On Formal Specification and Verification of Function Block Applications in Industrial Control Logic Development

Doktorsavhandling, 2011

Developing a control system for an automated manufacturing system is a challenging task. In addition to controlling and coordinating the machines and robots used in the production, the safety of the operators must be assured. The control system should also be easily modifiable and quickly made fully operational, to reduce down-time and ramp-up-time of the manufacturing system. To handle these challenges, Programmable Logic Controllers (PLCs) and a set of standard programming languages are typically used. Many industrial practitioners also use standardized programming structure and they reuse code in form of function blocks between and within different programming projects. Although the PLC programming is well standardized, there is no established standard for the specifications. The function blocks are typically documented informally, for instance using natural language and pictures, or not specified at all. Unambiguous specifications of function blocks would not only promote efficient reuse and facilitate verification, but are fundamental for the part handling safety. International safety standards emphasize the importance of specifying and verifying safety-related software. This thesis proposes the Reusable Automation Component (RAC) framework for formal, mathematical specification and verification of function blocks. The RAC formal specification removes ambiguity and enables automated and exhaustive off-line verification using model checking. Developing formal specifications is typically a tough task for PLC programmers and maintainers and this thesis therefore proposes methods and a language for assisting the specification development. The main contributions of the thesis are the proposed specification assistance and industrial studies on PLC programming and function block specifications. A prototype RAC tool has been implemented in which the function blocks can be specified and then verified using a model checking tool. Several industrial examples show that the RAC framework may help the users to find errors and inconsistencies within the function blocks, and to confirm that the expected safety properties are fulfilled.