A User-Friendly Verification Approach for IEC 61131-3 PLC Programs

Programmable logic controllers (PLCs) are special embedded computers that are widely used in industrial control systems. To ensure the safety of industrial control systems, it is necessary to verify the correctness of PLCs. Formal verification is considered to be an effective method to verify whether a PLC program conforms to its specifications, but the expertise requirements and the complexity make it hard to be mastered and widely applied. In this paper, we present a specification-mining-based verification approach for IEC 61131-3 PLC programs. It only requires users to review specifications mined from the program behaviors instead of model checking for specified specifications, which can greatly improve the efficiency of safety verification and is much easier for control system engineers to use. Moreover, we implement a proof-of-concept tool named PLCInspector that supports directly mining LTL specifications and data invariants from PLC programs. Two examples and one real-life case study are presented to illustrate its practicability and efficiency. In addition, a comparison with the existing verification approaches for PLC programs is discussed.

[1]  Djones Lettnin,et al.  A Survey on Formal Verification Techniques for Safety-Critical Systems-on-Chip , 2018 .

[2]  Sanjit A. Seshia,et al.  Scalable specification mining for verification and diagnosis , 2010, Design Automation Conference.

[3]  Jan Olaf Blech,et al.  Modelling and Formal Verification of Timing Aspects in Large PLC Programs , 2014 .

[4]  Doaa Soliman,et al.  Transformation of Function Block Diagrams to UPPAAL timed automata for the verification of safety applications , 2012, Annu. Rev. Control..

[5]  James R. Larus,et al.  Mining specifications , 2002, POPL '02.

[6]  Manuvir Das,et al.  Perracotta: mining temporal API rules from imperfect traces , 2006, ICSE.

[7]  Tolga Ovatman,et al.  An overview of model checking practices on verification of PLC software , 2014, Software & Systems Modeling.

[8]  John Johnson,et al.  Compositional Approach to Distributed System Behavior Modeling and Formal Validation of Infrastructure Operations with Finite State Automata: Application to Viewpoint-Driven Verification of Functionality in Waterways , 2018, Syst..

[9]  Diolino J. Santos Filho,et al.  Modeling of Programs and its Verification for Programmable Logic Controllers , 2008 .

[10]  Chang Ho Lee,et al.  Simulation framework for the verification of PLC programs in automobile industries , 2011 .

[11]  Andreas Zeller,et al.  Generating test cases for specification mining , 2010, ISSTA '10.

[12]  Stefan Kowalewski,et al.  Direct Model Checking of {PLC} Programs in {IL} , 2009 .

[13]  Sang C. Park,et al.  Plant model generation for PLC simulation , 2010 .

[14]  Víctor M. González Suárez,et al.  Model-based automated testing of critical PLC programs , 2013, 2013 11th IEEE International Conference on Industrial Informatics (INDIN).

[15]  Dániel Darvas,et al.  PLC Program Translation for Verification Purposes , 2017 .

[16]  Jean-Marie Farines,et al.  Automatic test of safety specifications for PLC programs in the Oil and Gas Industry , 2015 .

[17]  Ivan Beschastnikh,et al.  General LTL Specification Mining (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[18]  Víctor M. González Suárez,et al.  Applying Model Checking to Industrial-Sized PLC Programs , 2015, IEEE Transactions on Industrial Informatics.

[19]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..