VHS - Verification of Hybrid Systems - ESPRIT LTR Project No. 26270 - Kiel

Participants
	Yassine Lakhnech (now VERIMAG)
	Sébastien Bornot
	Ralf Huuck
	Ben Lukoschus

1st Year Work

Our contributions to Case Study 1 (experimental batch plant):

• Ben Lukoschus
  Composition and Verification of Condition/Event Systems
  This paper describes the composition of condition/event systems and their transformation into code readable by the SMV model checker, and forms the theoretical foundations for the second paper. (134 pages)
  [gzip-compressed DVI file: vhsreport1.dvi.gz]
  [gzip-compressed PostScript file: vhsreport1.ps.gz]

• Ben Lukoschus
  An Abstract Model of VHS Case Study 1 (Experimental Batch Plant)
  We build a discrete model of the plant and its control programs, and use the model checker SMV to verify some properties. (44 pages)
  [gzip-compressed DVI file: vhsreport2.dvi.gz]
  [gzip-compressed PostScript file: vhsreport2.ps.gz]

• Ralf Huuck
  Transformation of Timed Condition/Event Systems into Timed Automata: An Approach to Automatic Verification
  We compare timed automata with timed condition/event systems and provide an effective transformation from the latter to timed automata as well as vice versa for a subclass of timed automata. (88 pages)
  [gzip-compressed PostScript file: vhsreport3.ps.gz]

• Ralf Huuck
  Verifying Timing Aspects of VHS Case Study 1
  This paper deals with an exception handling for Case Study 1. We use timed automata for modeling as well as Kronos and HyTech for model-checking. (35 pages)
  [gzip-compressed PostScript file: vhsreport4.ps.gz]

2nd Year Work

Abstract

Programmable Logic Controllers (PLC) are micro-processor based solutions with input/output points for controlling tasks. They are used in virtually every industrial sector and in particular in power generation, petro-chemical plants and automobile production. In Europe alone the market share for PLC was about $1.52bn in 1995 and is expected to rise to $2.14bn by 2002. Although a variety of programming environments for PLCs exist, hardly any work has been done on the verification side and there are merely any tools for it available. Together with the fact that PLCs are also used for controlling hybrid systems in the project's industrial partners Nylstar, Sidmar and Krupp, this was a major concern for us to focus our efforts on this topic.

In order to come up with verification tools a solid understanding and a well-defined framework is essential. In 1993 the IEC 1131-3 standard was introduced for PLC programming languages. This standard served as a basis for our work. Moreover, in our point of view a verification tool has not only be compliant to the standard but must be able to handle large amounts of code in order to cope with industrial size programs and it must be usable by engineers who have no background in formal methods, too.

This motivated us to develop a framework and a tool for statically analyzing Programmable Logic Controllers. In particular we focused on the programming language Instruction List (IL). The tool is currently in progress and first encouraging results are expected in the near future. In parallel we worked on a method to automatically model-check the structuring programming language Sequential Function Charts (SFC). For the future we target to combine both tools to get the best of both worlds.

Progress

Briefly, we progressed in the following areas:

• examined IEC 1131-3 and discovered ambiguities,
• gave a formal, unambiguous semantics to SFCs (compliant to existing tools),
• presented a way to automatically model-check SFCs with SMV,
• developed a framework for static analysis of PLCs,
• are developing a tool for static analysis of PLCs.

Publications

Sébastien Bornot, Ralf Huuck, Yassine Lakhnech, Ben Lukoschus.
Utilizing Static Analysis for Programmable Logic Controllers.
Accepted at ADPM 2000 - The 4th International Conference Automation of Mixed Processes: Hybrid Dynamic Systems, September 18-19, 2000 - Dortmund, Germany.

Abstract. Programmable logic controllers (PLCs) occupy a big share in automation control. However, hardly any validation tools for their software are available. In this work we present a lightweight verification technique for PLC programs. In particular, static analysis is applied to programs written in Instruction List, a standardized language commonly used for PLC programming. We illustrate how these programs are annotated automatically by an abstract interpretation algorithm which is guaranteed to terminate and is applicable to large-scale programs. The resulting annotations allow static checking for possible run-time errors and provide information about the program structure, like existence of dead code or infinite loops, which in combination contributes to more reliable PLC systems.

[gzip-compressed PostScript file: ADPM2000.ps.gz]

Sébastien Bornot, Ralf Huuck, Yassine Lakhnech, Ben Lukoschus.
An Abstract Model For Sequential Function Charts.
Accepted at the WODES 2000 special session ``Formal Models of PLCs'', Gent, Belgium, August 21-23, 2000.

Abstract. Sequential function charts (SFCs) are systems where every step can contain other SFCs as well as state transformations. The standard by IEC 1131-3 explicitly defines some languages for this. In this paper we point out that the standard has many ambiguities, and that it is crucial to have a formal framework for the definition of SFCs. We define the syntax and semantics of them. The semantics we give is general enough to cope with different possible implementations of the standard.

[gzip-compressed PostScript file: WODES2000.ps.gz]

Sébastien Bornot, Ralf Huuck, Yassine Lakhnech, Ben Lukoschus.
Verification of Sequential Function Charts using SMV.
Accepted at the PDPTA 2000 special session on Formal Validation, Las Vegas, Nevada, USA, June 26-29, 2000.

Abstract. Sequential function charts (SFCs) are defined as a modeling language in the IEC 1131-3 standard and can be used to structure and drive programmable logic controllers (PLCs). It includes interesting concepts as hierarchy, history variables and priority. As the typical application area of this language is the control of industrial processes, it is obvious that safety and reliability is a crucial goal for systems using SFCs. In this work we give an abstract formal model for SFCs and present a method to automatically verify properties concerning the safety of such systems using the model checking tool SMV (Symbolic Model Verifier).

[gzip-compressed PostScript file: PDPTA2000.ps.gz]

Sébastien Bornot, Ralf Huuck, Ben Lukoschus.
Statische Analysetechniken für speicherprogrammierbare Steuerungen.
FBT 2000 - 10. GI/ITG-Fachgespräch ``Formale Beschreibungstechniken'' der Gesellschaft für Informatik (GI), Informationstechnische Gesellschaft im VDE (ITG), Fachgruppe ``Kommunikation und Verteilte Systeme'', Lübeck, Germany, June 22/23, 2000.

Zusammenfassung. Speicherprogrammierbare Steuerungen (SPS) unterliegen einer stark zunehmenden Verbreitung in der Automatisierungstechnik. Während diese in der Vergangenheit meist nur zur Steuerung einfacher Abläufe eingesetzt wurden, sind sie heutzutage verantwortlich für die Steuerung komplexer hybrider Systeme, sei es in der petrochemischen Industrie oder in Kraftwerken. Daher ist eine korrekt funktionierende Steuerungssoftware von grundsätzlicher Bedeutung. In diesem Vortrag wird die Methode der statischen Analyse für eine standardisierte SPS-Sprache, Anweisungsliste (AWL), vorgestellt. Statische Analyse umfaßt Techniken, die Laufzeitverhalten ermitteln bzw. nachweisen, ohne den Code selbst auszuführen. Insbesondere die Technik der abstrakten Interpretation spielt hier eine wichtige Rolle. Wir werden diese Techniken mit Bezug auf AWL vorstellen und aufzeigen, welche statischen Analyseziele für AWL erreichbar sind. Ferner gehen wir darauf ein, was statische Analyse im Vergleich zu anderen Verifikationstechniken leistet und wie diese in Kombination genutzt werden können.

[gzip-compressed PostScript file: FBT2000.ps.gz]

Talks

• An Abstract Model for Sequential Function Charts, Grenoble, November 1999.
• An Algorithmic Way to Recognize Well-formed SFCs, Amsterdam, February 2000.
• Verification of Sequential Function Charts Using SMV, Amsterdam, February 2000.
• Verification of PLCs, Kiel, May 2000.
• Verification of Sequential Function Charts Using SMV, Las Vegas (PDPTA 2000), June 2000.
• SFC Semantics, Episode III: Action Qualifiers, Nijmegen, November 2000.

• Main VHS Project Homepage
• PLCopen - Standardization in Industrial Control Programming
• A BIBT_EX file with references for all papers mentioned on this page: vhs-kiel.bib

Ralf Huuck  (rhu@informatik.uni-kiel.de)
Ben Lukoschus  (bls@informatik.uni-kiel.de)