Leveraging Horn clause solving for compositional verification of PLC software

Real-world PLC software is modular and composed of many different function blocks. Nevertheless, common approaches to PLC software verification do not leverage this but resort to inlining, or analyse instances of the same function block type independently. With the advent of constrained Horn clauses as the basis for automated program verification, many state-of-the-art verification procedures build upon them. We illustrate how this formalism allows for a uniform characterisation of PLC program semantics and safety goals, derived from reactive systems safety foundations. Furthermore, we give a natural extension of the resulting encoding which enables compositional reasoning about modular software. Due to the cyclic execution of PLCs, an engineer’s mental model of a single function block often exhibits state machine semantics – partitioning a block’s behaviour into different modes of operation. We illustrate how such a mode space , and similar high-level knowledge, can be integrated with our compositional characterisation. We investigate the impact of each technique on the model checking performance by characterising PLC software verification problems, both in a non-compositional and a compositional way that may incorporate mode transitions, and solving them with an SMT solver. Evaluation of our prototypical implementation on examples from the PLCopen Safety library shows the effectiveness of both the chosen formalism and using high-level summaries.

[1]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[2]  Thomas Noll,et al.  Speeding Up the Safety Verification of Programmable Logic Controller Code , 2013, Haifa Verification Conference.

[3]  Bernhard Beckert,et al.  Regression Verification for Programmable Logic Controller Software , 2015, ICFEM.

[4]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[5]  Oscar Ljungkrantz,et al.  Formal Specification and Verification of Industrial Control Logic Components , 2010, IEEE Transactions on Automation Science and Engineering.

[6]  Sven Apel,et al.  Domain Types: Abstract-Domain Selection Based on Variable Usage , 2013, Haifa Verification Conference.

[7]  Edsger W. Dijkstra,et al.  The strongest postcondition , 1990 .

[8]  Nikolaj Bjørner,et al.  Generalized Property Directed Reachability , 2012, SAT.

[9]  Hendrik Simon,et al.  Mode-Aware Concolic Testing for PLC Software - Special Session "Formal Methods for the Design and Analysis of Automated Production Systems" , 2018, IFM.

[10]  Edmund M. Clarke,et al.  Model Checking and the State Explosion Problem , 2011, LASER Summer School.

[11]  Nikolaj Bjørner,et al.  Compositional verification of procedural programs using horn clauses over integers and arrays , 2015, 2015 Formal Methods in Computer-Aided Design (FMCAD).

[12]  Dániel Darvas,et al.  Transforming PLC Programs into Formal Models for Verification Purposes , 2013 .

[13]  Dirk Beyer,et al.  Software model checking via large-block encoding , 2009, 2009 Formal Methods in Computer-Aided Design.

[14]  Stefan Kowalewski,et al.  Arcade.PLC: a verification platform for programmable logic controllers , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[15]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[16]  Alberto Pettorossi,et al.  VeriMAP: A Tool for Verifying Programs through Transformations , 2014, TACAS.

[17]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[18]  Dimitri Bohlender,et al.  Design and Verification of Restart-Robust Industrial Control Software , 2018, IFM.

[19]  I. Moon Modeling programmable logic controllers for logic verification , 1994, IEEE Control Systems.

[20]  Dirk Beyer,et al.  Tools and Algorithms for the Construction and Analysis of Systems: 25 Years of TACAS: TOOLympics, Held as Part of ETAPS 2019, Prague, Czech Republic, April 6–11, 2019, Proceedings, Part III , 2019, Lecture Notes in Computer Science.

[21]  Dirk Beyer,et al.  BDD-based software verification , 2014, International Journal on Software Tools for Technology Transfer.

[22]  Andrey Rybalchenko,et al.  Efficient CTL Verification via Horn Constraints Solving , 2016, HCVS@ETAPS.

[23]  Nikolaj Bjørner,et al.  Horn Clause Solvers for Program Verification , 2015, Fields of Logic and Computation II.

[24]  BeyerDirk,et al.  BDD-based software verification , 2014 .

[25]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[26]  Andreas Blass,et al.  Existential Fixed-Point Logic , 1987, Computation Theory and Logic.

[27]  Jonathan Whitaker,et al.  SMACK Software Verification Toolchain , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[28]  Dimitri Bohlender,et al.  Compositional Verification of PLC Software using Horn Clauses and Mode Abstraction , 2018 .

[29]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[30]  Thomas A. Henzinger,et al.  Configurable Software Verification: Concretizing the Convergence of Model Checking and Program Analysis , 2007, CAV.

[31]  Dirk Beyer,et al.  Automatic Verification of C and Java Programs: SV-COMP 2019 , 2019, TACAS.

[32]  Dániel Darvas,et al.  Formal Verification of Safety PLC Based Control Software , 2016, IFM.

[33]  Stefan Kowalewski,et al.  Predicate Abstraction for Programmable Logic Controllers , 2013, FMICS.

[34]  Tolga Ovatman,et al.  An overview of model checking practices on verification of PLC software , 2014, Software & Systems Modeling.

[35]  Sophie Quinton,et al.  Contract-Based Verification of Hierarchical Systems of Components , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[36]  Dimitri Bohlender,et al.  Cycle-bounded model checking of PLC software via dynamic large-block encoding , 2018, SAC.