Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal verification of industrial control systems

Published byAnastasia Hutchinson Modified over 6 years ago

Similar presentations

Presentation on theme: "Formal verification of industrial control systems"— Presentation transcript:

1

2 Formal verification of industrial control systems
3th Workshop on PLC/COTS-based Interlock and Protection Systems 02/02/2016, CERN To be presented on the 3th Workshop on PLC/COTS-based Interlock and Protection Systems, 01-02/02/2016 Desired length: 20 mins Contains joint work of B. Fernández, E. Blanco, S. Bliudze, J.O. Blech, J-C. Tournier, T. Bartha, A. Vörös, I. Majzik, R. Speroni, M. Lettrich

3 Source: http://www.iphonetextgenerator.com/

4 Context – CERN PLCs for controlling vacuum, cryogenics, CV, etc. systems + safety systems Failures might have negative impact Increasing complexity without decreasing quality? Photo courtesy of CERN. Licenced under CC-BY-SA-4.0. Source: CERN-AC   © CERN

5 Context – PLCs at CERN Programmable Logic Controllers robust industrial computers Small computing capacity, special programming languages 1000+ PLCs at CERN Photo courtesy of Siemens AG. © Siemens AG 2014, All rights reserved Source: P_ST70_XX_04457 © Siemens AG 2014, All rights reserved

6 Goal To improve the quality by eliminating bugs
Complementing automated and manual testing Model checking to find “high quality” bugs Integrating formal verification to the development process

7 What is formal verification?
Formal verification: mathematically sound methods to check properties of specifications / implementations / … Model checking Automated formal verification method Checks all possible executions (contrarily to testing) Goal: prove correctness OR find hidden/rare problems Real System (hardware, software) Formal Model Formal Requirement Model checker satisfied not satisfied Counterexample

8 Testing vs. model checking
5 3 + ? + < 0 ? add(5,3)=8 ? add(…,…)<0 ? Inputs are known, outputs are checked E.g. the possibility of an output combination is checked. Temporal expressions are possible

9 Usage of formal verification
Used both in industry and academia Typically when the cost of failure is high Formal verification for PLCs Mostly in academic environment Not widely spread yet in industry – too difficult! Mentioned industrial use cases: Intel: Core i7 processor [2] RATP and Matra Transport (now Siemens Mobility): RER Line A, Line 14 control systems [1] NASA: Remote Agent [3] Microsoft: Hyper-V hypervisor [1]; Static Driver Verifier Airbus: DO-178B Level A compliant controllers for A340, A380 series (SCADE) [1] Facebook [4] [1] Woodcock et al.: Formal Methods: Practice and Experience. ACM Computing Surveys, Vol. 41, No. 4, [2] Kaivola et al.: Replacing testing with formal verification in Intel Core i7 processor execution engine validation. Computer Aided Verification, 2009. [3] Haxthausen: An introduction to formal methods for the development of safety-critical applications. Technical report, 2010. [4] Calcagno et al.: Moving Fast with Software Verification. NASA Formal Methods 2015, LNCS 9058, pp 3-11, DOI / _1 Source of images: The presented logos are trademarks of the corresponding companies and their usage is nominative fair use. None of the companies endorse or support the presented work.

10 Main challenges of model checking
Formalization … of source code … of requirements Performance Making it accessible to the developers (No general solution to date.)

11 Model checking (extended workflow for PLCs)
PLC code (ST, SFC, IL) Requirement patterns Formal model Formal requirement Reductions Model checker Satisfied Not satisfied Screenshot courtesy of CERN BE-ICS-PCS. Counter-example Verification report

12 Model checking (extended workflow for PLCs)
PLC code (ST, SFC, IL) Requirement patterns PLC-specific verification tool Formal model Formal requirement Model checker Satisfied Not satisfied Screenshot courtesy of CERN BE-ICS-PCS. Counter-example Verification report

13 The PLCverif tool Eclipse-based editor for PLC programs
Screenshot courtesy of CERN BE-ICS-PCS. Eclipse-based editor for PLC programs

14 The PLCverif tool Screenshot courtesy of CERN BE-ICS-PCS. Defining verification cases (requirement, fine-tuning, etc.) No model checker-related things or temporal logic expressions

15 The PLCverif tool Requirement patterns
Screenshot courtesy of CERN BE-ICS-PCS. Requirement patterns

16 The PLCverif tool Screenshot courtesy of CERN BE-ICS-PCS. Click-button verification, verification report with the analysed counterexample

17 Example – SMTP safety system
The image is the author’s own work.

18 Sc Magnet Test Plant safety system
© CERN Goal: ensuring safety by allowing/forbidding tests Core: Photo courtesy of CERN. Licensed under CC-BY-SA-4.0. Source: CERN-GE ( Safety-critical, can be dangerous

19 Model checking workflow for this case
SM18 PLCSE Safety Logic E.g. Test starts only if cryo conditions are OK PLC code / Formal model Requirement Black magic inside Model checker Satisfied Not satisfied Counter-example Example inputs to violate the requirement

20 The picture is the author’s own work.

21 The picture is the author’s own work.

22 Ladder Diagram Excerpt from the work of R. Speroni
LD from SM18 PLCSE F_TRUE_TABLE_OUTPUT function block, Network 5 (POWER CD) Excerpt from the work of R. Speroni, screenshot courtesy of CERN BE-ICS-PCS. Excerpt from the work of R. Speroni

23 From M. Charrondiere From M. Charrondiere

24 Problems found (before putting in production!)
Requirement misunderstanding Recognised while specifying requirements Functionality problems “The [magnet] test should start, but it doesn’t.” Safety problems “The [magnet] test should NOT start, but it does.”

25 Problems found In total 14 issues found 4 requirement misunderstanding 6 problems could not be found using our testing

26 Continuous verification
Screenshot courtesy of CERN BE-ICS-PCS.

27 Alternative method (side note)
Formal specification + Behaviour equivalence checking Formal specification is needed Computationally difficult Complete No need for requirement extraction PLC code Formal specification Formal model

28 Summary http://cern.ch/plcverif
“Formal verification is not relevant to industry.” FALSE! First steps to apply formal verification to PLCs Interesting bugs found (with joint effort) Critical parts can be checked Complementary to testing Still long way to go Improving the performance Formal specification

29 Source: http://www.iphonetextgenerator.com/

30

Download ppt "Formal verification of industrial control systems"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.

Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
SOFTWARE TESTING. Software Testing Principles Types of software tests Test planning Test Development Test Execution and Reporting Test tools and Methods.

SOFTWARE TESTING. Software Testing Principles Types of software tests Test planning Test Development Test Execution and Reporting Test tools and Methods.
Efficient representation for formal verification of PLC programs Vincent Gourcuff, Olivier de Smet and Jean-Marc Faure LURPA – ENS de Cachan.

Efficient representation for formal verification of PLC programs Vincent Gourcuff, Olivier de Smet and Jean-Marc Faure LURPA – ENS de Cachan.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.

Train Control Language Teaching Computers Interlocking By: J. Endresen, E. Carlson, T. Moen1, K. J. Alme, Haugen, G. K. Olsen & A. Svendsen Synthesizing.
Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.

Course Summary. © Katz, 2003 Formal Specifications of Complex Systems-- Real-time 2 Topics (1) Families of specification methods, evaluation criteria.
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
1 Advanced Material The following slides contain advanced material and are optional.

1 Advanced Material The following slides contain advanced material and are optional.
Dependent Types for Reasoning About Distributed Systems Paul Sivilotti - Ohio State Hongwei Xi - Cincinnati.

Dependent Types for Reasoning About Distributed Systems Paul Sivilotti - Ohio State Hongwei Xi - Cincinnati.
Describing Syntax and Semantics

Describing Syntax and Semantics
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.
By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.

By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.

Similar presentations

Ads by Google