Fig 4 - uploaded by Harald Ruess
Content may be subject to copyright.
The Büchi automaton for ¬φ = ¬(G(req → Fgrant)) (a). The translated arena G (b) . The generated safety game (with equivalence class folding) using unroll of depth 2 (c), where the pink vertex is considered as a risk state.
Source publication
G4LTL-ST automatically synthesizes control code for industrial Programmable
Logic Controls (PLC) from timed behavioral specifications of input-output
signals. These specifications are expressed in a linear temporal logic (LTL)
extended with non-linear arithmetic constraints and timing constraints on
signals. G4LTL-ST generates code in IEC 61131-3-c...
Contexts in source publication
Context 1
... again the synthesis process of φ = G(req → Fgrant). Figure 4 (a) and (b) show the corresponding A ¬φ and the translated game. A controller will, for every input sequence, produce the corresponding output sequence to ensure that all paths in the generated game will visit final states in G ¬φ only finitely often. ...
Context 2
... controller will, for every input sequence, produce the corresponding output sequence to ensure that all paths in the generated game will visit final states in G ¬φ only finitely often. Not difficultly, we can observe a solution highlighted at Figure 4 (b), which outputs grant at s 1 [1] (i.e., when input equals req) and outputs grant or !grant at s 1 [0] (i.e., when input equals !req). Outputting grant at s 1 [1] ensures that s 2 is never visited from the initial state. ...
Similar publications
In this study, manufacturing systems are considered as Discrete Event Systems (DES) with logical Inputs (sensors) and logical Outputs (actuators). In previous work, an original implementation of safe controllers (using safety logical constraints) for manufacturing systems, based on the use of a CSP (constraint satisfaction problem) solver, was prop...
The trip computers for the two reactor shutdown systems of the Ontario Power Generation (OPG) Darlington Nuclear Power Generating Station are being refurbished due to hardware obsolescence. For one of the systems, the general purpose computer originally used is being replaced by a programmable logic controller (PLC). The trip computer application s...
A secure and reliable critical infrastructure is a concern of industry and governments. SCADA systems (Supervisory Control and Data Acquisition) are a subgroup of ICS (Industrial Control Systems) and known to be well interconnected with other networks. It is not uncommon to use public networks as transport route but a rising number of incidents of...
This paper initially gives a brief idea of creating user defined device driver with a greater simplicity. ActiveX based Device Driver Model (ADDM) provides benefits of component object method (COM) and object oriented technology to device support. The ActiveX based Device Driver Model represents an innovative advance in Input/0utput (I/O) software...
Citations
... Though they can be modeled with LTL, this approach is inefficient even for behavior examples of moderate size. Other LTL synthesis techniques, e.g., G4LTL-ST [12] and Strix [25], have the same drawbacks in application to the considered problem: no guard conditions minimization and lack of support for behavior examples. ...
... We considered tools BoSy [7] and G4LTL-ST [12], which accept LTL specifications as input. Comparison was only done for synthesis from scenarios, which were converted to LTL formulas. ...
Finite-state models are widely used in software engineering, especially in control systems development. Commonly, in control applications such models are developed manually, hence, keeping them up-to-date requires extra effort. To simplify the maintenance process, an automatic approach may be used, allowing inference of models from behavior examples and temporal specification. As an example of a specific control systems development application, we focus on inferring finite-state models of function blocks (FBs) defined by the IEC 61499 international standard for distributed automation systems. In this paper, we propose a method for FB model inference from behavior examples based on reduction to Boolean satisfiability problem (SAT). Additionally, we take into account linear temporal properties using counterexample-guided synthesis. The developed tool fbSAT implementing the proposed method is evaluated in three case studies: inference of a finite-state controller for a Pick-and-Place manipulator, reconstruction of randomly generated automata, and minimization of transition systems. In contrast to existing approaches, the suggested method is more efficient and produces finite-state models minimal both in terms of number of states and guard conditions complexity.
... Improvements towards these requirements have been provided by template-based classifications, which guide the selection of the assumptions [92]. Furthermore, output sensitive metrics, like the length of the longest path leading to an unsafe state, have been considered [27]. Another consideration for the identification of problem causes, used to guide the specification repair, leverages the notion of strong satisfiabiliy [49], which requires that the specification is satisfiable and that there exists at least one satisfiable output sequence for every possible input. ...
... As important is assisting the developer in repairing the specification. A series of works [3,13,38,2,15,17,43,14,31] introduced frameworks that leverage the artifacts above to turn an unrealizable specification into a realizable one. ...
... Weakening the guarantees is done by tolerating additional behaviors of the system. Most approaches rely on a counterexample-guided refinement loop to learn the new assumptions [3,13,38,2,15,17]. In each refinement loop a counterstrategy is used to extract new assumptions for the environment. ...
In formal synthesis of reactive systems an implementation of a system is automatically constructed from its formal specification. The great advantage of synthesis is that the resulting implementation is correct by construction; therefore there is no need for manual programming and tedious debugging tasks. Developers remain, nevertheless, hesitant to using automatic synthesis tools and still favor manually writing code. A common argument against synthesis is that the resulting implementation does not always give a clear picture on what decisions were made during the synthesis process. The outcome of synthesis tools is mostly unreadable and hinders the developer from understanding the functionality of the resulting implementation. Many attempts have been made in the last years to make the synthesis process more transparent to users. Either by structuring the outcome of synthesis tools or by providing additional automated support to help users with the specification process.
In this paper we discuss the challenges in writing specifications for reactive systems and give a survey on what tools have been developed to guide users in specifying reactive systems and understanding the outcome of synthesis tools.
... Among them, we used Unbeast for comparison since it is more recent and is claimed to be superior over others [17]. Another tool G4LTL-ST [7] is also known, but it is focused solely on program synthesis for PLCs and more rich forms of LTL specification. Since in the problem of LTL synthesis the specification is given only as LTL properties, we had to encode scenarios in LTL. ...
Finite-state models, such as finite-state machines (FSMs), aid software engineering in many ways. They are often used in formal verification and also can serve as visual software models. The latter application is associated with the problems of software synthesis and automatic derivation of software models from specification. Smaller synthesized models are more general and are easier to comprehend, yet the problem of minimum FSM identification has received little attention in previous research. This paper presents four exact methods to tackle the problem of minimum FSM identification from a set of test scenarios and a temporal specification represented in linear temporal logic. The methods are implemented as an open-source tool. Three of them are based on translations of the FSM identification problem to SAT or QSAT problem instances. Accounting for temporal properties is done via counterexample prohibition. Counterexamples are either obtained from previously identified FSMs, or based on bounded model checking. The fourth method uses backtracking. The proposed methods are evaluated on several case studies and on a larger number of randomly generated instances of increasing complexity. The results show that the Iterative SAT-based method is the leader among the proposed methods. The methods are also compared with existing inexact approaches, i.e. the ones which do not necessarily identify the minimum FSM, and these comparisons show encouraging results.
... Among them, we used Unbeast for comparison since it is more recent and is claimed to be superior over others [17]. Another tool G4LTL-ST [7] is also known, but it is focused solely on program synthesis for PLCs and more rich forms of LTL specification. ...
Finite-state models, such as finite-state machines (FSMs), aid software engineering in many ways. They are often used in formal verification and also can serve as visual software models. The latter application is associated with the problems of software synthesis and automatic derivation of software models from specification. Smaller synthesized models are more general and are easier to comprehend, yet the problem of minimum FSM identification has received little attention in previous research. This paper presents four exact methods to tackle the problem of minimum FSM identification from a set of test scenarios and a temporal specification represented in linear temporal logic. The methods are implemented as an open-source tool. Three of them are based on translations of the FSM identification problem to SAT or QSAT problem instances. Accounting for temporal properties is done via counterexample prohibition. Counterexamples are either obtained from previously identified FSMs, or based on bounded model checking. The fourth method uses backtracking. The proposed methods are evaluated on several case studies and on a larger number of randomly generated instances of increasing complexity. The results show that the Iterative SAT-based method is the leader among the proposed methods. The methods are also compared with existing inexact approaches, i.e. the ones which do not necessarily identify the minimum FSM, and these comparisons show encouraging results.
Programmable Logic Controllers (PLC) are widely used in Industrial Control Systems (ICS) with strict safety assurance requirements. Unfortunately, traditional techniques for debugging prefer to use post-development approaches, such as simulation and black-box testing, rather than enhancing safety before programing. In this paper, we propose a refinement-based approach to model and verify PLC systems, aiming to assure safety properties by construction. It uses the Event-B formalism and focuses on the levels of requirement analysis, specification refinement, and system development. This approach takes a three-layer framework stepwise to specify the behaviors and properties of PLC programs, thereby reducing the modeling complexity. The basic firmware layer models the general mechanisms of PLC firmware, such as periodical instruction execution and centralized I/O scanning, which are application-independent models with fundamental safety properties at an abstract level. The middle layer establishes configuration models. These models correspond to the PLC settings and interactive environments of a specific system, such as I/O addresses and peripheral devices. The business layer models business logic with more specific system-level safety requirements. With our approach, the safety properties of PLC systems can be verified throughout the modeling and refinement process. In addition, rules are proposed to convert the most concrete Event-B model into PLC code satisfying the IEC 61131-3 standard. We demonstrate this approach with a real-world running example of a pump control system for gas transmission.
Programmable logic controllers (PLCs) are essentially domain-specific computers that are widely used in the industrial field. These industrial devices are usually required to be of high reliability, and program bugs can lead to catastrophes. However, there are few automated testing tools for PLC programs. This paper proposes a framework, named STAutoTester, for automatically generating test cases for IEC 61131-3 Structured Text (ST) programs. It adopts Dynamic Symbol Execution (DSE) combined with redundant path pruning to efficiently perform PLC multi-cycle test data generation under different coverage criteria. We have evaluated STAutoTester on 21 programs. The experimental results show that STAutoTester can effectively handle these programs. Compared to SYMPLC, a previous symbolic execution based tool for automatically testing PLC software, we achieved comparable statement coverage with much fewer test cases. Besides, we have achieved greater branch coverage and stricter MC/DC coverage, which were not implemented by SYMPLC.
