Abstract
During the development of PLC software, standards usually require testing to consider certain coverage criteria. Since a manual generation of coverage tests is tedious and error-prone, automatic approaches as concolic testing are highly desirable. Approaches targeting non-reactive software usually cannot address their peculiarities, e. g. the cyclic execution combined with state-machine behaviour. Hence, we present a novel concolic testing technique to fill this gap. In particular, our technique utilises operation modes that typically describe the state machine semantics of single units in PLC programs, also called function blocks. This allows for guiding symbolic execution along paths that conform with the state-machine semantics and are likely to uncover new program behaviour. We show that our technique efficiently generates coverage tests for a variety of programs, outperforming existing approaches tailored to PLC software.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Biallas, S., Brauer, J., Kowalewski, S.: Arcade.PLC: a verification platform for programmable logic controllers. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2012)
Bohlender, D., Kowalewski, S.: Compositional verifcation of PLC software using horn clauses and mode abstraction. In: WODES (2018, to appear)
Bohlender, D., Simon, H., Friedrich, N., Kowalewski, S., Hauck-Stattelmann, S.: Concolic test generation for PLC programs using coverage metrics. In: WODES (2016)
Burnim, J., Sen, K.: Heuristics for scalable dynamic test generation. In: ASE (2008)
Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI) (2008)
Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. ACM Commun. 56(2), 82–90 (2013)
Canfora, G., Cimitile, A., De Lucia, A.: Conditioned program slicing. In: Information and Software Technology 40 (1998)
De Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS/ETAPS (2008)
Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated whitebox fuzz testing. In: NDSS (2008)
IEC-61508: IEC 61508: Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (2010)
John, K.H., Tiegelkamp, M.: IEC 61131–3: Programming Industrial Automation Systems Concepts and Programming Languages. Requirements for Programming Systems, Decision-Making Aids (2010)
Kähkönen, K., et al.: LCT: an open source concolic testing tool for Java programs (2011)
PLCopen TC5: Safety Software Technical Specification, Version 1.0, Part 1: Concepts and Function Blocks. PLCopen, Germany (2006)
PLCopen TC5: Safety Software Technical Specification, Version 1.01, Part 2: User Examples. PLCopen, Germany (2008)
Simon, H., Kowalewski, S.: Structural concolic testing for sequential function chart. In: WODES (2018, to appear)
Song, J., Jee, E., Bae, D.H.: Automated test sequence generation for function block diagram programs. In: APSEC (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Simon, H., Kowalewski, S. (2018). Mode-Aware Concolic Testing for PLC Software. In: Furia, C., Winter, K. (eds) Integrated Formal Methods. IFM 2018. Lecture Notes in Computer Science(), vol 11023. Springer, Cham. https://doi.org/10.1007/978-3-319-98938-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-98938-9_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98937-2
Online ISBN: 978-3-319-98938-9
eBook Packages: Computer ScienceComputer Science (R0)