Skip to main content
Springer Nature Link
Log in

Mode-Aware Concolic Testing for PLC Software

Special Session “Formal Methods for the Design and Analysis of Automated Production Systems”

  • Conference paper
  • First Online:
Integrated Formal Methods (IFM 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11023))

Included in the following conference series:

  • 801 Accesses

Abstract

During the development of PLC software, standards usually require testing to consider certain coverage criteria. Since a manual generation of coverage tests is tedious and error-prone, automatic approaches as concolic testing are highly desirable. Approaches targeting non-reactive software usually cannot address their peculiarities, e. g. the cyclic execution combined with state-machine behaviour. Hence, we present a novel concolic testing technique to fill this gap. In particular, our technique utilises operation modes that typically describe the state machine semantics of single units in PLC programs, also called function blocks. This allows for guiding symbolic execution along paths that conform with the state-machine semantics and are likely to uncover new program behaviour. We show that our technique efficiently generates coverage tests for a variety of programs, outperforming existing approaches tailored to PLC software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Biallas, S., Brauer, J., Kowalewski, S.: Arcade.PLC: a verification platform for programmable logic controllers. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering (ASE) (2012)

    Google Scholar 

  2. Bohlender, D., Kowalewski, S.: Compositional verifcation of PLC software using horn clauses and mode abstraction. In: WODES (2018, to appear)

    Google Scholar 

  3. Bohlender, D., Simon, H., Friedrich, N., Kowalewski, S., Hauck-Stattelmann, S.: Concolic test generation for PLC programs using coverage metrics. In: WODES (2016)

    Google Scholar 

  4. Burnim, J., Sen, K.: Heuristics for scalable dynamic test generation. In: ASE (2008)

    Google Scholar 

  5. Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI) (2008)

    Google Scholar 

  6. Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. ACM Commun. 56(2), 82–90 (2013)

    Article  Google Scholar 

  7. Canfora, G., Cimitile, A., De Lucia, A.: Conditioned program slicing. In: Information and Software Technology 40 (1998)

    Google Scholar 

  8. De Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS/ETAPS (2008)

    Google Scholar 

  9. Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated whitebox fuzz testing. In: NDSS (2008)

    Google Scholar 

  10. IEC-61508: IEC 61508: Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (2010)

    Google Scholar 

  11. John, K.H., Tiegelkamp, M.: IEC 61131–3: Programming Industrial Automation Systems Concepts and Programming Languages. Requirements for Programming Systems, Decision-Making Aids (2010)

    Google Scholar 

  12. Kähkönen, K., et al.: LCT: an open source concolic testing tool for Java programs (2011)

    Google Scholar 

  13. PLCopen TC5: Safety Software Technical Specification, Version 1.0, Part 1: Concepts and Function Blocks. PLCopen, Germany (2006)

    Google Scholar 

  14. PLCopen TC5: Safety Software Technical Specification, Version 1.01, Part 2: User Examples. PLCopen, Germany (2008)

    Google Scholar 

  15. Simon, H., Kowalewski, S.: Structural concolic testing for sequential function chart. In: WODES (2018, to appear)

    Google Scholar 

  16. Song, J., Jee, E., Bae, D.H.: Automated test sequence generation for function block diagram programs. In: APSEC (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Embedded Software, RWTH Aachen University, Aachen, Germany

    Hendrik Simon & Stefan Kowalewski

Authors
  1. Hendrik Simon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Kowalewski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hendrik Simon .

Editor information

Editors and Affiliations

  1. Università della Svizzera Italiana, Lugano, Switzerland

    Carlo A. Furia

  2. University of Queensland, Brisbane, Queensland, Australia

    Kirsten Winter

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Simon, H., Kowalewski, S. (2018). Mode-Aware Concolic Testing for PLC Software. In: Furia, C., Winter, K. (eds) Integrated Formal Methods. IFM 2018. Lecture Notes in Computer Science(), vol 11023. Springer, Cham. https://doi.org/10.1007/978-3-319-98938-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98938-9_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98937-2

  • Online ISBN: 978-3-319-98938-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics