Speeding Up the Safety Verification of Programmable Logic Controller Code

Programmable logic controllers (PLC) are widely used in industries ranging from assembly lines, power plants, chemical processes to mining and rail automation. Such systems usually exhibit high safety requirements, and downtimes due to software errors entail intolerably high economic costs. Hence, their control programs are particularly suited for applying formal methods; in particular, bounded model checking (BMC) techniques based on satisfiability modulo theories promise to be highly beneficial in this domain.

[1]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[2]  Jan Olaf Blech,et al.  Verification of PLC Properties Based on Formal Semantics in Coq , 2011, SEFM.

[3]  Georg Frey,et al.  Formalization of existing PLC Programs: A Survey , 2003 .

[4]  Ralf Pinger,et al.  Automation of Formal Verification of PLC Programs Written in IL , 2007, VERIFY.

[5]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[6]  Georg Frey,et al.  Application of symbolic and bounded model checking to the verification of logic control systems , 2005, 2005 IEEE Conference on Emerging Technologies and Factory Automation.

[7]  Dirk Beyer,et al.  Software model checking via large-block encoding , 2009, 2009 Formal Methods in Computer-Aided Design.

[8]  Faron Moller,et al.  Automated Verification of Signalling Principles in Railway Interlocking Systems , 2009, Electron. Notes Theor. Comput. Sci..

[9]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[10]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[11]  Jan Friso Groote,et al.  The Propositional Formula Checker HeerHugo , 2000, Journal of Automated Reasoning.

[12]  Alberto Griggio,et al.  Software Model Checking via IC3 , 2012, CAV.

[13]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[14]  Michael Tiegelkamp,et al.  IEC 61131-3: Programming Industrial Automation Systems , 2001, Springer Berlin Heidelberg.

[15]  Zohar Manna,et al.  Checking Safety by Inductive Generalization of Counterexamples to Induction , 2007 .

[16]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[17]  Lothar Litz,et al.  Formal methods in PLC programming , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[18]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[19]  M. G. Meulen,et al.  Verification of PLC source code using propositional logic , 2010 .

[20]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[21]  Hans-Dieter Ehrich,et al.  Model Checking PLC Software Written in Function Block Diagram , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[22]  Philippe Schnoebelen,et al.  Towards the automatic verification of PLC programs written in Instruction List , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.