664 research outputs found
Regression Verification for Programmable Logic Controller Software
Automated production systems are usually driven by Programmable Logic Controllers (PLCs). These systems are long-living - yet have to adapt to changing requirements over time. This paper presents a novel method for regression verification of PLC code, which allows one to prove that a new revision of the plant\u27s software does not break existing intended behavior.
Our main contribution is the design, implementation, and evaluation of a regression verification method for PLC code. We also clarify and define the notion of program equivalence for reactive PLC code. Core elements of our method are a translation of PLC code into the SMV input language for model checkers, the adaptation of the coupling invariants concept to reactive systems, and the implementation of a toolchain using a model checker supporting invariant generation.
We have successfully evaluated our approach using the Pick-and-Place Unit benchmark case study
Formal Specification and Verification for Automated Production Systems
Complex industrial control software often drives safety- and mission-critical
systems, like automated production plants or control units embedded into devices in automotive systems. Such controllers have in common that they are reactive systems, i.e., that they periodically read sensor stimuli and cyclically execute the same program to produce actuator signals.
The correctness of software for automated production is rarely verified using
formal techniques. Although, due to the Industrial Revolution 4.0 (IR4.0), the
impact and importance of software have become an important role in industrial automation.
What is used instead in industrial practice today is testing and simulation,
where individual test cases are used to validate an automated production system.
Three reasons why formal methods are not popular are: (a) It is difficult to
adequately formulate the desired temporal properties. (b) There is a lack of
specification languages for reactive systems that are both sufficiently
expressive and comprehensible for practitioners. (c) Due to the lack of an
environment model the obtained results are imprecise. Nonetheless, formal
methods for automated production systems are well studied academically---mainly on the verification of safety properties via model checking.
In this doctoral thesis we present the concept of (1) generalized test tables
(GTTs), a new specification language for functional properties, and their
extension (2) relational test tables (RTTs) for relational properties. The
concept includes the syntactical notion, designed for the intuition of
engineers, and the semantics, which are based on game theory. We use RTTs for a novel confidential property on reactive systems, the provably forgetting of information. Moreover, for regression verification, an important relational
property, we are able to achieve performance improvements by (3) creating
a decomposing rule which splits large proofs into small sub-task. We implemented the verification procedures and evaluated them against realistic case studies, e.g., the Pick-and-Place-Unit from the Technical University of Munich.
The presented contribution follows the idea of lowering the obstacle of
verifying the dependability of reactive systems in general, and automated
production systems in particular for the engineer either by introducing a new
specification language (GTTs), by exploiting existing programs for the
specification (RTTs, regression verification), or by improving the verification
performance
Diagrammatic Representations in Domain-Specific Languages
One emerging approach to reducing the labour and costs of software development
favours the specialisation of techniques to particular application domains.
The rationale is that programs within a given domain often share enough common
features and assumptions to enable the incorporation of substantial support
mechanisms into domain-specific programming languages and associated tools.
Instead of being machine-oriented, algorithmic implementations, programs in
many domain-specific languages (DSLs) are rather user-level, problem-oriented
specifications of solutions. Taken further, this view suggests that the most appropriate
representation of programs in many domains is diagrammatic, in a way
which derives from existing design notations in the domain.
This thesis conducts an investigation, using mathematical techniques and supported
by case studies, of issues arising from the use of diagrammatic representations
in DSLs. Its structure is conceptually divided into two parts: the first is
concerned with semantic and reasoning issues; the second introduces an approach
to describing the syntax and layout of diagrams, in a way which addresses some
pragmatic aspects of their use.
The empirical context of our work is that of IEC 1131-3, an industry standard
programming language for embedded control systems. The diagrammatic syntax
of IEC 1131-3 consists of circuit (i.e. box-and-wire) diagrams, emphasising a data-
flow view, and variants of Petri net diagrams, suited to a control-flow view.
The first contribution of the thesis is the formalisation of the diagrammatic
syntax and the semantics of IEC 1131-3 languages, as a prerequisite to the application
of algebraic techniques. More generally, we outline an approach to the
design of diagrammatic DSLs, emphasising compositionality in the semantics of
the language so as to allow the development of simple proof systems for inferring
properties which are deemed essential in the domain. The control-flow subset
of IEC 1131-3 is carefully evaluated, and is subsequently re-designed, to yield a
straightforward proof system for a restricted, yet commonly occurring, class of
safety properties.
A substantial part of the thesis deals with DSLs in which programs may be
represented both textually and diagrammatically, as indeed is the case with IEC
1131-3. We develop a formalisation of the data-flow diagrams in IEC 1131-
Table-based formal specification approaches for control engineers—empirical studies of usability
The dependability characteristic of the control software of manufacturing systems is highlighted more than before, going through repeated changes to cope with various and varying requirements. Formal methods are researched to be applied to automation system engineering to obtain a more effective and efficient quality assurance. One of the approaches, a formal specification language named Generalised Test Tables has been developed with the aim of intuitiveness and accessibility for automation application developers. The result of the experiments conducted to assess the usability of this language is presented here. Focussing on evaluating effectiveness and user satisfaction, three paper-based experiments have been conducted with students at the bachelor and master level. The evaluation results point to positive usability in both comparative effectiveness to conventional language, that is, Petri Nets, and subjective perception of user satisfaction
Recommended from our members
High integrity hardware-software codesign
Programmable logic devices (PLDs) are increasing in complexity and speed, and are being used as important components in safety-critical systems. Methods for developing high-integrity software for these systems are well-known, but this is not true for programmable logic. We propose a process for developing a system incorporating software and PLDs, suitable for safety critical systems of the highest levels of integrity. This process incorporates the use of Synchronous Receptive Process Theory as a semantic basis for specifying and proving properties of programs executing on PLDs, and extends the use of SPARK Ada from a programming language for safety-critical systems software to cover the interface between software and programmable logic. We have validated this approach through the specification and development of a substantial safety-critical system incorporating both software and programmable logic components, and the development of tools to support this work. This enables us to claim that the methods demonstrated are not only feasible but also scale up to realistic system sizes, allowing development of such safety-critical software-hardware systems to the levels required by current system safety standards
- …