Automatic Fault Localization for Programmable Logic Controllers

Conference paper

Abstract

Programmable Logic Controllers (PLCs) are widely applied to control safety critical systems. Efficient formal and nonformal methods to detect faulty behavior have been developed, but finding the cause of the buggy behavior is often still a manual process. Automatic fault localization for PLCs is studied in this paper. Methods for automated debugging are analyzed and compared with respect to accuracy and run time. The experimental results on industrial models show a high accuracy at low run time costs.

Keywords

Debugging Boolean SAT Program slicing Programmable Logic Controllers 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    M. Abramovici, P.R. Menon, and D.T. Miller. Critical path tracing - an alternative to fault simulation. In Design Automation Conf., pages 214–220, 1983.Google Scholar
  2. 2.
    H. Agrawal and J.R. Horgan. Dynamic program slicing. In PLDI ’90: Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation, pages 246–256, 1990.Google Scholar
  3. 3.
    G. Canet, S. Couffin, J.-J. Lesage, A. Petit, and P. Schnoebelen. Towards the automatic verificication of PLC programs written in instruction list. In IEEE conf. on Systems, Man and Cybernetics (SMC), pages 2449–2454, 2000.Google Scholar
  4. 4.
    K.-H. Chang, I.L. Markov, and V. Bertacco. Fixing design errors with counterexamples and resynthesis. IEEE Trans. on CAD, 27(1):184–188, 2008.Google Scholar
  5. 5.
    M. Davis, G. Logeman, and D. Loveland. A machine program for theorem proving. Comm. of the ACM, 5:394–397, 1962.MATHCrossRefGoogle Scholar
  6. 6.
    M. Fahim Ali, A. Veneris, S. Safarpour, R. Drechsler, A. Smith, and M.S.Abadir. Debugging sequential circuits using Boolean satisfiability. In Int’l Conf. on CAD, pages 204–209, 2004.Google Scholar
  7. 7.
    G. Fey, S. Staber, R. Bloem, and R. Drechsler. Automatic fault localization for property checking. IEEE Trans. on CAD, 27(6):1138–1149, 2008.Google Scholar
  8. 8.
    C. Genz and R. Drechsler. System exploration of SystemC designs. In IEEE Annual Symposium on VLSI, pages 335–340, Mar. 2006.Google Scholar
  9. 9.
    A. Griesmayer, S. Staber, and R. Bloem. Automated fault localization for C programs. Electronic Notes in Theoretical Computer Science, 174(4):95–111, 2007.CrossRefGoogle Scholar
  10. 10.
    Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman. Error explanation with distance metrics. Int. J. Softw. Tools Technol. Transf., 8(3):229–247, 2006.CrossRefGoogle Scholar
  11. 11.
    R. Huuck. Software Verification for Programmable Logic Controllers. PhD thesis, Faculty of engineering, University of Kiel, Germany, 2003.Google Scholar
  12. 12.
    J.P. Marques-Silva and K.A. Sakallah. GRASP: A search algorithm for propositional satisfiability. IEEE Trans. on Comp., 48(5):506–521, 1999.CrossRefMathSciNetGoogle Scholar
  13. 13.
    W. Mayer and M. Stumptner. Model-based debugging - state of the art and future challenges. Electronic Notes in Theoretical Computer Science, 174(4):61– 82, 2007.CrossRefGoogle Scholar
  14. 14.
    M.W. Moskewicz, C.F. Madigan, Y. Zhao, L. Zhang, and S. Malik. Chaff: Engineering an efficient SAT solver. In Design Automation Conf., pages 530– 535, 2001.Google Scholar
  15. 15.
    O. Pavlovic, R. Pinger, M. Kollmann, and H.-D. Ehrich. Principles of formal verification of interlocking software. In Symposium on Formal Methods for Automation and Safety in Railway and Automotive Systems (FORMS/FORMAT), pages 370–378, 2007.Google Scholar
  16. 16.
    Siemens. SIMATIC–Statement List (STL) S7-300 and S7-400 Programming, 2003.Google Scholar
  17. 17.
    A. Smith, A. Veneris, M. Fahim Ali, and A.Viglas. Fault diagnosis and logic debugging using boolean satisfiability. IEEE Trans. on CAD, 24(10):1606–1621, 2005.Google Scholar
  18. 18.
    A. Sülflow and R. Drechsler. Verification of PLC programs using formal proof techniques. In Symposium on Formal Methods for Automation and Safety in Railway and Automotive Systems (FORMS/FORMAT), pages 43–50, 2008.Google Scholar
  19. 19.
    A. Sülflow, U. Kühne, G. Fey, D. Große, and R. Drechsler. WoLFram - a word level framework for formal verification. In International Symposium on Rapid System Prototyping (RSP), pages 11–17, 2009.Google Scholar
  20. 20.
    Synopsys Inc. and CoWare Inc. and Frontier Design Inc. Open SystemC Inititative. http://www.systemc.org, 2008.
  21. 21.
    A. Veneris and I. N. Hajj. Design error diagnosis and correction via test vector simulation. IEEE Trans. on CAD, 18(12):1803–1816, 1999.Google Scholar
  22. 22.
    M. Weiser. Program slicing. IEEE Trans. Software Engineering, 10(4):352–357, 1984.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  1. 1.Institute of Computer ScienceUniversity of BremenBremenGermany

Personalised recommendations