litian xiao,mengyuan li,ming gu,jiaguang sun

DOI: https://doi.org/10.1109/icma.2014.6885893

2014-01-01

Abstract:The correctness of PLC (Programmable Logic Controller) program in automatic control is vital to this kind of safety-critical applications. In this paper, we present a useful method of combinational model-checking for correctness of PLC programs. The method is based on the denotational semantics of PLC program and the semantic functions for basic instructions. Because the state space explosion problem limits the use of general model-checking in real PLC programs, the paper firstly defines a set of combinational verification rules based on the denotational semantics. Then the paper proposes a series of general and PLC domain specific strategies for combinational model-checking. The rules and strategies can effectively reduce state space and their correctness is proved. The validity of our method is shown by an example.

Yueshan Zheng,Guiming Luo,Junbo Sun,Junjie Zhang,Zhenfeng Wang

DOI: https://doi.org/10.4236/jsea.2010.311124

2010-01-01

Abstract:High reliability is the key to performance of electrical control equipment. PLC combines computer technology, automatic control technology and communication technology and becomes widely used for automation of industrial processes. Some requirements of complex PLC systems cannot be satisfied by the traditional verification methods. In this paper, an efficient method for the PLC systems modeling and verification is proposed. To ensure the high-speed property of PLC, we proposed a technique of “Time interval model” and “notice-waiting”. It could reduce the state space and make it possible to verify some complex PLC systems. Also, the conversion from the built PLC model to the Promela language is obtained and a tool PLC-Checker for modeling and checking PLC systems are designed. Using PLC-Checker to check a classical PLC example, a counter-example is found. Although the probability of this logic error occurs very small, it could result in system crash fatally.

Min Zhou,Fei He,Ming Gu,Xiaoyu Song

DOI: https://doi.org/10.1109/COMPSAC.2009.80

2009-01-01

Abstract:In this paper, we focus on modeling and verification of PLC systems, which are widespread in industry and manufacture. Our approach is based on a translation procedure from PLC programs to timed automata. The resulting model consists of several kinds of modules. Besides the main module which depicts the behaviors of the PLC programs, a dedicated module is constructed to simulate the cyclical running mode of PLC systems, and another module is involved for specifying the environment behaviors. After all modules are constructed, the model checker Uppaal is adapted to perform the model checking. Experimental results show promising performance of our approach. Compared with existing approaches, our method supports extensive instructions, including not only the time-related instructions, such as timer and counter, but also the subroutine and interruption instructions. In addition, the structure of whole model is more compact, and the translation procedure is more efficient, which results in a reduced verification model.

Peizun Liu,Guiming Luo,Mo Xia,Maosong He

DOI: https://doi.org/10.1109/IWACI.2011.6160012

2011-01-01

Abstract:Execution environment and temporal performance are very important for modeling a real PLC system. They also become two impediments when verifying with model checking. This paper presents a methodology for modeling a PLC system including time and environment. In order to take into account interaction of PLC controller with execution environment, the proposed method extends the modeling method with an event-driven mechanism. The heterogeneous environments are abstracted as concurrent entities and further formalized into state graphs. A timed abstraction method is proposed to deal with real-time features which specified as timer on delay (TON). We have validated our approach on a concrete case study, a controller for steel plate transfer devices, and report on the results obtained for this case study.

Mo Xia,Mian Sun,Guiming Luo,Xibin Zhao

DOI: https://doi.org/10.1109/icci-cc.2013.6622270

2013-01-01

Abstract:Programmable Logic Controller (PLC) have been widely used in industries, and safety and reliability of them has been urgently concerned. However, it's hard to verify all the cases to discover the logical flaws of complex systems by traditional testing. Formal verification methods introduce mathematical rigor in their analysis thereby guaranteeing exhaustive state space coverage. But there is not an effective and efficient tool for PLC verification, and the general-purpose formal tools need lots of relevant knowledge. This paper proposes an automatic verification tool for PLC systems. It includes graphical modeling, syntax check, code generation, code optimization and representation of the counter-examples which violate some system properties.

Rui Wang,Ming Gu,Xiaoyu Song,Hehua Zhang

DOI: https://doi.org/10.1109/sies.2008.4577704

2008-01-01

Abstract:Functional and nonfunctional validation is an important task in complex embedded system developments. This paper proposes a method of applying model checking techniques to validate programable logic controllers (PLCs). Abstraction is used to ameliorate the state explosion problem. The experiment results of an industry application demonstrate the effectiveness of our approach.

Litian Xiao,Mengyuan Li,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/wcica.2014.7053718

2014-01-01

Abstract:The correctness of PLC (Programmable Logic Controller) program in automatic control is vital to this kind of safety-critical applications. In this paper, we present a useful method of combinational testing for correctness of PLC programs. The method is based on the denotational semantics of PLC program and the semantic functions for basic instructions. It establishes the definition of denotational semantics for PLC program. The function of denotational semantics is defined by extended λ-calculus. It analyses adaptive problems of various tests for PLC embedded software and proposes a combinational testing framework based on simulation mechanism. The equivalent transforming module of PLC program is defined by means of test module composed with high-level language code segments, which have equivalent denotational semantics and partly include program diagnostic information. The framework can decompose a PLC program test into some small tests, and solve the test problem under the condition of boundary and utmost or no environment supporting. The validity of our method is shown by one example of experiments.

Dániel Darvas,István Majzik,Enrique Blanco Viñuela

DOI: https://doi.org/10.1007/978-3-319-33693-0_32

2016-01-01

Abstract:Programmable Logic Controllers (PLCs) are widely used in the industry for various industrial automation tasks. Besides non-safety applications, the usage of PLCs became accepted in safety-critical installations, where the cost of failure is high. In these cases the used hardware is special (so-called fail-safe or safety PLCs), but also the software needs special considerations. Formal verification is a method that can help to develop high-quality software for critical tasks. However, such method should be adapted to the special needs of the safety PLCs, that are often particular compared to the normal PLC development domain. In this paper we propose two complementary solutions for the formal verification of safety-critical PLC programs based on model checking and equivalence checking using formal specification. Furthermore, a case study is presented, demonstrating our approach.

Hehua Zhang,Yu Jiang,William N. N. Hung,Xiaoyu Song,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/tc.2013.124

2014-01-01

Abstract:Programmable Logic Controllers (PLC) are widely used in industry. The reliability of the PLC is vital to many critical applications. This paper presents a novel approach to the symbolic analysis of PLC systems. The approach includes, (1) calculating the uncertainty characterization of the PLC system, (2) abstracting the PLC system as a Hidden Markov Model, (3) solving the Hidden Markov Model with domain knowledge, (4) combining the solved Hidden Markov Model and the uncertainty characterization to form a regular Markov model, and (5) utilizing probabilistic model checking to analyze properties of the Markov model. This framework provides automated analysis of both uncertainty calculations and performance measurements, without the need for expensive simulations. A case study of an industrial, automated PLC system demonstrates the effectiveness of our work.

Litian Xiao,Mengyuan Li,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/icsess.2014.6933545

2014-01-01

Abstract:The correctness verification of embedded control software has become an important research topic in embedded system field. The paper analyses the present situation on correctness verification of control software as well as the limitations of existing technologies. In order to the high reliability and high security requirements of control software, the paper proposes a hierarchical framework and architecture of control software (PLC program) verification. The framework combines the technologies of testing, model checking and theorem proving. The paper introduces the construction, flow and key elements of the architecture.

Xia Mao,Xin Li,Yanhong Huang,Jianqi Shi,Yueling Zhang

DOI: https://doi.org/10.1109/tii.2021.3123194

IF: 12.3

2022-07-01

IEEE Transactions on Industrial Informatics

Abstract:Programmable logic controllers (PLC), which are widely applied in modern industrial control systems (ICS), work as the controller of sensors and actuators in ICS. These systems require strict correctness, especially for safety-critical systems. Currently, increasingly ICS move to come online scenarios to enhance cyber-physical features, but it makes them more vulnerable due to acquiring increased interconnection accompanied by weakening physical isolation. Moreover, with the more complex controlling environment, such as hundreds of more I/O points and more diverse field buses, the incorrect executions of PLC might cause the failure of the overall ICS. In this article, we examine how the security and safety of running PLC could be enhanced in both developing and deploying stages of ICS. We propose a novel application of runtime verification to guarantee the security and safety of real-world ICS. As a variant of temporal logic, PLC past linear temporal logic (PPLTL) is proposed to specify the security and safety properties of PLC. Using PPLTL, we synthesize monitors to improve the PLC programs security and safety as a partner of testing and static verification. Our monitors provide twofold processing in a nonintrusive manner: One is filtering abnormal input data before invading the original programs, the other is double-checking the output signals before driving the actuators. We use several case studies and benchmarks to demonstrate the efficiency of the approach. The empirical results show that the time overhead and memory occupation are tiny.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jianyong Zhao,Zhe Tao

DOI: https://doi.org/10.1109/access.2021.3133630

IF: 3.9

2021-01-01

IEEE Access

Abstract:Programmable logic controllers (PLCs) are widely used in industrial electronic systems. With the augmenting complexity of system, the reliability poses a crucial challenge in safety critical applications. This paper proposes a formal modeling and verification approach for programming function block diagrams. Function block diagrams are formalized in a logic specification system. We consider the equivalence checking problem which occurs frequently between design implementations under different performance constraints. We present a novel method to harness a powerful co-induction proof strategy with bisimulation to establish the equivalence in a higher-order logic theorem proving system. We validate the effectiveness of our approach by a real industry application example with key scenarios. The soundness and the completeness of our approach are substantiated.

Litian Xiao,Rui Wang,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1016/j.mcm.2011.11.038

2012-01-01

Mathematical and Computer Modelling

Abstract:PLC is widely used in the field of automatic control. To use formal methods to verify the correctness of PLC programs, semantic characterization of PLC programs are needed. Based on the extended λ-calculus definition, this paper presents a novel semantic modeling of PLC programs. The results lay the solid underpinnings for theorem proving and modeling checking for PLC systems.

Borja Fernandez Adiego,Ignacio D. Lopez-Miguel,Jean-Charles Tournier,Enrique Blanco,Tomasz Ladzinski,Frederic Havart

DOI: https://doi.org/10.18429/JACoW-ICALEPCS2021-WEPV042

2022-03-30

Abstract:An important aspect of many particle accelerators is the constant evolution and frequent configuration changes that are needed to perform the experiments they are designed for. This often leads to the design of configurable software that can absorb these changes and perform the required control and protection actions. This design strategy minimizes the engineering and maintenance costs, but it makes the software verification activities more challenging since safety properties must be guaranteed for any of the possible configurations. Software model checking is a popular automated verification technique in many industries. This verification method explores all possible combinations of the system model to guarantee its compliance with certain properties or specification. This is a very appropriate technique for highly configurable software, since there is usually an enormous amount of combinations to be checked. This paper presents how PLCverif, a CERN model checking platform, has been applied to a highly configurable Programmable Logic Controller (PLC) program, the SPS Personnel Protection System (PPS). The benefits and challenges of this verification approach are also discussed.

Software Engineering,Systems and Control

Rui Wang,Xiaoyu Song,Jianzhong Zhu,Ming Gu

DOI: https://doi.org/10.1016/j.compind.2010.05.015

IF: 10

2011-01-01

Computers in Industry

Abstract:Programmable logic controllers (PLCs) are complex cyber-physical systems which are widely used in industry. This paper presents a robust approach to design and implement PLC-based embedded systems. Timed automata are used to model the controller and its environment. We validate the design model with resort to model checking techniques. We propose an algorithm to generate PLC code from timed automata and implement this algorithm with a prototype tool. This method can condense the developing process and guarantee the correctness of PLC programs. A case study demonstrates the effectiveness of the method.

Luis Garcia,Stefan Mitsch,Andre Platzer

DOI: https://doi.org/10.48550/arXiv.1902.05205

2019-02-14

Programming Languages

Abstract:Programmable Logic Controllers (PLCs) provide a prominent choice of implementation platform for safety-critical industrial control systems. Formal verification provides ways of establishing correctness guarantees, which can be quite important for such safety-critical applications. But since PLC code does not include an analytic model of the system plant, their verification is limited to discrete properties. In this paper, we, thus, start the other way around with hybrid programs that include continuous plant models in addition to discrete control algorithms. Even deep correctness properties of hybrid programs can be formally verified in the theorem prover KeYmaera X that implements differential dynamic logic, dL, for hybrid programs. After verifying the hybrid program, we now present an approach for translating hybrid programs into PLC code. The new tool, HyPLC, implements this translation of discrete control code of verified hybrid program models to PLC controller code and, vice versa, the translation of existing PLC code into the discrete control actions for a hybrid program given an additional input of the continuous dynamics of the system to be verified. This approach allows for the generation of real controller code while preserving, by compilation, the correctness of a valid and verified hybrid program. PLCs are common cyber-physical interfaces for safety-critical industrial control applications, and HyPLC serves as a pragmatic tool for bridging formal verification of complex cyber-physical systems at the algorithmic level of hybrid programs with the execution layer of concrete PLC implementations.

Hehua Zhang,Yu Jiang,William N. N. Hung,Guowu Yang,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1016/j.mcm.2011.11.050

2013-01-01

Quality Engineering

Abstract:Programmable Logic Controllers (PLC) are widely used in industry. Reliable PLC systems are vital to many critical applications. The reliability analysis of PLC is special because the hardware component and embedded software are combined and operated in a specific manner. This paper presents a probabilistic modeling for PLC systems, which considers both the hardware and software components. Three analysis strategies are proposed for probabilistic evaluation of reliability characterization. The first method is an input-based analysis which considers the impact of errors from primary inputs. The second one is an action-based analysis. It extends the first method by considering the impact of software-based processing deviations on primary inputs. The third method is an action-traverse analysis. It computes the reliability characterization in a single topological traverse through the primary inputs during the software execution. Experimental results demonstrate the effectiveness of our approaches when compared to fault tree analysis.

Rui Wang,Yong Guan,Min Zhou,Jie Zhang,Xiaoyu Song

DOI: https://doi.org/10.1155/2014/127618

IF: 2.1

2014-01-01

Advances in Mechanical Engineering

Abstract:Programmable logic controllers (PLCs) are complex embedded systems that are widely used in industry. This paper presents a component-based modeling and validation method for PLC systems using the behavior-interaction-priority (BIP) framework. We designed a general system architecture and a component library for a type of device control system. The control software and hardware of the environment were all modeled as BIP components. System requirements were formalized as monitors. Simulation was carried out to validate the system model. A realistic example from industry of the gates control system was employed to illustrate our strategies. We found a couple of design errors during the simulation, which helped us to improve the dependability of the original systems. The results of experiment demonstrated the effectiveness of our approach.

M. Zhou,H. Wan,R. Wang,X. Song,C. Su,M. Gu,J. Sun

DOI: https://doi.org/10.1016/j.compind.2013.07.003

IF: 10

2013-01-01

Computers in Industry

Abstract:Programmable Logic Controllers (PLCs) are widely used in industry. PLC systems are reactive systems which run cyclically. In each cycle, the system state is checked and the program is executed once to determine the system behavior for a single cycle. Development of PLC systems conventionally follows the V-model, but increasing demand for efficiency and reliability requires a new rigorous and rapid design flow. In this paper, we propose a component-based formal modeling and synthesis method for cyclic execution platforms and apply it to PLC. Our method consists of three main phases: modeling, verification and code synthesis. In the modeling phase, the BIP (Behavior–Interaction–Priority) framework which is flexible and expressive is used as the modeling language. Real-time behavior, which is intensely concerned in PLC systems, can be modeled as well. In the verification phase, the system model is translated to timed automata and checked by Uppaal. Verification helps to ensure correctness of the model and further increases reliability of the implementation. In the code synthesis phase, the software part of the system model is extracted and synthesized to cyclic code. Although the PLC software runs cyclically, the software model is not necessarily given in a cyclic manner. We propose an algorithm which can generate high-performance cyclic code from a model which describes the business work-flow. This feature significantly simplifies program development. A set of tools is implemented to support our design flow and they are applied to an industrial case study for a PLC system that controls dozens of physical devices in a huge palace.

Hehua Zhang,Yu Jiang,William N. N. Hung,Xiaoyu Song,Ming Gu

DOI: https://doi.org/10.1007/978-3-642-24559-6_10

2011-01-01

Abstract:Programmable Logic Controllers are widely used in industry. Reliable PLCs are vital to many critical applications. This paper presents a novel symbolic approach for analysis of PLC systems. The main components of the approach consists of: (1) calculating the uncertainty characterization of the PLC systems, (2) abstracting the PLC system as a Hidden Markov Model, (3) solving the Hidden Markov Model using domain knowledge, (4) integrating the solved Hidden Markov Model and the uncertainty characterization to form an integrated (regular) Markov Model, and (5) harnessing probabilistic model checking to analyze properties on the resultant Markov Model. The framework provides expected performance measures of the PLC systems by automated analytical means without expensive simulations. Case studies on an industrial automated system are performed to demonstrate the effectiveness of our approach.