research-article

Bounded Model Checking of PLC ST Programs using Rewriting Modulo SMT

Authors:

Kyungmin BaeAuthors Info & Claims

FTSCS 2022: Proceedings of the 8th ACM SIGPLAN International Workshop on Formal Techniques for Safety-Critical Systems

Pages 56 - 67

https://doi.org/10.1145/3563822.3568016

Published: 01 December 2022 Publication History

Abstract

A programmable logic controller (PLC) is widely used in industrial control systems, and Structured text (ST) is an imperative language to develop PLC programs. Because of its safety-critical nature, formally analyzing PLC programs is important, and a rewriting-based formal semantics of ST has been proposed for this purpose. This paper presents a bounded model checking technique for PLC ST programs based on the rewriting-based semantics. We apply rewriting modulo SMT to symbolically analyze LTL properties of ST programs with respect to sequences of (possibly infinite) inputs and outputs. We have demonstrated the effectiveness of our approach using a traffic light case study.

References

[1]

Abraão Aires Urquiza, Musab A. AlTurki, Max Kanovich, Tajana Ban Kirigin, Vivek Nigam, Andre Scedrov, and Carolyn Talcott. 2019. Resource-Bounded Intruders in Denial of Service Attacks. In 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). IEEE, 382–396. https://doi.org/10.1109/CSF.2019.00033

[2]

Kyungmin Bae, Santiago Escobar, and José Meseguer. 2013. Abstract Logical Model Checking of Infinite-State Systems Using Narrowing. In 24th International Conference on Rewriting Techniques and Applications (RTA 2013) (Leibniz International Proceedings in Informatics (LIPIcs), Vol. 21). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, Dagstuhl, Germany. 81–96. https://doi.org/10.4230/LIPIcs.RTA.2013.81

[3]

Kyungmin Bae and Camilo Rocha. 2017. Guarded terms for rewriting modulo SMT. In International Conference on Formal Aspects of Component Software. 78–97.

[4]

Kyungmin Bae and Camilo Rocha. 2019. Symbolic state space reduction with guarded terms for rewriting modulo SMT. Science of Computer Programming, 178 (2019), 20–42.

Digital Library

[5]

Nanette Bauer, Sebastian Engell, Ralf Huuck, Sven Lohmann, Ben Lukoschus, Manuel Remelhe, and Olaf Stursberg. 2004. Verification of PLC Programs Given as Sequential Function Charts. In Integration of Software Specification Techniques for Applications in Engineering, Priority Program SoftSpez of the German Research Foundation (DFG), Final Report, Hartmut Ehrig, Werner Damm, Jörg Desel, Martin Groß e-Rhode, Wolfgang Reif, Eckehard Schnieder, and Engelbert Westkämper (Eds.) (Lecture Notes in Computer Science, Vol. 3147). Springer, 517–540. https://doi.org/10.1007/978-3-540-27863-4_28

[6]

Sebastian Biallas, Jörg Brauer, and Stefan Kowalewski. 2012. Arcade.PLC: a verification platform for programmable logic controllers. In Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering. IEEE, 338–341. https://doi.org/10.1145/2351676.2351741

Digital Library

[7]

Denis Bogdanas and Grigore Roşu. 2015. K-Java: A Complete Semantics of Java. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’15). Association for Computing Machinery, New York, NY, USA. 445–456. isbn:9781450333009 https://doi.org/10.1145/2676726.2676982

Digital Library

[8]

Dimitri Bohlender, Daniel Hamm, and Stefan Kowalewski. 2018. Cycle-Bounded Model Checking of PLC Software via Dynamic Large-Block Encoding. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC ’18). Association for Computing Machinery, New York, NY, USA. 1891–1898. isbn:9781450351911 https://doi.org/10.1145/3167132.3167334

Digital Library

[9]

Héctor Cadavid, Alexander Pérez, and Camilo Rocha. 2017. Reliable Control Architecture with PLEXIL and ROS for Autonomous Wheeled Robots. In Advances in Computing, Andrés Solano and Hugo Ordoñez (Eds.). Springer International Publishing, Cham. 611–626. isbn:978-3-319-66562-7

[10]

Géraud Canet, Sandrine Couffin, J-J Lesage, Antoine Petit, and Philippe Schnoebelen. 2000. Towards the automatic verification of PLC programs written in Instruction List. In Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. ’cybernetics evolving to systems, humans, organizations, and their complex interactions’ (cat. no.0. 4, IEEE, 2449–2454. https://doi.org/10.1109/ICSMC.2000.884359

[11]

Roberto Cavada, Alessandro Cimatti, Michele Dorigatti, Alberto Griggio, Alessandro Mariotti, Andrea Micheli, Sergio Mover, Marco Roveri, and Stefano Tonetta. 2014. The nuXmv symbolic model checker. In International Conference on Computer Aided Verification. 334–342. https://doi.org/10.1007/978-3-319-08867-9_22

Digital Library

[12]

M. Clavel, F. Durán, S. Eker, J. Meseguer, P. Lincoln, N. Martí-Oliet, and C. Talcott. 2007. All About Maude – A High-Performance Logical Framework (Lecture Notes in Computer Science, Vol. 4350). Springer, Berlin, Heidelberg.

[13]

International Electrotechnical Commission. 1993. Programmable controllers-part 3: Programming languages. IEC 61131-3.

[14]

Dániel Darvas, Borja Fernández Adiego, András Vörös, Tamás Bartha, Enrique Blanco Viñuela, and Víctor M. González Suárez. 2014. Formal Verification of Complex Properties on PLC Programs. In Formal Techniques for Distributed Objects, Components, and Systems, Erika Ábrahám and Catuscia Palamidessi (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 284–299. isbn:978-3-662-43613-4

[15]

Daniel Darvas, Borja Fernández Adiego, and Enrique Blanco Viñuela. 2015. PLCverif: A tool to verify PLC programs based on model checking techniques. https://doi.org/10.18429/JACoW-ICALEPCS2015-WEPGF092

[16]

Francisco Durán, Camilo Rocha, and Gwen Salaün. 2018. Symbolic specification and verification of data-aware BPMN processes using rewriting modulo SMT. In International Workshop on Rewriting Logic and its Applications. 76–97.

[17]

Steven Eker, José Meseguer, and Ambarish Sridharanarayanan. 2004. The Maude LTL Model Checker. Electronic Notes in Theoretical Computer Science, 71 (2004), 162–187. issn:1571-0661 https://doi.org/10.1016/S1571-0661(05)82534-4 WRLA 2002, Rewriting Logic and Its Applications

[18]

Chucky Ellison and Grigore Rosu. 2012. An Executable Formal Semantics of C with Applications. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’12). Association for Computing Machinery, New York, NY, USA. 533–544. isbn:9781450310833 https://doi.org/10.1145/2103656.2103719

Digital Library

[19]

Vincent Gourcuff, Olivier De Smet, and J-M Faure. 2006. Efficient representation for formal verification of PLC programs. In 8th International Workshop on Discrete Event Systems. 182–187. https://doi.org/10.1109/WODES.2006.1678428

[20]

George Hassapis, Isabella Kotini, and Zoe Doulgeri. 1998. Validation of a SFC software specification by using hybrid automata. IFAC Proceedings Volumes, 31, 15 (1998), 107–112. https://doi.org/10.1016/S1474-6670(17)40537-4

[21]

Chris Hathhorn, Chucky Ellison, and Grigore Roşu. 2015. Defining the Undefinedness of C. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’15). Association for Computing Machinery, New York, NY, USA. 336–345. isbn:9781450334686 https://doi.org/10.1145/2737924.2737979

Digital Library

[22]

Everett Hildenbrandt, Manasvi Saxena, Nishant Rodrigues, Xiaoran Zhu, Philip Daian, Dwight Guth, Brandon Moore, Daejun Park, Yi Zhang, Andrei Stefanescu, and Grigore Rosu. 2018. KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF). IEEE, 204–217. https://doi.org/10.1109/CSF.2018.00022

[23]

Yanhong Huang, Xiangxing Bu, Gang Zhu, Xin Ye, Xiaoran Zhu, and Jianqi Shi. 2019. KST: Executable formal semantics of IEC 61131-3 structured text for verification. IEEE Access, 7 (2019), 14593–14602.

[24]

Daniel Kroening and Michael Tautschnig. 2014. CBMC–C bounded model checker. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, Erika Ábrahám and Klaus Havelund (Eds.). Springer Berlin Heidelberg, 389–391. isbn:978-3-642-54862-8 https://doi.org/10.1007/978-3-642-54862-8_26

[25]

S. Lampérière-Couffin and J.-J. Lesage. 2000. Formal Verification of the Sequential Part of PLC Programs. Springer US, Boston, MA. 247–254. isbn:978-1-4615-4493-7 https://doi.org/10.1007/978-1-4615-4493-7_25

[26]

Jaehun Lee, Kyungmin Bae, Peter Csaba Ölveczky, Sharon Kim, and Minseok Kang. 2022. Modeling and formal analysis of virtually synchronous cyber-physical systems in AADL. International Journal on Software Tools for Technology Transfer, 1–38. https://doi.org/10.1007/s10009-022-00665-z

Digital Library

[27]

Jaeseo Lee, Sangki Kim, and Kyungmin Bae. 2022. Supplementary material. https://github.com/postechsv/plc-release

[28]

Jaehun Lee, Sharon Kim, Kyungmin Bae, and Peter Csaba Ölveczky. 2021. HybridSynchAADL: Modeling and Formal Analysis of Virtually Synchronous CPSs in AADL. In International Conference on Computer Aided Verification. Springer-Verlag, Berlin, Heidelberg. 491–504. isbn:978-3-030-81684-1 https://doi.org/10.1007/978-3-030-81685-8_23

Digital Library

[29]

Jingyue Li, Altin Qeriqi, Martin Steffen, and Ingrid Chieh Yu. 2016. Automatic translation from FBD-PLC-programs to NuSMV for model checking safety-critical control systems. In Norsk IKT-konferanse for forskning og utdanning.

[30]

Andrei Lobov, Jose L Martinez Lastra, Reijo Tuokko, and Valeriy Vyatkin. 2004. Modelling and verification of PLC-based systems programmed with ladder diagrams. IFAC Proceedings Volumes, 37, 4 (2004), 183–188.

[31]

Zohar Manna and Amir Pnueli. 1995. Temporal Verification of Reactive Systems: Safety. Springer-Verlag, Berlin, Heidelberg. isbn:0387944591

Digital Library

[32]

José Meseguer. 1992. Conditional Rewriting Logic as a Unified Model of Concurrency. Theoretical Computer Science, 96, 1 (1992), 73–155.

Digital Library

[33]

José Meseguer. 2020. Generalized rewrite theories, coherence completion, and symbolic methods. Journal of Logical and Algebraic Methods in Programming, 110 (2020), 100483.

[34]

Vivek Nigam and Carolyn Talcott. 2022. Automating safety proofs about cyber-physical systems using rewriting modulo SMT. In International Workshop on Rewriting Logic and its Applications. 212–229.

Digital Library

[35]

Daejun Park, Andrei Stefănescu, and Grigore Roşu. 2015. KJS: A Complete Formal Semantics of JavaScript. In Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’15). Association for Computing Machinery, New York, NY, USA. 346–356. isbn:9781450334686 https://doi.org/10.1145/2737924.2737991

Digital Library

[36]

Olivera Pavlovic and Hans-Dieter Ehrich. 2010. Model checking PLC software written in function block diagram. In 2010 Third International Conference on Software Testing, Verification and Validation. 439–448.

Digital Library

[37]

Mathias Rausch and Bruce H Krogh. 1998. Formal verification of PLC programs. In Proceedings of the 1998 American Control Conference. ACC (IEEE Cat. No.98CH36207). 1, IEEE, 234–238. https://doi.org/10.1109/ACC.1998.694666

[38]

Camilo Rocha, José Meseguer, and César Muñoz. 2017. Rewriting modulo SMT and Open System Analysis. Journal of Logical and Algebraic Methods in Programming, 86, 1 (2017), 269–297.

[39]

Grigore Rosu and Traian Florin Serbănută. 2010. An overview of the K semantic framework. The Journal of Logic and Algebraic Programming, 79, 6 (2010), 397–434.

[40]

Grigore Roşu and Traian Florin Şerbănuţă. 2014. K overview and simple case study. Electronic Notes in Theoretical Computer Science, 304 (2014), 3–56.

[41]

Straton. 2022. Straton PLC. https://straton-plc.com/en

[42]

Kun Wang, Jingyi Wang, Christopher M Poskitt, Xiangxiang Chen, Jun Sun, and Peng Cheng. 2022. K-ST: A Formal Executable Semantics of PLC Structured Text Language. arXiv preprint arXiv:2202.04076.

[43]

Geunyeol Yu and Kyungmin Bae. 2020. Maude-SE: a Tight Integration of Maude and SMT Solvers. Proc. International Workshop on Rewriting Logic and its Applications.

[44]

Peter Ölveczky and Jose Meseguer. 2010. Specification and Verification of Distributed Embedded Systems: A Traffic Intersection Product Family. Electronic Proceedings in Theoretical Computer Science, 36 (2010), 09, https://doi.org/10.4204/EPTCS.36.8

Cited By

Hu XLiang YZhu SLi HZhu S(2024)ST-Petri: A Visual Executable Semantic Model for PLC Structured Text Language2024 IEEE 22nd International Conference on Industrial Informatics (INDIN)10.1109/INDIN58382.2024.10774532(1-6)Online publication date: 18-Aug-2024
https://doi.org/10.1109/INDIN58382.2024.10774532
Lee JBae K(2024)Formal Semantics and Analysis of Multitask PLC ST Programs with PreemptionFormal Methods10.1007/978-3-031-71162-6_22(425-442)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71162-6_22
Yu GBae K(2024)A Flexible Framework for Integrating Maude and SMT Solvers Using PythonRewriting Logic and Its Applications10.1007/978-3-031-65941-6_10(179-192)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-65941-6_10
Show More Cited By

Index Terms

Bounded Model Checking of PLC ST Programs using Rewriting Modulo SMT
1. Software and its engineering
  1. Software notations and tools
    1. Context specific languages
      1. Command and control languages
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Model checking
2. Theory of computation
  1. Logic
    1. Equational logic and rewriting

Recommendations

Symbolic state space reduction with guarded terms for rewriting modulo SMT
Highlights
- Guarded terms provide an approach to deal with the symbolic state-explosion problem for rewriting modulo SMT.
Abstract
Rewriting modulo SMT is a novel symbolic technique to model and analyze infinite-state systems that interact with a non-deterministic environment, by seamlessly combining rewriting modulo equational theories, SMT solving, and model ...
Formal Semantics and Analysis of Multitask PLC ST Programs with Preemption
Formal Methods
Abstract
Programmable logic controllers (PLCs) are widely used in industrial applications. Ensuring the correctness of PLC programs is important due to their safety-critical nature. Structured text (ST) is an imperative programming language for PLC. ...
Incremental Rewriting Modulo SMT
Automated Deduction – CADE 29
Abstract
Rewriting Modulo SMT combines two powerful automated deduction techniques (1) rewriting and (2) SMT-solving. Rewriting enables the specification of behavior of systems using rewriting rules, while SMT theories specify system properties. Rewriting ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FTSCS 2022: Proceedings of the 8th ACM SIGPLAN International Workshop on Formal Techniques for Safety-Critical Systems

November 2022

94 pages

ISBN:9781450399074

DOI:10.1145/3563822

General Chairs:
Cyrille Artho
KTH, Sweden
,
Peter Csaba Ölveczky
University of Oslo, Norway

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Research Foundation of Korea
Institute of Information & communications Technology Planning & Evaluation

Conference

FTSCS '22

Sponsor:

SIGPLAN

FTSCS '22: 8th ACM SIGPLAN International Workshop on Formal Techniques for Safety-Critical Systems

December 7, 2022

Auckland, New Zealand

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
167
Total Downloads

Downloads (Last 12 months)45
Downloads (Last 6 weeks)5

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hu XLiang YZhu SLi HZhu S(2024)ST-Petri: A Visual Executable Semantic Model for PLC Structured Text Language2024 IEEE 22nd International Conference on Industrial Informatics (INDIN)10.1109/INDIN58382.2024.10774532(1-6)Online publication date: 18-Aug-2024
https://doi.org/10.1109/INDIN58382.2024.10774532
Lee JBae K(2024)Formal Semantics and Analysis of Multitask PLC ST Programs with PreemptionFormal Methods10.1007/978-3-031-71162-6_22(425-442)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71162-6_22
Yu GBae K(2024)A Flexible Framework for Integrating Maude and SMT Solvers Using PythonRewriting Logic and Its Applications10.1007/978-3-031-65941-6_10(179-192)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-65941-6_10
Arias JBae KOlarte CÖlveczky PPetrucci LRømming F(2023)Symbolic Analysis and Parameter Synthesis for Time Petri Nets Using Maude and SMT SolvingApplication and Theory of Petri Nets and Concurrency10.1007/978-3-031-33620-1_20(369-392)Online publication date: 28-May-2023
https://doi.org/10.1007/978-3-031-33620-1_20

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten