Detecting Races in Relay Ladder Logic Programs

Relay Ladder Logic (RLL) [4] is a programming language widely used for complex embedded control applications such as manufacturing and amusement park rides. The cost of bugs in RLL programs is extremely high, often measured in millions of dollars (for shutting down a factory) or human safety (for rides). In this paper, we describe our experience in applying constraint-based program analysis techniques to analyze production RLL programs. Our approach is an interesting combination of probabilistic testing and program analysis, and we show that our system is able to detect bugs with high probability, up to the approximations made by the conservative program analysis. We demonstrate that our analysis is useful in detecting some flaws in production RLL programs that are difficult to find by other techniques.

[1]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[2]  Nevin Charles Heintze,et al.  Set based program analysis , 1992 .

[3]  Alexander Aiken,et al.  Type inclusion constraints and type inference , 1993, FPCA '93.

[4]  Zhendong Su,et al.  Automatic Analysis of Relay Ladder Logic Programs , 1997 .

[5]  Edmund M. Clarke,et al.  Automatic verification of asynchronous circuits using temporal logic , 1986 .

[6]  Edmund M. Clarke,et al.  Automatic Verification of Sequential Circuits Using Temporal Logic , 1986, IEEE Transactions on Computers.

[7]  Somesh Jha,et al.  Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..

[8]  Leon J. Osterweil,et al.  Data Flow Analysis in Software Reliability , 1976, CSUR.

[9]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[10]  R. H. Carver,et al.  Integrating formal methods and testing for concurrent programs , 1995, COMPASS '95 Proceedings of the Tenth Annual Conference on Computer Assurance Systems Integrity, Software Safety and Process Security'.

[11]  Manuel Fähndrich,et al.  Making Set-Constraint Based Program Analyses Scale , 1996 .

[12]  Alexander Aiken,et al.  Soft typing with conditional types , 1994, POPL '94.

[13]  Gerard J. Holzmann,et al.  Design and validation of computer protocols , 1991 .

[14]  Robin Milner,et al.  Definition of standard ML , 1990 .