mian Sun,Guiming Luo,Xibin Zhao

DOI: https://doi.org/10.1109/icci-cc.2013.6622270

2013-01-01

Abstract:Programmable Logic Controller (PLC) have been widely used in industries, and safety and reliability of them has been urgently concerned. However, it's hard to verify all the cases to discover the logical flaws of complex systems by traditional testing. Formal verification methods introduce mathematical rigor in their analysis thereby guaranteeing exhaustive state space coverage. But there is not an effective and efficient tool for PLC verification, and the general-purpose formal tools need lots of relevant knowledge. This paper proposes an automatic verification tool for PLC systems. It includes graphical modeling, syntax check, code generation, code optimization and representation of the counter-examples which violate some system properties.

Ruggero Lanotte,Massimo Merro,Andrei Munteanu

DOI: https://doi.org/10.48550/arXiv.2007.09399

2020-09-11

Abstract:We define a simple process calculus, based on Hennessy and Regan's Timed Process Language, for specifying networks of communicating programmable logic controllers (PLCs) enriched with monitors enforcing specifications compliance. We define a synthesis algorithm that given an uncorrupted PLC returns a monitor that enforces the correctness of the PLC, even when injected with malware that may forge/drop actuator commands and inter-controller communications. Then, we strengthen the capabilities of our monitors by allowing the insertion of actions to mitigate malware activities. This gives us deadlock-freedom monitoring: malware may not drag monitored controllers into deadlock states.

Logic in Computer Science