Formal verification of industrial control systems

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
SOFTWARE TESTING. Software Testing Principles Types of software tests Test planning Test Development Test Execution and Reporting Test tools and Methods.
Efficient representation for formal verification of PLC programs Vincent Gourcuff, Olivier de Smet and Jean-Marc Faure LURPA – ENS de Cachan.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
LIFE CYCLE MODELS FORMAL TRANSFORMATION
ISBN Chapter 3 Describing Syntax and Semantics.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.
Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
1 Advanced Material The following slides contain advanced material and are optional.
Dependent Types for Reasoning About Distributed Systems Paul Sivilotti - Ohio State Hongwei Xi - Cincinnati.
Describing Syntax and Semantics
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.
By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.
Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Using a Formal Specification and a Model Checker to Monitor and Guide Simulation Verifying the Multiprocessing Hardware of the Alpha Microprocessor.
1. Topics to be discussed Introduction Objectives Testing Life Cycle Verification Vs Validation Testing Methodology Testing Levels 2.
Requirements Expression and Modelling
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
Ed Brinksma Dept. of CS, University of Twente, NL joint work with Angelika Mader Monterey Workshop 2003 Chicago Verification Modelling of Embedded systems.
Openlab Workshop on Data Analytics 16 th of November 2012 Axel Voitier – CERN EN-ICE.
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes.
Safety-Critical Systems 5 Testing and V&V T
1 An Aspect-Oriented Implementation Method Sérgio Soares CIn – UFPE Orientador: Paulo Borba.
Software Debugging, Testing, and Verification Presented by Chris Hundersmarck November 10, 2004 Dr. Bi’s SE516.
- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -
Verification & Validation By: Amir Masoud Gharehbaghi
SAT-Based Model Checking Without Unrolling Aaron R. Bradley.
Introduction to Hardware Verification ECE 598 SV Prof. Shobha Vasudevan.
Automated Formal Verification of PLC (Programmable Logic Controller) Programs
R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.
Dániel Darvas (CERN BE-ICS-PCS / TU Budapest) DSL tools for formal verification Spoofax meeting 19/01/2016, CERN Joint work with B. Fernández, E. Blanco,
Jeremy Nimmer, page 1 Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science Joint work with.
Combining safety and conventional interfaces for interlock PLCs
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Software Dependability
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
Improving the quality of PLC programs
Software Engineering (CSI 321)
UNICOS: UNified Industrial COntrol System CPC (Continuous Process Control) Basic course SESSION 3: PLC basics UCPC 6 UNICOS-Continuous Process Control.
SOFTWARE TESTING OVERVIEW
Chapter 18 Maintaining Information Systems
Synthesis from scenarios and requirements
Testing and Debugging.
Software engineering – 1
TriggerScope Towards Detecting Logic Bombs in Android Applications
Unit# 8: Introduction to Computer Programming
Human Complexity of Software
PROGRAMMING.
Chapter 1 Introduction(1.1)
Software Verification and Validation
System Analysis and Design
Software Verification and Validation
System Analysis and Design
CSE403 Software Engineering Autumn 2000 More Testing
A Trusted Safety Verifier for Process Controller Code
Software and Software Engineering
Automation of Control System Configuration TAC 18
Software Verification and Validation
Test Cases, Test Suites and Test Case management systems
Presentation transcript:

Formal verification of industrial control systems 3th Workshop on PLC/COTS-based Interlock and Protection Systems 02/02/2016, CERN To be presented on the 3th Workshop on PLC/COTS-based Interlock and Protection Systems, 01-02/02/2016 http://indico.cern.ch/event/461080/ Desired length: 20 mins Contains joint work of B. Fernández, E. Blanco, S. Bliudze, J.O. Blech, J-C. Tournier, T. Bartha, A. Vörös, I. Majzik, R. Speroni, M. Lettrich

Source: http://www.iphonetextgenerator.com/

Context – CERN PLCs for controlling vacuum, cryogenics, CV, etc. systems + safety systems Failures might have negative impact Increasing complexity without decreasing quality? Photo courtesy of CERN. Licenced under CC-BY-SA-4.0. Source: http://cds.cern.ch/record/1211045?ln=en, CERN-AC-0910152-01  © CERN

Context – PLCs at CERN Programmable Logic Controllers robust industrial computers Small computing capacity, special programming languages 1000+ PLCs at CERN Photo courtesy of Siemens AG. © Siemens AG 2014, All rights reserved Source: http://www.automation.siemens.com/bilddb/search.aspx, P_ST70_XX_04457 http://www.automation.siemens.com/bilddb/index.aspx?gridview=view2&objkey=P_ST70_XX_04457&showdetail=true&view=Search © Siemens AG 2014, All rights reserved

Goal To improve the quality by eliminating bugs Complementing automated and manual testing Model checking to find “high quality” bugs Integrating formal verification to the development process

What is formal verification? Formal verification: mathematically sound methods to check properties of specifications / implementations / … Model checking Automated formal verification method Checks all possible executions (contrarily to testing) Goal: prove correctness OR find hidden/rare problems Real System (hardware, software) Formal Model Formal Requirement Model checker satisfied not satisfied  Counterexample

Testing vs. model checking 5 3 + ? + < 0 ? add(5,3)=8 ? add(…,…)<0 ? Inputs are known, outputs are checked E.g. the possibility of an output combination is checked. Temporal expressions are possible

Usage of formal verification Used both in industry and academia Typically when the cost of failure is high Formal verification for PLCs Mostly in academic environment Not widely spread yet in industry – too difficult! Mentioned industrial use cases: Intel: Core i7 processor [2] RATP and Matra Transport (now Siemens Mobility): RER Line A, Line 14 control systems [1] NASA: Remote Agent [3] Microsoft: Hyper-V hypervisor [1]; Static Driver Verifier Airbus: DO-178B Level A compliant controllers for A340, A380 series (SCADE) [1] Facebook [4] [1] Woodcock et al.: Formal Methods: Practice and Experience. ACM Computing Surveys, Vol. 41, No. 4, 2009. http://dl.acm.org/citation.cfm?doid=1592434.1592436 [2] Kaivola et al.: Replacing testing with formal verification in Intel Core i7 processor execution engine validation. Computer Aided Verification, 2009. [3] Haxthausen: An introduction to formal methods for the development of safety-critical applications. Technical report, 2010. [4] Calcagno et al.: Moving Fast with Software Verification. NASA Formal Methods 2015, LNCS 9058, pp 3-11, 2015. DOI 10.1007/978-3-319-17524-9_1 Source of images: http://commons.wikimedia.org/wiki/File:Intel-logo.svg http://histoireduticketdemetro.blogspot.ch/2007/11/blog-post.html http://commons.wikimedia.org/wiki/File:Nasa-logo.gif http://www.microsoft.com/about/corporatecitizenship/en-us/community-tools/nonprofittoolkit/get-files/ http://www.siemens.cz/siemjetstorage/images/image_306.jpg http://www.airbus.com/presscentre/corporate-information/logo-downloads/?eID=dam_frontend_push&docID=38571 http://en.wikipedia.org/wiki/File:Mondex_logo.svg https://www.facebookbrand.com/ The presented logos are trademarks of the corresponding companies and their usage is nominative fair use. None of the companies endorse or support the presented work.

Main challenges of model checking Formalization … of source code … of requirements Performance Making it accessible to the developers (No general solution to date.)

Model checking (extended workflow for PLCs) PLC code (ST, SFC, IL) Requirement patterns Formal model Formal requirement Reductions Model checker Satisfied Not satisfied Screenshot courtesy of CERN BE-ICS-PCS.  Counter-example Verification report

Model checking (extended workflow for PLCs) PLC code (ST, SFC, IL) Requirement patterns PLC-specific verification tool Formal model Formal requirement Model checker Satisfied Not satisfied Screenshot courtesy of CERN BE-ICS-PCS.  Counter-example Verification report

The PLCverif tool Eclipse-based editor for PLC programs Screenshot courtesy of CERN BE-ICS-PCS. Eclipse-based editor for PLC programs

The PLCverif tool Screenshot courtesy of CERN BE-ICS-PCS. Defining verification cases (requirement, fine-tuning, etc.) No model checker-related things or temporal logic expressions

The PLCverif tool Requirement patterns Screenshot courtesy of CERN BE-ICS-PCS. Requirement patterns

The PLCverif tool Screenshot courtesy of CERN BE-ICS-PCS. Click-button verification, verification report with the analysed counterexample

Example – SMTP safety system The image is the author’s own work.

Sc Magnet Test Plant safety system © CERN Goal: ensuring safety by allowing/forbidding tests Core: Photo courtesy of CERN. Licensed under CC-BY-SA-4.0. Source: https://cds.cern.ch/record/1542815 CERN-GE-1304099-24 (https://mediastream.cern.ch/MediaArchive/Photo/Public/2013/1304099/1304099_24/1304099_24-A4-at-144-dpi.jpg) Safety-critical, can be dangerous

Model checking workflow for this case SM18 PLCSE Safety Logic E.g. Test starts only if cryo conditions are OK PLC code / Formal model Requirement Black magic inside Model checker Satisfied Not satisfied  Counter-example Example inputs to violate the requirement

The picture is the author’s own work.

The picture is the author’s own work.

Ladder Diagram Excerpt from the work of R. Speroni LD from SM18 PLCSE F_TRUE_TABLE_OUTPUT function block, Network 5 (POWER CD) Excerpt from the work of R. Speroni, screenshot courtesy of CERN BE-ICS-PCS. Excerpt from the work of R. Speroni

From M. Charrondiere From M. Charrondiere

Problems found (before putting in production!) Requirement misunderstanding Recognised while specifying requirements Functionality problems “The [magnet] test should start, but it doesn’t.” Safety problems “The [magnet] test should NOT start, but it does.”

Problems found In total 14 issues found 4 requirement misunderstanding 6 problems could not be found using our testing

Continuous verification Screenshot courtesy of CERN BE-ICS-PCS.

Alternative method (side note) Formal specification + Behaviour equivalence checking Formal specification is needed Computationally difficult Complete No need for requirement extraction PLC code Formal specification Formal model

Summary http://cern.ch/plcverif “Formal verification is not relevant to industry.” FALSE! First steps to apply formal verification to PLCs Interesting bugs found (with joint effort) Critical parts can be checked Complementary to testing Still long way to go Improving the performance Formal specification http://cern.ch/plcverif

Source: http://www.iphonetextgenerator.com/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.