Skip to main content
SpringerLink
Log in

Automatically Deriving Symbolic Invariants for PLC Programs Written in IL

  • Conference paper
  • First Online:
FORMS/FORMAT 2010

  • 866 Accesses

Abstract

In this paper, we propose a new approach to automatically derive invariants from Programmable Logic Controller programs by symbolically rewriting Instruction List code. These invariants describe the relations between all variables and capture the behavior of the program. Usually, invariants are created by users and verified using formal verification techniques such as model checking or static analysis. The process of manually deriving invariants, however, is error-prone and lengthy. Our approach generates these invariants automatically and removes the need to use formal verification techniques to verify them. Users only need to inspect the generated invariants and compare them to the expected program behavior. Using three example programs of different sizes, we show that the generated invariants are easy to understand and that the approach indeed scales for larger programs.

The work of Sebastian Biallas was supported by the DFG. The work of Jörg Brauer and Stefan Kowalewski was, in part, supported by the DFG Cluster of Excellence on Ultra-high Speed Information and Communication (UMIC), German Research Foundation grant DFG EXC 89.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Bani Younis and G. Frey. Formalization of existing PLC programs: A survey. In CESA, 2003.

    Google Scholar 

  2. L. Baresi, M. Mauri, A. Monti, and M. Pezze. PLCTools: Design, formal validation, and code generation for programmable logic controllers. In SMC, pages 2437–2442, 2000.

    Google Scholar 

  3. S. Bornot, R. Huuck, B. Lukoschus, and Y. Lakhnech. Utilizing static analysis for programmable logic controllers. In ADPM, pages 183–187, 2000.

    Google Scholar 

  4. A. Cimatti, E. M. Clarke, E. Giunchiglia, F. Giunchiglia, M. Pistore, M. Roveri, R. Sebastiani, and A. Tacchella. NuSMV version 2: An opensource tool for symbolic model checking. In CAV (2002), volume 2404 of LNCS, pages 241– 268. Springer, 2002.

    Google Scholar 

  5. R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Effciently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst., pages 451–590, 1991.

    Google Scholar 

  6. E. A. Emerson. Handbook of Theoretical Computer Science, volume B, chapter Temporal and Modal Logics, pages 995–1072. The MIT Press, 1991.

    Google Scholar 

  7. C. A. R. Hoare. An axiomatic basis for computer programming. Comm. of the ACM, 12(10):576–585.

    Google Scholar 

  8. R. Huuck. Software Verification for Programmable Logic Controllers. Dissertation, University of Kiel, Germany, April 2003.

    Google Scholar 

  9. International Electrotechnical Commission. IEC 61131-3 Ed. 1.0: Programmable Controllers — Part 3: Programming languages. International Electrotechnical Commission, Geneva, Switzerland, 1993.

    Google Scholar 

  10. International Electrotechnical Commission. IEC 61508: Functional Safety of Electrical, Electronic and Programmable Electronic Safety-Related Systems. International Electrotechnical Commission, Geneva, Switzerland, 1998.

    Google Scholar 

  11. S. K. Lahiri and S. Qadeer. Back to the future: revisiting precise program verification using SMT solvers. In POPL, pages 171–182. ACM, 2008.

    Google Scholar 

  12. T. Mertke and G. Frey. Formal verification of PLC-programs generated from signal interpreted petri nets. In 2001 IEEE International Conference on Systems, Man, and Cybernetics, volume 4, pages 2700–2705. IEEE Computer Society Press, 2001.

    Google Scholar 

  13. T. Mertke and T. Menzel. Methods and tools to the verification safety-related control software. In SMC, pages 2455–2457, 2000.

    Google Scholar 

  14. G. Nelson. Verifying reachability invariants of linked structures. In POPL, pages 83–47. ACM, 1983.

    Google Scholar 

  15. O. Pavlovic, R. Pinger, and M. Kollmann. Automated formal verification of PLC programms written in IL. In VERIFY, number 259 inWorkshop Proce., pages 152–163. CEUR-WS.org, 2007.

    Google Scholar 

  16. PLCopen TC5. Safety Software Technical Specification, Version 1.0, Part 1: Concepts and Function Blocks. PLCopen, Germany, 2006.

    Google Scholar 

  17. B. Schlich, J. Brauer, J. Wernerus, and S. Kowalewski. Direct model checking of PLC programs in IL. In DCDS, 2009. To appear.

    Google Scholar 

  18. D. Soliman and G. Frey. Verification and validation of safety applications based on PLCopen Safety Function Blocks using Timed Automata in UPPAAL. In DCDS, 2009. To appear.

    Google Scholar 

  19. A. Sülflow and R. Drechsler. Verification of plc programs using formal proof techniques. In FORMS/FORMAT, pages 43–50. L’Harmattan, 2008.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Embedded Software Laboratory, RWTH Aachen University, Aachen, Germany

    Sebastian Biallas, Jörg Brauer & Stefan Kowalewski

  2. Industrial Software Systems, ABB Corporate Research, Aachen, Germany

    Bastian Schlich

Authors
  1. Sebastian Biallas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jörg Brauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefan Kowalewski
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bastian Schlich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sebastian Biallas .

Editor information

Editors and Affiliations

  1. FB 7 Maschinenbau, LS Regelungs- und, TU Braunschweig, Langer Kamp 8, Braunschweig, 38106, Germany

    Eckehard Schnieder

  2. , Department of Control and Transport, Budapest University of Technology and Ec, Bertalan L.u.2., Budapest, 1111, Hungary

    Geza Tarnai

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Biallas, S., Brauer, J., Kowalewski, S., Schlich, B. (2011). Automatically Deriving Symbolic Invariants for PLC Programs Written in IL . In: Schnieder, E., Tarnai, G. (eds) FORMS/FORMAT 2010. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14261-1_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14261-1_24

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14260-4

  • Online ISBN: 978-3-642-14261-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation