Automatic verification of ladder logic programs

Download PDF
4 downloads 0 Views 187KB Size Report
Comment
Email: [email protected].uk .... The timed automata formalism [2] is a modelling language ... automaton model and the model specification as inputs, checks.
Towards automatic verification of ladder logic programs Bohum´ır Zoubek

Jean-Marc Roussel

Marta Kwiatkowska

School of Computer Science The University of Birmingham Birmingham, B15 2TT United Kingdom Email: [email protected]

LURPA Ecole Normale Superieure De Cachan 61, Avenue du Pr´esident Wilson 94235, Cachan Cedex, France Email: [email protected]

School of Computer Science The University of Birmingham Birmingham, B15 2TT United Kingdom Email: [email protected]

Abstract— Control system programs are usually validated by testing prior to their deployment. Unfortunately, testing is not exhaustive and therefore it is possible that a program which passed all the required tests still contains errors. In this paper we apply techniques of automatic verification to a control program written in ladder logic. A model is constructed mechanically from the ladder logic program and subjected to automatic verification against requirements that include timing. This consists of an exhaustive search of the model of the program, thus eliminating the drawback of testing. We believe that automatic verification can substantially enhance current validation procedures for control programs.

control programs by offering the programmer the functionality of checking for desirable conditions, using notations readily understood in the control engineering domain, and hiding the complexity of model construction inside the tool itself.

I. I NTRODUCTION

Programmable Logic Controllers (hereafter PLCs) are used as a hardware platform on which a control program is executed, and are connected to the process unit via an input/output system. PLCs are, in fact, industrial computers specifically designed to be used as control systems. Programs for PLCs can be written in one or more languages standardized by IEC 61131-3 [1] and are executed in cycles with three main steps (Fig. 1). First, the inputs of the control system are read and their values stored in memory. Then the program is executed using the stored input values, and all computed values of outputs are also stored. As the last step, all outputs are activated based on their values in the memory. The length of a PLC cycle is called the PLC scan.

In this section we introduce the domain of application for our methodology, and explain the main concepts and formalisms used. A. Programmable Logic Controller

Inputs scan

Program execution

PLC scan

Control systems are used in many applications of process control all around the world. Their uses range from small applications such as building alarm systems to larger applications such as production factories and nuclear power plants. Any fault can cause injury or loss of life and environmental or economical damage. Factory downtime in all cases only adds to the overall cost of the failure. Programs for control systems are currently validated by testing. A set of tests for each program is executed in order to establish the compliance or otherwise of the program with its specification. The main disadvantage of such program testing is that it is not exhaustive, which creates the possibility of a program being successfully tested and still containing errors. This risk can be reduced by verification of control programs. This paper demonstrates the application of automatic verification techniques on a small control program written in ladder logic against non-trivial specifications. The framework introduced in this paper is intended as an add-on extension to a typical control programming toolbox. We focus on ladder logic, one of the standardized programming languages for Programmable Logic Controllers. After a ladder logic program has been developed with the help of the toolbox in the usual way, it is input by our software tool which first performs a transformation of the program into a model known as a timed automaton. The model is then entered into a pre-existing tool called model checker. The model checker accepts specifications and explores the model in order to establish if each specification holds; if not, a diagnostic trace is produced. The central idea is to improve reliability of

II. T ERMINOLOGY AND FORMALISMS

Outputs activation

Fig. 1 PLC

PROGRAM EXECUTION CYCLE

B. Ladder logic Ladder logic, one of the standardized languages for PLCs, is a graphical programming language with a representation similar to that of circuit diagrams. Programs written in ladder

logic look like ladders, with commands written into rungs, and are executed rung by rung. Commands are represented by means of symbols of the electrical engineering domain and the complete set of instructions varies slightly from one manufacturer to another. An example of a rung can be seen in Fig. 2. One way to think about ladder logic is that the left side of the ladder is subjected to a power source, and this power is trying to reach the right side of it along each rung. The pictured rung consists of two instructions (left to right): examine if closed and output energize. The first instruction checks the value of the L1 PROD variable, and if true it allows the power through. The second instruction sets the value of L1 UP to true, if it can be reached by the power, or to false otherwise. For our purposes we define two groups of ladder logic instructions: conditions and actions. The first instruction in the above is a condition and the second one is an action.

Fig. 2 A LADDER

LOGIC RUNG

Rung continuity arises if the power source is able to reach the right-hand side of the rung. Such a rung is said to be continuous. C. Timed automata The timed automata formalism [2] is a modelling language that allows us to describe the behaviour of systems by means of finite state automata diagrams extended with clocks and time constraints. For example, consider a model of a system which consists of three states A, B, C and whose possible transitions are A−→B, B−→C, C−→A and C−→B. We obtain the finite state automaton shown in Fig. 3.

A

B

C Fig. 3 F INITE STATE AUTOMATON

Such a system can be extended with clocks and time constraints. A clock of the system is a variable that is increased at the same rate as time. Clocks can be reset or assigned some new (integer) value. Time constraints are based on predefined clocks and can be of two types. Invariants define a time interval for which the system can remain in a state and guards enable transitions within a time interval. To illustrate the main concepts, we impose time constraints based on clock c on the finite state automaton of Fig. 3. The automaton is to behave periodically in the interval c ∈ [0, 15) in such a way that it may stay in A when c ∈ [0, 10), it

may move to B if c ≥ 5, it may stay in B if c < 15 and it may stay in C as long as c < 5. Moreover, the clock c is reset when the system takes the transition B−→C. c < 10

A

c >= 5

c < 15

B

c := 0

C c

Suggest Documents

Automatic verification of ladder logic programs

Automatic verification of ladder logic programs
Read more
LADDER LOGIC

LADDER LOGIC
Read more
2Basic Ladder Logic Programming

2Basic Ladder Logic Programming
Read more
Regular contribution Detecting races in Relay Ladder Logic programs

Regular contribution Detecting races in Relay Ladder Logic programs
Read more
Detecting Races in Relay Ladder Logic Programs - Microsoft

Detecting Races in Relay Ladder Logic Programs - Microsoft
Read more
The Basics of Ladder Logic

The Basics of Ladder Logic
Read more
15. LADDER LOGIC FUNCTIONS

15. LADDER LOGIC FUNCTIONS
Read more
A logical approach to the verification of functional-logic programs

A logical approach to the verification of functional-logic programs
Read more
Simple On-the-fly Automatic Verification of Linear Temporal Logic

Simple On-the-fly Automatic Verification of Linear Temporal Logic
Read more
Automatic Verification of Dafny Programs with Traits - Microsoft

Automatic Verification of Dafny Programs with Traits - Microsoft
Read more
Towards the automatic verification of PLC programs ... - CiteSeerX

Towards the automatic verification of PLC programs ... - CiteSeerX
Read more
Automatic Verification for Interactive Graphical Programs - College of ...

Automatic Verification for Interactive Graphical Programs - College of ...
Read more
Towards the automatic verification of PLC programs ... - CiteSeerX

Towards the automatic verification of PLC programs ... - CiteSeerX
Read more
Automatic Verification of Java Programs with Dynamic Frames - Core

Automatic Verification of Java Programs with Dynamic Frames - Core
Read more
Towards Automatic Verification of Erlang Programs by π–Calculus

Towards Automatic Verification of Erlang Programs by π–Calculus
Read more
Automatic Verification of Pointer Programs Using Grammar-Based ...

Automatic Verification of Pointer Programs Using Grammar-Based ...
Read more
Logic Programs as Types for Logic Programs

Logic Programs as Types for Logic Programs
Read more
20 Applying Ladder Logic - AutomationDirect.com

20 Applying Ladder Logic - AutomationDirect.com
Read more
Logic programs as types for logic programs - Logic in Computer ...

Logic programs as types for logic programs - Logic in Computer ...
Read more
Assertion based Inductive Verification Methods for Logic Programs

Assertion based Inductive Verification Methods for Logic Programs
Read more
Logic programs as types for logic programs - Logic in Computer ...

Logic programs as types for logic programs - Logic in Computer ...
Read more
A Primer on Separation Logic (and Automatic Program Verification ...

A Primer on Separation Logic (and Automatic Program Verification ...
Read more
Solving Digital Logic Assignments with Automatic Verification in ...

Solving Digital Logic Assignments with Automatic Verification in ...
Read more
Automatic Termination Verification for Higher-Order Functional Programs

Automatic Termination Verification for Higher-Order Functional Programs
Read more