Jean-Marc Faure

Efficient representation for formal verification of PLC programs

This paper addresses scalability of model-checking using the NuSMV model-checker. To avoid or at least limit combinatory explosion, an efficient representation of PLC programs is proposed. This representation includes only the states that are meaningful for properties proof. A method to translate PLC programs developed in structured text into NuSMV models based on this representation is described and exemplified on several examples. The results, state space size and verification time, obtained with models constructed using this method are compared to those obtained with previously published methods so as to assess efficiency of the proposed representation

Evaluation of response time in ethernet-based automation systems

This paper presents a method to assess response time of automation system architectures including industrial switched Ethernet networks using client/server protocols. The method relies upon modeling the behavior of the components of these architectures in the form of hierarchical timed colored Petri nets and upon simulation of these models. A case study exemplifies the method and shows how it can facilitate design of automation systems including this kind of industrial Ethernet networks.

LOGIC CONTROLLERS DEPENDABILITY VERIFICATION USING A PLANT MODEL

Abstract This paper focuses on usefulness of a plant model for model-checking of untimed properties of logic controllers. Verification results obtained on a case study by using the symbolic model-checker NuSMV and three methods: verification of the only controller, constraints-based verification, in which the plant is simply modeled as a set of physical constraints, and model-based verification, that relies on a detailed model of the plant, are presented. The results yielded by these approaches enable to draw up application rules for formal verification of logic controllers.

- Performance analysis of industrial ethernet networks by means of timed model-checking

Ethernet networks are promising for the harmonization of the communication technologies in manufacturing automation but they have not been specifically intended for industrial control applications. Investigations have thus become necessary to evaluate their performance. Most analysis approaches use probabilistic models to validate the systems behavior. However, if the deterministic behavior of a system needs to be ensured exhaustively, formal verification techniques, like model-checking are more appropriate. Unfortunately the state-space explosion problem constitutes a serious obstacle. Considering a real-time Ethernet network as a case-study, this paper describes sophisticated modeling-techniques, which help to alleviate the state-space explosion, for the timed model-checker Uppaal.

Improving large-sized PLC programs verification using abstractions

This paper proposes a formal representation of logic controllers programs that is aiming at improving scalability of model-checking techniques, when verifying controllers extrinsic properties. This representation includes only the states which are meaningful for properties proof and minimizes the number of variables that feature each state. Comparison with previously proposed representations, on the basis of three increasing complexity examples, validates this representation and quantifies its efficiency.

Overview of discrete event systems opacity: Models, validation, and quantification

Abstract Over the last decade, opacity of discrete event systems (DES) has become a very fertile field of research. Driven by safety and privacy concerns in network communications and online services, much theoretical work has been conducted in order to design opaque systems. A system is opaque if an external observer in unable to infer a “secret” about the system behavior. This paper aims to review the most commonly used techniques of opacity validation for deterministic models and opacity quantification for probabilistic ones. Available complexity results are also provided. Finally, we review existing tools for opacity validation and current applications.

Measuring the impact of vertical integration on response times in ethernet fieldbuses

The introduction of Ethernet and Internet technologies in the fieldbuses of automation systems widely facilitates vertical integration. Control functions can coexist more easily with higher level functions such as supervision, production reporting or maintenance. But what does the response time of the control function become when architecture components -e.g. controllers, remote input-output modules or fieldbuses -are requested in parallel by other functions? In this paper, we focus on switched Ethernet-based fieldbuses using Modbus TCP/IP. The evaluation of the impact of vertical integration on the response time of control functions is obtained from a series of measurements on a real system. A great number of response times were measured with a specific automated equipment that we developed. Three types of load on the control architecture are studied: traffic on fieldbuses, requests on controllers and requests on remote input-output modules. The analysis of the measurement results shows which level of vertical integration can be reasonably allowed, taking into account the required response times.

An algebraic approach for PLC programs verification

This article presents a verification based on a specific Boolean algebra, called II, and symbolic reasoning on equations defined in this algebra. The formal definition of this algebra enables to model binary signals that include variables states, events, as well as physical delays between events. The behavior of the generic function blocks of the IEC 61131 standard as well as of PLC programs using these function blocks can be described in this algebra. Properties proof on PLC programs is performed by demonstrating, from the program, the formulas that express in the II algebra the properties to be proved.

Generation of Single Input Change Test Sequences for Conformance Test of Programmable Logic Controllers

Conformance test is a functional test technique which is aiming to check whether an implementation, seen as a black-box with inputs/outputs, conforms to its specification. Numerous theoretical worthwhile results have been obtained in the domain of conformance test of finite state machines. The optimization criterion, which is usually selected to build the test sequence, is the minimum-length criterion. Based on experimental results, this paper focuses on the generation of a single input change (SIC) test sequence from a specification model represented as a Mealy machine; such a sequence is aiming at preventing from erroneous test verdicts due to incorrect detection of synchronous input changes by the programmable logic controller (PLC) under test. A method based on symbolic calculus to obtain the part of the specification that can be tested with a SIC sequence is first presented. Then, an algorithm to build the SIC test sequence is detailed; three solutions are proposed, according to the connectivity properties of the SIC-testable part.

Methods for Safe Control Systems Design and Implementation

This paper is the introductory one of the Safe control systems session. A classification of methods contributing to control systems safety is proposed in order to place the five other papers of this session and to show that they are complementary. This classification is based on a life-cycle criterion. Focusing then on discrete event systems safety, we point out the relationships between state space synthesis and analysis and system safety. This enables a more formal approach of safe control design and implementation.