Skip to main content
Log in

Two CEGAR-based approaches for the safety verification of PLC-controlled plants

Information Systems Frontiers Aims and scope Submit manuscript

Abstract

In this paper we address the safety analysis of chemical plants controlled by programmable logic controllers (PLCs). We consider a specification of the control program of the PLCs, extended with the specification of the dynamic plant behavior. The resulting hybrid models can be transformed to hybrid automata, for which advanced techniques for reachability analysis exist. However, the hybrid automata models are often too large to be analyzed. We propose two counterexample-guided abstraction refinement (CEGAR) approaches to keep the size of the hybrid models moderate.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Notes

  1. In the IEC standard, the qualifiers P1,N and P0 are used instead of , and . The remaining qualifiers of the industry standard are not considered in this paper.

  2. For over-approximative reachability analysis; otherwise under-approximated.

  3. Additionally to the previously introduced SFC variables, V sfc contains also a variable to encode the currently active step.

References

  • Ábrahám, E., Becker, B., Klaedtke, F., & Steffen, M. (2005). Optimizing bounded model checking for linear hybrid systems. In Proc. of the 6th Int. Conf. on Verification, Model Checking, and Abstract Interpretation (VMCAI’05), LNCS, vol. 3385. doi:http://dx.doi.org/10.1007/978-3-540-30579-8_26 (pp. 396–412): Springer.

  • Althoff, M., & Dolan, J. M. (2014). Online verification of automated road vehicles using reachability analysis. IEEE Transaction on Robotics, s30(4), 903–918.

    Article  Google Scholar 

  • Althoff, M., Stursberg, O., & Buss, M. (2008). Reachability analysis of nonlinear systems with uncertain parameters using conservative linearization. In Proc. of the 47th IEEE conf. on decision and control (CDC’08) (pp. 4042–4048): IEEE Computer Society Press.

  • Alur, R., Courcoubetis, C., Halbwachs, N., Henzinger, T. A., Ho, P. H., Nicollin, X., Olivero, A., Sifakis, J., & Yovine, S. (1995). The algorithmic analysis of hybrid systems. Theoretical Computer Science, s138, 3–34.

    Article  Google Scholar 

  • Alur, R., Dang, T., & Ivancic, F. (2002). Reachability analysis of hybrid systems via predicate abstraction. In Proc.of the 5th int.workshop on hybrid systems: Computation and control (HSCC’02), LNCS vol. 2289 (pp. 35–48): Springer.

  • Alur, R., Dang, T., & Ivancic, F. (2003). Counter-example guided predicate abstraction of hybrid systems. In Proc. of TACAS’13, LNCS, vol. 2619. doi:10.1007/3-540-36577-X_15 (pp. 208–223): Springer.

  • Asarin, E., Dang, T., & Girard, A. (2007). Hybridization methods for the analysis of nonlinear systems. Acta Informatica, s43(7), 451–476.

    Article  Google Scholar 

  • Asarin, E., Dang, T., & Maler, O. (2002). The d/dt tool for verification of hybrid systems. In Proc. of CAV’02, LNCS, (Vol. 2404 pp. 746–770): Springer.

  • Balluchi, A., Casagrande, A., Collins, P., Ferrari, A., Villa, T., & Sangiovanni-Vincentelli, A. L. (2006). Ariadne: a framework for reachability analysis of hybrid automata. In Proc. of MTNS’06.

  • Baresi, L., Carmeli, S., Monti, A., & Pezzè, M. (1998). PLC Programming languages: a formal approach. In Proc.of automation ’98. ANIPLA.

  • Bauer, N. (2004). Formale analyse von sequential function charts. Ph.D. thesis, Universität Dortmund.

  • Bauer, N., Huuck, R., Lukoschus, B., & Engell, S. (2004). A unifying semantics for sequential function charts. In In the final report of the softspez DFG priority program, LNCS, (Vol. 3147 pp. 400–418): Springer.

  • Biere, A. (2009). Bounded model checking. In biere, A., Heule, M., van Maaren, H., & Walsh, T. (Eds.) Handbook of Satisfiability, Frontiers in Artificial Intelligence and Applications, (Vol. 185 pp. 457–481): IOS Press.

  • Biere, A., Cimatti, A., Clarke, E. M., & Zhu, Y. (1999). Symbolic model checking without BDDs. In Tools and algorithms for construction and analysis of systems (TACAS), LNCS, (Vol. 1579 pp. 193–207): Springer.

  • Bogomolov, S., Donzé, A., Frehse, G., Grosu, R., Johnson, T. T., Ladan, H., Podelski, A., & Wehrle, M. (2013). Abstraction-based guided search for hybrid systems. In Proc.of SPIN’13, LNCS, (Vol. 7976 pp. 117–134): Springer.

  • Bogomolov, S., Frehse, G., Greitschus, M., Grosu, R., Pasareanu, C., Podelski, A., & Strump, T. (2014). Assume-guarantee abstraction refinement meets hybrid systems. In Proc.of HVC’14, LNCS, (Vol. 8855 pp. 116–131): Springer.

  • Bouissou, O., Chapoutot, A., & Mimram, S. (2013). Computing flowpipe of nonlinear hybrid systems with numerical methods. coRR sabs/1306.2305. arXiv;1306.2305.

  • Chen, X., Ábrahám, E., & Sankaranarayanan, S. (2013). Flow*: an analyzer for non-linear hybrid systems. In Proc. of CAV’13, LNCS, (Vol. 8044 pp. 258–263): Springer.

  • Clarke, E., Fehnker, A., Han, Z., Krogh, B., Ouaknine, J., Stursberg, O., & Theobald, M. (2003a). Abstraction and counterexample-guided refinement in model checking of hybrid systems. International Journal of Foundations of Computer Science, s14(04), 583–604. doi:10.1142/S012905410300190X.

  • Clarke, E., Fehnker, A., Han, Z., Krogh, B., Stursberg, O., & Theobald, M. (2003b). Verification of hybrid systems based on counterexample-guided abstraction refinement. In Proc. of TACAS’03, LNCS. doi:10.1007/3-540-36577-X_14, (Vol. 2619 pp. 192–207): Springer.

  • Clarke, E., Grumberg, O., Jha, S., Lu, Y., & Veith, H. (2000). Counterexample-guided abstraction refinement. In Proc. of CAV’00, LNCS. doi:10.1007/10722167_15, (Vol. 1855 pp. 154–169): Springer.

  • Clarke, E., & Kroening, D. (2003). Hardware verification using ANSI-c programs as a reference. In Proc. ASP-DAC’03 (pp. 308–311).

  • Clarke, E.M., Biere, A., Raimi, R., & Zhu, Y. (2001). Bounded model checking using satisfiability solving. Formal Methods in System Design, s19(1), 7–34. doi:10.1023/A:1011276507260.

    Article  Google Scholar 

  • Dierks, H., Kupferschmid, S., & Larsen, K. (2007). Automatic abstraction refinement for timed automata. In Proc. of FORMATS’07, LNCS. doi:10.1007/978-3-540-75454-1_10, (Vol. 4763 pp. 114–129): Springer.

  • Duggirala, P., Mitra, S., Viswanathan, M., & Potok, M. (2015). C2e2: A verification tool for Stateflow models. In Proc.of the 21th int.conf.on tools and algorithms for the construction and analysis of systems (TACAS’15), LNCS, (Vol. 9035 pp. 68–82): Springer.

  • Eggers, A. (2014). Direct handling of ordinary differential equations in constraint-solving-based analysis of hybrid systems. Ph.D. thesis, Universität Oldenburg, Germany.

  • Engell, S., Lohmann, S., & Stursberg, O. (2005). Verification of embedded supervisory controllers considering hybrid plant dynamics. International Journal of Software Engineering and Knowledge Engineering, s15(2), 307–312.

    Article  Google Scholar 

  • Fehnker, A., Clarke, E., Jha, S., & Krogh, B. (2005). Refining abstractions of hybrid systems using counterexample fragments. In Proc. of HSCC’05, LNCS. doi:10.1007/978-3-540-31954-2_16, (Vol. 3414 pp. 242–257): Springer.

  • Fränzle, M., & Herde, C. (2006). HySAT: An efficient proof engine for bounded model checking of hybrid systems. Formal Methods in System Design, s30(3), 179–198. doi:10.1007/s10703-006-0031-0.

    Article  Google Scholar 

  • Frehse, G. (2008). PHAVEr: Algorithmic verification of hybrid systems past HyTech. International Journal on Software Tools for Technology Transfer, s10, 263–279.

    Article  Google Scholar 

  • Frehse, G., Guernic, C. L., Donzé, A., Cotton, S., Ray, R., Lebeltel, O., Ripado, R., Girard, A., Dang, T., & Maler, O. (2011). Spaceex: Scalable verification of hybrid systems. In Proc.of CAV’11, LNCS, (Vol. 6806 pp. 379–395): Springer.

  • Frey, G., & Litz, L. (2000). Formal methods in PLC programming. In Proc. of SMC’00, (Vol. 4 pp. 2431–2436).

  • Giorgetti, N., Pappas, G., & Bemporad, A. (2005). Bounded model checking of hybrid dynamical systems. In Proc. of CDC’05 (pp. 672–677).

  • Girard, A., & Pappas, G. J. (2007). Approximation metrics for discrete and continuous systems. TAC’07’, s52(5), 782–798.

    Google Scholar 

  • Hagemann, W., Möhlmann, E., & Rakow, A. (2014). Verifying a PI controller using SoapBox and Stabhyli: Experiences on establishing properties for a steering controller. In 1St int. workshops on applied verification for continuous and hybrid systems (ARCH’14), EPic series in computer science, vol. 34. Easychair.

  • Hassapis, G., Kotini, I., & Doulgeri, Z. (1998). Validation of a SFC software specification by using hybrid automata. In Proc. of INCOM’98 (pp. 65–70): Pergamon.

  • Henzinger, T. A. (1996). The theory of hybrid automata. In Proc. of LICS’96) (pp. 278–292).

  • Henzinger, T. A., Kopke, P. W., Puri, A., & Varaiya, P. (1998). What’s decidable about hybrid automata? Journal of Computer and System Sciences, s57(1), 94–124. doi:10.1006/jcss.1998.1581.

    Article  Google Scholar 

  • HyCreate (2013). A tool for overapproximating reachability of hybrid automata . http://stanleybak.com/projects/hycreate/hycreate.html.

  • HyReach (2015). HyReach home page . https://embedded.rwth-aachen.de/doku.php?id=en:tools:hyreach.

  • Immler, F. (2015). Tool presentation: Isabelle/hol for reachability analysis of continuous systems. In frehse, G., & Althoff, M. (Eds.) ARCH14-15. 1st and 2nd International Workshop on Applied veRification for Continuous and Hybrid Systems, EPiC Series in Computer Science, vol. 34, pp. 180–187. EasyChair.

  • Int. Electrotechnical Commission (2003). Programmable controllers, Part 3: Programming Languages, 61131–3.

  • Jha, S. K., Krogh, B. H., Weimer, J. E., & Clarke, E. M. (2007). Reachability for linear hybrid automata using iterative relaxation abstraction. In Proc. of HSCC’07, LNCS (pp. 287–300): Springer.

  • Kong, S., Gao, S., Chen, W., & Clarke, E.M. (2015). dReach: δ-reachability analysis for hybrid systems. In Proc.of TACAS’15, LNCS, (Vol. 9035 pp. 200–205): Springer.

  • Kurzhanskiy, A., & Varaiya, P. (2006). Ellipsoidal toolbox. Tech. rep., EECS UC Berkeley.

  • Lukoschus, B. (2005). Compositional verification of industrial control systems - Methods and case studies. Ph.D. thesis, Christian-Albrechts-Universität zu Kiel.

  • Minopoli, S., & Frehse, G. (2014). Non-convex invariants and urgency conditions on linear hybrid automata. In Legay, A., & Bozga, M. (Eds.) Formal Modeling and Analysis of Timed Systems, LNCS. doi:10.1007/978-3-319-10512-3_13, (Vol. 8711 pp. 176–190): Springer.

  • Mitchell, I., & Tomlin, C. (2000). Level set methods for computation in hybrid systems. In Proc. of HSCC’00, LNCS, (Vol. 1790 pp. 310–323): Springer.

  • Nellen, J., & Ábrahám, E. (2012). Hybrid sequential function charts. In Proc. of MBMV’12, pp. 109–120. Verlag dr. Kovac.

  • Nellen, J., & Ábrahám, E. (2014). A CEGAR approach for the reachability analysis of PLC-controlled chemical plants. In Proc.of FMi’14.

  • Nellen, J., Ábrahám, E., Chen, X., & Collins, P. (2014). Counterexample generation for hybrid automata. In Proc. of FTSCS’13, CCIS, (Vol. 419 pp. 88–106): Springer.

  • Nellen, J., Ábrahám, E., & Wolters, B. (2015). A CEGAR tool for the reachability analysis of PLC-controlled plants using hybrid automata. In Bouabana-tebibel, T., & Rubin, S.H. (Eds.) forMalisms for reuse and systems integration, advances in intelligent systems and computing, (Vol. 346 pp. 55–78): Springer.

  • SPACEEx with CEGAR (2014). http://ths.rwth-aachen.de/research/tools/spaceex-with-cegar/.

  • Platzer, A., & Quesel, J.D. (2008). Keymaera: A hybrid theorem prover for hybrid systems. In Proc. of IJCAR’08, LNCS. doi:10.1007/978-3-540-71070-7_15, (Vol. 5195 pp. 171–178): Springer.

  • Prabhakar, P., Duggirala, P., Mitra, S., & Viswanathan, M. (2013). Hybrid automata-based CEGAR for rectangular hybrid systems. In Proc. of VMCAI’13, LNCS. doi:10.1007/978-3-642-35873-9_6, (Vol. 7737 pp. 48–67): Springer.

  • Ratschan, S., & She, Z. (2005). Safety verification of hybrid systems by constraint propagation based abstraction refinement. In Proc. of HSCC’05, LNCS, (Vol. 3414 pp. 573–589): Springer.

  • Roohi, N., Prabhakar, P., & Viswanathan, M. (2016). Hybridization based CEGAR for hybrid automata with affine dynamics. In Proc. of TACAS’16, LNCS. TO APPEAR, Vol. 9636: Springer.

  • Scheibler, K., Kupferschmid, S., & Becker, B. (2013). Recent improvements in the SMT solver iSAT. In Proc. MBMV, 231-241. Institut für Angewandte Mikroelektronik und Datentechnik, Fakultät für Informatik und Elektrotechnik, Universität Rostock.

  • Segelken, M. (2007). Abstraction and counterexample-guided construction of ω-automata for model checking of step-discrete linear hybrid models. In Proc. of CAV’07, LNCS. doi:10.1007/978-3-540-73368-3_46, (Vol. 4590 pp. 433–448): Springer.

  • Strichman, O. (2004). Accelerating bounded model checking of safety properties. Formal Methods in System Design, s24(1), 5–24. doi:10.1023/B:FORM.0000004785.67232.f8.

  • Testylier, R., & Dang, T. (2013). NLTOOLBOX: A library for reachability computation of nonlinear dynamical systems. In Proc. of the 11th int.symposium on automated technology for verification and analysis (ATVA’13), LNCS, (Vol. 8172 pp. 469– 473): Springer.

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Johanna Nellen.

Additional information

This work was partly supported by the German Research Foundation (DFG) as part of the Research Training Group “AlgoSyn” (GRK 1298) and as part of the DFG research project “HyPro” (AB 461/4-1).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nellen, J., Driessen, K., Neuhäußer, M. et al. Two CEGAR-based approaches for the safety verification of PLC-controlled plants. Inf Syst Front 18, 927–952 (2016). https://doi.org/10.1007/s10796-016-9671-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10796-016-9671-9

Keywords

Navigation