Temporal Logic for Programmable Logic Controllers

We address the formal verification of the control software of critical systems, i.e., ensuring the absence of design errors in a system with respect to requirements. Control systems are usually based on industrial controllers, also known as Programmable Logic Controllers (PLCs). A specific feature of a PLC is a scan cycle: 1) the inputs are read, 2) the PLC states change, and 3) the outputs are written. Therefore, in order to formally verify PLC, e.g., by model checking, it is necessary to describe the transition system taking into account this specificity and reason both in terms of state transitions within a cycle and in terms of larger state transitions according to the scan-cyclic semantics. We propose a formal PLC model as a hyperprocess transition system and temporal cycle-LTL logic based on LTL logic for formulating PLC property. A feature of the cycle-LTL logic is the possibility of viewing the scan cycle in two ways: as the effect of the environment (in particular, the control object) on the control system and as the effect of the control system on the environment. For both cases we introduce modified LTL temporal operators. We also define special modified LTL temporal operators to specify inside properties of scan cycles. We describe the translation of formulas of cycle-LTL into formulas of LTL, and prove its correctness. This implies the possibility ofmodel checking requirements expressed in logic cycle-LTL, by using well-known model checking tools with LTL as specification logic, e.g., Spin. We give the illustrative examples of requirements expressed in the cycle-LTL logic.

1. I. Anureev, «Operacionnaya semantica annotirovannih Reflex programm», Modelirovanie i analiz informacionnyh sistem, vol. 26, no. 6, pp. 181-192, 2019.

2. I. Anureev, N. Garanina, T. Liakh, A. Rozov, and V. Zyubin, «Towards safe cyber-physical systems: the Reflex language and its transformational semantics», in IEEE International Siberian Conference on Control and Communications, IEEE, 2019, pp. 18-20.

3. E. Brinksma and A. Mader, «Verification and Optimization of a PLC Control Schedule», in SPIN 2000 - SPIN Model Checking and Software Verification, ser. LNCS, vol. 1885, Springer, 2000, pp. 73-92.

4. V. Gourcuff, O. de Smet, and J.-M. Faure, «Improving large-sized PLC programs verification using abstractions», IFAC Proceedings Volumes, vol. 41, no. 2, pp. 5101-5106, 2008.

5. A. Mader, «A Classification of PLC Models and Applications», in Discrete Event Systems, ser. SECS, vol. 569, Springer, 2000, pp. 239-246.

6. H. Wan, G. Chen, X. Song, and M. Gu, «Formalization and Verification of PLC Timers in Coq», in Proc. of 33rd Annual IEEE International Computer Software and Applications Conference, IEEE, 2009, pp. 315-323.

7. J. Yoo, S. Cha, and E. Jee, «A Verification Framework for FBD Based Software in Nuclear Power Plants», in Proc. of 15th Asia-Pacific Software Engineering Conference, IEEE, 2008, pp. 385-392.

8. D. Bulavskij, V. Zyubin, N. Karlson, V. Krivoruchko, and V. Mironov, «An Automated Control System for a Silicon Single-Crystal Growth Furnace», Optoelectronics, instrumentation, and data processing, vol. 32, no. 2, pp. 25-30, 1996.

9. P. G. Kovadlo, A. Lubkov, A. Bevzov, and et al., «Automation system for the large solar vacuum telescope», Optoelectronics, Instrumentation and Data processing, vol. 52, pp. 187-195, 2016.

10. A. Gupta, V. Kahlon, S. Qadeer, and T. Touili, Handbook of Model Checking. Springer International Publishing, 2018, ch. 18. Model Checking Concurrent Programs, pp. 573-577.

11. E. M. Clarke, T. A. Henzinger, and H. Veith, Handbook of Model Checking. Springer International Publishing, 2018, ch. 1. Introduction to Model Checking, pp. 1-13.

12. H. Dierks, «PLC-automata: A new class of implementable real-time automata», in International AMAST Workshop on Aspects of Real-Time Systems and Concurrent and Distributed Software, vol. 1231, Springer, 1997, pp. 111-125.

13. T. Ovatman, «An overview of model checking practices on verification of PLC software», Software & Systems Modeling, vol. 4, no. 15, pp. 937-960, 2016.

14. E. Kuzmin, D. Ryabukhin, and V. A. Sokolov, «On the expressiveness of the approach to constructing PLC-programs by LTL-specification», Automatic Control and Computer Sciences, vol. 7, no. 50, pp. 510-519, 2016.

15. M. Zhang, «Towards automated safety vetting of PLC code in real-world plants», in IEEE Symposium on Security and Privacy, IEEE, 2019, pp. 522-538.

16. A. Rajeev and T. Henzinger, «A really temporal logic», Journal of the ACM, vol. 41, no. 1, pp. 181-203, 1994.

17. J. Xiong, «A User-Friendly Verification Approach for IEC 61131-3 PLC Programs», Electronics, vol. 4, no. 9, 2020.

18. B. Beckert, «Regression verification for programmable logic controller software», in International Conference on Formal Engineering Methods, vol. 9407, Springer, 2015.

19. O. Ljungkrantz, «An empirical study of control logic specifications for programmable logic controllers», Empirical Software Engineering, vol. 3, no. 19, pp. 655-677, 2014.

20. O. Ljungkrantz, K. Akesson, M. Fabian, and C. Yuan, «A formal specification language for PLC-based control logic», in 8th IEEE International Conference on Industrial Informatics, IEEE, 2010, pp. 1067-1072.

21. O. Maler and D. Nickovic, «Monitoring temporal properties of continuous signals», Formal Techniques, Modellingand Analysis of Timed and Fault-Tolerant Systems, pp. 152-166, 2004.

22. N. Garanina, I. Anureev, V. Zyubin, A. Rozov, T. Liakh, and S. Gorlatch, «Reasoning about Programmable Logic Controllers», System Informatics, vol. 17, pp. 33-42, 2020.

23. G. Holzmann, The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley Professional, 2003.