Abstract
In this paper, we present a predicate abstraction for programs for programmable logic controllers (PLCs) so as to allow for model checking safety related properties. Our contribution is twofold: First, we give a formalization of PLC programs in first order logic, which is then used to automatically derive a predicate abstraction using SMT solving. Second, we employ an abstraction called predicate scoping which reduces the evaluation of predicates to certain program locations and thus can be used to exploit the cyclic scanning mode of PLC programs. We show the effectiveness of this approach in a small case study using programs from industry and academia.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ball, T., Podelski, A., Rajamani, S.K.: Boolean and cartesian abstraction for model checking C programs. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 268–283. Springer, Heidelberg (2001)
Barrett, C., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. Handbook of Satisfiability 185, 825–885 (2009)
Beyer, D., Cimatti, A., Griggio, A., Keremoglu, M., Sebastiani, R.: Software model checking via large-block encoding. In: Formal Methods in Computer-Aided Design, FMCAD 2009, pp. 25–32. IEEE (2009)
Biallas, S., Brauer, J., Kowalewski, S.: Counterexample-guided abstraction refinement for PLCs. In: Proceedings of SSV, pp. 2–9. USENIX Association, Berkeley (2010)
Biallas, S., Brauer, J., Kowalewski, S.: Arcade.PLC: A verification platform for programmable logic controllers. In: Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, pp. 338–341. ACM (2012)
Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252. ACM (1977)
de Moura, L., Bjørner, N.S.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)
Gourcuff, V., De Smet, O., Faure, J.M.: Efficient representation for formal verification of PLC programs. In: Proceedings WODES, pp. 182–187 (2006)
Gourcuff, V., De Smet, O., Faure, J.M.: Improving large-sized PLC programs verification using abstractions. In: Proceedings of the 17th IFAC World Congress, pp. 5101–5106 (2008)
Graf, S., Saïdi, H.: Construction of Abstract State Graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)
Henzinger, T., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: POPL, pp. 58–70. ACM Press (2002)
International Electrotechnical Commission: IEC 61131: Programmable Controllers. International Electrotechnical Commission, Geneva, Switzerland (1993)
International Electrotechnical Commission: IEC 61508: Functional Safety of Electrical, Electronic and Programmable Electronic Safety-Related Systems. International Electrotechnical Commission, Geneva, Switzerland (1998)
Lahiri, S.K., Nieuwenhuis, R., Oliveras, A.: SMT techniques for fast predicate abstraction. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 424–437. Springer, Heidelberg (2006)
Moon, I.: Modeling programmable logic controllers for logic verification. IEEE Control Systems Magazine 14(2), 53–59 (1994)
Pavlovic, O., Pinger, R., Kollmann, M.: Automated formal verification of PLC programms written in IL. In: VERIFY. Workshop Proce, vol. 259, pp. 152–163. CEUR-WS.org (2007)
PLCopen TC5: Safety Software Technical Specification, Version 1.0, Part 1: Concepts and Function Blocks. PLCopen, Germany (2006)
Schlich, B., Brauer, J., Wernerus, J., Kowalewski, S.: Direct model checking of PLC programs in IL. In: Proceedings of DCDS, pp. 28–33 (2009)
Soliman, D., Frey, G.: Verification and validation of safety applications based on PLCopen safety function blocks. Control Engineering Practice 19(9), 929–946 (2011); special Section: DCDS 2009 — The 2nd IFAC Workshop on Dependable Control of Discrete Systems
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biallas, S., Giacobbe, M., Kowalewski, S. (2013). Predicate Abstraction for Programmable Logic Controllers. In: Pecheur, C., Dierkes, M. (eds) Formal Methods for Industrial Critical Systems. FMICS 2013. Lecture Notes in Computer Science, vol 8187. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41010-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-41010-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41009-3
Online ISBN: 978-3-642-41010-9
eBook Packages: Computer ScienceComputer Science (R0)