Abstract
Regression testing is an established technique used to attest the correctness of reconfigurations to PLC software. After such a reconfiguration, a test suite might not be adequate to ensure the absence of regressions, requiring the derivation of new test cases to uncover potential regressions. This paper presents a combination of state-of-the-art symbolic execution algorithms for test suite augmentation, an indispensable part of regression testing. Test generation is guided towards the changed behavior using a technique known as four-way forking. The old and new PLC software are executed in the same symbolic execution instance to account for the effects of the reconfiguration and increase the chances of generating difference-revealing test cases. The prototypical implementation is evaluated using domain-specific benchmarks such as the PLCopen Safety library and the Pick and Place Unit, exposing the limitations in applicability and effectiveness of the used techniques for safeguarding PLC software subject to frequent reconfigurations as found in cyber-physical production systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adiego, B.F., Darvas, D., Viñuela, E.B., Tournier, J.C., Suárez, V.M.G., Blech, J.O.: Modelling and formal verification of timing aspects in large plc programs. IFAC Proc. 47(3), 3333–3339 (2014). https://doi.org/10.3182/20140824-6-ZA-1003.01279. 19th IFAC World Congress
Allen, F.E.: Control flow analysis. In: Northcote, R.S. (ed.) Proceedings of a Symposium on Compiler Optimization, Urbana-Champaign, Illinois, USA, 27–28 July 1970, pp. 1–19. ACM (1970). https://doi.org/10.1145/800028.808479
Baldoni, R., Coppa, E., D’Elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. 51(3), 50:1-50:39 (2018). https://doi.org/10.1145/3182657
Bohlender, D., Simon, H., Friedrich, N., Kowalewski, S., Hauck-Stattelmann, S.: Concolic test generation for PLC programs using coverage metrics. In: Cassandras, C.G., Giua, A., Li, Z. (eds.) 13th International Workshop on Discrete Event Systems, WODES 2016, Xi’an, China, 30 May – 1 June 2016, pp. 432–437. IEEE (2016). https://doi.org/10.1109/WODES.2016.7497884
Godefroid, P.: Compositional dynamic test generation. In: Hofmann, M., Felleisen, M. (eds.) Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2007, Nice, France, 17–19 January 2007, pp. 47–54. ACM (2007). https://doi.org/10.1145/1190216.1190226
Grochowski, M., et al.: Formale methoden für rekonfigurierbare cyber-physische systeme in der produktion. at-Automatisierungstechnik 68(1), 3–14 (2020). https://doi.org/10.1515/auto-2019-0115
Gurfinkel, A., Chaki, S.: Boxes: a symbolic abstract domain of boxes. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 287–303. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15769-1_18
International Electrotechnical Commission: IEC 61131-3:2013 Programmable controllers - Part 3: Programming languages. IEC International Standard IEC 61131-3:2013 (2013). https://webstore.iec.ch/publication/4552
Jeschke, S., Brecher, C., Song, H., Rawat, D.B. (eds.): Industrial Internet of Things. SSWT, Springer, Cham (2017). https://doi.org/10.1007/978-3-319-42559-7
Kuchta, T., Palikareva, H., Cadar, C.: Shadow symbolic execution for testing software patches. ACM Trans. Softw. Eng. Methodol. 27(3), 10:1-10:32 (2018). https://doi.org/10.1145/3208952
Kuznetsov, V., Kinder, J., Bucur, S., Candea, G.: Efficient state merging in symbolic execution. In: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2012, pp. 193–204. Association for Computing Machinery, New York (2012). https://doi.org/10.1145/2254064.2254088
Lin, Y., Miller, T., Søndergaard, H.: Compositional symbolic execution: Incremental solving revisited. In: Potanin, A., Murphy, G.C., Reeves, S., Dietrich, J. (eds.) 23rd Asia-Pacific Software Engineering Conference, APSEC 2016, Hamilton, New Zealand, 6–9 December 2016, pp. 273–280. IEEE Computer Society (2016). https://doi.org/10.1109/APSEC.2016.046
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
Noller, Y., Nguyen, H.L., Tang, M., Kehrer, T., Grunske, L.: Complete shadow symbolic execution with java pathfinder. ACM SIGSOFT Softw. Eng. Notes 44(4), 15–16 (2019). https://doi.org/10.1145/3364452.33644558
PLCopen - Technical Committee 5: Safety software, technical specification, part 1: Concepts and function blocks. Technical report, PLCopen (2020). https://plcopen.org/system/files/downloads/plcopen_safety_part_1_version_2.01.pdf
Sen, K., Necula, G., Gong, L., Choi, W.: MultiSE: multi-path symbolic execution using value summaries. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2015, pp. 842–853. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2786805.2786830
Ulewicz, S., Vogel-Heuser, B.: Industrially applicable system regression test prioritization in production automation. IEEE Trans Autom. Sci. Eng. 15(4), 1839–1851 (2018). https://doi.org/10.1109/TASE.2018.2810280
Weigl, A., Ulbrich, M., Lentzsch, D.: Modular regression verification for reactive systems. In: Margaria, T., Steffen, B. (eds.) ISoLA 2020, Part II. LNCS, vol. 12477, pp. 25–43. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-61470-6_3
Weyrich, M., Zeller, A.: Testen von industrie-4.0-systemen - wie vernetzte systeme und industrie 4.0 unser verständnis von systemtest und qualitätssicherung ändern (2016), https://www.ias.uni-stuttgart.de/dokumente/vortraege/2016-01-26_Industrie40_Duesseldorf_v12final.pdf
Weyuker, E.J., Jeng, B.: Analyzing partition testing strategies. IEEE Trans. Softw. Eng. 17(7), 703–711 (1991). https://doi.org/10.1109/32.83906
Xu, Z., Kim, Y., Kim, M., Cohen, M.B., Rothermel, G.: Directed test suite augmentation: an empirical investigation. Softw. Test. Verif. Reliab. 25(2), 77–114 (2015). https://doi.org/10.1002/stvr.1562
Yang, G., Person, S., Rungta, N., Khurshid, S.: Directed incremental symbolic execution. ACM Trans. Softw. Eng. Methodol. 24(1), 3:1-3:42 (2014). https://doi.org/10.1145/2629536
Yoo, S., Harman, M.: Regression testing minimization, selection and prioritization: a survey. Softw. Test. Verif. Reliab. 22(2), 67–120 (2012). https://doi.org/10.1002/stv.430
Zeller, A., Jazdi, N., Weyrich, M.: Functional verification of distributed automation systems. Int. J. Adv. Manufact. Technol. 105(9), 3991–4004 (2019). https://doi.org/10.1007/s00170-019-03791-2
Acknowledgements
Funded by the Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy – EXC-2023 Internet of Production – 390621612.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Grochowski, M., Völker, M., Kowalewski, S. (2022). Test Suite Augmentation for Reconfigurable PLC Software in the Internet of Production. In: Groote, J.F., Huisman, M. (eds) Formal Methods for Industrial Critical Systems. FMICS 2022. Lecture Notes in Computer Science, vol 13487. Springer, Cham. https://doi.org/10.1007/978-3-031-15008-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-15008-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15007-4
Online ISBN: 978-3-031-15008-1
eBook Packages: Computer ScienceComputer Science (R0)