Sven Lohmann

Verification of PLC Programs Given as Sequential Function Charts

Programmable Logic Controllers (PLC) are widespread in the manufacturing and processing industries to realize sequential procedures and to avoid safety-critical states. For the specification and the implementation of PLC programs, the graphical and hierarchical language Sequential Function Charts (SFC) is increasingly used in industry. To investigate the correctness of SFC programs with respect to a given set of requirements, this contribution advocates the use of formal verification. We present two different approaches to convert SFC programs algorithmically into automata models that are amenable to model checking. While the first approach translates untimed SFC into the input language of the tool Cadence SMV, the second converts timed SFC into timed automata which can be analyzed by the tool Uppaal. For different processing system examples, we illustrate the complete verification procedure consisting of controller specification, model transformation, integration of dynamic plant models, and identifying errors in the control program by model checking.

Analysis of Logic Controllers by Transformation of SFC into Timed Automata

This paper proposes an approach to connect Sequential Function Charts (SFC), an industrially recognized and used description of logic controllers, to algorithmic verification. Based on a rigorous syntactical and semantical definition of SFC, the paper describes a formal scheme to generate a corresponding model represented by synchronized Timed Automata (TA). The latter model can be composed with a plant model specified as timed or hybrid automata. In order to verify safety properties for the controlled system, existing algorithms for model checking can eventually be applied to the composition.

Algorithmic verification of logic controllers given as sequential function charts

The a-posteriori analysis of logic controllers can be a suitable means to detect design flaws if the controller was not developed by a synthesis algorithm that correctly considered all relevant requirements. This paper advocates the verification of logic controllers with a special focus on the following three issues: (a) the control code is given as a sequential function chart (SFC), a description language becoming increasingly popular for industrial controllers; (b) the cyclic operation mode of the hardware on which the controllers is implemented is taken into account; (c) specifications of the control logic that include timers and the real-time behavior of the controlled plant are considered. We propose an approach in which the SFC controller is first translated into a timed automaton using an algorithm that explores a special graph grammar. The automaton can then be composed with a timed automaton modeling the plant behavior, and model-checking of the composition reveals whether a given set of requirements is fulfilled. All steps of the procedure are illustrated for the example of a controlled evaporation system

Improving dependability of logic controllers by algorithmic verification

Abstract Functional safety, as addressed in the standard IEC 61508, is a key requirement for a high dependability of controlled systems. In order to guarantee that the function of programmable logic controllers (PLC) complies with given safety specifications, the use of verification has proven to be useful. This contribution builds upon a recently proposed approach to verify PLC programs with time specifications. It starts from a controller design given as sequential function chart (SFC), transforms the SFC into timed automata (TA), and applies model checking to verify (or falsify) functional safety. Since the explicit representation of the cyclic operation mode of PLC can lead to complex TA models, this paper investigates to which extent the cyclic mode can be omitted, to obtain simplified models for which the verification effort is considerably smaller.

VERIFICATION OF EMBEDDED SUPERVISORY CONTROLLERS CONSIDERING HYBRID PLANT DYNAMICS

This contribution proposes a link between the specification of supervisory controllers by Sequential Function Charts (SFC) and the verification of embedded systems with hybrid dynamics. The SFC are transformed into modular timed automata using a procedure based on graph grammars. The resulting controller model is composed with a hybrid automaton (with possibly nonlinear continuous dynamics) that models the plant behavior. In order to verify safety properties of the composed system algorithmically, a tool implementing the recently proposed approach of counterexample guided model checking is employed. The procedure is illustrated for a processing system example.

Comparison of Event-Triggered and Cycle-Driven Models for Verifying SFC Programs

As a complement to testing procedures, verification techniques as e.g. model checking have been proposed to analyze logic controllers specified as sequential function charts (SFC). For the success of these techniques suitable execution models of the SFC and of the programmable logic controllers (PLC) on which the SFC are implemented and operated in practice are crucial. This paper investigates and compares two different suggested transformation schemes for mapping SFC into timed automata (TA): an event-triggered and a cycle driven scheme. For the example of a laboratory experiment, the paper shows how the schemes lead to TA models of the controller which can, when complemented with appropriate plant models, be used for verifying properties as e.g. safety by employing the software tool UPPAAL. The event-triggered transformation scheme is found to lead to considerably smaller TA models and hence to be more suitable for verification purposes.

Systematic Logic Controller Design as Sequential Function Chart Starting from Informal Specifications

Abstract Todays automation industry is driven by the need for an increased productivity, higher flexibility, and higher individuality, and characterized by tailor-made and more complex control solutions. In the processing industry, logic controller design is often a manual, experience-based, and thus an error-prone procedure. Typically, the specifications are given by a set of informal requirements and a technical flowchart and both are used to be directly translated into the control code. This paper proposes a method in which the control program is constructed as a sequential function chart (SFC) by transforming the requirements via clearly defined intermediate formats. For the purpose of analysis, the resulting SFC can be translated algorithmically into timed automata. A rigorous verification can be used to determine whether all specifications are satisfied if a formal model of the plant is available which is then composed with the automata model of the logic controller (LC).

Systematic Design of Logic Controllers for Processing Plants starting from Informal Specifications

Abstract In contrast to industrial practice in logic controller design, where manual, experience-based, and thus error-prone procedures are commonly used, this paper proposes a methodology that aims at systematizing the design procedures as much as possible. Given a set of informal specifications and a technical flowchart, the control program is constructed as a sequential function chart (SFC) by transforming the requirements via clearly defined intermediate formats. The resulting SFC can be translated algorithmically into timed automata, composed with an appropriate plant model, and then rigorous verification can be used in order to analyze whether all specifications are satisfied.

OPTIMIZATION-BASED SAFETY ANALYSIS OF AN INDUSTRIAL-SCALE EVAPORATION SYSTEM WITH HYBRID DYNAMICS

Abstract While current approaches for the safety verification of hybrid systems yield rigorous proofs for system safety, their applicability is restricted to relatively small systems. In this paper, the safety properties of a large-scale industrial processing system with hybrid dynamics are investigated using two optimization-based approaches. While the first approach regards the hybrid system as a black box (i.e. only considers the inputoutput behavior) and attempts to determine worst-case scenarios by embedded hybrid simulation, the second approach additionally takes the internal structure of the system into account and employs theorem proving techniques to rigorously show certain properties of the system.

Iterative Specification Refinement in Deriving Logic Controllers

Abstract In this paper the refinement procedure of informal requirements in the context of an earlier proposed systematic procedure for logic controller design as sequential function chart (SFC) is described in detail. The use of two data formats is proposed: dependency charts (DC) and function tables (FT) that support hierarchy and modularization and are refined iteratively until a final degree of detail is reached from which the logic controller as SFC can be generated algorithmically.