Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient representation for formal verification of PLC programs Vincent Gourcuff, Olivier de Smet and Jean-Marc Faure LURPA – ENS de Cachan.

Published byTerrance Appleby Modified over 9 years ago

Similar presentations

Presentation on theme: "Efficient representation for formal verification of PLC programs Vincent Gourcuff, Olivier de Smet and Jean-Marc Faure LURPA – ENS de Cachan."— Presentation transcript:

1 Efficient representation for formal verification of PLC programs Vincent Gourcuff, Olivier de Smet and Jean-Marc Faure LURPA – ENS de Cachan

2 WODES’06 - Efficient representation for formal verification of PLC programs 2 Outline  Objective of the work  Construction of formal models  Representation construction Dependencies analysis Translation of PLC programs into formal models  Assessment of the representation efficiency  Conclusions and prospects

3 Objective WODES’06 - Efficient representation for formal verification of PLC programs 3 Design of controllers for critical systems Control system Steam turbine Power plant Refinery Requirements ?

4 Objective WODES’06 - Efficient representation for formal verification of PLC programs 4 Impact of the IEC 61508 standard  Functional safety of E/E/PE safety-related systems  Industrial need: to reach the SIL3 or SIL4 levels (SIL: Safety Integrity Level) Hardware: redundancies, voting mechanisms, …. Software: recommendations for development  SIL levels and software development TechniqueSIL1SIL2SIL3SIL4 Semi-formal methodsRRHR Formal methods including for example, CCS, CSP, HOL, LOTOS, OBJ, temporal logic, VDM and Z -RRHR

5 Objective WODES’06 - Efficient representation for formal verification of PLC programs 5 Overall objective  To investigate the possibilities of formal verification for improving the SIL level of critical systems controlled by PLCs

6 Construction of formal models WODES’06 - Efficient representation for formal verification of PLC programs 6 Formal verification of PLC programs Model – Checker Property proved or counterexample Requirements Scheduler Inputs reading Program execution Outputs updating Initialization Program O 1 := I 1 OR I 2 ; O 2 := I 3 AND I 4 ; IF O 1 THEN O 3 := I 3 AND NOT(I 4 ); END_IF; O 4 := RS(O 5,I 1 ) O 5 := O 2 AND O 4 ; O 1 := NOT(I 2 OR I 4 ); Informal extrinsic (application-dependant) properties Formal representation Formalization AG (( dp_head_motor_up) => EF (!dp_head_motor_up )) Formal representation [Rausch Krogh 98] [Frey Litz 00] [de Smet Rossi 02] [Huuck Lukoschus Bauer 03] … 2 1 3

7 Construction of formal models WODES’06 - Efficient representation for formal verification of PLC programs 7 Technical barriers when model-checking PLC programs BarriersPotential solutions Specification of properties in formal language Libraries of parametrized properties Use of the results of previous functional or safety analysis State space explosionSee what follows Counterexamples explanationTranslation of counterexamples in a tailor made representation Limitation of the counterexamples length 1 2 3

8 Construction of formal models WODES’06 - Efficient representation for formal verification of PLC programs 8 What is the meaning of a state ? Formal representations  Collection of automata 5-tuple { S, Σ, Λ, T, G } : -3 finite sets : states (S) input alphabet (Σ) output alphabet (Λ) -a transition function (T : S × Σ → S) -an output function (G : S → Λ).  Transition relations on variables Equations system: VAR n+1 = F(VAR n ) -VAR n+1 the set of variables, at the next step of calculus -VAR n the set of variables, at the current step of calculus  Temporal logic statements CTL LTL Real world behavior ? Requirements Cyclic scheduler PLC IF O 1 THEN O 3 := I 3 AND NOT(I 4 ); END_IF; Inputs reading Program execution Outputs updating Initialization Program Variables states Execution state Process Expected and unexpected states and sequences

9 Construction of formal models WODES’06 - Efficient representation for formal verification of PLC programs 9 Case of a PLC program O 1 := I 1 OR I 2 ; O 2 := I 3 AND I 4 ; IF O 1 THEN O 3 := I 3 AND NOT(I 4 ); END_IF; O 4 := RS(O 5,I 1 ) O 5 := O 2 AND O 4 ; O 1 := NOT(I 2 OR I 4 ); I1I1 I2I2 I3I3 I4I4 O1O1 O2O2 O3O3 O4O4 PLC program O5O5 PLC scheduler I 1 =1, I 2 =0, I 3 =1, I 4 =0, O 1 =0, O 2 =1, O 3 =0, O 4 =0,O 5 =1 Inputs reading Outputs updating Initial state PLC cycle 1 PLC cycle 2 I 1 =0, I 2 =0, I 3 =1, I 4 =0 O 1 =0 O 2 =0 I 1 =1, I 2 =0, I 3 =1, I 4 =0, O 1 =1, O 2 =0, O 3 =0, O 4 =1,O 5 =0 I 1 =0, I 2 =1, I 3 =1, I 4 =0 I 1 =1, I 2 =0, I 3 =1, I 4 =0, O 1 =1,O 2 =0,O 3 =0,O 4 =1,O 5 =1 O 4 =1 O 5 =0 O 1 =1

10 Representation construction WODES’06 - Efficient representation for formal verification of PLC programs 10 Features of the considered programs  PLC programs are executed sequentially;  only Boolean variables are used;  internal variables may be included in the program;  only the following statements of the ST language are allowed: assignment; Boolean operators defined in IEC 61131-3 standard (NOT, AND, OR, XOR) function block (FB) (IEC 61131-3 standard or user-made) control statements, IF and CASE selection statements; iteration statements (FOR, WHILE, REPEAT) are forbidden;  multiple assignments of the same variable are possible.

11 Representation construction WODES’06 - Efficient representation for formal verification of PLC programs 11 Global method PLC program Static dependencies Static analysis Formal model design NuSMV model Temporal dependencies Taking into account execution order O 4,i+1 I 1,i+1 O 4,i O 5,i O4O4 I1I1 O4O4 O5O5

12 WODES’06 - Efficient representation for formal verification of PLC programs 12 Static and temporal dependencies construction I1I1 O1O1 I2I2 I3I3 O2O2 I4I4 O1O1 O3O3 I4I4 I3I3 O3O3 O4O4 I1I1 O4O4 O5O5 O2O2 O5O5 O4O4 I2I2 O1O1 I4I4 I 1,i+1 O1O1 I 2,i+1 I 3,i+1 O 2,i+1 I 4,i+1 O 3,i+1 I 4,i+1 I 3,i+1 O 3,i O 4,i+1 I 1,i+1 O 4,i O 5,i O 2,i+1 O 5,i+1 O 4,i+1 I 2,i+1 O 1,i+1 I 4,i+1 I 1,i+1 I 2,i+1 Static dependenciesTemporal dependencies

13 Representation construction WODES’06 - Efficient representation for formal verification of PLC programs 13 Translating ST controllers into NuSMV models: general algorithm BEGIN PLC_prog_TO_NuSMV_model(Pr) FOR each statement S i of Pr: IF S i is an assignment (V i := expression i ) THEN FOR each variable V k in expression i : Replace V k by the variable pointed out in the temporal dependency (V k,i or V k,i+1 ) ELIF Si is a conditional structure (if cond; then stmt 1 ; else stmt 2 ) FOR each variable V k in cond: Replace V k by the variable pointed out in the temporal dependency (V k,i or V k,i+1 ) FOR each variable V m assigned in S i : Replace V m assignment by: ”case cond : assignment of V m in PLC_prog_TO_NuSMV_model(stmt 1 ); !cond : assignment of V m in PLC_prog_TO_NuSMV_model(stmt 2 ); esac ; ” ASSIGNMENT CONDITIONAL STRUCTURE CONDITION STATEMENT

14 Representation construction WODES’06 - Efficient representation for formal verification of PLC programs 14 Translating ST controllers into NuSMV models: example Next(I1) := {0, 1}; Next(I2) := {0, 1}; Next(I3) := {0, 1}; Next(I4) := {0, 1}; Next(O2) := Next(I3) & Next(I4); Next(O3) := case Next(I1) | Next(I2) : Next(I3) & !(Next(I4)); !(Next(I1) | Next(I2)) : O3; esac; Next(O4) := case Next(I1) : 0; O5 : 1; 1 : O4; esac; Next(O5) := Next(O2) & Next(O4); Next(O1) :=!(Next(I2) | Next(I4)); From generic models library + Temporal dependencies O 4,i+1 I 1,i+1 O 4,i O 5,i

15 Representation construction WODES’06 - Efficient representation for formal verification of PLC programs 15 Translating ST controllers into NuSMV models: comparison to previous approaches Next(I1) := {0, 1}; Next(I2) := {0, 1}; Next(I3) := {0, 1}; Next(I4) := {0, 1}; Next(O2) := Next(I3) & Next(I4); Next(O3) := case Next(I1) | Next(I2) : Next(I3) & !(Next(I4)); !(Next(I1) | Next(I2)) : O3; esac; Next(O4) := case Next(I1) : 0; O5 : 1; 1 : O4; esac; Next(O5) := Next(O2) & Next(O4); Next(O1) :=!(Next(I2) | Next(I4)); No intermediary variables states No "line_counter" because the execution state is no more useful No "end_of_cycle" variable; one cycle is reduced to only one state

16 Efficiency assessment WODES’06 - Efficient representation for formal verification of PLC programs 16 Basic example Comparison of the state spaces sizes state space reduction (about 15 times) reduction of the maximum distance between states (system diameter) (11 times shorter)  indirect consequence : trace of counterexample reduced Reachable states System diameter representation of [dSR02] 314 out of 4336 22 proposed representation 21 out of 512 2 O 1 := I 1 OR I 2 ; O 2 := I 3 AND I 4 ; IF O 1 THEN O 3 := I 3 AND NOT(I 4 ); END_IF; O 4 := RS(O 5,I 1 ) O 5 := O 2 AND O 4 ; O 1 := NOT(I 2 OR I 4 ); I1I1 I2I2 I3I3 I4I4 O1O1 O2O2 O3O3 O4O4 PLC program O5O5 PLC scheduler

17 Efficiency assessment WODES’06 - Efficient representation for formal verification of PLC programs 17 Fishertechnik example [Special session at ACC02] known tested machining line already written control program expected behavior known small scale system -15 Inputs -15 Outputs  Comparison of the proof process durations representation of [dSR02] proposed representation liveness property AG (( dp_head_motor_up) => EF (!dp_head_motor_up )) 5h / 526MB2s / 8MB safety property AG (!INI => !(dp_head_motor_up & dp_motor_down)) 20min / 200MB2s / 8MB

18 WODES’06 - Efficient representation for formal verification of PLC programs 18 Conclusions  Efficiency of the representation assessed  Translation of PLC programs Fully automated Fast (some seconds or tens of seconds for industrial programs) On-going works  Improvement of the representation efficiency by limiting the number of stored variables  Taking into account integer and real variables  Design of a library of tailor-made function blocks

19 Efficient representation for formal verification of PLC programs Thank you for attention

20 WODES’06 - Efficient representation for formal verification of PLC programs 20 1 2 4 3  State distance d(1,2) = 1 d(1,3) = 2... d(2,1) = 2...  System diameter SD = max (d(I,j)) = 2

Download ppt "Efficient representation for formal verification of PLC programs Vincent Gourcuff, Olivier de Smet and Jean-Marc Faure LURPA – ENS de Cachan."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Unit 7 Discrete Controllers

Unit 7 Discrete Controllers
Anaïs GUIGNARD LURPA, ENS Cachan Validation of logic controllers from event observation in a closed-loop system Réunion VACSIM - 14 Octobre 2014.

Anaïs GUIGNARD LURPA, ENS Cachan Validation of logic controllers from event observation in a closed-loop system Réunion VACSIM - 14 Octobre 2014.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.

Planning based on Model Checking Dept. of Information Systems and Applied CS Bamberg University Seminar Paper Svetlana Balinova.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 MODULE name (parameters) “Ontology” “Program” “Properties” The NuSMV language A module can contain modules Top level: parameters less module Lower level.

1 MODULE name (parameters) “Ontology” “Program” “Properties” The NuSMV language A module can contain modules Top level: parameters less module Lower level.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Anna Philippou Department of Computer Science University of Cyprus Joint work with Mauricio Toro Department of Comp. Sc. EAFIT University Christina Kassara.

Anna Philippou Department of Computer Science University of Cyprus Joint work with Mauricio Toro Department of Comp. Sc. EAFIT University Christina Kassara.
1 Simulator-Model Checker for Reactive Real-Time Abstract State Machines Anatol Slissenko University Paris 12 Pavel Vasilyev University Paris 12 University.

1 Simulator-Model Checker for Reactive Real-Time Abstract State Machines Anatol Slissenko University Paris 12 Pavel Vasilyev University Paris 12 University.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Model-based Testing and Automated Test Case Generation

Model-based Testing and Automated Test Case Generation
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
6.5.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Similar presentations

Ads by Google