Formal Verification of Safety PLC Based Control Software

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9681)


Programmable Logic Controllers (PLCs) are widely used in the industry for various industrial automation tasks. Besides non-safety applications, the usage of PLCs became accepted in safety-critical installations, where the cost of failure is high. In these cases the used hardware is special (so-called fail-safe or safety PLCs), but also the software needs special considerations. Formal verification is a method that can help to develop high-quality software for critical tasks. However, such method should be adapted to the special needs of the safety PLCs, that are often particular compared to the normal PLC development domain. In this paper we propose two complementary solutions for the formal verification of safety-critical PLC programs based on model checking and equivalence checking using formal specification. Furthermore, a case study is presented, demonstrating our approach.


PLC Model checking Formal specification Safety-critical systems 



The authors would like to thank the people involved in the presented re-engineering project for their support and cooperation. Special thanks to Roberto Speroni for the cooperation and the continuous feedback.


  1. 1.
    Beckert, B., Ulbrich, M., Vogel-Heuser, B., Weigl, A.: Regression verification for programmable logic controller software. In: Butler, M., Conchon, M., Zaïdi, F. (eds.) ICFEM 2015. LNCS, vol. 9407, pp. 234–251. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  2. 2.
    Biallas, S., Brauer, J., Kowalewski, S.: Arcade.PLC: a verification platform for programmable logic controllers. In: Proceedings of 27th IEEE/ACM International Conference on Automated Software Engineering, pp. 338–341. ACM (2012)Google Scholar
  3. 3.
    Canet, G., Couffin, S., Lesage, J.J., Petit, A., Schnoebelen, P.: Towards the automatic verification of PLC programs written in instruction list. In: Proceedings of IEEE International Conference on Systems, Man, and Cybernetics, vol. 4, pp. 2449–2454. IEEE (2000)Google Scholar
  4. 4.
    Darvas, D., Blanco Viñuela, E., Majzik, I.: A formal specification method for PLC-based applications. In: Proceedings of 15th International Conference on Accelerator & Large Experimental Physics Control Systems, pp. 907–910. JaCoW, Geneva (2015, in press)Google Scholar
  5. 5.
    Darvas, D., Fernández Adiego, B., Blanco Viñuela, E.: PLCverif: a tool to verify PLC programs based on model checking techniques. In: Proceedings of 15th International Conference on Accelerator & Large Experimental Physics Control Systems, pp. 911–914. JaCoW, Geneva (2015, in press)Google Scholar
  6. 6.
    Darvas, D., Fernández Adiego, B., Vörös, A., Bartha, T., Blanco Viñuela, E., González Suárez, V.M.: Formal verification of complex properties on PLC programs. In: Ábrahám, E., Palamidessi, C. (eds.) FORTE 2014. LNCS, vol. 8461, pp. 284–299. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  7. 7.
    Fernández Adiego, B., Darvas, D., Blanco Viñuela, E., Tournier, J.C., Bliudze, S., Blech, J.O., González Suárez, V.M.: Applying model checking to industrial-sized PLC programs. IEEE. Trans. Ind. Informat. 11(6), 1400–1410 (2015)CrossRefGoogle Scholar
  8. 8.
    Gourcuff, V., de Smet, O., Faure, J.M.: Improving large-sized PLC programs verification using abstractions. In: Proceedings of the 17th IFAC World Congress, pp. 5101–5106. IFAC (2008)Google Scholar
  9. 9.
    Greenway, A.: A user’s perspective of programmable logic controllers (PLCs) in safety-related applications. In: Redmill, F., Anderson, T. (eds.) Technology and Assessment of Safety-Critical Systems, pp. 1–20. Springer, London (1994)Google Scholar
  10. 10.
    Jee, E., et al.: FBDVerifier: interactive and visual analysis of counterexample in formal verification of function block diagram. J. Res. Pract. Inf. Technol. 42(3), 171–188 (2010)Google Scholar
  11. 11.
    Lange, T., Neuhäußer, M.R., Noll, T.: Speeding up the safety verification of programmable logic controller code. In: Bertacco, V., Legay, A. (eds.) HVC 2013. LNCS, vol. 8244, pp. 44–60. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Nellen, J., Ábrahám, E., Wolters, B.: A CEGAR tool for the reachability analysis of PLC-controlled plants using hybrid automata. In: Bouabana-Tebibel, T., Rubin, S.H. (eds.) Formalisms for Reuse and Systems Integration. AISC, vol. 346, pp. 55–78. Springer, Heidelberg (2015)Google Scholar
  13. 13.
    Ovatman, T., Aral, A., Polat, D., Ünver, A.O.: An overview of model checking practices on verification of PLC software. Software & Systems Modeling, 1–24 (2014). doi: 10.1007/s10270-014-0448-7. Advance online publicationGoogle Scholar
  14. 14.
    Pavlović, O., Ehrich, H.D.: Model checking PLC software written in function block diagram. In: Proceedings of International Conference on Software Testing, Verification and Validation, pp. 439–448. IEEE (2010)Google Scholar
  15. 15.
    Sarmento, C.A., Silva, J.R., Miyagi, P.E., Santos Filho, D.J.: Modeling of programs and its verification for programmable logic controllers. In: Proceedings of the 17th IFAC World Congress, pp. 10546–10551. IFAC (2008)Google Scholar
  16. 16.
    Siemens: Statement List (STL) for S7–300/S7-400, C79000–G7076-C565-01 (1998)Google Scholar
  17. 17.
    Siemens: SIMATIC Industrial Software SIMATIC safety – Configuring and Programming, A5E02714440-AD (2014)Google Scholar
  18. 18.
    Soliman, D., Frey, G.: Verification and validation of safety applications based on PLCopen safety function blocks. Control Eng. Pract. 19(9), 929–946 (2011)CrossRefGoogle Scholar
  19. 19.
    Sülflow, A., Drechsler, R.: Verification of PLC programs using formal proof techniques. In: Formal Methods for Automation and Safety in Railway and Automotive Systems, pp. 43–50. L’Harmattan, Budapest (2008)Google Scholar
  20. 20.
    Yoo, J., Cha, S., Jee, E.: A verification framework for FBD based software in nuclear power plants. In: Proceedings of the 15th Asia-Pacific Software Engineering Conference, pp. 385–392. IEEE (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.CERN – European Organization for Nuclear ResearchGenevaSwitzerland
  2. 2.Budapest University of Technology and EconomicsBudapestHungary

Personalised recommendations