An overview of model checking practices on verification of PLC software

Programmable logic controllers (PLCs) are heavily used in industrial control systems, because of their high capacity of simultaneous input/output processing capabilities. Characteristically, PLC systems are used in mission critical systems, and PLC software needs to conform real-time constraints in order to work properly. Since PLC programming requires mastering low-level instructions or assembly like languages, an important step in PLC software production is modelling using a formal approach like Petri nets or automata. Afterward, PLC software is produced semiautomatically from the model and refined iteratively. Model checking, on the other hand, is a well-known software verification approach, where typically a set of timed properties are verified by exploring the transition system produced from the software model at hand. Naturally, model checking is applied in a variety of ways to verify the correctness of PLC-based software. In this paper, we provide a broad view about the difficulties that are encountered during the model checking process applied at the verification phase of PLC software production. We classify the approaches from two different perspectives: first, the model checking approach/tool used in the verification process, and second, the software model/source code and its transformation to model checker’s specification language. In a nutshell, we have mainly examined SPIN, SMV, and UPPAAL-based model checking activities and model construction using Instruction Lists (and alike), Function Block Diagrams, and Petri nets/automata-based model construction activities. As a result of our studies, we provide a comparison among the studies in the literature regarding various aspects like their application areas, performance considerations, and model checking processes. Our survey can be used to provide guidance for the scholars and practitioners planning to integrate model checking to PLC-based software verification activities.

[1]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[2]  Angelo Perkusich,et al.  Automatic timed automata extraction from ladder programs for model-based analysis of control systems , 2010, 2010 IEEE International Symposium on Industrial Electronics.

[3]  Tommi Karhela,et al.  A toolset for model checking of PLC software , 2013, 2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA).

[4]  Daniel Sundmark,et al.  MOS: An integrated model-based and search-based testing tool for Function Block Diagrams , 2013, 2013 1st International Workshop on Combining Modelling and Search-Based Software Engineering (CMSBSE).

[5]  Iwona Grobelna,et al.  Control Interpreted Petri Nets - Model Checking and Synthesis , 2012 .

[6]  Xavier Crégut,et al.  A model-driven engineering approach to formal verification of PLC programs , 2011, ETFA2011.

[7]  R. W. Lewis,et al.  Programming Industrial Control Systems Using IEC 1131-3 , 1995 .

[8]  Pawel Pawlewski Petri Nets - Manufacturing and Computer Science , 2012 .

[9]  Sriram K. Rajamani,et al.  Model Checking Software , 2003, Lecture Notes in Computer Science.

[10]  Michael Leuschel,et al.  Under consideration for publication in Formal Aspects of Computing Automated Property Verification for Large Scale B Models with ProB , 2010 .

[11]  Ivar Jacobson,et al.  Unified Modeling Language Reference Manual, The (2nd Edition) , 2004 .

[12]  Gary J. Powers,et al.  Verification of a logically controlled, solids transport system using symbolic model checking , 1997 .

[13]  A.M.N. Lima,et al.  On the automatic generation of timed automata models from Function Block Diagrams for safety instrumented systems , 2008, 2008 34th Annual Conference of IEEE Industrial Electronics.

[14]  Birgit Vogel-Heuser,et al.  Automatic program verification of continuous function chart based on model checking , 2009, 2009 35th Annual Conference of IEEE Industrial Electronics.

[15]  Min Zhou,et al.  Translation-Based Model Checking for PLC Programs , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[16]  Georg Frey,et al.  Formal verification of PLC programs generated from signal interpreted Petri nets , 2001, 2001 IEEE International Conference on Systems, Man and Cybernetics. e-Systems and e-Man for Cybernetics in Cyberspace (Cat.No.01CH37236).

[17]  Philippe Le Parc,et al.  Proving Sequential Function Chart Programs Using Automata , 1998, Workshop on Implementing Automata.

[18]  John Penix,et al.  Formal Analysis of the Remote Agent Before and After Flight , 2000 .

[19]  James Lyle Peterson,et al.  Petri net theory and the modeling of systems , 1981 .

[20]  Sanjai Rayadurgam,et al.  Auto-generating Test Sequences Using Model Checkers: A Case Study , 2003, FATES.

[21]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[22]  Georg Frey,et al.  Formalization of existing PLC Programs: A Survey , 2003 .

[23]  Valeriy Vyatkin,et al.  Object-oriented modular place/transition formalism for systematic modeling and validation of industrial automation systems , 2003, IEEE International Conference on Industrial Informatics, 2003. INDIN 2003. Proceedings..

[24]  Lothar Litz,et al.  Verification and validation of control algorithms by coupling of interpreted Petri nets , 1998, SMC'98 Conference Proceedings. 1998 IEEE International Conference on Systems, Man, and Cybernetics (Cat. No.98CH36218).

[25]  O. De Smet,et al.  Verification of a controller for a flexible manufacturing line written in Ladder Diagram via model-checking , 2002, Proceedings of the 2002 American Control Conference (IEEE Cat. No.CH37301).

[26]  Ernst-Rüdiger Olderog,et al.  Correct System Design, Recent Insight and Advances, (to Hans Langmaack on the occasion of his retirement from his professorship at the University of Kiel) , 1999 .

[27]  Hanno Wupper,et al.  Timed automaton models for simple programmable logic controllers , 1999, Proceedings of 11th Euromicro Conference on Real-Time Systems. Euromicro RTS'99.

[28]  Jean-Marc Roussel,et al.  Towards automatic verification of ladder logic programs , 2003 .

[29]  Tamás Bartha,et al.  Formal Verification of Safety Functions by Reinterpretation of Functional Block Based Specifications , 2008, FMICS.

[30]  Kei Imafuku,et al.  Design and verification of the SFC program for sequential control , 2000 .

[31]  Ralf Pinger,et al.  Automation of Formal Verification of PLC Programs Written in IL , 2007, VERIFY.

[32]  Xiaoyu Song,et al.  Modelling and verification of program logic controllers using timed automata , 2007, IET Softw..

[33]  David Déharbe,et al.  Formal Verification of PLC Programs Using the B Method , 2012, ABZ.

[34]  Frédéric Jouault,et al.  Transforming Models with ATL , 2005, MoDELS.

[35]  Adam L. Turk,et al.  Verification of Real Time Chemical Processing Systems , 1997, HART.

[36]  I. Moon Modeling programmable logic controllers for logic verification , 1994, IEEE Control Systems.

[37]  Anthony Hall,et al.  Seven myths of formal methods , 1990, IEEE Software.

[38]  Monika Heiner,et al.  A Petri Net Semantics for the PLC Language Instruction List , 1998 .

[39]  Krzysztof Sacha Verification and Implementation of Dependable Controllers , 2008, 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX.

[40]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[41]  Dag H. Hanssen IEC 61131‐3 , 2015 .

[42]  Ralf Huuck,et al.  A Model-Checking Approach to Safe SFCs , 2003 .

[43]  Nicolas Halbwachs,et al.  Programming and Verifying Real-Time Systems by Means of the Synchronous Data-Flow Language LUSTRE , 1992, IEEE Trans. Software Eng..

[44]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[45]  Jean-Jacques Lesage,et al.  Safe programming of PLC using formal verification methods , 2007 .

[46]  Birgit Vogel-Heuser,et al.  PERFORMANCE ANALYSIS OF INDUSTRIAL ETHERNET NETWORKS BY MEANS OF TIMED MODEL-CHECKING , 2006 .

[47]  Junbeom Yoo,et al.  FBDVerifier: Interactive and Visual Analysis of Counterexample in Formal Verification of Function Block Diagram , 2010, J. Res. Pract. Inf. Technol..

[48]  Dipl.-Inform. Karl-Heinz John,et al.  IEC 61131-3: Programming Industrial Automation Systems , 2001, Springer Berlin Heidelberg.

[49]  Andrew J. Kornecki,et al.  Safety and security in industrial control , 2010, CSIIRW '10.

[50]  Olivier Rossi,et al.  Formal Modeling of Timed Function Blocks for the Automatic Verification of Ladder Diagram Programs , 2000 .

[51]  Béatrice Bérard,et al.  Verification of a Timed Multitask System With Uppaal , 2005, IEEE Transactions on Automation Science and Engineering.

[52]  Stefan Kowalewski,et al.  Direct Model Checking of {PLC} Programs in {IL} , 2009 .

[53]  Sergio Yovine,et al.  KRONOS: a verification tool for real-time systems , 1997, International Journal on Software Tools for Technology Transfer.

[54]  Ralf Huuck,et al.  Verification of Sequential Function Charts Using SMV , 2000, PDPTA.

[55]  Ralf Huuck,et al.  An Abstract Model for Sequential Function Charts , 2000 .

[56]  Éric Rutten,et al.  A synchronous model of IEC 61131 PLC languages in SIGNAL , 2001, Proceedings 13th Euromicro Conference on Real-Time Systems.

[57]  Marian Adamski,et al.  Model checking of Control Interpreted Petri Nets , 2011, Proceedings of the 18th International Conference Mixed Design of Integrated Circuits and Systems - MIXDES 2011.

[58]  Stefania Gnesi,et al.  On the Adoption of Model Checking in Safety-Related Software Industry , 2011, SAFECOMP.

[59]  J.-M. Faure,et al.  Efficient representation for formal verification of PLC programs , 2006, 2006 8th International Workshop on Discrete Event Systems.

[60]  Virginie Wiels,et al.  Model checking flight control systems: The Airbus experience , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[61]  Josef Tapken,et al.  Tool-supported hierarchical design of distributed real-time systems , 1998, Proceeding. 10th EUROMICRO Workshop on Real-Time Systems (Cat. No.98EX168).

[62]  Darren D. Cofer,et al.  Model-Checking of Safety-Critical Software for Avionics , 2008, ERCIM News.

[63]  S. Lampérière-Couffin,et al.  Formal Verification of the Sequential Part of PLC Programs , 2000 .

[64]  Diolino J. Santos Filho,et al.  Modeling of Programs and its Verification for Programmable Logic Controllers , 2008 .

[65]  Cheng Pang,et al.  Automatic model generation of IEC 61499 function block using net condition/event systems , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[66]  F. Vernadat,et al.  The tool TINA – Construction of abstract state spaces for petri nets and time petri nets , 2004 .

[67]  Angelo Perkusich,et al.  On the automatic generation of timed automata models from ISA 5.2 diagrams , 2007, 2007 IEEE Conference on Emerging Technologies and Factory Automation (EFTA 2007).

[68]  G. Frey,et al.  A Toolbox for the Development of Logic Controllers using Petri Nets , 2006, 2006 8th International Workshop on Discrete Event Systems.

[69]  H.-M. Hanisch,et al.  Modeling of PLC behavior by means of timed net condition/event systems , 1997, 1997 IEEE 6th International Conference on Emerging Technologies and Factory Automation Proceedings, EFTA '97.

[70]  Jean-Jacques Lesage,et al.  Controller design for an FMS using Signal Interpreted Petri Nets and SFC: Validation of both descriptions via model-checking , 2002, Proceedings of the 2002 American Control Conference (IEEE Cat. No.CH37301).

[71]  Alois Knoll,et al.  Model Checking Industrial Robot Systems , 2011, SPIN.

[72]  H. X. Willems Compact Timed Automata for PLC Programs , 2007 .

[73]  Ernst-Rüdiger Olderog,et al.  Correct Real-Time Software for Programmable Logic Controllers , 1999, Correct System Design.

[74]  Iwona Grobelna,et al.  Formal verification of embedded logic controller specification with computer deduction in temporal logic , 2011 .

[75]  A. Gacsadi,et al.  Design of safe PLC programs by using Petri nets and formal methods , 2010, ICIA 2010.

[76]  R. BurchJ.,et al.  Symbolic model checking , 1992 .

[77]  Bruce H. Krogh,et al.  Formal verification of PLC programs , 1998, Proceedings of the 1998 American Control Conference. ACC (IEEE Cat. No.98CH36207).

[78]  Henning Dierks PLC-automata: a new class of implementable real-time automata , 2001, Theor. Comput. Sci..

[79]  Jürgen Haufe,et al.  Formal verification of UML-modeled machine controls , 2009, 2009 IEEE Conference on Emerging Technologies & Factory Automation.

[80]  Anne Elisabeth Haxthausen,et al.  Object Code Verification for Safety-Critical Railway Control Systems , 2007 .

[81]  Ansgar Fehnker,et al.  Verification and optimization of a PLC control schedule , 2000, International Journal on Software Tools for Technology Transfer.

[82]  Hanno Wupper,et al.  Design of a PLC Control Program for a Batch Plant VHS Case Study , 2001, Eur. J. Control.

[83]  Thierry Gautier,et al.  Programming real-time applications with SIGNAL , 1991, Proc. IEEE.

[84]  Lothar Litz,et al.  Formal methods in PLC programming , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[85]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[86]  Emilia Villani,et al.  A proposal and verification of a software architecture based on LabVIEW for a multifunctional robotic end-effector , 2013, Adv. Eng. Softw..

[87]  Sang C. Park,et al.  Generation of PLC Ladder Diagram Using Modular Structure , 2008, 2008 International Conference on Computational Intelligence for Modelling Control & Automation.

[88]  Aida Causevic,et al.  Applying REMES behavioral modeling to PLC systems , 2009, 2009 XXII International Symposium on Information, Communication and Automation Technologies.

[89]  Benoît Combemale,et al.  Ladder Metamodeling and PLC Program Validation through Time Petri Nets , 2008, ECMDA-FA.

[90]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[91]  Emanuele Carpanzano,et al.  Model-Checking based Verification approach for advanced Industrial Automation solutions , 2010, 2010 IEEE 15th Conference on Emerging Technologies & Factory Automation (ETFA 2010).

[92]  Georg Frey Hierarchical Design of Logic Controllers Using Signal Interpreted Petri Nets , 2003, ADHS.

[93]  Norbert Giambiasi,et al.  A formal verification approach for DEVS , 2007, SCSC.

[94]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[95]  Doaa Soliman,et al.  Verification and validation of safety applications based on PLCopen safety function blocks , 2011 .

[96]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[97]  Henning Dierks Comparing model checking and logical reasoning for real-time systems , 2004, Formal Aspects of Computing.

[98]  Faron Moller,et al.  Verification of Solid State Interlocking Programs , 2013, SEFM Workshops.

[99]  Darren D. Cofer,et al.  Software model checking takes off , 2010, Commun. ACM.

[100]  전승재,et al.  Verification of function block diagram through verilog translation = Verilog 변환을 이용한 FBD의 정형검증 , 2007 .

[101]  Olaf Stursberg,et al.  Verification of PLC Programs Given as Sequential Function Charts , 2004, SoftSpez Final Report.

[102]  Olaf Stursberg,et al.  Verification of logic controllers for continuous plants using timed condition/event-system models , 1999, Autom..

[103]  Stefan Kowalewski,et al.  Arcade.PLC: a verification platform for programmable logic controllers , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[104]  Bruce H. Krogh,et al.  On condition/event systems with discrete state realizations , 1991, Discret. Event Dyn. Syst..

[105]  Philippe Schnoebelen,et al.  Towards the automatic verification of PLC programs written in Instruction List , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[106]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[107]  Thomas A. Henzinger,et al.  A User Guide to HyTech , 1995, TACAS.

[108]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[109]  Lothar Litz,et al.  Model checking of signal interpreted Petri nets , 2001, 2001 IEEE International Conference on Systems, Man and Cybernetics. e-Systems and e-Man for Cybernetics in Cyberspace (Cat.No.01CH37236).

[110]  Jussi Lahtinen Model checking timed safety instrumented systems , 2008 .

[111]  Ralf Huuck,et al.  Towards automatic verification of embedded control software , 2001, Proceedings Second Asia-Pacific Conference on Quality Software.

[112]  Junbeom Yoo,et al.  A Verification Framework for FBD Based Software in Nuclear Power Plants , 2008, 2008 15th Asia-Pacific Software Engineering Conference.

[113]  Jaeil Park,et al.  Timed-MPSG: A Formal Model for Real-Time Shop Floor Controller , 2006, 2006 International Conference on Computational Inteligence for Modelling Control and Automation and International Conference on Intelligent Agents Web Technologies and International Commerce (CIMCA'06).

[114]  Daniel Sundmark,et al.  Model-Based Test Suite Generation for Function Block Diagrams Using the UPPAAL Model Checker , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[115]  Hans-Dieter Ehrich,et al.  Model Checking PLC Software Written in Function Block Diagram , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[116]  Alessio Ferrari,et al.  The Metrô Rio case study , 2013, Sci. Comput. Program..

[117]  Ilkka Niemelä,et al.  Model checking of safety-critical software in the nuclear engineering domain , 2012, Reliab. Eng. Syst. Saf..

[118]  Ralf Huuck,et al.  Software verification for programmable logic controllers , 2006 .

[119]  Kurt Jensen,et al.  Coloured Petri Nets: Modelling and Validation of Concurrent Systems , 2009 .

[120]  Michael Tiegelkamp,et al.  IEC 61131-3: Programming Industrial Automation Systems , 2001, Springer Berlin Heidelberg.

[121]  Fausto Giunchiglia,et al.  NUSMV: A New Symbolic Model Verifier , 1999, CAV.

[122]  David L. Dill,et al.  The Murphi Verification System , 1996, CAV.

[123]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.