On testing and automatic mending of safety PLC code

Artikel i vetenskaplig tidskrift, 2021

This paper presents an approach to automatically amend an erroneous model of an implementation using a safety specification as the basis to ensure safety. Industrially, safety PLCs are common to ensure safe operations. However, before its commissioning, the implemented safety code must be tested for faults caused by spurious transitions and missing safety transitions. Spurious transitions are implemented events that are not prescribed by the safety specification, while missing safety transitions are unimplemented safety events that are prescribed by the safety specification. The presence of these faults can result in material or human damage. The proposed approach requires the model of an implementation to be trace equivalent with the given safety specification only in terms of traces composed of safety events, which is captured by the notion of safe-IOCOS. If the implementation emits other than the specified safety events then the implementation is not safe-IOCOS and requires amendment. This is achieved by removing the spurious transitions and adding the missing safety events in the implementation using synthesis techniques from the supervisory control theory. The infimal controllable superlanguage is used to compute the infimal safety extension, which adds the missing safety transitions. It is shown how the resulting model of an implementation after amendment is both safe-IOCOS and controllable with respect to the specification.