2016 International Conference on Control and Automation
A Verification Approach for Programmable Logic Controllers
Xiang-yu LUO
1,*
, Yong LI
1
, Wan-xiao DU
1
, Fan YANG
2
and Zhi-gang YANG
1
1
College of Computer Science & Technology, Huaqiao University, Xiamen 361021, China
2
College of Mechanical Engineering and Automation, Huaqiao University, Xiamen 361021, China
*Corresponding author, email: luoxy@hqu.edu.cn
Keywords: programmable logic controller, system modeling, software verification.
Abstract. This paper presents an iterative approach to the verification of programmable logic
controllers. We explore the modeling method for timing, environment and controller logics in a
system, in which predicate abstraction and counterexample-guided refinement strategies are
employed. We use a representative example to illustrate the proposed approach and verify it by the
model checker CBMC. The experiment results show the validity of the approach.
Introduction
Programmable Logic Controller systems (PLCs) are widely used in industry [1]. Typical applications
range from household appliances chemical process control to railway automation systems and
emergency shutdown systems in nuclear power plants. As PLCs are increasingly utilized in
safety-critical systems, the correctness of PLC systems is critical. Traditional verification techniques
use simulation to validate the design. Unfortunately, generating test vectors is labor. The use of
formal methods is an alternative approach to validate system designs.
Application of formal methods for PLC software has been proposed [2-3]. In the previous work,
formal models are extracted from the PLC programs for verification. Model checking works on a
model of system with a logical specification of a desired behavior of the system model. It checks
whether the model adheres to the specification by effectively searching the entire state space of the
model. With the increased scale and complexity of systems, state space explosion problem imposes a
major vexing problem in automated program verification [4-6]. Predicate abstraction constitutes a
promising strategy of reducing state space [4]. Based on predicate abstraction, the
counter-example-guided abstraction refinement (CEGAR) framework [5-7] plays a key role in
application of model checking. It is successfully applied to a few software verification projects to
verify device drivers, C programs and Java software [5-7].
This paper presents an iterative approach to verifying programmable logic controllers. System
modeling for timing constraints, environment and controller logics is explored. Predicate abstraction
and counterexample-guided refinement strategies are employed. A representative example is used to
illustrate our modeling and verification process. The proposed strategy is validated by the analysis
and the experiment.
The rest of the paper is structured as follows. We first introduce the architecture of PLC systems,
explore the modeling method for PLC systems, then present the verification method and a case study
to illustrate the verification process. Finally we conclude the paper.
The PLC Architecture
Typical PLC systems are composed of PLC controllers, I/O interface and controlled devices. A PLC
controller is a digital microcomputer. It is the kernel of PLCs which implements the user’s program. It
includes a global system clock which is used as the standard timer or the time-interrupting
subprogram. The I/O interface includes input/output circuit, sensors, or Analog/Digit translators, etc.
It collects input signals and converts them between analog and digital components. The controlled
devices are implemented in physical environments. Its outputs are usually temperature, pressure,