Simplification of Numeric Variables for PLC Model Checking

Software model checking has recently started to be applied in the verification of programmable logic controller (PLC) programs. It works efficiently when the number of input variables is limited, their interaction is small and, thus, the number of states the program can reach is not large. As observed in the large code base of the CERN industrial PLC applications, this is usually not the case: it thus leads to the well-known state-space explosion problem, making it impossible to perform model checking. One of the main reasons that causes state-space explosion is the inclusion of numeric variables due to the wide range of values they can take. In this paper, we propose an approach to discretize PLC input numeric variables (modelled as non-deterministic). This discretization is complemented with a set of transformations on the control-flow automaton that models the PLC program so that no extra behaviours are added. This approach is then quantitatively evaluated with a set of empirical tests using the PLC model checking framework PLCverif and three different state-of-the-art model checkers (CBMC, nuXmv, and Theta), showing beneficial results for BDD-based model checkers.

[1]  Zhenhua Duan,et al.  An efficient approach for abstraction-refinement in model checking , 2012, Theor. Comput. Sci..

[2]  István Majzik,et al.  Theta: A framework for abstraction refinement-based model checking , 2017, 2017 Formal Methods in Computer Aided Design (FMCAD).

[3]  Robert W. Sumners,et al.  Formal Verification of Microprocessors at AMD , 2002 .

[4]  Borja Fernández Adiego,et al.  PLCverif: A TOOL TO VERIFY PLC PROGRAMS BASED ON MODEL CHECKING TECHNIQUES , 2015 .

[5]  Naoki Kobayashi,et al.  Predicate Abstraction and CEGAR for Disproving Termination of Higher-Order Functional Programs , 2015, CAV.

[6]  Paul Benoit,et al.  Météor: A Successful Application of B in a Large Project , 1999, World Congress on Formal Methods.

[7]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[8]  Marc Renaudin,et al.  Model-Checking Synthesizable SystemVerilog Descriptions of Asynchronous Circuits , 2018, 2018 24th IEEE International Symposium on Asynchronous Circuits and Systems (ASYNC).

[9]  Zoltán Micskei,et al.  Efficient Strategies for CEGAR-Based Model Checking , 2019, Journal of Automated Reasoning.

[10]  Thomas Noll,et al.  Speeding Up the Safety Verification of Programmable Logic Controller Code , 2013, Haifa Verification Conference.

[11]  Michael Lowry Intelligent Software Engineering Tools for NASA's Crew Exploration Vehicle , 2008, ISMIS.

[12]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[13]  Moonzoo Kim,et al.  Formal Verification of a Flash Memory Device Driver - An Experience Report , 2008, SPIN.

[14]  David Chemouil,et al.  The Electrum Analyzer: Model Checking Relational First-Order Temporal Specifications , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[15]  Víctor M. González Suárez,et al.  Formal Verification of Complex Properties on PLC Programs , 2014, FORTE.

[16]  Kim Björkman,et al.  Model checking reveals design issues leading to spurious actuation of nuclear instrumentation and control systems , 2021, Reliab. Eng. Syst. Saf..

[17]  Borja Fernández Adiego,et al.  Bringing Automated Model Checking to PLC Program Development - a CERN Case Study , 2014, WODES.

[18]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[19]  Jianqi Shi,et al.  A User-Friendly Verification Approach for IEC 61131-3 PLC Programs , 2020, Electronics.

[20]  Gyula Sallai,et al.  JACoW : Applying model checking to critical PLC applications : An ITER case study , 2018 .

[21]  Jianqi Shi,et al.  Safety Verification of IEC 61131-3 Structured Text Programs , 2021, IEEE Transactions on Industrial Informatics.

[22]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[23]  Stefan Kowalewski,et al.  Arcade.PLC: a verification platform for programmable logic controllers , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[24]  Borja Fernández Adiego Bringing automated formal verification to PLC program development , 2015 .

[25]  Markus Hartikainen,et al.  Practical applications of model checking in the Finnish nuclear industry , 2017 .

[26]  Edmund M. Clarke,et al.  Model Checking and the State Explosion Problem , 2011, LASER Summer School.

[27]  Marieke Huisman,et al.  Formal Methods: From Academia to Industrial Practice. A Travel Guide , 2020, ArXiv.

[28]  Dániel Darvas,et al.  Formal Verification of Safety PLC Based Control Software , 2016, IFM.

[29]  Dániel Darvas,et al.  PLCverif Re-engineered: An Open Platform for the Formal Analysis of PLC Programs , 2020 .