Rui Wang,Ming Gu,Xiaoyu Song,Hai Wan

DOI: https://doi.org/10.1109/iceccs.2009.41

2009-01-01

Abstract:Programable logic controllers (PLCs) are complex cyber-physical systems which are widely used in industry. This paper presents a robust approach to design and implement PLC-based embedded systems. Timed automata are used to model the controller and its environment. We validate the design model with resort to model checking techniques. We propose an algorithm to generate PLC code from timed automata and implement this algorithm with a prototype tool. This method can condense the developing process and guarantee the correctness of PLC programs. A case study demonstrates the effectiveness of our method.

Ling Xiao,Ming Gu,Jiaguang Sun

2011-01-01

Abstract:COQ is an interactive theorem proving tool. The paper abstractly describes the feature of COQ, the architecture and working modes of PLC program with the example of typical PLC. It also introduces the first-order logic syntax and semantics of Intuitionistic Logic. It briefly introduces the main Gallina language syntax elements, the corresponding use methods and main theorem proving tactic on COQ. The work has modeled kernel data type and basic statements and and the denotational semantics of PLC program with Gallina. It has given the correctness proof of PLC program based on theorem proving, i.e. based on semantics function the relationship of configuration between the before codes execution and the after is proved. The main purpose is to prove whether a PLC program satisfies certain nature within a scan period.

Ji-liang LUO,Hui SHAO,Wei-min WU,Hong-ye SU

DOI: https://doi.org/10.7641/CTA.2017.60929

2018-01-01

Abstract:More and more control elements are incorporated into a single system by the information technology such as internet of things.Consequently,the scale of a control system increases quickly,and the control specification becomes more and more complicated.Any logic mistake that violates a given control specification may lead to a serious industrial failure and even security issue.Besides,there is a"state space explosion"for discrete event systems.These make a challenge for designing and debugging programs running in programmable logic controllers(PLCs)or field programmable gate arrays (FPGAs).The supervisory control theory of discrete event systems is to implement a given complicated logic specification by formal methods. The specification such as interlock,sequence,mutual exclusion,and language is expressed by a Petri net or automata.It is in turn translated into codes that can be executed by a PLC or FPGA.This paper surveys these formal methods for synthesis of logical controller,which are to shorten the costed time for control programs,to ease the reuse of them,and to increase the safety and reliability of them.

Hai Wan,Xiaoyu Song,Gang Chen,Ming Gu

DOI: https://doi.org/10.1109/QSIC.2010.27

2010-01-01

Abstract:Programmable logic controllers (PLCs) are widely used in computer-based industrial applications. Timers play a pivotal role in PLC real-time embedded system applications. The paper addresses the formal validation of PLC systems with timers in the theorem proving system Coq. The timer behavior is characterized formally. A refinement validation methodology is presented in terms of an abstract model and a concrete model. The refinement is calibrated by a mapping relation. The soundness of the methodology is shown in the proving system. An illustrative case study demonstrates the effectiveness of the approach.

Litian Xiao,Rui Wang,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1016/j.mcm.2011.11.038

2012-01-01

Mathematical and Computer Modelling

Abstract:PLC is widely used in the field of automatic control. To use formal methods to verify the correctness of PLC programs, semantic characterization of PLC programs are needed. Based on the extended λ-calculus definition, this paper presents a novel semantic modeling of PLC programs. The results lay the solid underpinnings for theorem proving and modeling checking for PLC systems.

Mo Xia,Mian Sun,Guiming Luo,Xibin Zhao

DOI: https://doi.org/10.1109/icci-cc.2013.6622270

2013-01-01

Abstract:Programmable Logic Controller (PLC) have been widely used in industries, and safety and reliability of them has been urgently concerned. However, it's hard to verify all the cases to discover the logical flaws of complex systems by traditional testing. Formal verification methods introduce mathematical rigor in their analysis thereby guaranteeing exhaustive state space coverage. But there is not an effective and efficient tool for PLC verification, and the general-purpose formal tools need lots of relevant knowledge. This paper proposes an automatic verification tool for PLC systems. It includes graphical modeling, syntax check, code generation, code optimization and representation of the counter-examples which violate some system properties.

CHEN Gang,SONG Xiaoyu,GU Ming

DOI: https://doi.org/10.13209/j.0479-8023.2010.005

2010-01-01

Abstract:The authors analyse a PLC competition quiz machine program and proves a set of properties using the COQ theorem prover.These properties reveal that only half of output states would be reachable and describe the transition relation over these states in an abstract way.Based on these results the authors introduce the notion of logic automata as a complete description of this PLC program.The authors also point out that the program may produce unfair response in rare situations.

Jan Olaf Blech,Sidi Ould Biha

DOI: https://doi.org/10.48550/arXiv.1301.3047

2013-01-14

Software Engineering

Abstract:Programmable Logic Controllers (PLC) and its programming standard IEC 61131-3 are widely used in embedded systems for the industrial automation domain. We propose a framework for the formal treatment of PLC based on the IEC 61131-3 standard. A PLC system description typically combines code written in different languages that are defined in IEC 61131-3. For the top-level specification we regard the Sequential Function Charts (SFC) language, a graphical high-level language that allows to describe the main control-flow of the system. In addition to this, we describe the Instruction List (IL) language -- an assembly like language -- and two other graphical languages: Ladder Diagrams (LD) and Function Block Diagrams (FBD). IL, LD, and FBD are used to describe more low level structures of a PLC. We formalize the semantics of these languages and describe and prove relations between them. Formalization and associated proofs are carried out using the proof assistant Coq. In addition to this, we present work on a tool for automatically generating SFC representations from a graphical description -- the IL and LD languages can be handled in Coq directly -- and its usage for verification purposes. We sketch possible usages of our formal framework, and present an example application for a PLC in a project demonstrator and prove safety properties.

H. Wan,G. Chen,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen.2010.0002

2011-01-01

IET Software

Abstract:Programmable logic controllers (PLCs) are widely used in embedded systems. Timers play a pivotal role in PLC real-time applications. The formalisation of timers is of great importance. The study presents a formalisation of PLC timers in the theorem proving system Coq, in which the behaviours of timers are characterised by a set of axioms at an abstract level. The authors discuss how to model timers at a proper and sound abstract level. PLC programs with timers are modelled. As a case study, a quiz machine problem with a timer is investigated. This work demonstrates the complexity of formal timer modelling.

Rui Wang,Xiaoyu Song,Jianzhong Zhu,Ming Gu

DOI: https://doi.org/10.1016/j.compind.2010.05.015

IF: 10

2011-01-01

Computers in Industry

Abstract:Programmable logic controllers (PLCs) are complex cyber-physical systems which are widely used in industry. This paper presents a robust approach to design and implement PLC-based embedded systems. Timed automata are used to model the controller and its environment. We validate the design model with resort to model checking techniques. We propose an algorithm to generate PLC code from timed automata and implement this algorithm with a prototype tool. This method can condense the developing process and guarantee the correctness of PLC programs. A case study demonstrates the effectiveness of the method.

Hai Wan,Gang Chen,Xiaoyu Song,Ming Gu

DOI: https://doi.org/10.1109/COMPSAC.2009.49

2009-01-01

Abstract:Programmable logic controllers (PLCs) are widely used in embedded systems. A timer plays a pivotal role in PLC real-time applications.The paper presents a formalization of TON-timers of PLC programs in the theorem proving system Coq. The behavior of a timer is characterized by a set of axioms at an abstract level. PLC programs with timers are modeled in Coq. As a case study, the quiz machine problem with timer is investigated. Relevant timing properties of practical interests are proposed and proven in Coq. This work unveils the hardness of timer modeling in embedded systems. It is an attempt of formally proving the correctness of PLC programs with timer control.

Min Zhou,Fei He,Ming Gu,Xiaoyu Song

DOI: https://doi.org/10.1109/COMPSAC.2009.80

2009-01-01

Abstract:In this paper, we focus on modeling and verification of PLC systems, which are widespread in industry and manufacture. Our approach is based on a translation procedure from PLC programs to timed automata. The resulting model consists of several kinds of modules. Besides the main module which depicts the behaviors of the PLC programs, a dedicated module is constructed to simulate the cyclical running mode of PLC systems, and another module is involved for specifying the environment behaviors. After all modules are constructed, the model checker Uppaal is adapted to perform the model checking. Experimental results show promising performance of our approach. Compared with existing approaches, our method supports extensive instructions, including not only the time-related instructions, such as timer and counter, but also the subroutine and interruption instructions. In addition, the structure of whole model is more compact, and the translation procedure is more efficient, which results in a reduced verification model.

Jianyong Zhao,Zhe Tao

DOI: https://doi.org/10.1109/access.2021.3133630

IF: 3.9

2021-01-01

IEEE Access

Abstract:Programmable logic controllers (PLCs) are widely used in industrial electronic systems. With the augmenting complexity of system, the reliability poses a crucial challenge in safety critical applications. This paper proposes a formal modeling and verification approach for programming function block diagrams. Function block diagrams are formalized in a logic specification system. We consider the equivalence checking problem which occurs frequently between design implementations under different performance constraints. We present a novel method to harness a powerful co-induction proof strategy with bisimulation to establish the equivalence in a higher-order logic theorem proving system. We validate the effectiveness of our approach by a real industry application example with key scenarios. The soundness and the completeness of our approach are substantiated.

Dániel Darvas,István Majzik,Enrique Blanco Viñuela

DOI: https://doi.org/10.1007/978-3-319-33693-0_32

2016-01-01

Abstract:Programmable Logic Controllers (PLCs) are widely used in the industry for various industrial automation tasks. Besides non-safety applications, the usage of PLCs became accepted in safety-critical installations, where the cost of failure is high. In these cases the used hardware is special (so-called fail-safe or safety PLCs), but also the software needs special considerations. Formal verification is a method that can help to develop high-quality software for critical tasks. However, such method should be adapted to the special needs of the safety PLCs, that are often particular compared to the normal PLC development domain. In this paper we propose two complementary solutions for the formal verification of safety-critical PLC programs based on model checking and equivalence checking using formal specification. Furthermore, a case study is presented, demonstrating our approach.

Luis Garcia,Stefan Mitsch,Andre Platzer

DOI: https://doi.org/10.48550/arXiv.1902.05205

2019-02-14

Programming Languages

Abstract:Programmable Logic Controllers (PLCs) provide a prominent choice of implementation platform for safety-critical industrial control systems. Formal verification provides ways of establishing correctness guarantees, which can be quite important for such safety-critical applications. But since PLC code does not include an analytic model of the system plant, their verification is limited to discrete properties. In this paper, we, thus, start the other way around with hybrid programs that include continuous plant models in addition to discrete control algorithms. Even deep correctness properties of hybrid programs can be formally verified in the theorem prover KeYmaera X that implements differential dynamic logic, dL, for hybrid programs. After verifying the hybrid program, we now present an approach for translating hybrid programs into PLC code. The new tool, HyPLC, implements this translation of discrete control code of verified hybrid program models to PLC controller code and, vice versa, the translation of existing PLC code into the discrete control actions for a hybrid program given an additional input of the continuous dynamics of the system to be verified. This approach allows for the generation of real controller code while preserving, by compilation, the correctness of a valid and verified hybrid program. PLCs are common cyber-physical interfaces for safety-critical industrial control applications, and HyPLC serves as a pragmatic tool for bridging formal verification of complex cyber-physical systems at the algorithmic level of hybrid programs with the execution layer of concrete PLC implementations.

litian xiao,mengyuan li,ming gu,jiaguang sun

DOI: https://doi.org/10.1109/icma.2014.6885893

2014-01-01

Abstract:The correctness of PLC (Programmable Logic Controller) program in automatic control is vital to this kind of safety-critical applications. In this paper, we present a useful method of combinational model-checking for correctness of PLC programs. The method is based on the denotational semantics of PLC program and the semantic functions for basic instructions. Because the state space explosion problem limits the use of general model-checking in real PLC programs, the paper firstly defines a set of combinational verification rules based on the denotational semantics. Then the paper proposes a series of general and PLC domain specific strategies for combinational model-checking. The rules and strategies can effectively reduce state space and their correctness is proved. The validity of our method is shown by an example.

R. Wang,X. Song,M. Gu

DOI: https://doi.org/10.1049/iet-sen:20070009

2007-01-01

IET Software

Abstract:Validation is an important task in complex embedded system designs. A method of modelling and analysing embedded systems with programmable logic controllers is presented. Controllers and physical plants are modelled using timed automata. The system requirements are specified and formalised as computational tree logic properties. It is demonstrated that the designed model satisfies the required properties by resorting to a symbolic model checker, Uppaal, for real-time systems. A realistic example, the steeve controller of a theatre, illustrates the strategies. The safety and time constraint requirements are validated by Uppaal. The experimental results demonstrate the effectiveness of the approach presented here.

M. Zhou,H. Wan,R. Wang,X. Song,C. Su,M. Gu,J. Sun

DOI: https://doi.org/10.1016/j.compind.2013.07.003

IF: 10

2013-01-01

Computers in Industry

Abstract:Programmable Logic Controllers (PLCs) are widely used in industry. PLC systems are reactive systems which run cyclically. In each cycle, the system state is checked and the program is executed once to determine the system behavior for a single cycle. Development of PLC systems conventionally follows the V-model, but increasing demand for efficiency and reliability requires a new rigorous and rapid design flow. In this paper, we propose a component-based formal modeling and synthesis method for cyclic execution platforms and apply it to PLC. Our method consists of three main phases: modeling, verification and code synthesis. In the modeling phase, the BIP (Behavior–Interaction–Priority) framework which is flexible and expressive is used as the modeling language. Real-time behavior, which is intensely concerned in PLC systems, can be modeled as well. In the verification phase, the system model is translated to timed automata and checked by Uppaal. Verification helps to ensure correctness of the model and further increases reliability of the implementation. In the code synthesis phase, the software part of the system model is extracted and synthesized to cyclic code. Although the PLC software runs cyclically, the software model is not necessarily given in a cyclic manner. We propose an algorithm which can generate high-performance cyclic code from a model which describes the business work-flow. This feature significantly simplifies program development. A set of tools is implemented to support our design flow and they are applied to an industrial case study for a PLC system that controls dozens of physical devices in a huge palace.

Jan Olaf Blech

DOI: https://doi.org/10.48550/arXiv.1102.3529

2011-02-17

Abstract:In this report we describe a tool framework for certifying properties of PLCs: CERTPLC. CERTPLC can handle PLC descriptions provided in the Sequential Function Chart (SFC) language of the IEC 61131-3 standard. It provides routines to certify properties of systems by delivering an independently checkable formal system description and proof (called certificate) for the desired properties. We focus on properties that can be described as inductive invariants. System descriptions and certificates are generated and handled using the COQ proof assistant. Our tool framework is used to provide supporting evidence for the safety of embedded systems in the industrial automation domain to third-party authorities. In this document we describe the tool framework: usage scenarios, the archi-tecture, semantics of PLCs and their realization in COQ, proof generation and the construction of certificates.

Software Engineering

Rui Wang,Ming Gu,Xiaoyu Song,Hehua Zhang

DOI: https://doi.org/10.1109/sies.2008.4577704

2008-01-01

Abstract:Functional and nonfunctional validation is an important task in complex embedded system developments. This paper proposes a method of applying model checking techniques to validate programable logic controllers (PLCs). Abstraction is used to ameliorate the state explosion problem. The experiment results of an industry application demonstrate the effectiveness of our approach.