modeling, verification, and implementation of plc ...

MODELING, VERIFICATION, AND IMPLEMENTATION OF PLC PROGRAM USING TIMED-MPSG

SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS OF THE DEGREE OF

DOCTOR OF PHILOSOPHY By DEVINDER THAPA

February, 2008

Department of Industrial & Information Systems Engineering Ajou University, South Korea

Graduate School of Ajou University Department of Industrial & Information Systems Engineering

MODELING, VERIFICATION, AND IMPLEMENTATION OF PLC PROGRAM USING TIMED-MPSG SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS OF THE DEGREE OF

DOCTOR OF PHILOSOPHY By DEVINDER THAPA

February, 2008 Approved by February, 2008 ---------------------------Dr. Gi Nam Wang, PhD (Advisor)

February, 2008 -------------------------------Dr. Sang C. Park, PhD (Committee Chair)

February, 2008 --------------------------Dr. Peom Park, PhD (Committee Member)

February, 2008 --------------------------------Dr. Jae IL Park, PhD (Committee Member)

February, 2008 -----------------------------Dr. Chun Jun Chul PhD (External Committee Member)

TABLE OF CONTENTS LIST OF FIGURES…………………………………………………….I

I

LIST OF TABLES…………………………………………………….IIIII ACKNOWLEDGEMENTS.…………………………………………….IIIIV ABSTRACT………………………………………………………….IV V

CHAPTER 1 INTRODUCTION……………………..…………….…….1 1 1.1. MOTIVATION AND BACKGROUND……….….……………………….1 1 1.2. SCOPE OF THIS THESIS………………….….……….……………….33 1.2.1. MAJOR CHALLENGES…………………….…………………..88 1.2.2.

CONTRIBUTION OF THIS THESIS……….......…………………..9 9

1.2.3.

SUMMARY…………………………………………………..9 9

1.3. ORGANIZATION OF THIS THESIS ………………….………………..1010

CHAPTER 2 LITERATURE REVIEW…………………………….1212 2.1 RELATED WORKS IN FORMAL MODELING AND PLC DESIGNING…..….1212 2.2 RELATED WORKS IN FORMAL VERIFICAITON OF CONTROLLER LOGICS....1414 2.3 RELATED WORKS IN AUTO-GENERATION OF PLC PROGRAM USING 18 FORMAL METHODS……………………………………………..…………...18

20 CHAPTER 3 PROPOSED METHOD………………….……..………….20 CHAPTER 4 MODELING CONTROLLER LOGIC USING TIMED-MPSG ..2222 4.1 INTRODUCTION……………………………………………….………..2222 4.1.1 MPSG (MESSAGE-BASED PART STATE GRAPH)……….….………2323 24 4.1.2 HIERARCHICAL ARCHITECTURE OF MPSG……………..…………..24 26 4.2 PROPOSED MODEL OF TIMED-MPSG…………………………..…………26 28 4.2.1 ALGORITHM OF TIMED-MPSG CONTROL FLOW………….…………28 30 4.2.2 TEMPORAL BEHAVIOUR OF TIMED-MPSG…………….……………30

4.3 MODELING CONTROLLER LOGIC USING TIMED-MPSG……..…………3232 4.3.1 IMPLEMENTATION METHODOLOGY……………………..………..4040 4.4 COMPARISON OF TIMED-MPSG WITH OTHER AUTOMATA……..………..4343 4.5 SUMMARY…………………………………………………..…………4646

CHAPTER 5 FORMAL VERIFICATION OF CONTROLLER LOGIC

47

5.1 INTRODUCTION………………………………………..………..………47 47 5.1.1 MODEL CHECKER SMV………………………………..…..……….49 49 5.1.2 COMPUTATIONAL TREE LOGIC (CTL)…………………..….………51 51 5.2 PROPOSED METHOD FOR CONTROLLER LOGIC VERIFICATION……..…….5353 5.3 CONTROLLER LOGIC DESIGN AND VERIFICATION PROCEDURE…….……5454 5.3.1 PROCESS SPECIFICAITON OF THE TARGETED SYSTEM…….……….5454 5.3.2 GRAPHICAL REPRESENTATION OF THE PROCESS SPECIFICAITON…………………………………………………..……..55 55

5.3.3 CONVERT TIMED-MPSG GRAPHICAL MODEL TO TEXTUAL FORMAT……………………………………………………….………..58 58

5.3.4 MAPPING TIMED-MPSG TO SMV NATIVE CODE ………........……….59 59 5.3.5 PROPERTY SPECIFICATION USING TEMPORAL LOGIC………………63 63 5.3.6 MODEL CHECKING AND COUNTER EXAMPLES……………………..64 64 5.4 SUMMARY …………………………………………...…………..…..65 65

CHAPTER 6 AUTO-GENERATION OF IEC STANDARD PLC CODE USING TIMED-MPSG ………………….……………………..6666

6.1 INTRODUCTION………………………….……………………..……….66 66 6.1.1 IEC 61131-3 STANDARD PROGRAMMABLE LOGIC CONTROLLER (PLC)………………………………….…………….67 67

6.2 PROPPOSED METHOD…………………………………….…..…………7373 6.3 LOGIC CONTROLLER DESIGNING AND CODE GENERATION PROCEDURE………………………………….……………….……7676

6.3.1 PROCESS SPECIFICATION OF THE TARGETED SYSTEM…….………….7676 6.3.2 GRAPHICAL REPRESENTATION OF THE PROCESS SPECIFICATION…………………………………….…….………….…7777

6.3.3. CONVERT TO INPUT.M

TEXT FILE…………………….…….…….…7777

6.3.4 SOFTWARE IMPLEMENTATION PROCEDURE FOR MAPPING TIMED-MPSG VARIABLE TO PLC CODE …………..…….….….7979

6.3.5 FINAL OUTPUT OF THE PLC BUILDER, IEC 61131-3 STANDARD PLC CODE AND SYMBOL I/O TABLE

……….…….…..……..80 80 6.3.6 SIMULATION USING SIEMENS STEP-7 AND PLCSIM ……..…….….…..82 82 6.3.7 DOWNLOAD GENERATED LOGIC PROGRAM TO REAL- PLC AND EXECUTION ………………………………………………….....……..82 82

6.4 SUMMARY…………………………………………………….....………83 83

CHAPTER 7 CONCLUSION AND FUTURE WORK………………………......84 84

BIBLIOGRAPHY………………………….………………………….86 86 94 APPENDIX (A): BASIC MATHEMATICS …………..…………..……………94 99 APPENDIX (B): TIMED-MPSG TEXT FILES ……………..……..…………..99

APPENDIX (C): SOURCE CODE TO GENERATE SYMBOL TABLE, SMV

106

INPUT CODE, AND IEC STANDARD PLC CODE ....…………….………..106

LIST OF FIGURES Figure 1.1 Top-down approaches ……………..…………….……….……….. 2 2 Figure 1.2 Bottom-up approaches……………….………………….………….3 3 Figure 1.3 Hierarchical structure of IEC standard program organization unit (POU) ..………………………………………….….……….…………...5 5 Figure 1.4 Hierarchical structure of Timed-MPSG…….………….…………..5 5 Figure 1.5 Mapping Timed-MPSG to SMV input code………..….…………..6 6 Figure 3.1 Proposed models for PLC modeling, verification, and implementation using Timed-MPSG………………….………….…….……..2020 25 Figure 4.1 Operational hierarchy of MPSG……………….……….….………25 31 Figure 4.2 Temporal behavior of the Timed-MPSG ……………….…………31 33 Figure 4.3 Layout of the shop floor control system …………………………..33 34 Figure 4.4 Graphical Representation of the Process Specification …………...34 Figure 4.5 Graphical Representation of the BigE1 (Workstation 1) Process Flow ...................................................................................................3535 Figure 4.6 Graphical Representation of the MH1(Robot Controller) Process Flow ...................................................................................................3636 Figure 4.7 Graphical Representation of the MP1 (Robot Controller) Process Flow ....................................................................................................3737 Figure 4.8 Graphical Representation of the BigE2 (Workstation 2) Process Flow ….............................................................................................3838 Figure 4.9 Graphical Representation of the MH2 (Workstation 2) Process Flow ……………………..................................................................3939 Figure 4.10 Graphical Representation of the MP2 (Workstation 2) Process Flow Input file for Timed-MPSG generator ………………………..4040 Figure 4.11 Implementation Methodology of the Timed-MPSG…………...4242 Figure 4.12 Mapping FSA to PLC…………………………………………...4444

Figure 4.13 Mapping Petri Net to PLC……………………………………….4444 Figure 4.14 Mapping Timed-MPSG to PLC………………………………....4545 Figure 4.15 Message based part oriented state graph……………………..….4545 Figure 5.1 a state transition graph and the corresponding computation tree....5151 Figure 5.2 Graphical Representation of the CTL Temporal Operators………5353 Figure 5.3 controller logic verification using formal method………………...5454 Figure 5.4 Layout of the shop floor control system…………………………..5555 Figure 5.5 Graphical representation of BigE (Workstation controller) …..…..5656 Figure 5.6 Graphical representation of MH (Material handler controller) .…..5656 Figure 5.7 Graphical representation of MP (Processing machine) ….………..5757 Figure 5.8 INPUT.M text file generated using Timed-MPSG graph ………...5959 Figure 6.1 Example of ladder diagram……………………………...….……..6969 Figure 6.2 Example of function block diagram …………..………...………..7070 Figure 6.3 Example of sequential function chart .…………………..………..7171 Figure 6.4 Proposed Method to convert Timed-MPSG based sequence of operation to IEC Standard PLC Code……………………………..….………7373 Figure 6.5 Layout of the shop floor control system…………………………..7777 Figure 6.6 Input.m text file generated using Timed-MPSG graph …….…….7979 Figure 6.7 Software Implementation Procedure of the Proposed Method…...8080 Figure 6.8 Verification of the Generated PLC Code using PLCSim…………8282 Figure 6.9 Implementation of the verified PLC code in the real-PLC………..8383

LIST OF TABLES Table 6.1 the IEC 61131 Development Languages……………………….....68 68 Table 6.2 an Example of Symbol Mapping to the PLC Physical Address..…76 76

ACKNOWLEDGEMENT I would, first and foremost, like to thank my supervisor, Professor Gi-Nam Wang, who provides me such an excellent opportunity to do this research under his kind supervision, and make my dream possible to achieve this doctoral degree at AJOU University, South Korea. I am also very grateful to Professor S. C. Park for his support and guidance throughout the duration of my thesis writing. I sincerely express my thanks to Professor Dongmin Shin in the Information & Industrial Systems laboratory at Hanyang University, for his precious advice. I am grateful to our project leader Dr. Chang Mok Park, and Professor J. L. Park for their consistent support and response for my research problems. In addition, many thanks to my colleagues in the ASECON laboratory, particularly Suraj Dangol, Insung Jung, Cho Ki-Heang, and Deepesh Man Shrestha for providing me all sort of moral and mental support. I will always remember the cordial research environment and fun stuffs in our laboratory. My heartfelt gratitude to my mom and dad in Nepal, they always inspired me to take the challenges in life. My special thanks are also due to my determinative wife, and intelligent son Tanis, as well as, my million dollar baby, Ilisa, for their patience, support, and care. Without their support it was not possible to accomplish this objective. Finally, I would like to acknowledge each and every individual who have supported me by any means during this period. This research work has been supported by the Korea Research Foundation Grant funded by Korean Government (MOEHRD, Basic Research Promotion Fund).

ABSTRACT In this thesis, we propose a method to model, verify, and generate IEC standard PLC code using Timed-MPSG. The objective of this research work is to reduce the development time of programmable logic controller, by automating the task of PLC code generation. Furthermore, we propose to use formal verification technique to reduce the error rate. For this purpose, we applied the TimedMPSG (Message Based Part State Graph), an extended finite state automaton, to model the sequence of operations, and model checking tool, SMV and temporal logic, to verify the specified properties of the model. Timed-MPSG is developed for generating execution module for the real-time shop floor controller system. It supervises the flow of part from one state to another state, considering the precondition of the system. The MPSG, superset of Timed-MPSG, has been used to generate non-PLC1 controller code, whereas, this research work generate IEC standard PLC code using Timed-MPSG. In addition, it validates the given model using formal verification technique. Even though, traditional approach like simulation, manual testing and virtual commissioning can be used to verify the PLC program, however, the integration of formal methods for verification is more desirable to validate the state model for hidden and subtle errors. In our proposed method, Timed-MPSG is used to model the formal specification of the controller system, which can be translated to textual format. Subsequently, the textual structure of Timed-MPSG can be translated to input 1

A non-PLC execution code means excluding PLC program defined by IEC 61131-3 such as LD, FBD, SFC, ST & IL.

code for model checker (SMV), because SMV takes finite state automata as an input model. Afterward, this input code combining with temporal logic is used to verify the dynamic behavior of the model. After the successful verification of Timed-MPSG model, it can be used as an input code for the PLC builder tool2. Subsequently, using this tool the textual definition can be automatically translated into IEC standard PLC code using one-to-one mapping technique. Finally, the generated code can be downloaded to software or hardware PLC for the purpose of simulation or real execution. The similarity in the hierarchical and modular architecture of Timed-MPSG, SMV, and IEC standard POUs, have made it convenient to transform from one form to another form. In the subsequent chapters, an illustration of shop floor controller of an automobile industry is provided to clarify the proposed approach. Keywords: Shop floor Control, Finite State Automata, Modeling and Verification (M&V), Model Checking, SMV, PLC, IEC 61131-3, Flexible Manufacturing System (FMS), Automobile Industry.

2

This tool is developed by adding an algorithm to the Timed-MPSG to generate IEC standard PLC program, algorithm and source code is given in appendix (E).

CHAPTER 1 INTRODUCTION 1.1 Motivation and Background The robustness of PLC devices has made them the de facto choice in the automobile industry as a process controller machine (H. Jack, 2005). A PLC device has multiple I/O functions and logic operation functions, and plays a central role in cell control (J. Jang, P. Koo, S. Nof, 1997). Similarly, PLC programs are the software counterpart of this machine. The design and development of this program for flexible manufacturing systems is a very complex process. Although it is easy to design logic programs for small systems, as the length of the program grows it becomes accordingly more complicated to design and verify the PLC code. On the contrary, the functional operation of any manufacturing unit should be smooth enough to run the operation without any work stoppage. A delay in generating the controlling code of processing devices may cause a major loss of revenue and goodwill. To avoid such circumstances, use of rapid modeling and compiling tools to generate IEC standard logic controller is an efficient method to reduce the PLC development time. Development of PLC programs using traditional approach is error-prone and time consuming job (G. Canet et al., 2000). As a result, a small change in process controller may drastically increase the rate of down-time and ramp-up time. Consequently, down-time and ramp-up time can cause the production delays; however, much effort has been given to follow some standard designing and verification techniques. One of efficient and effective ways to reduce

down-time and ramp-up time is formalization of informal specification and converting it into IEC standard PLC code. At the same time, the validity of model itself should be tested before generation of the execution code. Conventional techniques like simulation and visual animation can be used to verify the controller logic; however, the integrated use of formal methods for verification is more desirable to validate the state model for hidden and subtle errors.

Modeling based on Specification Visualization & formal verification

Error occurred

Simulation & Verification

Error free code generation

Auto Generation of Execution Code

Figure 1.1 Top-down approaches (Model based code generation)

The design and development of shop-floor controllers for distributed automated manufacturing systems is a very complex process. Looking at the existing research works there are two ways to design and develop the logic controller program, which can be classified as top-down approach and bottom-up approach as depicted in (Fig. 1.1 & Fig. 1.2). In the top down approach, we generate control codes from a model, whereas in the later approach we convert the controller code into automata model (D. Thapa et al, 2006). These models can be verified by software based model checking techniques such as SMV (K.L.Macmillion, 1992).

Even though, a bottom-up approach is suitable for the verification of already existing PLC program; however, it has some drawbacks like data redundancy, lack of information reusability and state explosion. On the other hand, top down approach is suitable for fast reconfiguration, formal verification, and auto-code generation of PLC program. In this thesis, we employed top down approach to design, verify, and implement the PLC program using Timed-MPSG.

Figure 1.2 Bottom-up approaches (converting control codes to automata and model checking)

1.2 Scope of this thesis The objective of this research work is to reduce the development and verification time of programmable logic controller. For this purpose, we

employed Timed-MPSG, it is an extension of MPSG (Message-based Part State Graph), presented by Smith, 2003. MPSG can automatically generate non-PLC execution programs for the shop floor controller. However, the method describes in this thesis is to generate an IEC standard PLC program. It will automate the task of controller system modeling, model verification, and implementation3 of PLC program. Timed-MPSG is based on a hierarchal and modular architecture. The concept of hierarchal & modular programming is characterized by the description of complex systems by separately defining an individual controller for each piece of equipment.

This reduces the complexity of modeling the distributed

controller system. Similarly, IEC standard has outlined the standard for integration of different function blocks in a hierarchical and modular manner. Favorably, sequential flow of messages in the Timed-MPSG is compatible with the operation of PLC systems, which is deterministic and sequential by nature. The similarity in the hierarchical structure of the Timed-MPSG and the IEC standard program organization units, allows it to be suitably translated from formal model to PLC code. As J. Karl-Heinz, T. Michael, 1995, described three types of POUs (program organization units) in IEC 61131-3: function, function block, and main program. As depicted in the figure 1.3, POUs correspond to blocks in previous programming systems. It can call each other with or without parameters. POUs are the smallest independent software units or a user program. Likewise, the main program represents the top of a PLC user program and has the ability to access the IOs (input/output) of the PLC, and to make them accessible to other POUs (J. Karl-Heinz, T. Michael, 1995). 3

Implementation in this sentence means auto-code generation of IEC standard PLC program.

Accordingly, the main program of the IEC corresponds to the supervisory controller, BigE, of Timed-MPSG as depicted in figure 1.4. In the IEC standard POUs, the main program sends and receives messages from subsequent function blocks, and functions. In the same manner, BigE establishes communication with equipment controllers, in the Timed-MPSG, using input/output messages. Meanwhile, the equipment controller checks the system preconditions and executes actions on physical devices. Similarly, in the IEC standard PLC program POUs checks preconditions and generates output signal. This output signal passes to the main program and finally invokes the actuator. In addition, a data block can be generated by using the input/output/task parameters of the Timed-MPSG, which can be mapped with the physical IO address of the PLC simulator. However, in the IEC standard POUs IO mapping is declared in the main program. Thus, mapping of BigE to the IEC main program and Timed-MPSG equipment controller to the IEC defined function block can be done to implement the proposed method.

Figure 1.3 Hierarchical structure of IEC standard program organization unit (POU)

Figure 1.4 Hierarchical structure of Timed-MPSG

One of the objectives of this thesis is the formal verification of controller logics using symbolic model verifier (SMV). Because of the hierarchical and modular architecture of Timed-MPSG, we propose a modular (compositional) verification technique. In this technique, we can decompose the different controller component into small parts or modules (Ben Lukoschus, 2005). It simplifies the programming and verification task, because it minimizes the number of modules that needed to compose for model checking. Eventually, we can integrate those modules, which are logically connected through messages and ports, to verify the requisite properties. The idea of modular verification of Timed-MPSG is to create individual device controller for each physical device and workstation controller for higher level controller. As shown in figure 1.5, BigE is a workstation controller, whereas, device controllers are classified as MH (Material handler), and MP (Material processing machine). The communication between these distributed models is done through a common router. Similarly, each distributed model of TimedMPSG can be mapped as an independent finite state module, which can be used as an input to the model checker SMV. Similarly, the router module in SMV is used to make an interface among these distributed components, as depicted in figure 1.5.

Figure 1.5 Mapping Timed-MPSG to SMV input code

In our proposed thesis, development of PLC program starts with a formal design of the shop floor controller system using Timed-MPSG. Thereafter, textual format of the Timed-MPSG is translated to native code of model checker, SMV. Subsequently, it can be combined with temporal logic to describe the required properties. Afterwards, model checking tool automatically verifies the model of the shop floor controller logic as per specified properties. In case of failure to satisfy the given properties, it produces counter examples. After the successful verification of specified properties, we can generate IEC standard PLC program (The International Electro Technical Committee, 1993). Subsequent chapters will describe the detail procedure with illustration to clarify our proposed method. However, the specific requirements of different industries cannot comply with a single standard solution. This thesis mainly focuses on the shop floor controller system of the automobile industry. The proposed approach considers the flow of a part in a work cell, in relation to flow of I/O messages. It assumes the shop floor controller system in a work cell consists of the part, sensors (input signal to PLC), and actuators (output signal from PLC to physical devices). In the

targeted research domain (automobile shop floor controller system), the part (car body) is the main object that flows in the system. Even though, Timed-MPSG is suitable for application as a modeling shop-floor controller, however, it would be inapplicable to modeling the control of a nonpart-oriented manufacturing line. Nevertheless, the advantage of using TimedMPSG for PLC design is the direct mapping of I/O messages to PLC code, whereas, state based machine have to solve intermediate variable to obtain the input messages (R. Devanathan, 1988).

1.2.1 Major challenges While implementing this approach, in the real industries, we face many problems which need to be considered before implementing in the large scale PLC based manufacturing line. A major problem regarding implementation was dealing with different vendor’s software like Rockwell, ABB, MELSEC, and SIEMENS4 . As an individual package they have pretty good properties and features, whereas, it is a cumbersome job to make integration between these various packages. There is a strong need to develop a low cost integrated package program with plug ‘n’ play capability for complete solutions of verification and validation of the controller logic. Even the IEC 61131-3 standard categorized 5 types of program languages; it’s a complex problem to make an integration among them. State explosion is another major problem; it confines the formal verification techniques to some simple applications. However, in real situation we need to 4

Some of the popular PLC software vendors, we deployed Siemens Step7 to test our program.

implement these techniques in a very huge and complex scenario. Tackling these problems, and full fledged deployment of this method to real system, is an open research area for academician as well as industrial researchers. In spite of this, changing scenario in the manufacturing industries may remove the old fashioned PLC with PC controlled environment. It has opened a new door in the field of formal modeling and verification of control logic programs. Whatever the changes may be the role and importance of Modeling, Verification, and implementation of control logics will not relegate. The method proposed in this thesis will be relevant in the PLC based manufacturing line for another 10 to 15 years.

1.2.2 Contribution of this thesis The objective of this thesis is to reduce the development and verification time of programmable logic controller by automating the task of PLC code modeling, verification and implementation using Timed-MPSG.

1.2.3 Summary We briefly summarized the main contributions of this thesis: 1) A novel approach of this thesis is to introduce temporal property in the MPSG model. Inclusion of temporal property in the MPSG model will be helpful to design and simulate the real-time shop floor controller systems. 2) Likewise, we used Timed-MPSG to model real-time shop floor controller system based on PLC.

3) Use of model checking tool SMV (symbolic model verifier) to formally verify the Timed-MPSG model is another contribution of this thesis. 4) In this thesis, we introduced the methodology to auto-generate IEC 61131-3 standard PLC program using Timed-MPSG. 5) Finally, we described step-by-step implementation methodology of the proposed approach to model and verify a shop floor controller of an automobile industry.

1.3 Organization of this thesis Organization of this thesis is as follows, Chapter 2 reviews related works in modeling, verification, and implementation of formal methods in a PLC based manufacturing line. Section 2.1 of this chapter describe the related works in use of formal modeling for PLC design, in section 2.2 related works in formal verification techniques has been explained. Similarly, section 2.3 reviewed the works done in auto-generation of PLC code using formal methods. Chapter 3 explains the proposed method to formally design, verify, and implement the controller logics in a PLC based manufacturing line. In chapter 4 we introduced the theoretical concept of Timed-MPSG. Section 4.1 introduced the background, architectural hierarchy of the MPSG, a superset of Timed-MPSG. Section 4.2 provides the details of Timed-MPSG and its algorithm, temporal behavior of the Timed-MPSG and its implementation methodology, respectively. Comparison of the Timed-MPSG with other

automata is briefly described in section 4.3; finally section 4.4 contains the summary of this chapter. Chapter 5 covers the formal verification of the controller logic design; Section 5.1 starts with general background of the formal verification approaches, introduction of symbolic model verifier (SMV) and temporal logic (CTL). In section 5.2, we described the propose method to verify the controller logic using SMV and CTL. Similarly, in section 5.3 step-by-step procedures is illustrated with example to clarify the methodology. Finally, section 5.4 contains the summary of this chapter. Chapter 6 starts with introduction to current development in IEC 61131-3 standard PLC programming, similarly section 6.2 explains the propose method to auto-generate IEC standard PLC programming using Timed-MPSG. Likewise, section 6.3 illustrate the logic controller designing and code generation procedure. An example of shop floor controller in an automobile industry provides to clarify the proposed approach. Finally, summary of the chapter is given in section 6.4. Chapter 7 concludes the thesis with summary of achievements and future research direction in this area.

At the end, the bibliographic list is attached as a ready reference to the comprehensive readers.

In addition, the subsequent appendix (A), (B), and (C) provides the basic mathematical terms and notions, details source code of the Timed-MPSG test

files, and algorithm with source code to generate symbol table, native code for SMV model checker, and IEC standard PLC program, respectively.

CHAPTER 2 LITERATURE REVIEW 2.1 Related Works in Formal Modeling and PLC Designing In this thesis, we propose Timed-MPSG to formalize and model the controller logic system. Timed-MPSG is an extended form of MPSG (Message-based Part State Graph). MPSG has been developed for the execution portion of shop-floor controllers that operate in a distributed and hierarchical control environment (J. S. Smith, S. B. Joshi and R. G. Quis, 2003). It describes the behavior of a controller from the ‘parts’ point of view, and each part within the domain of the controller is in a particular ‘state’ as described by the MPSG for that controller. It is based on deterministic finite state automata and represents the execution module of shop-floor controller as a communicating finite state machine. However, there is still no consideration for handling the time in the MPSG framework. We propose an extension of temporal properties in the MPSG to

model the real-time shop floor controller. These properties can be used to put time constraint on the event processing and make a time based performance analysis of the controller system; in addition, modeling and simulation of the real-time control systems (D. Thapa et al. (f), 2006). In this thesis, at chapter 4, we have described the conceptual notion and formal modeling methodology using Timed-MPSG. There are different modeling tools for handling real-time constraints such as Petri Nets, timed automata, DEVS, and PLC automata (B., H. and Mader, A. H., 2000). Petri net models are efficient for modeling concurrency, nondeterminism or conflicts, synchronization, merging, confusion, mutual exclusion, and priority (T. Murata, 1989, R. Zurawski and M. Zhou, 1994, S. Klein, G. Frey, and M. Minas, 2003). Similarly, a Petri net has been extended to timed versions which are known as deterministic timed Petri nets, colored Petri nets and timing constraint Petri nets (K. Feldmann et al., 1999). The timed Petri nets (PN) are based on two time values associated with each transition. The values constitute a time interval within which a transition is enabled and may fire. Similarly, a Real-Time UML is currently a well-received design modeling example in the real-time community (D. Bruce, P., 2004). These modeling techniques are good for real-time embedded systems. However, modeling complexity is one of the reasons for not using the UML or timed Petri nets (L.E.Holloway, B.H.Krogh, A.Guia, 1997) for PLC program designing and verification. DEVS is another modeling and simulation method. It is a matured modeling and simulation tools for discrete event specification systems (Z., Praehofer, and Kim, 2000). It can measure continues elapsed time or non linear time behavior

with discrete events. Reference work of H. Dierks, 2001, has deployed a new hybrid model called PLC automata. It can handle the real time problem of PLC using duration calculus or real-time temporal logic. It can check continues as well as discrete time behavior (L. E. Holloway et al). The PLC automata seem to be specially designed for controlling the low level controllers. The real time implementation

of

these

formal

techniques

for

the

designing

and

implementation of PLC program can be found rarely in an automobile industry. Other formal modeling approaches, like timed automata are a time extension of finite state machines, have the feature to check the time guard at transition, and invariance at location (R. Alur and D. L. Dill, 1994, A. Mader and H. Wupper, 1991). In addition, control-oriented real-time systems can be modeled by timed automata. It uses clock variable with synchronization features. In this model, events between the (ti, ti+1) clock ticks are assumed to occur at some unspecified time between these two intervals. It can share global variables including clock (continuous) and discrete. However, state-spaces of a real-time system modeled by a set of timed automata are generally very large and grow exponentially with the large time constant and the system degree of concurrency. In the context of PLC design, existing approaches have extra burden, which is to solve the intermediate variable in order to obtain the input signals. It requires every possible state of the system to be identified. Similarly, transition enabling and firings rules of PN are different concept than controller logic design. On the contrary, Timed-MPSG design is the direct mapping of I/O messages to PLC program and its similar architecture to IEC standard POUs.

2.2 Related works in formal verification of controller logics One of the additional objectives of this thesis is to formally verify the controller logic model of Timed-MPSG using symbolic model verifier (SMV). Reviews of the related works in this field are explained as follows. Most of the existing work of PLC verification & validation has been done either manually or by using simulation techniques (R. Susta, 2003). The changing trend of manufacturing market makes it more mandatory to check for the safety and liveness properties of the controller logics (K. Sukerkar, 2004). The literature reviews of existing approaches in contemporary research are explained as follows: 2.2.1 Existing verification techniques 2.2.1.1 Manual testing

This process starts with writing PLC program as per IEC 61131-3 standard (International Electro technical Commission, 2003) structure5. Thereafter, we can download the program to virtual (software) PLC and provide IO input through user interactive interface to check the logical flow of the program. For example, in our initial trial we used the S7prosim-OCX with Visual basic to create an interactive button. After that, we create an interface with Siemens softPLC (PLCSIM). Finally, we simulate the PLC program using manual Boolean IO signals. While doing this manual programming and testing practice, we found that it is very time consuming and error prone. Furthermore, it is very difficult to verify 5

However, non IEC standard PLC program are also used

all possible dynamic properties. It is also difficult to decompose complex PLC code manually (D. Thapa et al, 2006). 2.2.1.2 Visual simulation

In this technique, we have to make interface between PLC program and 3-D model for the visual commissioning. First of all, we need to create two way communications of the I/O signals between 3-D model and PLC program, which can be done by using PLC client and cell controller (3-D model) through middleware I/O mapper or OPC server. To develop this module, we deployed VC++ and IGRIP6. Using this architecture, PLC program can be tested visually. The user can provide the input through HMI interface, which can be designed by using Visual Basic (D. Thapa et al, 2006). However, this technique lacks the auto-generation of PLC program, and it requires specialized knowledge in 3-D modeling and socket programming. Furthermore, it can only verify the system's behavior for the particular stimulus that we provide. Some of the commercial products available in the market such as EM-PLC, and DELMIA V5 are trying to implement this architecture. Even though, EM-PLC can auto-generate the sequence of operations based on 3-D modeling information, and bar chart (S. Lee, M. Adam,J. Lee, 2006). However, the drawbacks of these techniques are heavy resource requirement such as CPU time and memory space. In addition, these techniques are not effective to find the hidden errors. As a matter of fact, it is the most popular approaches in the PLC based manufacturing line. Therefore, we suggested the integration of a formal modeling technique to this approach. It will be more appreciated in the area of controller logic developments. 6

IGRIP is a product of Delmia, which can be used to develop 3-D model for robotics.

2.2.1.3 Formal approaches

The importance of formal verification and existing model checking tools has been explained in ref. (G. Frey, 2000, S. Lamprire, 1999). However, these techniques have been mostly confined inside the academic research lab. Similarly, implementation of formal methods for the verification and validation has not been fully deployed in the manufacturing industries. These techniques are basically characterized into two parts, verification of existing PLC program or bottom up approach, and model driven verification or top down approach. 2.2.1.3.1 Bottom up approach

In this approach, we convert IEC standard PLC code to some automata like Petri Nets, or Timed Automata (S. Klein et al, 2003, G. Canet et al, 2000, H.X. Williams, 1999). To convert existing PLC program to state automata, we can use simple Context Free Grammar(CFG) (A.V.Aho, 1989), and generate parse tree, which can be mapped to intermediate language and finally translated into state model (H.X. Williams, 1999). After that, this model can be used as an input to the model checker, e.g. UPPAAL, KRONOS, and SMV. Meanwhile, we can use temporal logic based specification for property analysis such as liveness, rechability, and deadlock. This approach is suitable for the verification of already existing PLC codes; however it has some drawbacks such as data redundancy, lack of information reusability and state explosion problems (D. Thapa et al, 2006). 2.2.1.3.2 Top-down approach

In the top-down approach, we generate control codes from a model, whereas in the previous approach, we convert the controller code into automata model. In this approach, model based controller logics can be verified by using software

based model checking techniques. It is also suitable for fast reconfiguration, auto-code generation, and verification. Even though, it is easy to design a logic program using model based approach, however, it becomes complicate to generate and evaluate the model when the length of the program grows. Most of the existing research consider formal verification as an alternative method to conventional techniques, whereas, this thesis suggest for the integration of this approach to existing methods. In this research work, we formalized top-down approach for the formal verification of shop floor controller logic. We deployed Timed-MPSG to model the controller logic and model checking tool (SMV) with temporal logic to verify the properties. Because of the modular and hierarchical architecture of Timed-MPSG, we employed compositional verification method. It can reduce the risk of state explosion (Clarke Grumberg, Peled 1999, and, Ben Lukoschus, 2005).

2.3 Related works in auto-generation of PLC program using formal methods Finally, auto-generation of IEC standard PLC program is integrated to complete the thesis work. This section explained some contemporary works in this area. Complexities of large system control programming catch the attention of numerous industrial researchers to explore the possibilities of using modeling and analysis techniques (R. Zurawski & M .Zhou, 1994). Most of the existing research regarding model based generation of PLC code and non-PLC has used tools such as Petri Net, DEVS, state automata, etc. Petri Nets are popular because of their capacity to describe features such as concurrency and

synchronized interactions between cell components. R. David, 1995, made a comparative analysis of PLC programming using ladder logic and Petri nets, thereby demonstrating the flexibility and usability of the Petri nets. The use of SIPN editor to generate PLC code is similar to the presented approach (S. Klein, G. Frey, and M. Minas, 2003). The authors of that study successfully developed a tool to generate IEC standard PLC code written in IL. However, modeling complexity is one of the reasons for not using Petri nets in the automobile industries. The concept of logic design in a real system is different from that of the aforementioned approaches. Handling the transition enable/firing rule in a Petri Net is a cumbersome task whereas the proposed approach is simply based on the specifications defined in the I/O and task messages. S. S. Peng and M. C. Shou, 2004, provided a good explanation of the transformation process. However, there are few examples of practical implementation in a real, agile manufacturing environment. O. Ljungkrantz, 2007, described an object oriented method of generating a non-PLC control program for a Java platform. The MPSG builder has a facility to generate nonPLC execution code based on finite state automata (J. S.Smith, S.B.Joshi and R. G. Quis, 2003, S. Joshi, R. A. Wysk, E. G. Mettala, 1991). However, these execution codes fall under non-PLC controller program, whereas, the proposed approach is intended to generate IEC standard PLC code. Reference works of D. Thapa. S. Dangol, G. N. Wang, 2005, S. R. Kyoo, P. H. Seong, 2005, and K. Feldmann et al, 1999 theoretically explained the feasibility

of specification, design, and implementation of logic controllers based on a formal model approach. Most of the previous work is suitable for small systems but comprehensive results for real system have yet to come (M. R. Lucas, D. M. Tilbury, 2003). In this thesis, a user oriented simple methodology to generate IEC standard PLC code with Timed-MPSG has been proposed. A theoretical foundation to develop an auto-generation tool is defined in this research work, and will be subsequently implemented in a real automotive industry to validate the efficiency and effectiveness of the generated PLC code.

CHAPTER 3 PROPOSED METHOD

Figure 3.1 Proposed models for PLC modeling, verification, and implementation using Timed-MPSG

As shown in figure 3.1, the traditional approach (encircled inside dotted rectangle) for implementation of PLC program starts from direct programming using Ladder Diagram or Instruction List. Similarly, the methods used for the verification and validation of these programs are software based simulation and virtual commissioning. Even though, these methods seem to be easy in programming, however, as soon as the size grows the complexity of PLC development task increases accordingly. Because of the development of PLC programs using traditional approach is error-prone and time consuming job, proposed approach is looked-for making this process more flexible and error free. The process of proposed method starts from formalization of informal specification using Timed-MPSG, which can be translated to textual format subsequently; detail procedure of modeling is explained in chapter 4. After getting the textual format of the state machine, the next step is to decide about the implementation mode. Here, we can choose from two alternatives, which are direct generation of PLC code, or formal verification of model before execution code generation, as depicted in figure 3.1. Since, if the size of the logic controller is small and trivial than it doesn’t need any formal verification technique. However, if the process is complex and requires safety measurements then the formal verification approach is more desirable. In the direct implementation approach, Timed-MPSG model can be translated to textual input code. This can be used as an input to the PLC builder tool. Because of the similar modular architecture of IEC and Timed-MPSG as explained in section 1.2 of chapter 1, Timed-MPSG can be translated to IEC standard PLC code using one-to-one mapping technique.

The complete

procedure of code generation is explained in chapter 6. Thereafter, the generated code can be downloaded to the software or hardware PLC for the

purpose of simulation or execution. Meanwhile, if we found some errors, it can be altered manually, or we can modify the model and re-generate the PLC code. On the other hand, the formal verification approach (which is proposed in this thesis) requires generation of input code for model checker as depicted in figure 1.5 of chapter 1, which can be combined with specification rules written in temporal logic. Ultimately, automated verification of the controller logics can be done. If the model seems to be ok, we can generate the final PLC code, otherwise, we have to make changes to the model and re-check, until the model satisfies the required properties. Subsequent chapter 5 will explain the step-bystep implementation methodology of proposed formal verification technique.

CHAPTER 4 MODELING CONTROLLER LOGIC USING TIMED-MPSG In this thesis, we extend the MPSG model by incorporating the temporal properties to achieve the time based performance analysis. In the reference work of (J.S. Smith et al, 2003), they describe the MPSG (Message-based Part State Graph). MPSG has been developed for the execution portion of shop-floor controllers that operate in a distributed and hierarchical control environment. It is based on deterministic finite state automata and represents the execution module of shop-floor controller as a communicating finite state machine. However, there is still no consideration for handling the time in this framework. For this purpose, a formal model, Timed-MPSG, is proposed in terms of a realtime part processing task. In this chapter, we introduced the theoretical background of Timed-MPSG, furthermore, illustrated a modeling procedure for real-time shop floor control system.

4.1 Introduction The successful implementation of MPSG at the CIM laboratory at Pennsylvania State University and the TAMCAM Laboratory at Texas A&M University has verified its significance pertaining to the industrial problem solving (J.S. Smith et al, 2003). As a result, MPSG is helpful to reduce the time and effort required to create and maintain the control system of an automated industry. In addition, it includes features like modularity, information reusability, simulation based execution, and execution code generation7. However, this model does not include the temporal parameters to model the real-time control systems. The real-time control systems is that which have constraints on the exact timing of the task executions, and those constraints that affect a system correctness, feasibility, or stability (R. Alur and Thomas A. H, 1991). The real-time system has been span through electric home appliances to avionics flight control system, traffic controller and automated manufacturing systems (D. Bruce, P, 2004). In the actual manufacturing system, time is a significant issue for performance analysis. Even the un-timed systems that depend on sequence of execution also need to check the overall time performance. In this chapter, we extend the MPSG to integrate the temporal requirements such as putting any conditions on the timing of events, including starting the event, terminating the event, checking the time delay in a process and counting total time elapsed in a system. Organization of this chapter is as follows, Section 4.1.1 and Section 4.1.2 describes the concept of the MPSG Model, and

7

MPSG generates the C++ execution code for shop floor controller system

its architecture respectively. Section 4.2 describes the proposed model of Timed-MPSG, its algorithms, temporal behavior, and error recovery techniques. Section 4.3 illustrates the experimental example of the propose method. Similarly, Section 4.4 is a comparison of different state machines. Finally, Section 4.5 concludes the paper with summary.

4.1.1 MPSG (Message-based Part State Graph) MPSG is a formal model of the execution portion of the shop floor control that operates in a distributed control environment (J. S Smith, W. C Hoberecht, S. B. Joshi, 1996). In this model, individual controllers in a distributed environment communicate using a well-defined protocol (messages) to affect system operation (D. Brand and P. Safiropulo, 1983). It is a modified deterministic finite automaton (DFA) similar to a Mealy machine (J. S.Smith, S.B.Joshi and R. G. Quis, 2003). Applying the MPSG model, presented by Smith, 2003, we can automatically generate a C++ execution programs for the shop floor controller. An MPSG, M, is defined formally as the 8-tuple, M=, where Q is a finite set of states q0 Î Q is an initial state F Í Q is a set of final states Σ is a finite set of controller events and serves as the input alphabet. Additionally, Σ is partitioned into a set of input messages (ΣI), a set of output messages (ΣO), and a set of controller tasks (ΣT).

A is a finite set of controller actions, where each α Î A is an executable function that performs some controller action. P is a finite set of physical preconditions for controller actions. P is partitioned so that for each α Î A, there is a corresponding ρα Î P, where ρα is a function which returns either true or false. δ : Q × Σ → Q is a state transition function. Similarly, γ : Q × (ΣoUΣt)->ACT is a controller action transition function .

4.1.2 Hierarchical Architecture of MPSG The MPSG is based on 3-tier architecture, given as: (1) equipment, (2) workstation, and (3) shop levels. Shop level controller controls the workstation, and workstation level controllers control the equipment controller. Each equipment controller interacts with individual physical devices. To simplify the complexity, equipment level devices are clustered into material processors (MP), material handlers (MH), material transporters (MT), and automated storage devices (AS/RS) (J. S.Smith, S.B.Joshi and R. G. Quis, 2003). The operational system of the MPSG is based on the three-tier architecture presented in (J. S Smith, W. C Hoberecht. S. B. Joshi, 1996). The shop level is the highest level in the hierarchy and is responsible for coordinating the activities of workstations. It also provides the user interface to the control system. The workstation level corresponds to a small subset of equipment which directly interact (e.g. an industrial robot and the machine tools that it loads and unloads). The equipment level is the lowest level in the hierarchy and

there is one equipment level controller for each piece of equipment in the system.

Figure 4.1 Operational hierarchy of MPSG

1. Workstation Configuration W1:E1 W2:E3+E4 W3:E2+E5 W4:E6+E9 W5:E7+E8+E10 Let, Wi= Workstation, where i=1,2….n Ei = Equipment, where i=1,2,…n

4.2. Proposed Model of Timed-MPSG Timed-MPSG8 model is an extend form of the MPSG. Similar to MPSG it is developed for the execution portion of real-time shop-floor controllers that operate in a distributed and hierarchical control environment. Likewise, it is based on deterministic finite state automata with time constraint and represents the execution module of shop-floor controller as a communicating state machine. Definition 1: A Timed-MPSG, tM, is a 9-tuple Model, where is a standard MPSG and T: γ (ti, tj) ->ts+, is a time function. The nine components of Timed-MPSG are described as follows, tM = , where: Q, is a finite set of states; q0 Î Q, is an initial or start state; F Í Q, is a set of final or accepting states; Σ, is a finite set of controller events and serves as the input alphabet for the DFA. In Timed-MPSG, Σ is partitioned into a set of input messages (ΣI), a set of output messages (ΣO), a set of controller tasks (ΣT) and set of time messages (Σc). Example of the input, output, task, and time messages have been given below: ΣI ={ put_MH1, pick_MH1, proc_MP1} ΣO ={put_done_BigE, pick_done_BigE, proc_done_BigE } ΣT ={put_task, pick_task, proc_task} Σc={put_time, pick_time, proc_time}

8

We extended the MPSG model by using temporal properties and named as Timed-MPSG

A, is a finite set of controller actions, where each α Î A is an executable function that performs some controller action; P, is a finite set of physical preconditions for controller actions. P is partitioned so that for each α Î A, there is a corresponding ρα Î P, where ρα is a function that returns either true or false; δ : Q × Σ → Q, is a state transition function. It is represented by a graph where each vertex represents a part state and each edge represents a transition. An edge label represents the controller event; γ : Q × (Σo Ç Σt ) → A, is a controller action transition function. T: γ (ti, tj) ->ts+, is a time function that associates time constraints on action controller transition between the time interval (ti) and (tj). Where ti is a continues elapsed time and tj is the upper time limit. If all the given system preconditions and temporal conditions satisfied then the part move to the next state and increase the value of the total cycle time (ts). Definition 2: Given a set C Î Re al + of clock variables and a set D Î Integer + of discrete variables, the syntax of a transition predicate ρ over C and D is defined as:

ρ : = | x~z |, where x ∈ C, ~ ∈ {≤, }, z ∈ D, and ρ is a time based transition predicates and function T(C, D) represents the set of all time based transition predicates over C and D. Definition 3: Timed-MPSG is composed of various states interconnected by action transitions (T: γ (ti, tj)->ts+), which is based on some time constraints combining with task messages. Time constraints can be distinguished into clock

and discrete variable. Where, clock variable (ti) increment at continuous rate and it can be reset after the completion of a given task. Similarly, discrete variable (tj) changes value only when a new value is assigned on a transition, whereas (ts) is a cumulative cycle time of all states.

4.2.1 Algorithm of Timed-MPSG Control Flow Given a Timed-MPSG, tM, in a state q, scanning task or output message b, and time t, the following pseudo code represents the controller operation. The algorithm of Timed-MPSG Control Flow is described in two different conditions, which is (1) b contains the time (2) b does not contains the time. (1) Message b contains the time a = g ( q , b ), if b= å b = (a , t 0tim e _ p t ) t = (0 £ tim e _ et £ tim e _ pt ), w he re tim e_ et Î R ea l + a nd tim e_ pt Î In tege r + if ( p a e valu ates ® true ) if ( b ()) q ' = d (q, b)

remove b from the task list else notify temporal error endif else notify system error endif (2) Message b does not contains the time

a = d ( q , b ), if b=( å - å c ) if ( p a e v a lu a te s ® tru e ) if (a ()) q ' = d (q, b )

remove b from the task list else notify system error endif endif According to the above algorithms (1) & (2), after determining the controller action and time perimeter, it verifies the physical preconditions of the system. If the preconditions evaluate to be true than the next step is to execute the action controller task, where algorithm (1) consider the time constraints and algorithm (2) does not consider the time constraint. Eventually, it removes the executed task from the task list. However, in case of failure to meet any preconditions or temporal properties, it generates an error message and changes the part’s current state into error state.

4.2.2 Temporal Behavior of Timed-MPSG As depicted in figure 4.2, task message can invoke a corresponding time function such as pick_task->pick_time(). The corresponding time function of the pick_task message contains time variables such as elapsed time ti, preset time tj, and total cycle time ts. Where ti is continues elapsing time variable in a process, it is a positive real number, and its initial value should be ti >=0. The value ti increases constantly

until it reaches the value of preset time tj, e.g. ti MH.pick_done SPEC AG BigE.put_part -> MH.put_done SPEC AG BigE.proc_task -> MP.proc_done 5.3.6 Model checking & counter examples

After the rigorous checking of the model in terms of properties specified, it generates the true or false result for the given specification (Clarke, E. M., Emerson, E. A., and Sistla, A. P., 1986). The sample example of output generated by model

checker is given below. Model checking results ====================== (((EF((BigE.pick_part|BigE.pick_part)|BigE.proc_task))&(AG ((BigE.pic......true ((AG BigE.pick_part) ->MH.pick_done)........................................true ((AG BigE.put_part) ->MH.put_done)..........................................true ((AG BigE.proc_task) ->MP.proc_done)........................................true user time..............................................................0.03125 s system time...........................................................0.015625 s Resources used ============== user time..............................................................0.03125 s system time...........................................................0.015625 s

5.4 Summary In this chapter, we suggested a formal verification approach, which starts from formalization of the informal specification using Timed-MPSG. Subsequently, the textual format of Timed-MPSG has been transformed to SMV native code. Thereafter, the required properties has been specified using, which is to be verified. Finally, automated verification of the model has been done.

After checking the validity of the model, we can generate the final PLC code; otherwise, we have to make changes to the model and re-check, until the model satisfies the required properties. Although the risk of state explosion is still remaining, compositional verification techniques can be utilized to reduce such drawbacks. Meanwhile, integration of formal techniques can detect the subtle error, which was not possible by deploying the existing simulation techniques. The proper validation of the model is the most important step before generating any PLC code. Successful implementation of proposed verification method, described in this chapter, pave the way for next succeeding auto-generation process.

Chapter 6 Auto-Generation of IEC Standard PLC Code using Timed-MPSG The objective of this chapter is to reduce the development time of programmable logic controller by automating the task of PLC code generation. For this purpose, we applied the Timed-MPSG (Message Based Part State Graph), an extended finite state automaton, to model the sequence of operations.

It can be translated to textual format as an input code for the PLC builder tool. Using this tool the input code can be automatically translated into IEC standard PLC code. Eventually, the generated code can be downloaded to software or hardware PLC for the purpose of simulation or execution. In this chapter, we provide an illustration of methodology to generate IEC 61131-3 standard PLC program with a suitable example.

6.1 Introduction In this chapter, we propose a methodology to generate IEC standard controller code using Timed-MPSG. It is an extended version of MPSG with temporal properties embedded (D. Thapa et al, 2006). The Message-based Part State Graph (MPSG), presented by Smith, 2003, automatically generates a non-PLC execution programs for the shop floor controller. However, the method describes in this paper is to deploy the Timed-MPSG to generate generic PLC code. Timed-MPSG has the inherited feature of modular architecture and sequential flow of messages. The concept of modular programming is to decompose the complex system and create different controller for each devices. As shown in figure 1.3 & 1.4 of chapter 1, IEC standard PLC program is also based on modular and hierarchical architecture. In the section 1.2 of chapter 1 we explained, the similarity in the hierarchical and modular structure of TimedMPSG and IEC standard has made it convenient to map from formal model to PLC program using one-to-one mapping technique. Additionally, the sequential flow of messages in Timed-MPSG is compatible with the operation of real PLC systems, which is deterministic and sequential by nature.

6.1.1 IEC 61131-3 Standard Programmable Logic Controller (PLC)

PLC or programmable logical controller has replaced the hard wired relay logics which were difficult to reuse. The advent of the PLC began in the 1970s, and has become the most common choice for manufacturing controls. One of the main problems with the programming logic controller is lack of unanimity. To maintain the homogeneity and portability IEC (International Electro Technical Committee) has defined some standard known as IEC 61131-3. It defines, as a minimum set, the basic programming elements, syntactic and semantic rules for the most commonly used programming languages. The IEC 61131-3 defines five types of logic programs as defined in Table 6.1 (The International Electro Technical Committee, 1993). In order to achieve more conformity of the different PLC programming languages the standard IEC 61131-3 was developed. IEC 6131-3 has classified 5 types of PLC program, IL, ST, LD, FBD, and SFC. First two programs are textual programming whereas other two are graphical program and the last SFC is a sequential function chart. SFC can be used to define the sequence of program consist of other programs. Brief descriptions of these languages are as follows. Table 6.1 The IEC 61131 Development Languages Language

Description

Sequential Function Chart

Petri-net derived means of

(SFC)

describing sequential behaviour of a control program. Used for defining

control sequences those are time/event driven. Structured Text (ST)

Pascal derived procedural language

Function Block Diagram

Graphical language for depicting

(FBD)

signal and data flows through reusable software elements

Ladder Diagram (LD)

Graphical language based on relay ladder logic extended to permit the already established use of function blocks to support hierarchical program design

Instruction List (IL)

An assembly-like language for lowabstraction PLC programming

6.1.1.1 Instruction List (IL) is a low level assembly language with one register called current result. IL is still one of the main programming languages for PLCs used in Europe, since it allows compact code and is very close to hardware programming. For example, LD I0.0 (* Load input bit to address I0.0*) AND(I0.1 OR(I0.2 ANDN I0.3 ) ) ST Q0.0 6.1.1.2 Structured Text (ST) is a PASCAL-like language. It is a higher level language than IL and provides more convenient structuring and organizing

constructs such as while-loops, if-then-else-conditionals and so on. However, ST is used to a much less extent than IL. FUNCTION sample INPUT_VAR start : BOOL; (* a NO start input *) stop : BOOL; (* a NC stop input *) END_VAR OUTPUT_VAR motor : BOOL;(* a motor control relay *) END_VAR motor := (motor + start) * stop;(* get the motor output *) END_FUNCTION Three graphical languages are defined: 6.1.1.3 Ladder Diagrams (LD) sometimes also called Relay Ladder Logic. Indeed, LD programs resemble relay logic. The diagrams are drawn in a graphical editor, e.g., on a PC, and then compiled and moved to the PLC. Like IL the LD programming language is very low level, but serves its purpose whenever relay ladder logics have to be compiled into software. Until today LD programs are the major programming language for PLCs used in the U.S.

Figure 6.1 Example of ladder diagram 6.1.1.4 Function Blocks (FB) is essentially a data-flow language for describing a network of functions connected by signals. Pre-defined functions, generally drawn as boxes, are combined by connecting inputs and outputs in a desired manner. They are interpreted along their flow of control, i.e., function blocks are interpreted along their connecting paths and provide a better overview and understanding of how functions relate than, e.g., LD programs.

Figure 6.2 Example of function block diagram 6.1.1.5 Sequential Function Charts (SFC) is a graphical, high-level programming language for PLCs which aims at providing a clear understanding of the possibly interwoven program parts. SFCs allow decomposing and structuring program parts and include interesting concepts such as parallelism, activity manipulation and hierarchy. Historically, they take over ideas from Petri nets and Grafcet (R. David, 1995).

Figure 6.3 Example of sequential function chart The elements of the IEC standard program organization unit (POU) begin with variable declaration part; it defines the type of variables interface, initialization, and data type. The code part or instruction of a POU immediately follows the declaration part and contains the instructions to be executed by the PLC. IEC 61131-3 provides five programming languages for application-oriented formulations of the control task. We can use any standard PLC programming language as per problem requirements. Example 2.1a shows the structure of POU.

Example 2.1a, FUNCTION_BLOCK FB_EXAMPLE (*Comment Line *) (* Local Variable *) VAR VarLocal : BOOL; (*Local Boolean variable *) END_VAR VAR_INPUT VarInput : BOOL; (*input variable *) END_VAR VAR_IN_OUT VarInOut : BOOL; (*input and output variable *) END_VAR (* Return values: output parameters *) VAR_OUTPUT VarOutput : BOOL; (*output variable *) END_VAR (* Global interface: global/external variables and access paths *) VAR_EXTERNAL VarGlob : BOOL; (*External from other POU*) END_VAR VAR_GLOBAL VarGlob : BOOL; (*global for other POU*) END_VAR VAR_ACCESS VarGlob : BOOL; (*access path for configuration *) END_VAR

(*Code Part Written in IL*) LD VarInput AND VarLocal Funt VarGlob

(* Calling another function *)

CAL OtherFunction (* Calling another function block *) ST VarOutput END_FUNCTION_BLOCK

6.2 Proposed Method

Figure 6.4 Proposed Method to convert Timed-MPSG based sequence of operation to IEC Standard PLC Code. The idea of proposed method is to translate the Timed-MPSG based controller system specification into PLC code. As shown in figure 6.4 the parameters used

in the Timed-MPSG has a one to one correspondence with IEC standard code. The state of the timed-MPSG is used as sequencer and the input message can be used to declare the VAR_INPUT part of the IEC code. In the same way, output message mapped to VAR_OUTPUT part of the code, whereas, task message is equivalent to function block and the preconditions defined for this task can be mapped as a conditions to function block to generate output signals. Time messages simply defined as timer variable in this paper and it is mapped to the VAR declaration part of the IEC code. The compilation of the graphical representation shows the simplicity of one to one translation from formal model to generic code. The output of the mapping is illustrated in the example 3.a. Example 3.a, PROGRAM BigE (* Declaration part *) VAR_TEMP (* Reserved Variable *) Systemdata : array[0..20] OF BYTE; (* Temporary Variable *) END_VAR Begin (* Part 1: Function blocks call and transfer the input values *) task_drill.task_drill_data(drill_BD : i_drill_BD); (* Part 2: reading in the output values and output with output switchover *) IF o_drill_done_DB THEN

o_drill_done_DB := drill_data.drill_done_DB; END_IF; END_PROGRAM FUNCTION_BLOCK TASK_DRILL (* Declaration part *) VAR_INPUT drill_BD : BOOL; END_VAR VAR_OUTPUT drill_done_DB : BOOL; END_VAR VAR drill_time : T#5s; END_VAR (* code part *) IF preconditions-> true THEN drill_done_DB := TRUE; T#5s; END_IF; END_FUNCTION_BLOCK Simultaneously, I/O messages defined in Timed-MPSG can be assigned to PLC I/O addresses and a supplementary file as a symbol table can be generated.

Table 6.2 An Example of Symbol Mapping to the PLC Physical Address

6.3. Logic Controller Designing and Code Generation Procedure One of the problems surveyed in designing logic controller is the lack of expertise at creating usable design environment. The logic designers do not follow any standard procedure to design logic controller. Instead of being experts at developing control systems they are not experts in the development environment in which they work (M. R. Lucas, D. M. Tilbury, 2003). In this paper, to overcome this limitation, the procedure of designing and implementing the logic controller is defined in a very systematic order. 6.3.1 Process Specification of the Targeted System An example of a system, which consists of two different workstations as explained in chapter 4, is provided to illustrate the proposed model. Workstation 1 is composed of one material processing equipment (MP1), one robot (MH1) that handles a part between MP, and buffer storage (BS1).

Figure 6.5 Layout of the shop floor control system 6.3.2 Graphical Representation of the Process Specification A part-state graph that depicts the whole process is shown in Figure 4.4 with each vertex containing a vertex number corresponds to the sequence of operation. A message(s) that represents an available operation(s) at each vertex (state) of the part is marked at each edge.

The complete Timed-MPSG

graphical representation of the workstation is explained in the chapter 4. 6.3.3 Convert to input.m13 text file. After the graphical designing of BigE and different equipment controllers, the next step is to convert it into text (ASCII) file(s). This file simply contains the definition and transition behaviour of the Timed-MPSG and it can be used as an input file to the PLC builder tool. In this chapter, we used just one robot_controller (MH1) to clarify the example14. 13

We can use any filename with the extension (.m). The filename input.m is used to clarify the example only. 14 See appendix (B) for other device components

%% definitions %class

device

%object

robot

%output

robot_controller

%states

18

%in

6

%out

6

%tasks

6

%time

0

%final

19

%assign

pick_BS1_WMH1

%%

%% in arc transitions 0 pick_BS1_WMH1

1

3 put_MP1_WMH1

4

5 pick_MP1_WMH1

6

8 put_BS1_WMH1

9

11 pick_BS1_WMH1

12

14 put_MT1_WMH1

15

%% %% task arc transitions 1 pick_task_BS1

2

3 put_task_MP1

4

6 pick_task_MP1

7

9 put_task_BS1

10

12 pick_task_BS1

13

15 put_task_MT1

16

%% %% time arc transitions %% %% out arc transitions 2 pick_done_BS1_MH1W

3

4 put_done_MP1_MH1W

5

7 pick_done_MP1_MH1W

8

10 put_done_BS1_MH1W

11

13 pick_done_BS1_MH1W

14

15 put_done_MT1_MH1W

16

%% Figure 6.6 Input.m text file generated using Timed-MPSG graph 6.3.4 Software Implementation Procedure for Mapping Timed-MPSG variable to PLC The text file generated in the section 6.3.3 is used by PLC builder tool to generate the IEC standard PLC code. As described in chapter 1 and section 6.2, one-to-one mapping techniques can be used to generate logic controller. Because of the similar hierarchical and modular structure and variable definition, the input and output messages can be used to map input/output

parameters in the PLC program, whereas, task messages and the preconditions can be mapped to define the function block and logical condition to get the RLO (result of the logical output). Three steps of software implementation procedure are shown in the figure 6.7. PLC Generator PLC

Timed-MPSG Text Input file

Read Input File() Create Event List() Mapping Function() Input message2input variable Output message2output variable Task message2function block

IEC Standard PLC Program FUNCTION_BLOCK VAR_INPUT { } VAR_END VAR_OUTPUT { } VAR_END VAR { } VAR_END FUNCTION_BODY END_FUNCTION BLOCK

Figure 6.7 Software Implementation Procedure of the Proposed Method 6.3.5 Final output of the PLC builder, IEC 61131-3 standard PLC code and symbol I/O Table After the successful completion of the 6.3.4 step, PLC builder compiles the input, Timed-MPSG, text file and generates two files concurrently. The first file contains the main program, function block, and functions as shown in example 4.a, whereas, the second file contains the I/O address mapping table as shown in example 4.b. This table maps the symbolic variable names to the physical I/O address of the PLC device. The example of program file and symbolic I/O table is as follows: Example 4.a, PROGRAM ROBOT_CONTROLLER VAR_INPUT (* Input message definitions *)

pick_BS1_WMH1 : BOOL; …; .; END_VAR VAR_OUTPUT (* Output message definitions *) pick_done_BS1_MH1W

: BOOL;

…; .; END_VAR VAR (* Time message definitions *) END_VAR (*FUNCTION BLOCK *) (* Task definitions *) LD pick_BS1_WMH1; CAL pick_task_BS1(); ST pick_done_BS1_MH1W; ….; ..; (* End of Task definitions *) (*END FUNCTION BLOCK *) END_PROGRAM ROBOT_CONTROLLER Example 4.b, “pick_BS1_WMH1

“,”I

“pick_done_BS1_MH1W

“,”Q

0.0”, “BOOL”,”Input Message” 0.0”, “BOOL”,”Output Message”

6.3. 6 Simulation using Siemens Step7 and plcSIM Verification of the generated executable PLC program is a mandatory job before executing in the real environment. Instead of downloading the PLC program to the PLC device, we can use software simulation to test the execution of generated code. In this paper, we deployed the Siemens Step-7 with plcSim to simulate and verify the generated code. The output files in the section 6.3.5 are generated with .awl (Siemens stl language file) and .sdf (Siemens symbol table) extensions, for testing purpose. The IEC standard PLC code can be directly imported to the Siemens Step-7 with minor manual modification. Although, the simulation can be used to verify the written code, however, the use of formal methods for verification is more desirable to validate the state model for hidden errors (G. Frey and L. Litz, 2000). In our research work, we integrated this technique. Details procedure can be found in chapter 5.

Figure 6.8 Verification of the Generated PLC Code using PLCSim 6.3.7 Download generated logic program to real-PLC and execution

The final step is to download the generated and verified PLC code to the real PLC and implement on the real shop floor controller system. PLC Studio

PLC Code

PLC Figure 6.9 Implementation of the verified PLC code in the real-PLC By following the systematic procedure, the logic controller development time can be reduced. Similarly, proper documentation and standard program can reduce the down-time and ramp-up time by enhancing the features like reusability and simplicity. Although, the example used in this paper has been used for a simple shop floor controller, the procedure can be equally applied to more complex systems.

6.4 Summary After completing the formal verification of the given model in our previous chapter, the next step is to generate IEC standard PLC program. In this chapter, we translated the graphical model of Timed-MPSG, developed in chapter 4, into textual structure. Thereafter, this textual structure has been used as an input

file to the PLC-builder tool, which, finally, produce PLC program. We used the Siemens Step7 and plcSIM to test the generated code.

CHAPTER 7 CONCLUSIONS AND FUTURE WORK Shop floor control system of an automobile industry is a semi-automated process; consist of robots, machines, human beings and the programmable logic controller (PLC). As a matter of fact, the classical PLC programs such as IL, Ladder Diagram, and relay logic have reached their limits because of its heterogeneity and rigidity. Since, development of PLC programs using traditional approach is error-prone and time consuming job. Even, a small change in process controller may drastically increase the rate of down-time and ramp-up time. Therefore, it results in production delays; much effort has been given to follow some standard designing and verification techniques. As a result, rapid prototyping of the logic program and proper safety measurement are essential activities to be considered in this system. In this thesis, we propose an approach to define standard procedure for designing and implementing the PLC program using formal technique. In our proposed method, Timed-MPSG is used to model the informal specification of the controller system, which has been translated to textual format, accordingly. After that, the textual structure of Timed-MPSG has been translated to native code for model checker (SMV). Furthermore, this input code combining with temporal logic used to verify the dynamic behavior of the model. After the successful verification of Timed-MPSG model, it has been used as an input

code for the PLC builder tool 15 . Subsequently, using this tool the textual definition has been translated into IEC 61131-3 standard PLC code using oneto-one mapping technique. Finally, the generated code downloaded to Siemens software PLC (plcSIM) and simulated. Besides, modeling and verification of PLC program, this thesis also proposed a novel approach to embed temporal properties in the MPSG model, which is coined as Timed-MPSG. Implementation of time features in this model will be an added possibility to use it in a real-time automated manufacturing system. This paper has explained the theoretical base of the Timed-MPSG, which has yet to be implemented in the real system. The future extension of Timed-MPSG is to develop tools for auto generation of real-time shop floor controller program, and implementing this tool into real industrial environment. Furthermore, optimization and synchronization of clock variable in a distributed manufacturing system using Timed-MPSG is another future research area, which is to be explored.

15

This tool is developed by adding an algorithm to the Timed-MPSG to generate IEC standard PLC program, algorithm and source code is given in appendix (E).

BIBLIOGRAPHY A. Mader and H. Wupper, Timed automaton models for simple programmable logic controllers, Proceedings of the Euromicro Conference on Real-Time Systems, 1999. A. V. Aho, R Sethi., and J. D.,Ullman, Compilers:principle, techniques, and tools (Reading MA:Addison-Wesley). B., H. and Mader, A. H., A Classification of PLC Models and Application, In: 5th Int. Workshop on Discrete Event Systems, WODES, Ghent, Belgium, 2000. B. Kolman, R. C. Busby, S. C. Ross, Discrete mathematical structures: fourth edition, Prentice Hall, NJ, 2000. B. Lukoschus, Compositional verification of industrial control systems, PhD dissertation, Kiel, 2005. B. Nanet et al.,Verification of PLC Programs given as Sequential Function Charts, Integration of Software Specification Techniques for Application in Engineering, Lecture Notes in Computer Science 3147, Springer-Verlag, 2004. B. Zoubek, J. Rouseel, M. Kwiatkowska, Towards automatic verification of ladder logic programs, IMACS Multi conference on Computational Engineering in Systems Application (CESA), 2003.

C., I., Smith, J. S., Formal modeling methodologies for control of manufacturing cells: Survey and comparison, Journal of Manufacturing Systems, 21 (1), pp. 40-57, 2002 . C., E. M., Emerson, E. A., and Sistla, A. P. , Automatic verification of finitestate concurrent systems using temporal logic specifications,

ACM

Transactions on Programming Languages and Systems 8 (2): 244-263, 1986. D. Brand and P. Safiropulo, On Communicating Finite-State Machines ,Journal of the association for computing machinery, Vol. 30, No. 2, April 1983, pp 323-342. D. Bruce, P., Real time UML: advances in the UML for real-time systems, 3rd ed., The Addison-Wesley object technology series, 2004. D. Shin, R. Wysk, and L. Rothrock, An Investigation of a Human Material Handler on Part Flow in Automated Manufacturing Systems, IEEE Trans. SMC, Vol. 36, 2006. D. Thapa, S. C. Park, C. M. Park, and Gi Nam Wang (a), Auto-Generation of IEC standard PLC code using Timed-MPSG, submitted to Computers & Industrial Engineering Journal (April 2007). D. Thapa, C. M. Park, S. Dangol, and G. N. Wang (b), III-Phase Verification and Validation of IEC Standard Programmable Logic Controller,IEEE Computer Society, CIMCA 2006, Australia D. Thapa, Chang Mok Park, Suraj Dangol, and Gi-Nam Wang (c), Software based Verification and Validation of IEC Standard Programmable Logic Controller, Lecture Series on Computer and Computational Sciences, ISSN: 1573-4196, Greece, 28 June-8 July, IeCCS 2006. D. Thapa, S. C. Park, C. M. Park, and Gi Nam Wang (d), Modeling, Verification, and Implementation of PLC program using Timed-MPSG, Submitted to summer computer simulation, (April 2007)

D. Thapa, J. Park, C. Park, G. Wang, and D. Shin (e), A Formal Model for Real-Time Automated Manufacturing System Control with Timed-MPSG, IEEE International Symposium on Industrial Electronics, accepted for publication. D. Thapa, S. Dangol, C. M. Park, G. N. Wang (e), Verification of PLC Program using a Generic Intermediate Language (IML), Proceedings of the ICSCA, pp. 2956, 2006. D. Thapa, D. Sin, J. Park, and G.N. Wang (f), Timed-MPSG: A Formal Model for Real Time Shop Floor Controller, IEEE Computer Society, CIMCA 2006, Nov. 2006 Page(s):101 - 101, Australia. D. Thapa, S. Dangol, and Gi-Nam Wang (g), Transformation of Petri net into Programmable Logic controller using one-to-one mapping technique, International Conference CIMCA-05 & IAWTIC 2005, Austria, IEEE Computer Society, pp. 228, November 28-30, 2005. D. Thapa, C. M. Park, S. C. Park, and Gi Nam Wang (h), Formal verification of controller logics in an automobile industry, submitted to Computers & Industrial Engineering Journal (May 2007). E. Brinksma and A. Mader, Verification and Optimization of a PLC control schedule,LNCS Vol. 1885, pp. 73-92, 2000. E. M. Clarke, Grunberg, and Peled , Model Checking, The MIT Press Cambridge,, England, 1999. G. Canet et al., Towards the automatic verification of PLC programs written in instruction list, IEEE SMC 2000, Nashville, TN, USA, 2000. G. Frey and L. Litz, Formal Methods in PLC Programming, Proceedings for the IEEE Conference on Systems Man and Cybernetics SMC 2000,Nachville, Oct. 8-11, 2000.

H. Dierks, PLC-automata, a new class of implementable real-time automata, Theoretical Computer Science, Volume 253 , Issue 1, pp: 61 - 93 , 2001. H. Jack, Automating Manufacturing Systems with PLCs, Version 4.7, April 2005. H. X. Williams, Compact Timed Automata for PLC Programs, Koninklijke Philips Electronics N.V. 1999. J. S. Smith, S. B. Joshi and R. G. Quis, Message-based Part State Graphs (MPSG): a formal model for shop-floor control implementation, Int. J. Prod. Res., 2003, Vol. 41, No.8, pp.1739-1764. J. S Smith, W. C Hoberecht. S. B. Joshi, A Shop floor control architecture for computer integrated manufacturing, IIE Transactions, Vol. 28 (10), pp. 783794, October 1, 1996. J. Jang, P. Koo, S. Nof, Application of Design and Control Tools in a multirobot Cell, Computers Ind. Engg. Vol. 32, No. 1, pp. 89-100, 1997 J. Karl-Heinz, T. Michael, IEC 61131-3: Programming Industrial Automation Systems, Springer-Verlag Berlin Heidelberg, New York, 1995. K. Feldmann et al.,Specification, design, and implementation of logic controllers based on colored Petri net models and the standard IEC 1131 part I&PartII, IEEE transactions on control systems technology, vol. 7, No. 6, November 1999. K. G. Larsen, Paul Pettersson and Wang Yi., Compositional and Symbolic Model-Checking of Real-Time Systems. In Proceedings of the 16th IEEE Real-Time Systems Symposium, Pisa, Italy, 5-7 December, 1995. K., A.I.

Valavanis, K.P., Error specification, monitoring and recovery in

computer-integrated manufacturing: an analytic approach, Control Theory and Applications, IEE Proceedings-Volume: 143, Issue: 6, pp: 499 – 508, 1996.

K. L. McMillan, The SMV system, Carnegie Mellon University, School of Computer Science, 1992 [www.cs.cmu.edu/~modelcheck/smv.html]. K. Sukerkar, H. Wijaya, J. R. Moyne, D. M. Tilbury,An Integrated Distributed Software

System

for

Reconfigurable

Manufacturing,

Advanced

Manufacturing Technologies 2004, Canada, June 1-2, 2004. L. F. Atherton, R. W. Atherton, Wafer Fabrication: Factory performance and Analysis, Kluwer Academic Publishers, London. L.E. Holloway, B. H. Krogh, A. Guia, A survey of Petri nets methods for controlled discrete event systems, Discrete event dynamic systems: Theory and application, Kluer Academic Publishers, pp. 151-190, 1997 M. Ben-Ari, Z. Manna and Amir Pnueli, The temporal logic of branching time, Proceedings of the 8th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, Pages: 164 - 176, 1981. M. Bozga et al, Kronos: A Model-Checking Tool for real-time systems, LNCS 1486, pp. 298-302, 1998. M. B. Younis, G. M. Frey, Formalization of existing PLC programs: A Survey, Proceedings of CESA 2003, Lille, France, 2003. M. Minas, Creating Semantic Representations of Diagrams, In Proc. of the Int'l Workshop on Applications of Graph

ransformation with Industrial

Relevance (AGTIVE'99) at Monastery Rolduc, NL, September 1-3, 1999. Appears in LNCS,April 2000 c Springer-Verlag M. R. Lucas, D. M. Tilbury,A study of current logic design practices in the automotive manufacturing industry, Int. J. Human-Computer Studies 59 , 725-753, 2003 N. Bauer, S. Engell, R. Huuck, S. Lohmann, B. Lukoschus, M. Remelhe, O. Strusberg, Verification of PLC Programs given as Sequential Function Charts,

Lecture Notes in Computer Science, Springer-Verlag Gmbh, ISSN: 03029743, vol. 3147/2004, pp. 517-540, 2004. O. Ljungkrantz, K. Akesson, J. Richardsson, and K. Anderson, Implementing a Control System Framework for Automatic Generation of Manufacturing Cell Controllers, 2007 IEEE International Conference on Robotics and Automation, ICRA'07. R. Alur and D. L. Dill, A theory of timed automata, Theoretical Computer Science, 126(2):183–235, 1994. R. Alur and Thomas A. H., Logics and Models of Real Time: A Survey, Lecture Notes in Computer Science; Vol. 600, pp. 74 - 106, 1991 R. David, Grafcet: A Powerful Tool for Specification of Logic Controllers, IEEE Transactions on Control Systems Technology, Vol 3., No.3, September 1995. R. Devanathan, Relay LadderLogic Design using the Language of Regular Expressions, IECON ’88, page(s): 889-894, 1988 R. Huuk, Software Verification for Programmable Logic Controllers, PhD Thesis, Kiel, 2003. R. Huuck, B. Lukoschus, and Nanette,A model-checking approach to safe SFCs, CESA 2003, IMACS Lille, France, July 9-11, 2003. R. Susta, Verification of PLC Programs, PhD Thesis, revised edition, CTUFEE, May 2003. R. Zurawski and M. Zhou, Petri Nets and Industrial Applications: A Tutorial, IEEE Transactions on Industrial Electronics, Vol. 41 No.6, December 1994. S. C. Park,A methodology for creating a virtual model for a flexible manufacturing system, Elsevier B.V., Computers in Industry 56(2005) 734746, 2005.

S. Joshi, R. A. Wysk, E. G. Mettala, Automatic generation of control system software for flexible manufacturing systems, System Sciences,

pp.

283-291

vol.2, 1991. S. Klein, G. Frey, and M. Minas, PLC Programming with Signal Interpreted Petri Nets, LNCS 2679, pp. 440-449, Springer Verlag, June 2003. S. L.amprire-Couffin, O. Rossi, J.-M. Roussel and J.-J. Lesage, Formal verification of plc programs: a survey, ECC'99, paper N741, Germany (1999). S. Lee, M. A. Ang, J. Lee, Automatic generation of logic control, Ford motor company, University of Michigan USA and Loughborough University UK 2006. S. R. Kyoo, P. H. Seong, Software design specification and analysis technique(SDSAT) for the development of safety-critical systems based on a programmable logic controller(PLC),Reliability Engineering and System Safety, 2005 1-17. S. S. Peng and M. C. Shou, Ladder Diagram and Petri-Net-Based DiscreteEvent Control Design Methods, IEEE Transactions of Systems,Man, and Cybernetics-Part C:Applications and reviews, Vol.34 No.4, 2004 S. S. Shah, E. W. Endsley, M. R. Lucas, and D. M. Tillbury, Reconfigurable Logic control using modular FSMs: Design, verification, implementation, and integrated error Handling, ACC 2002. The International Electro Technical Committee, IEC 61131-3, Programmable controllers, Programming Languages, March 1993. T. Murata, Petri Nets: Properties, Analysis and Applications, Proceedings of the Proc. IEEE, Vol. 77 No.4, r. 1989, pp. 541-*580 T. W. Parsons, Introduction to compiler construction, Hofstra University, NewYork, 1992.

W. Chan et al.,” Model checking Large Software Specifications,” IEEE Transactions on software Engineering, Vol. 24, No. 7, July 1998 W. W. Gay, Linux socket programming by example, Que, 2000 Y. J. Son, R. Wysk, and A. T. Jones, Simulation-based shop floor control: formal model, model generation and control interface, IIE Transactions 35, pp 29-48, 2003. Y. Koren et al., Reconfigurable Manufacturing Systems, CIRP Annals, Vol. 48 No.2, 1999. Z., Praehofer, and Kim, Theory of Modeling and Simulation, Academic Press, 2000. Z. Manna and Amir Pnueli, The Temporal Logic of Reactive and Concurrent Systems: Specification, Springer-Verlag, New York, 1991. Useful websites and tutorials EM-PLC tutorials, technical books – UGS/Technomatix SMV tutorials http://www.cs.indiana.edu/classes/p515/readings/smv/CadenceSMV-docs/smv/tutorial/tutorial.html http://www.cs.indiana.edu/classes/p515/readings/smv/CadenceSMV-docs/smv/smv.html

IGRIP tutorial, online documentation from DELMIA Siemens Technical documentation, 2005. Available on http://www.automation.siemens.com/simatic/portal/html_76/techdoku.htm

Siemens Step7 programming tutorial www.uppaal.com www.plcopen.com

APPENDIX (A) BASIC MATHEMATICS 1. Sets and subsets 1.1 Sets A set is any well-defined collection of objects called the elements or members of the set (B. Kolman, R. C. Busby, S. C. Ross, 2000). For example, the collection of all universities, the collection of all international students, or the collection of integers, positive real numbers is a set. If we can define a given object belongs to the collection or not, it is called welldefined. For example set of all numbers between 1 and 4 can be written as X= {1, 2, 3, 4} or Y= {a, b, c, d}. We can use uppercase letters such as X, Y, Z to denote sets, and lowercase letters such as k, l, m, n, o , p to denote the members (or elements) of sets. We can describe the information that k belongs to X by writing kÎX, and to denote that k does not belong to X we can write kÏX. There are some other ways to denote the sets. For example we can use the notation Y={x | x is a positive integer or zero}. Thus Y consists of the positive integers and zero: 1, 2, 3… or Z={x | x is a real numbers}.

When the elements of two sets are same, they are known as equal sets. It can be denoted by writing X=Y. If X= {1, 2, 3} and Y={x | x is a number between 1 to 3}, then X=Y; 1.2 Subsets If elements of one set also belong to another set, it is known as subsets. It can be written as X Í Y. It means the element kÎX also belongs to kÎY, or X is contained in Y. If X is not the subset of Y then we write X Ë Y. Set can be defined as finite set or infinite sets. A set is called finite if it has n distinct elements, where nÎN. In the above examples, X= {1, 2, 3} is a finite set while Z={x | x is a real numbers} is known as infinite set. Size of numbers of elements in a finite set is known as cardinality, written as |X|. Similarly, if X is a set, then the set of all subsets of X is known as power set and it is denoted as P(X). 1.3 Operations on sets Operations on sets are basically done to form a new set. Some of the operations on sets are described as follows. If X and Y are sets, then we defined their union ( È ) as the set consisting of all elements that belongs to X or Y. It is denoted as X È Y, where {x | xÎX or xÎY}. For example, if X={1,2,3} and Y={3,4,5} then the union of X and Y will be X È Y ={1,2,3,4,5}. Another set operation is called the intersection. If X and Y are sets, then the set consisting of all the elements that belong to X and Y sets, it can be

denoted as X Ç Y, where {x | xÎX and xÎY} . For example, if X= {1, 2, 3} and Y= {3, 4, 5} then the intersection of X and Y will be X Ç Y ={3}. Two sets which do not have common elements are known as disjoint sets. For example, if X= {1, 2, 3} and Y= {4, 5, 6} then these two sets are called disjoint sets. It can be denoted as X Ç Y = Æ . If X and Y are two sets, we define the complement of Y with respect to X as the set of all elements that belong to X but not to B, and we write the notation as X-Y={x | xÎ X and xÏ Y}. For example, if X={1,2,3} and Y={1,3,4}, then X-Y={2}. Finally, if X and Y are two sets, then symmetric difference is the set of all elements that belongs to either X or Y. it is denoted as X Å Y={x | (x ÎX and xÏY) or ( x ÏX and xÎY)}. 1.4 Algebraic properties of set operations (a) Commutative properties: the order of sets does not change their meaning. XÈ Y = YÈ X

(1)

XÇ Y = YÇ X

(2)

Associative properties: the grouping of sets does not change their meaning. X È (Y È Z) = (X È Y) È Z

(3)

X Ç (Y Ç Z) = (X Ç Y) Ç Z

(4)

(b) Distributive properties

X È (Y Ç Z) = (X È Y) Ç (X È Z)

(5)

X Ç (Y È Z) = (X Ç Y) È (X Ç Z)

(6)

(c) Idempotent properties X È X=X

(7)

X Ç X=X

(8)

(d) Properties of the complement

.

(X) =X

(9)

X È X =U

(10)

X Ç X =Æ

(11)

Æ =U

(12)

U ={ }

(13)

(f) De Morgan’s laws XÈY = XÇY XÇY = XÈY

(14) (15)

(e) Properties of the Universal set X È U =U

(16)

X Ç U =X

(17)

(f) Properties of the Empty set X È Æ = X or X È { } = X

(18)

X Ç Æ = Æ or X Ç { } = { }

(19)

2. Logics 2.1 Propositions and logical operations A statement or proposition is a declarative sentence that is either true or false, but not both. For example the statement 1+1=2 is true, and 2+1=5 is false. To

denote the propositional variables in logic we use the letters p, q, and r. we can define the variable p: It will rain today, or q: umbrella required. We can combine different statements by using connective and, it is known as compound statement. Compound statements use different logical operators like (~, Ù , Ú ). Unary operator negation (~) is not a compound statement. Binary operators like

Ú ) are used to evaluate compound statements. For example we can write p and q as (p Ù q) and p or q like (p Ú q). conjunction ( Ù ) and disjunction (

Similarly, we can declare negation of the statement such as “it is not the case that p”. We write the negation of p as ~p. It means if p is true then ~p is false and vice-versa. If p and q are statements, the compound statement ‘if p then q’, is written as p Þ q, it is called a conditional statement, or implication. The connective of if…then is denoted by the symbol Þ . Whereas, if p and q are statements, the compound statement p if and only if q, is written as p Û q, and it is called an equivalence or biconditional. To find the truth values of the compound statements we can use truth table. Illustration of truth table is given below: Table 2.1 truth table p

q

pÙq

P Úq

~p

pÞ q

pÛ q

T

T

T

T

F

T

T

T

F

F

T

F

F

F

F

T

F

T

T

T

F

F

F

F

F

T

T

T

APPENDIX (B) TIMED-MPSG TEXT FILES MH1 textual definition:

%%

definitions

%class

DEVICE

%object

ROBOT_1

%output

MH1

%states

18

%in

6

%out

6

%tasks

6

%time

0

%final

19

%assign

pick_BS1_WMH1

%% %% in arc transitions 0 pick_BS1_WMH1 1 3 put_MP1_WMH1

4

5 pick_MP1_WMH1 6 8 put_BS1_WMH1

9

11 pick_BS1_WMH1 12 14 put_MT1_WMH1 15 %%

%% task arc transitions 1 pick_task_BS1

2

3 put_task_MP1

4

6 pick_task_MP1

7

9 put_task_BS1

10

12 pick_task_BS1

13

15 put_task_MT1

16

%% %% time arc transitions %% %% out arc transitions 2 pick_done_BS1_MH1W

3

4 put_done_MP1_MH1W

5

7 pick_done_MP1_MH1W

8

10 put_done_BS1_MH1W

11

13 pick_done_BS1_MH1W 14 15 put_done_MT1_MH1W 16 %% MP1 textual definition:

%%

definitions

%class

DEVICE

%object

MACHINE-1

%output

MP1

%states

4

%in

1

%out

1

%tasks

1

%time

1

%final

3

%assign

proc1_WMP1

%% %% in arc transitions 0 proc1_WMP1

1

%% %% out arc transitions 1 proc1_done_MP1W 2 %% %% task arc transitions 2 proc1_task

3

%% %% time arc transitions 3 proc1_time_WMP1 4 %% BigE2 textual definition:

%%

definitions

%class

WORKSTATION-2

%object

BigE2

%output

BigE2

%states

20

%in

10

%out

9

%tasks

1

%time

1

%final

19

%assign

part_arrive_BS2

%% %% in arc transitions 0 part_arrive_BS2

1

2 pick_done_BS2_MH2W

3

4 put_done_MP2_MH2W

5

6 proc2_done_MP2W

7

8 pick_done_MP2_MH2W

9

10 reorient_done_MH2W

11

12 put_done_MP2_MH2W

13

14 proc2_done_MP2W

15

16 pick_done_MP2_MH2W 17 18 put_done_BS2_MH2W %% %% task arc transitions 15 remove_part

16

%% %% time arc transitions 16 total_cycle_time 17 %% %% out arc transitions 1 pick_BS2_WMH2 2 3 put_MP2_WMH2

4

5 proc2_WMP2

6

7 pick_MP2_WMH2 8 9 reorient_WMH2

10

11 put_MP2_WMH2 12

19

13 proc3_WMP2

14

15 pick_MP2_WMH2 16 17 put_BS2_WMH2 18 %% MH2 textual definition:

%%

definitions

%class

DEVICE

%object

ROBOT_2

%output

MH2

%states

21

%in

7

%out

7

%tasks

7

%time

1

%final

20

%assign

pick_MT1_WMH2

%% %% in arc transitions 0 pick_MT1_WMH2 1 3 put_MP2_WMH3

4

5 pick_MP2_WMH2 6 8 reorient

9

11 put_MP2_WMH2 12 14 pick_MP2_WMH2 15 17 put_BS2_WMH2 18 %% %% task arc transitions

1 pick_MT1

2

3 put_MP2

4

6 pick_MP2

7

9 reorient_task

10

12 put_MP2

13

15 pick_MP2

16

18 put_BS2

19

%% %% time arc transitions %% %% out arc transitions 2 pick_done_MT1_MH2W

3

4 put_done_MP2_MH2W

5

7 pick_done_MP2_MH2W

8

10 reorient_done_WMH2

11

13 put_done_MP2_WMH2

14

16 pick_done_MP2_MH2W 17 19 put_done_BS2_MH2W %% MP2 textual definition:

%%

definitions

%class

DEVICE

%object

MACHINE-2

%output

MP2

%states

4

%in

2

%out

2

20

%tasks

2

%time

2

%final

3

%assign

proc2_WMP2

%% %% in arc transitions 0 proc2_WMP2

1

4 proc3_WMP2

5

%% %% out arc transitions 3 proc2_done_MP2W 4 7 proc3_done_MP2W 8 %% %% task arc transitions 1 proc2_task

2

5 proc3_task

6

%% %% time arc transitions 2 proc2_time_WMP2 3 6 proc3_time_WMP2 7 %%

APPENDIX (C)

SOURCE CODE TO GENERATE SYMBOL TABLE, SMV INPUT CODE, AND IEC 61131-3 STANDARD PLC CODE (a) Algorithm and source code to generate Symbol Table [Mapping Variable with PLC I/O address] void writeSymbolTable(MPSG_ARC_LIST *L, MPSG_DEF *M) { char fmtSI[] = "\"%s \",\"%s %d%s%d\",\"BOOL \",\"Input Message:%s \"\n"; char fmtSO[] = "\"%s \",\"%s %d%s%d\",\"BOOL \",\"Output Message:%s \"\n"; char fmtSC[] = "\"%s \",\"%s %d%s%d\",\"BOOL \",\"Time Message:%s \"\n"; int index; char FName[MAX_FILE_NAME]; strcpy(FName, M->FileName); strcat(FName, ".sdf"); FILE *fp1 = fopen(FName, "w"); if (! fp1) fatalprintf(R_EOPEN, "cant open file %s in createFile()", FName); for (index = 0; index < M->NumInMess; index++) { fprintf(fp1,fmtSI,&M->InMessages [index][2],"I",0,".",index,&M->InMessages [index][1]); } for (index = 0; index < M->NumTimes; index++) { fprintf(fp1,fmtSC,&M->TimeMessage[index][2],"M",0,".", index,&M->TimeMessage [index][1]); } for (index = 0; index < M->NumOutMess; index++) { fprintf(fp1,fmtSO,&M->OutMessages[index][2],"Q",0,".", index,&M->OutMessages[index][1]); } fclose(fp1);

}

(b) Algorithm and source code to generate IEC standard PLC program void writePLCFile(MPSG_ARC_LIST *L, MPSG_DEF *M) { //File type .awl used for LD, STL and FBD FILE *fp1; char fname[100] = ""; char fmt1[] = "\t\t%s : BOOL ;\n"; char fmtC[] = "\t\t%s : ST#5S ;\n"; char Description[100]; int i,ctr=1,index; strcat(fname, M->FileName); strupper(fname); fp1 = createFile(M->FileName, ".awl"); printSectionHeadPLC(fp1, "Task Action Function Block"); for (index = 0; index < M->NumTasks; index++) { sprintf(Description, "%s %s", &M->Tasks[index][2], "TASK ACTION FUNCTION BLOCK"); fprintf(fp1, "\n\n"); printHeadPLC(fp1, &M->Tasks[index][2], Description); fprintf(fp1, "\n\nFUNCTION T_%s : BOOL",&M->Tasks[index][2]); fprintf(fp1, "\n\tVAR_INPUT\n"); fprintf(fp1, "\n\t(* input variable declarations go here*)"); fprintf(fp1, "\n\tEND_VAR\n"); fprintf(fp1, "\n\tVAR_IN_OUT\n"); fprintf(fp1, "\n\t(* input/output variable declarations go here*)"); fprintf(fp1, "\n\tEND_VAR\n"); fprintf(fp1, "\n\tVAR_OUTPUT\n"); fprintf(fp1, "\n\t(* output variable declarations go here*)"); fprintf(fp1, "\n\tEND_VAR\n"); fprintf(fp1, "\tBEGIN\n"); fprintf(fp1, "\n\n\tif PRECONDITION_%s ",&M->Tasks[index][2]); fprintf(fp1, "\n\t(* source code for %s goes here.*)", &M->Tasks[index][2]); fprintf(fp1, "\n\t\t\treturn(TRUE);"); fprintf(fp1, "\n\t\tELSE"); fprintf(fp1, "\n\t(* source code for %s goes here.*)", &M->Tasks[index][2]); fprintf(fp1, "\n\t\t\treturn(FALSE);"); fprintf(fp1, "\nEND_FUNCTION"); } fprintf(fp1, "\n\n\nFUNCTION_BLOCK %s\n\n", fname); fprintf(fp1, "VAR_INPUT\n"); fprintf(fp1, "\t(* Input message definitions *)\n");

for (i = 0; i < M->NumInMess; i++) fprintf(fp1,fmt1, M->InMessages[i]); fprintf(fp1, "\nEND_VAR\n"); fprintf(fp1, "\nVAR_OUTPUT\n"); fprintf(fp1, "\t(* Output message definitions *)\n"); for (i = 0; i < M->NumOutMess; i++) fprintf(fp1, fmt1, M->OutMessages[i]); fprintf(fp1, "\nEND_VAR\n"); fprintf(fp1, "\nVAR\n"); fprintf(fp1, "\t(* Time message definitions *)\n"); for (i = 0; i < M->NumTimes ; i++) fprintf(fp1, fmtC, M->TimeMessage[i]); fprintf(fp1, "\nEND_VAR\n"); fprintf(fp1, "\n(*Program Code*)\n\n"); fprintf(fp1, "\tBEGIN\n"); for (i = 0; i < M->NumInMess; i++){ fprintf(fp1,"\n\t\tL %s;", M->InMessages[M->NumInMess-ctr]); //fprintf(fp1, "\n\t\tL %s;", M->TimeMessage[M->NumTimes -ctr]); fprintf(fp1, "\n\t\tCALL %s();", M->Tasks[M->NumTasks-ctr]); fprintf(fp1, "\n\t\tS %s;\n", M->OutMessages[M->NumOutMess -ctr]); ctr++; } fprintf(fp1, "\n(*End of Program Code *)\n"); fprintf(fp1, "\n\nEND_FUNCTION_BLOCK %s\n",strupper(M->FileName)); fclose(fp1); /* //File type .gr7 used for Sequential Function Chart FILE *fp1; char fname[100] = ""; char fmt1[] = "\t\"%s\" (R) ;\n"; char fmt3[] = "\t\"%s\" (S) ;\n"; char fmt2[] = "(*$_COM %s *)"; char fmtC[] = "\t\t%s : ST#5S ;\n"; int i,ctr=1; strcat(fname, M->FileName); strupper(fname); fp1 = createFile(M->FileName, ".gr7"); fprintf(fp1, "\nFUNCTION_BLOCK \"%s\"\n\n", fname); fprintf(fp1,fmt2,M->FileName ); fprintf(fp1,"\n\nCMPSET\n") ; fprintf(fp1,"\t\tS7Graph-Version: 4000\n"); fprintf(fp1,"\t\tWarningLevel: All\n"); fprintf(fp1,"\t\tFBInterface: Standard\n"); fprintf(fp1,"\t\tSSBLevel: Array\n"); fprintf(fp1,"\t\tASMsgLevel: No\n"); fprintf(fp1,"\t\tTargetMachine: AS300StdBlock\n"); fprintf(fp1,"\t\tRuntimeBlock: FC 72\n"); fprintf(fp1,"\t\tCritAvail: F\n"); fprintf(fp1,"\t\tSSkipOn: F\n");

fprintf(fp1,"\t\tAckReq: T \n"); fprintf(fp1,"\t\tSyncAvail: F\n"); fprintf(fp1,"\t\tPermILMan: F \n"); fprintf(fp1,"END_CMPSET\n"); fprintf(fp1,"\n(*$_SETTINGS ProgLang: LAD *)\n\n"); fprintf(fp1,"INITIAL_STEP Step1 (*$_NUM 1*):\n"); fprintf(fp1,"(*$_COM Step comment*)\n"); for (i = 0; i < M->NumOutMess ; i++) { fprintf(fp1, fmt1, M->OutMessages[i]); } fprintf(fp1,"END_STEP\n"); for (i = 0; i < M->NumOutMess ; i++) { fprintf(fp1,"STEP Step%d (*$_NUM %d*) : \n",i+2,i+2); fprintf(fp1, fmt3, M->OutMessages[i]); fprintf(fp1,"END_STEP\n"); } for (i = 0; i < M->NumInMess; i++){ fprintf(fp1,"\nTRANSITION Trans%d (*$_NUM %d*)\n",i+1,i+1); fprintf(fp1,"\tFROM Step\n"); fprintf(fp1,"\tTO Step\n"); fprintf(fp1,"\tCONDITION := \"%s\"\n",M->InMessages[i]); fprintf(fp1,"\nEND_TRANSITION\n"); } fprintf(fp1, "\n\nEND_FUNCTION_BLOCK \n"); fclose(fp1); */

}

(c) Algorithm and source code to generate native code for SMV void writeSMVFile(MPSG_ARC_LIST *L, MPSG_DEF *M) { char FName[MAX_FILE_NAME]; strcpy(FName, M->FileName); strcat(FName, ".smv"); FILE *fp1 = fopen(FName, "w"); char fmt1[] = " %s,"; char fmt2[] = "\tinput %s : boolean;\n"; char fmt3[] = "\toutput %s : boolean;\n"; char fmt4[] = "\tinit(%s) := 0;\n"; char mutex[]="\tmutex: assert G ~ ("; char mutex1[]="%s & "; char live[]="\t %s_live : assert G (%s -> F %s);\n"; char def[]="\t%s := %s ;\n"; int i,index; //The main module and it's input/output parameters fprintf(fp1, "\nmodule main ("); for (i = 0; i < M->NumInMess; i++) { fprintf(fp1,fmt1, M->InMessages[i]); } for (i = 0; i < M->NumOutMess; i++) { fprintf(fp1, fmt1, M->OutMessages[i]); } //The inut/output variable declaration fprintf(fp1, ")\n\n{\n"); fprintf(fp1, "\nVAR\n"); for (i = 0; i < M->NumInMess; i++) { fprintf(fp1,fmt2, M->InMessages[i]); } for (i = 0; i < M->NumOutMess; i++) { fprintf(fp1, fmt3, M->OutMessages[i]); } fprintf(fp1, "\n"); //The inut/output variable declaration fprintf(fp1, "\nDEFINE\n\n");

for (i = 0; i < M->NumOutMess; i++) { fprintf(fp1, fmt4, M->OutMessages[i]); } fprintf(fp1, "\nASSIGN\n"); for (i = 0; i < M->NumInMess; i++) { fprintf(fp1,def, M->InMessages[i],M->OutMessages[i]); } fprintf(fp1, "\n"); fprintf(fp1, "\nSPEC\n"); //Test of liveness properties for (index = 0; index < M->NumInMess; index++) { fprintf(fp1,live, M->InMessages[index],M->InMessages[index],M->OutMessages[index]); } fprintf(fp1, "\n"); fprintf(fp1,mutex); //Test of safety properties for (index = 0; index < M->NumOutMess; index++) { fprintf(fp1,mutex1, M->OutMessages[index]); } fprintf(fp1, ");\n}\n"); fclose(fp1);

}