Advertisement

Regression Verification for Programmable Logic Controller Software

  • Bernhard Beckert
  • Mattias Ulbrich
  • Birgit Vogel-Heuser
  • Alexander Weigl
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9407)

Abstract

Automated production systems are usually driven by Programmable Logic Controllers (PLCs). These systems are long-living – yet have to adapt to changing requirements over time. This paper presents a novel method for regression verification of PLC code, which allows one to prove that a new revision of the plant’s software does not break existing intended behavior.

Our main contribution is the design, implementation, and evaluation of a regression verification method for PLC code. We also clarify and define the notion of program equivalence for reactive PLC code. Core elements of our method are a translation of PLC code into the SMV input language for model checkers, the adaptation of the coupling invariants concept to reactive systems, and the implementation of a toolchain using a model checker supporting invariant generation.

We have successfully evaluated our approach using the Pick-and-Place Unit benchmark case study.

Keywords

Regression verification Symbolic model checking   Automated production systems Programmable logic controllers (PLC) 

Notes

Acknowledgement

The authors thank Alberto Griggio for his valuable input on the effective use of nuXmv and Vladimir Klebanov for his feedback on an earlier version of this paper.

This work was supported by the DFG (German Research Foundation) in Priority Programme SPP1593: Design For Future – Managed Software Evolution.

References

  1. 1.
    ARC Advisory Group: PLC & PLC-based PAC worldwide outlook: Five year market analysis and technology forecast through 2016 (2011)Google Scholar
  2. 2.
    Barthe, G., Crespo, J.M., Kunz, C.: Relational verification using product programs. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 200–214. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  3. 3.
    Bauer, N., Engell, S., Huuck, R., Lohmann, S., Lukoschus, B., Remelhe, M., Stursberg, O.: Verification of PLC programs given as sequential function charts. In: Ehrig, H., Damm, W., Desel, J., Große-Rhode, M., Reif, W., Schnieder, E., Westkämper, E. (eds.) INT 2004. LNCS, vol. 3147, pp. 517–540. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  4. 4.
    Bauer, N., Huuck, R., Lukoschus, B., Engell, S.: A unifying semantics for sequential function charts. In: Ehrig, H., Damm, W., Desel, J., Große-Rhode, M., Reif, W., Schnieder, E., Westkämper, E. (eds.) INT 2004. LNCS, vol. 3147, pp. 400–418. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  5. 5.
    Behrmann, G., Larsen, K., Moller, O., David, A., Pettersson, P., Yi, W.: UPPAAL: present and future. In: CDC. IEEE (2001)Google Scholar
  6. 6.
    Bornot, S., Huuck, R., Lukoschus, B.: Verification of sequential function charts using SMV. In: Arabnia, H.R. (ed.) PDPTA. CSREA Press (2000)Google Scholar
  7. 7.
    Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  8. 8.
    Brinksma, E., Mader, A., Fehnker, A.: Verification and optimization of a PLC control schedule. STTT 4(1), 21–33 (2002)CrossRefGoogle Scholar
  9. 9.
    Cavada, R., et al.: The nuXmv symbolic model checker. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 334–342. Springer, Heidelberg (2014) Google Scholar
  10. 10.
    Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: An efficient method of computing static single assignment form. In: POPL. ACM (1989)Google Scholar
  11. 11.
    Felsing, D., Grebing, S., Klebanov, V., Rümmer, P., Ulbrich, M.: Automating regression verification. In: ASE. ACM (2014)Google Scholar
  12. 12.
    Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: generating compact verification conditions. In: POPL. ACM (2001)Google Scholar
  13. 13.
    Godlin, B., Strichman, O.: Inference rules for proving the equivalence of recursive procedures. Acta Informatica 45(6), 403–439 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Godlin, B., Strichman, O.: Regression verification. In: DAC. ACM (2009)Google Scholar
  15. 15.
    Godlin, B., Strichman, O.: Regression verification: proving the equivalence of similar programs. JSTVR 23(3), 241–258 (2013)Google Scholar
  16. 16.
    Hawblitzel, C., Kawaguchi, M., Lahiri, S.K., Rebêlo, H.: Towards modularly comparing programs using automated theorem provers. In: Bonacina, M.P. (ed.) CADE 2013. LNCS, vol. 7898, pp. 282–299. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  17. 17.
    Holzmann, G.J.: The model checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)CrossRefGoogle Scholar
  18. 18.
    Huang, S.-Y., Cheng, K.-T.: Formal Equivalence Checking and Design DeBugging. Kluwer Academic Publishers, Norwell (1998) CrossRefzbMATHGoogle Scholar
  19. 19.
    International Electrotechnical Commission. IEC 61131–3: Programmable Logic Controllers - Part 3: Programming Languages (2009)Google Scholar
  20. 20.
    Kuehlmann, A., van Eijk, C.: Combinational and sequential equivalence checking. In: Hassoun, S., Sasao, T. (eds.) Logic Synthesis and Verification, pp. 343–372. Springer, New York (2002)CrossRefGoogle Scholar
  21. 21.
    Lampérière-Couffin, S., Rossi, O., Roussel, J.-M., Lesage, J.-J.: Formal validation of PLC programs: a survey. In: ECC (1999)Google Scholar
  22. 22.
    Legat, C., Folmer, J., Vogel-Heuser, B.: Evolution in industrial plant automation: a case study. In: Industrial Electronics Society, IECON. IEEE (2013)Google Scholar
  23. 23.
    Lu, F., Cheng, K.-T.: A sequential equivalence checking framework based on k-th invariants. VLSI 17(6), 733–746 (2009)Google Scholar
  24. 24.
    McMillan, K.L.: Interpolation and SAT-based model checking. In: Hunt Jr, W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 1–13. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  25. 25.
    McMillan, K.L.: Symbolic Model Checking. Kluwer, Norwell (1993)CrossRefzbMATHGoogle Scholar
  26. 26.
    Pnueli, A.: The temporal logic of programs. In: FOCS (1977)Google Scholar
  27. 27.
    Schuppan, V., Biere, A.: Efficient reduction of finite state model checking to reachability analysis. STTT 5(2–3), 185–204 (2004)CrossRefGoogle Scholar
  28. 28.
    Smet, O.D., Couffin, S., Rossi, O., Canet, G., Lesage, J.-J., Schnoebelen, P., Papini, H.: Safe programming of PLC using formal verification methods. In: Int. PLCopen Conference on Industrial Control Programming (2000)Google Scholar
  29. 29.
    Strichman, O.: Regression verification: proving the equivalence of similar programs. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, p. 63. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  30. 30.
    Süflow, A., Drechsler, R.: Verification of PLC programs using formal proof techniques. In: FORMS/FORMAT (2008)Google Scholar
  31. 31.
    Verdoolaege, S., Janssens, G., Bruynooghe, M.: Equivalence checking of static affine programs using widening to handle recurrences. TOPLAS 34(3) (2012). Article No. 11Google Scholar
  32. 32.
    Verdoolaege, S., Palkovic, M., Bruynooghe, M., Janssens, G., Catthoor, F.: Experience with widening based equivalence checking in realistic multimedia systems. J. Electron. Test. 26(2), 279–292 (2010)CrossRefGoogle Scholar
  33. 33.
    Vogel-Heuser, B.: Usability experiments to evaluate UML/SysML-based model driven software engineering notations for logic control in manufacturing automation. JSEA 7(11), 943–973 (2014)CrossRefGoogle Scholar
  34. 34.
    Vogel-Heuser, B., Diedrich, C., Fay, A., Jeschke, S., Kowalewski, S., Wollschlaeger, M., Göhner, P.: Challenges for software engineering in automation. JSEA 7(5), 440–451 (2014)CrossRefGoogle Scholar
  35. 35.
    Vogel-Heuser, B., Legat, C., Folmer, J., Feldmann, S.: Researching evolution in industrial plant automation: scenarios and documentation of the pick and place unit. Technical report TUM-AIS-TR-01-14-02, TUM (2014)Google Scholar
  36. 36.
    Vogel-Heuser, B., Legat, C., Folmer, J., Rösch, S.: Challenges of parallel evolution in production automation focusing on requirements specification and fault handling. Automatisierungstechnik 62(11), 758–770 (2014)Google Scholar
  37. 37.
    Wardana, A., Folmer, J., Vogel-Heuser, B.: Automatic program verification of continuous function chart based on model checking. In: IECON (2009)Google Scholar
  38. 38.
    Weigl, A.: Regression verification of programmable logic controller software. Master’s thesis, Karlsruhe Institut of Technology, January 2015Google Scholar
  39. 39.
    Welsch, Y., Poetzsch-Heffter, A.: Verifying backwards compatibility of object-oriented libraries using Boogie. In: FTfJP. ACM (2012)Google Scholar
  40. 40.
    Younis, M.B., Frey, G.: Formalization of existing PLC programs: a survey. In: CESA (2003)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Bernhard Beckert
    • 1
  • Mattias Ulbrich
    • 1
  • Birgit Vogel-Heuser
    • 2
  • Alexander Weigl
    • 1
  1. 1.Karlsruhe Institute of TechnologyKarlsruheGermany
  2. 2.Technische Universität MünchenMunichGermany

Personalised recommendations