verification of reactive programs from industrial
play

Verification of Reactive Programs from Industrial Automation - PowerPoint PPT Presentation

Sep 01, 2022 •22 likes •162 views

Verification of Reactive Programs from Industrial Automation Dimitri Bohlender Programmable Logic Controller (PLC) Tailored to the domain of industrial automation Realise reactive systems, repeatedly executing the same task Single Cycle

  1. Verification of Reactive Programs from Industrial Automation Dimitri Bohlender

  2. Programmable Logic Controller (PLC) ◮ Tailored to the domain of industrial automation ◮ Realise reactive systems, repeatedly executing the same task Single Cycle actuators sensors PLC Verification of Reactive Programs from Industrial Automation 1 / 1 Dimitri Bohlender

  3. Programmable Logic Controller (PLC) ◮ Tailored to the domain of industrial automation ◮ Realise reactive systems, repeatedly executing the same task Single Cycle actuators sensors Input Variables PLC Verification of Reactive Programs from Industrial Automation 1 / 1 Dimitri Bohlender

  4. Programmable Logic Controller (PLC) ◮ Tailored to the domain of industrial automation ◮ Realise reactive systems, repeatedly executing the same task Single Cycle Program actuators sensors Input Variables PLC Verification of Reactive Programs from Industrial Automation 1 / 1 Dimitri Bohlender

  5. Programmable Logic Controller (PLC) ◮ Tailored to the domain of industrial automation ◮ Realise reactive systems, repeatedly executing the same task Single Cycle Program actuators sensors Input Output Variables Variables PLC Verification of Reactive Programs from Industrial Automation 1 / 1 Dimitri Bohlender

  6. Programmable Logic Controller (PLC) ◮ Tailored to the domain of industrial automation ◮ Realise reactive systems, repeatedly executing the same task Single Cycle Program actuators sensors Input State Output Variables Variables Variables PLC Verification of Reactive Programs from Industrial Automation 1 / 1 Dimitri Bohlender

  7. PLC Software ◮ Programming languages standardised in IEC 61131-3 ◮ Combination of several languages typical Ladder Diagram Function Block Diagram Sequential Function Chart i 0 i 1 o 0 Initial & Step A Step B Final i 2 Instruction List Structured Text Vendor Specific Dialects ... IF=input0+50=>=100=THEN LD input0 output0 :==1; ADD 50 ELSE GT 100 output0 :==0; JMPC label ENDIF; Verification of Reactive Programs from Industrial Automation 2 / 1 Dimitri Bohlender

  8. Verification of Domain-Specific Specifications ◮ Specification automata used by the PLCopen reset answered 1 1 DiagCode = 0x0000 DiagCode = 0x8000 DiagCode = 0xC001 1 2 R _ TRIGatQuery ( CLK := Query ) R _ TRIGatQuery ( CLK := Query ) ⇒ Characterisation in terms of Constrained Horn-Clauses ✓ ◮ Analysis of Reset-Behaviour • Certain variables may retain their value after restart/power cut. • Restarting shall not affect the set of observable states, i. e. ! Reach nominal ( s 0 ) ⊇ Reach reset ( s 0 ) Verification of Reactive Programs from Industrial Automation 3 / 1 Dimitri Bohlender

  9. Verification of Domain-Specific Specifications ◮ Specification automata used by the PLCopen reset answered 1 1 DiagCode = 0x0000 DiagCode = 0x8000 DiagCode = 0xC001 1 2 R _ TRIGatQuery ( CLK := Query ) R _ TRIGatQuery ( CLK := Query ) ⇒ Characterisation in terms of Constrained Horn-Clauses ✓ ◮ Analysis of Reset-Behaviour • Certain variables may retain their value after restart/power cut. • Restarting shall not affect the set of observable states, i. e. ! Reach nominal ( s 0 ) ⊇ Reach reset ( s 0 ) Verification of Reactive Programs from Industrial Automation 3 / 1 Dimitri Bohlender

  10. Verification of Domain-Specific Specifications ◮ Specification automata used by the PLCopen reset answered 1 1 DiagCode = 0x0000 DiagCode = 0x8000 DiagCode = 0xC001 1 2 R _ TRIGatQuery ( CLK := Query ) R _ TRIGatQuery ( CLK := Query ) ⇒ Characterisation in terms of Constrained Horn-Clauses ✓ ◮ Analysis of Reset-Behaviour • Certain variables may retain their value after restart/power cut. • Restarting shall not affect the set of observable states, i. e. ! Reach nominal ( s 0 ) ⊇ Reach reset ( s 0 ) Verification of Reactive Programs from Industrial Automation 3 / 1 Dimitri Bohlender

  11. Exploiting Domain-Specifics in Existing Techniques s = 0, c = input() s = 0, c = input() c = [ c = input() ◮ Consider bug-finding via c � = [ s � = 0 s = 0 symbolic execution s := 1 ⇒ CFG-based guidance fails c = ( ◮ Bad choices hard to identify c � = ( s � = 1 s = 1 (due to cyclicity) s := 2 c = { ◮ Implicit state machine (over s ) ◮ Typical pattern in PLC program c � = { s � = 2 s = 2 modules s := 3 s � = 3 s = 3 bad() Verification of Reactive Programs from Industrial Automation 4 / 1 Dimitri Bohlender

  12. Exploiting Domain-Specifics in Existing Techniques s = 0, c = input() s = 0, c = input() c = [ c = input() ◮ Consider bug-finding via c � = [ s � = 0 s = 0 symbolic execution s := 1 ⇒ CFG-based guidance fails c = ( ◮ Bad choices hard to identify c � = ( s � = 1 s = 1 (due to cyclicity) s := 2 c = { ◮ Implicit state machine (over s ) ◮ Typical pattern in PLC program c � = { s � = 2 s = 2 modules s := 3 s � = 3 s = 3 bad() Verification of Reactive Programs from Industrial Automation 4 / 1 Dimitri Bohlender

  13. Exploiting Domain-Specifics in Existing Techniques s = 0, c = input() s = 0, c = input() c = [ c = input() ◮ Consider bug-finding via c � = [ s � = 0 s = 0 symbolic execution s := 1 ⇒ CFG-based guidance fails c = ( ◮ Bad choices hard to identify c � = ( s � = 1 s = 1 (due to cyclicity) s := 2 c = { ◮ Implicit state machine (over s ) ◮ Typical pattern in PLC program c � = { s � = 2 s = 2 modules s := 3 s � = 3 s = 3 bad() Verification of Reactive Programs from Industrial Automation 4 / 1 Dimitri Bohlender

Recommend

Introduction to Temporal Logic and Reactive Systems Zohar Manna Verification of sequential

Introduction to Temporal Logic and Reactive Systems Zohar Manna Verification of sequential

Introduction to Temporal Logic and Reactive Systems Zohar Manna Verification of sequential programs. No concurrency. Programs (should) always terminate. Observable at start (input) and end (output) of execution. Logical

295 views • 7 slides
Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Lecture 1: Overview of System Synthesis A. Pnueli Lectures Outline Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli Fair Discrete Systems and their Computations. Model Checking Invariance and

309 views • 19 slides
Modelling, Specification and Verification of Reactive Systems Introduction to the Course

Modelling, Specification and Verification of Reactive Systems Introduction to the Course

Organization of the Course Introduction Formal Models for Reactive Systems Modelling, Specification and Verification of Reactive Systems Introduction to the Course Lecturer: Luca Aceto Email: luca@ru.is or luca.aceto@gmail.com Course web

449 views • 25 slides
State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct

State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct

Title Page State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct Circuits, European Joint Conference on Theory and Practice of Software, Grenoble, France april 6-7 2002 Yannis Bres, CMA-EMP / INRIA

422 views • 20 slides
Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

ARTIST2 - ARTIST2 - MOTIVES MOTIVES Trento - - Italy, February 19 Italy, February 19- -23, 2007 23, 2007 Trento Session: Testing and Runtime Verification Formal Verification and Testing for Formal Verification and Testing for Reactive

881 views • 31 slides
Formal verification of numerical programs: from C annotated programs to Coq proofs Sylvie Boldo

Formal verification of numerical programs: from C annotated programs to Coq proofs Sylvie Boldo

Third International Workshop on Numerical Software Verification Formal verification of numerical programs: from C annotated programs to Coq proofs Sylvie Boldo INRIA Saclay - Ile-de-France July 15th, 2010 Thanks to the organizers !

1.72k views • 136 slides
Synopsis Motivation Synchronous reactive model Syntax of CRL (Core Reactive Language)

Synopsis Motivation Synchronous reactive model Syntax of CRL (Core Reactive Language)

Secure information flow for synchronous reactive programs Ilaria Castellani INRIA Sophia Antipolis OPCT Workshop Bertinoro, 18-21 June, 2014 [Based on TGC13 talk, joint work with Pejman Attar] 1 Synopsis Motivation

1.26k views • 81 slides
Modelling, Specification and Verification of Reactive Systems Milners Calculus of

Modelling, Specification and Verification of Reactive Systems Milners Calculus of

Introduction to CCS Syntax of CCS Semantics of CCS Value Passing CCS Modelling, Specification and Verification of Reactive Systems Milners Calculus of Communicating Systems (CCS) Plan for this part of the course: Informal introduction to

763 views • 50 slides
Combining Verification and Conformance Testing for Validating Reactive Systems Vlad Rusu, Thierry

Combining Verification and Conformance Testing for Validating Reactive Systems Vlad Rusu, Thierry

Combining Verification and Conformance Testing for Validating Reactive Systems Vlad Rusu, Thierry Jron, and Herv Marchand First.Last@irisa.fr IRISA/INRIA Rennes, project Vertecs http://www.irisa.fr/vertecs Combining verification and

632 views • 38 slides
Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele De Angelis 1 , Fabio Fioravanti 1 , Alberto Pettorossi 2 , and Maurizio Proietti 3 1 University of Chieti-Pescara G. dAnnunzio, Italy 2

671 views • 52 slides
Functional Reactive Programming Maximilian Krome Specification Languages for Verification

Functional Reactive Programming Maximilian Krome Specification Languages for Verification

Functional Reactive Programming Maximilian Krome Specification Languages for Verification Maximilian Krome SPLAV 1/30 Mathematical Roots Formal mathematical description Provability What versus How Maximilian Krome

542 views • 30 slides
The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische Universit at Darmstadt Department of Computer Science, Software Engineering Group Dagstuhl Seminar 16131: Language Based Verification Tools for

1.01k views • 68 slides
Protocol Verification using Flows: An Industrial Experience Murali Talupur Joint work with John

Protocol Verification using Flows: An Industrial Experience Murali Talupur Joint work with John

Protocol Verification using Flows: An Industrial Experience Murali Talupur Joint work with John O Leary, Mark R. Tuttle SCL, Intel Corp Parametric Verification using Flows P A True or Cex P(N) Model Check Abstract Last year we

479 views • 32 slides
What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity

What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity

Tennessee Pollution Prevention Webinar What you gonna do when they come for you? Being Proactive rather than Reactive for CyberSecurity in the Manufacturing Industry October 23 rd , 2019 Ben Bolton Energy Programs Administrator for TDECs

767 views • 41 slides
for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom

for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom

Relational STE and Theorem Proving for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom Melham, Oxford CPU datapath verification at Intel Thousands of operations Integer, FP, SSE, AVX,

241 views • 23 slides
Measurement and verification experience of compressed Air production at an industrial scale

Measurement and verification experience of compressed Air production at an industrial scale

Measurement and verification experience of compressed Air production at an industrial scale Hydraulic Air Compressor (HAC) NRCan Energy Summit May 30 th , 2018 Dean Millar B.Eng.(Hons), ARSM, PhD, DIC, FIMMM, CEM Bharti School of Engineering,

481 views • 24 slides
Polyhedral Domains and Widening for Verification of Numerical Programs Goran Frehse Verimag

Polyhedral Domains and Widening for Verification of Numerical Programs Goran Frehse Verimag

Polyhedral Domains and Widening for Verification of Numerical Programs Goran Frehse Verimag Hitashyam Maka and Bruce H. Krogh Carnegie Mellon University 1 Verification of numerical programs Problem definition Polyhedral domains

390 views • 26 slides
Exact Solutions for Two-Dimensional Reactive Flow for Verification of Numerical Algorithms Joseph

Exact Solutions for Two-Dimensional Reactive Flow for Verification of Numerical Algorithms Joseph

Exact Solutions for Two-Dimensional Reactive Flow for Verification of Numerical Algorithms Joseph M. Powers (powers@nd.edu) University of Notre Dame; Notre Dame, IN Tariq D. Aslam (aslam@lanl.gov) Los Alamos National Laboratory; Los Alamos, NM

431 views • 22 slides
1 Recent Advances in Reactive Planning: Past Approaches to Planning BDD-based Universal Planning

1 Recent Advances in Reactive Planning: Past Approaches to Planning BDD-based Universal Planning

Massachusetts Institute of Technology Motivation for Reactive Planning Factored Symbolic Approach to Reactive Planning Seung H. Chung Brian C. Williams Reason for Planning Reason for onboard reactive planning Anomalies June 7,

80 views • 7 slides
Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd

Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd

Introduction Verification Analysis Summary Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd December 2004 Anders Franz en Combining SAT and ILP Introduction Verification Analysis

776 views • 58 slides
Viktor Vafeiadis Software Analysis & Verification Full functional verification

Viktor Vafeiadis Software Analysis & Verification Full functional verification

Viktor Vafeiadis Software Analysis & Verification Full functional verification Compilers , concurrent programs , theorem provers Program equivalence / Compositional reasoning Compositional compiler verification

266 views • 3 slides
Toward Automatic Verification of Quantum Programs Xiaodi Wu QuICS, University of Maryland

Toward Automatic Verification of Quantum Programs Xiaodi Wu QuICS, University of Maryland

Toward Automatic Verification of Quantum Programs Xiaodi Wu QuICS, University of Maryland Outline Motivation A Quantum Programming Language Floyd-Hoare Logic for Quantum Programs Invariant Generation Recent Developments Summary My

1.24k views • 79 slides
Symbolic Verification of Programs with Pointers using Tree Automata Ji r Sim a

Symbolic Verification of Programs with Pointers using Tree Automata Ji r Sim a

Symbolic Verification of Programs with Pointers using Tree Automata Ji r Sim a cek Universit e Joseph Fourrier (France) Brno University of Technology (Czech Republic) 1 Ph.D. 1st year of doctoral degree programme at

377 views • 21 slides
Symbolic synthesis of state based reactive programs Diploma Thesis Nico Wallmeier 18.03.03

Symbolic synthesis of state based reactive programs Diploma Thesis Nico Wallmeier 18.03.03

Symbolic synthesis of state based reactive programs Diploma Thesis Nico Wallmeier 18.03.03 Structure 1. Background 2. Infinite games over a finite game graph 3. Transformation to the symbolic state space 4. Applications 18.03.03 Nico

962 views • 36 slides

More recommend