Automatic translation from FBD-PLC-programs to NuSMV for model checking safety-critical control systems

Programmable logic controllers (PLCs) are digital control systems, commonly used in industrial automation and safety-critical applications. Control systems used in safety-critical areas must undergo an extensive and thorough certification and verification process. In safety-critical applications, the PLC programming standard IEC 61131-3 is widely accepted in industry. PLC programmers who develop control systems for safety-critical systems are often required to verify the logic of PLCs by using formal methods such as model checking. Translating manually from a PLC program to the input language of a model checker takes times and is often error-prone. We develop a compiler to automatically translate PLC programs in the function block diagram (FBD) language, one of five industry standard PLC programming notations, to the input language of the model checker NuSMV. We have evaluated correctness, robustness, and performance of the PLC-NuSMV compiler using a case study. Evaluation results show that the compiler can translate the PLC programs correctly. The compiler can also identify several input errors and can scale to relative large PLC programs

Automated Verification and Generation of Flexible Automation Control

Consumer product life-cycles are constantly shortening; the automotive industry is an illustrative example. As a consequence, the introduction of new products into the manufacturing system necessarily becomes more frequent. Inherently, this brings a performance reduction for the manufacturing system. The reduced performance is caused by a down-time and a ramp-up-time. During the down-time the mechanical equipment is rebuilt and the new control programs are debugged. During ramp-up there are a large number of errors mainly caused by mechanical devices not being properly adjusted, bugs in the control programs and operators not used to new procedures. Thus, in order to maintain the productivity level and to achieve full cost-efficiency both the down-time and the ramp-up time must be reduced. One way to reduce these lead times is to verify the control programs in offline mode. However, efficient and reliable offline verification requires some major improvements of the current development process of manufacturing systems. Information handling and development of control programs based on information reuse are the two most important improvement areas.The work presented here addresses four industrial problems related to this, lack of tools for offline verification of control programs, lack of information reuse in the development process of a manufacturing system, lack of operator support in error situations, and lack of tools for analyzing the control of complex manufacturing cells.We propose a development method where information from different tools in the development process of a manufacturing system is reused and processed by tools for verification and optimization. Then the control programs are generated by combining the processed information with a library of standardized software components. The proposed method solves the above-mentioned industrial problems without adding work to the development process. On the contrary, the amount of work will be reduced since the control program development will be automated and the time for debugging the control programs on the shop floor will be drastically reduced, due to the new mathematically based verification process

Simple Open-Source Formal Verification of Industrial Programs

Industrial programs written on Programmable Logic Controllers (PLCs) have become an essential component of many modern industries, including automotive, aerospace, manufacturing, infrastructure, and even amusement parks. As these safety-critical systems become larger and more complex, ensuring their continuous error-free operation has become a significant and important challenge. Formal methods are a potential solution to this issue but have traditionally required substantial time and expertise to deploy. This usability issue is compounded by the fact that PLCs are highly proprietary and have substantial licensing costs, making it difficult to learn about or deploy formal methods on them. This thesis presents the OPPP (Open-source Proving of PLC Programs) system as a solution to this usability issue. The OPPP system allows the end-to-end creation and verification of PLC programs from within the development environment. The system is created with an emphasis on being easy to use, with formal constraints presented in English phrases that require no special knowledge to understand. The system uses entirely open-source components, including modified versions of both the OpenPLC development environment and the PLCverif verification platform. The OPPP system is then demonstrated to formalize the requirements of two college-level introductory PLC programming problems. It is further demonstrated to correctly find errors in and verify the correctness of a known good and known bad solution to each problem

Laiteohjaimien Structured Text -kielisten ohjelmien luonti käyttäen simulointityökaluja

Model-based design is a relatively new technique of developing software for embedded systems. It aims to reduce the cost of the software development process by generating the code from a simulation model. The code is generated automatically using a tool that is developed for this purpose. This way the errors in the system can be found and eliminated early in the development process compared to traditional software development project for embedded systems. As mentioned, the tools are at the time of this study still relatively new, and especially when considering code that has to comply with functional safety standards, the code has to fulfill certain requirements and it has to be clear enough so that it can be traced back to each function of the model. This study aims to determine how well these methods can be used with software development for embedded systems in mind. More precisely, this thesis focuses on MathWorks’ Simulink as the modelling software, and CODESYS as the coding language of the programmable logic controller and ultimately the compatibility of these with each other. The workflow of a model-based design software generation process is determined and presented as the result of this study. That process includes building, testing and verifying the model, preparing it for code generation, configuring and using the code generation tool and finally verifying the generated code. An example model of a battery cell balancing system for the code generation process is built, and thus that area is also studied. In the end of this study, some different possible uses of this technique are briefly discussed as well as further possible areas of study regarding this topic.Mallipohjainen ohjelmistosuunnittelu on melko uusi tekniikka sulautettujen järjestelmien ohjelmistosuunnittelussa. Sillä tähdätään pienempiin kehityskustannuksiin luomalla järjestelmien koodi suoraan simulointiin tehdystä systeemin mallista. Koodi luodaan hyödyntäen automatisoituja työkaluja, jotka ovat kehitetty tähän tarkoitukseen. Näin toimien mahdolliset kehitysvaiheessa tulevat virheet voidaan huomata ja poistaa paljolti jo hyvin aikaisessa vaiheessa kehitystyötä verrattuna perinteiseen sulautettujen järjestelmien ohjelmistokehitykseen. Kuten mainittu, tähän tarvittavat työkalut ovat tämän työn kirjoittamisen aikaan vielä melko uusia, ja erityisesti turvallisuuskriittistä koodia ajatellen koodin on täytettävä tietyt vaatimukset ja sen on oltava riittävän selkeää, jotta tietyt osat koodista voidaan jäljittää vastaaviin osiin mallista. Tämän työn tarkoituksena on selvittää, onko nämä menetelmät käyttökelpoisia sulautettujen järjestelmien ohjelmistokehitystä varten. Erityisesti tämä työ keskittyy MathWorks:n simulointiohjelmistoon Simulink, sekä ohjelmoitavan logiikan yhteydessä käytettyyn ohjelmointikieleen CODESYS sekä näiden yhteensopivuutta tätä prosessia ajatellen. Mallipohjaisen ohjelmistosuunnitteluprosessin suositeltu työnkulku mainittuja työkaluja hyödyntäen määritellään ja esitetään työn tuloksena. Tähän prosessiin kuuluu mallin rakentaminen, sen testaaminen ja toiminnallisuuden todentaminen, sen valmistelu koodin luontia varten, koodin luontiohjelmiston määritys ja käyttö sekä lopulta luodun koodin testaaminen ja toiminnallisuuden todentaminen. Esimerkkinä rakennetaan malli, joka tasapainottaa akkukennojen jännitteitä, jonka vuoksi myös tätä aihetta tutkitaan hieman. Työn lopussa käsitellään lyhyesti mahdollisia erilaisia tätä tekniikkaa hyödyntäviä sovelluksia sekä pohditaan millä tavoin tätä aihetta voisi tutkia edelleen

Detecting Safety and Security Faults in PLC Systems with Data Provenance

Programmable Logic Controllers are an integral component for managing many different industrial processes (e.g., smart building management, power generation, water and wastewater management, and traffic control systems), and manufacturing and control industries (e.g., oil and natural gas, chemical, pharmaceutical, pulp and paper, food and beverage, automotive, and aerospace). Despite being used widely in many critical infrastructures, PLCs use protocols which make these control systems vulnerable to many common attacks, including man-in-the-middle attacks, denial of service attacks, and memory corruption attacks (e.g., array, stack, and heap overflows, integer overflows, and pointer corruption). In this paper, we propose PLC-PROV, a system for tracking the inputs and outputs of the control system to detect violations in the safety and security policies of the system. We consider a smart building as an example of a PLC-based system and show how PLC-PROV can be applied to ensure that the inputs and outputs are consistent with the intended safety and security policies