Ladder Metamodeling & PLC Program Validation through Time Petri - - PowerPoint PPT Presentation

Ladder Metamodeling & PLC Program Validation through Time Petri Nets

Darlam Fabio Bender1,2 Benoît Combemale1 Xavier Crégut1 Jean-Marie Farines2 Bernard Berthomieu3 François Vernadat3

1Institut de Recherche en Informatique de Toulouse (CNRS UMR 5505)

Université de Toulouse, France.

2Departamento de Automação e Sistemas

Federal University of Santa Catarina. Florianopolis, Brazil.

3Laboratoire d’Analyse et d’Architecture des Systemes (CNRS)

Université de Toulouse, France.

This work is supported by the TOPCASED project, part of the French cluster Aerospace Valley (granted by the French DGE), cf. http://www.topcased.org

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 1 / 24

Motivations and Approach

Motivation

Context: PLC, Programmable Logical Controller

special purpose industrial computer used to automate industrial process connected to inputs and outputs controls the states of outputs according to inputs and internal state programmed with Ladder Diagram (LD) and other languages [IEC 61131]

Problem: Verification of Ladder Diagrams

actually, mainly achieved through exhaustive testing purpose: experiment a model-checking approach based on Model-Driven Engineering

Focus: Race condition detection on Ladder diagrams Approach

Ladder translational semantics to Time Petri nets use of Model-Driven Engineering (MDE) use of Tina toolkit (model-checking)

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 2 / 24

Motivations and Approach

Outline

1

Motivations and Approach

2

Validation of Ladder Diagrams using Time Petri Net Ladder Diagrams Time Petri Net Translation of Ladder Diagram into Time Petri Net Race Condition Formalisation

3

Implementation using MDE General approach Metamodels Transformations

4

Conclusion & Future Works

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 3 / 24

Validation of Ladder Diagrams using Time Petri Net

Plan

1

Motivations and Approach

2

Validation of Ladder Diagrams using Time Petri Net Ladder Diagrams Time Petri Net Translation of Ladder Diagram into Time Petri Net Race Condition Formalisation

3

Implementation using MDE General approach Metamodels Transformations

4

Conclusion & Future Works

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 4 / 24

Validation of Ladder Diagrams using Time Petri Net Ladder Diagrams

Ladder Diagrams

Main concepts

An example: | A B C | +--------| |----+---|/|-------( )-----+ | | | | C | | +--------| |----+ | | | | C D | +--------| |------------------( )-----+ Main concepts: Rail, Rung, Contact ( || and |/| ), Coil (), Variable Interpretation: from up to down.

C = (A∨ C)∧¬B = (A∧¬B)∨(C ∧¬B) = path1∨ path2, D = C.

Other concepts: (Not handled in this work)

Function Blocks with inputs, outputs, internal states.

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 5 / 24

Validation of Ladder Diagrams using Time Petri Net Ladder Diagrams

A more realistic example

| 1S0 2S1 Y2 | +----| |-----| |--------------( )-----+ | 1S1 2S0 Y3 | +----| |-----| |--------------( )-----+ | 2S2 Y1 | +----| |----------------------( )-----+ | 1S2 Y6 Y5 | +----| |-----|/|--------------( )-----+ | 3S2 1S2 Y6 | +----| |--+--|/|--------------( )-----+ | Y6 | | +----| |--+ | | 3S2 1S2 Y4 | +----| |--+--|/|--------------( )-----+ | Y6 | | +----| |--+ |

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 6 / 24

Validation of Ladder Diagrams using Time Petri Net Ladder Diagrams

Ladder Diagrams

Race condition

Race condition: Under fixed inputs (and function block states), one or more outputs keep changing their value. An example

| A B | +--------| |------------------( )-----+ | C D | +--------|/|------------------( )-----+ | D C | +--------| |------------------( )-----+ | C E | +--------| |------------------( )-----+

B = A D = ¬C C = D E = C

The values of D, C and E keep changing. See later

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 7 / 24

Validation of Ladder Diagrams using Time Petri Net Time Petri Net

Time Petri Net

Main concepts

An example:

buffer [0,1] [2,w[ [0,1] consummation production

Main concepts: Place, Transition, Arc, Token, temporal constraint.

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 8 / 24

Validation of Ladder Diagrams using Time Petri Net Translation of Ladder Diagram into Time Petri Net

Translation of Ladder Diagram into Time Petri Net

| A B C | +--------| |----+---|/|-------( )-----+ | | | | C | | +--------| |----+ | | | | C D | +--------| |------------------( )-----+

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 9 / 24

Validation of Ladder Diagrams using Time Petri Net Translation of Ladder Diagram into Time Petri Net

Translation of Ladder Diagram into Time Petri Net

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 10 / 24

Validation of Ladder Diagrams using Time Petri Net Translation of Ladder Diagram into Time Petri Net

Translation of Ladder Diagram into Time Petri Net

Some explanations

1 Three main parts: Group 1, Group 2 and Group 3 2 Group 2: Variables

two places for one variable: set (*_1) and unset (*_0) places. memory and output variables may be updated from simulation variables.

3 Group 1: Control one computation of all rungs, one at a time

initialize simulation variables from Group 2 Variables compute the first rung update Group 2 variables according to simulation variables the same two steps for all other rungs sequencing is done through [1,1] transition

4 Group 3: “simulation” variables used during a rung computation

the simulation variables the way to update them from the Group 2 variables the computation of their new values according to rungs :

rungs are decomposed into paths C = (A∨ C)∧¬B = (A∧¬B)∨(C ∧¬B) = path1∨path2 each path becomes one transition

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 11 / 24

Validation of Ladder Diagrams using Time Petri Net Race Condition Formalisation

Race Condition Formalisation

Definition (race condition) An LD program is free of race condition if

(stable_inputs ⇒ ♦ stable_outputs)

stable_inputs = logical AND between the stability condition for every input variable stable_outputs = the same for every output and memory variable.

Definition (stable variable) An LD variable called x is stable if (( x_0)∨( x_1)). Example

(((( A_0)∨( A_1))∧(( B_0)∨( B_1))) ⇒ ♦ ((( C_0)∨( C_1))∧(( D_0)∨( D_1))))

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 12 / 24

Implementation using MDE

Plan

1

Motivations and Approach

2

Validation of Ladder Diagrams using Time Petri Net Ladder Diagrams Time Petri Net Translation of Ladder Diagram into Time Petri Net Race Condition Formalisation

3

Implementation using MDE General approach Metamodels Transformations

4

Conclusion & Future Works

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 13 / 24

Implementation using MDE General approach

Approach : Metamodels and Transformations Tina

Ladder .ecore PetriNet .ecore myProgram .Ladder myProgram .PetriNet Ladder 2PetriNet .atl myProgram .net

<<conformsTo>> <<conformsTo>>

ATL

PetriNet 2Tina .atl

ATL

properties .ltl

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 14 / 24

Implementation using MDE Metamodels

Time Petri Net Metamodel

A metamodel and OCL constraints.

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 15 / 24

Implementation using MDE Metamodels

Ladder Metamodel

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 16 / 24

Implementation using MDE Transformations

Ladder2PetriNet

Translational Semantics

Transformation Model to Model Use of a hybrid transformation language : ATL Mainly relying on the declarative style (rules) Rule inheritance to structure and factorize code Used to simulate a role of one source metamodel element (e.g. Variable) Use of the resolveTemp ATL operator (because of inheritance and to identify the right element generated by another rule)

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 17 / 24

Implementation using MDE Transformations

Ladder2PetriNet

Rules architecture

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 18 / 24

Implementation using MDE Transformations

Ladder2LTL

Properties generation

Achieved through an ATL query (Model to Text) Requires to know the names used in the translational semantics

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 19 / 24

Implementation using MDE Transformations

Tina Projector

Transformation from PetriNet model to Tina concrete syntax

1 Using an ATL query (Model2Text)

using helpers on metamodel elements

2 Using TCS (Textual Concrete Syntax) [Jouault et al. 2006]

Main characteristics:

defines textual concrete syntax for a DSL/metamodel based on ANTLR provides both an injector and a projector

Results:

wide gap between Tina syntax and PetriNet metamodel able to write a TCS model with one warning the injector works :-) the projector does not work :(

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 20 / 24

Conclusion & Future Works

Plan

1

Motivations and Approach

2

Validation of Ladder Diagrams using Time Petri Net Ladder Diagrams Time Petri Net Translation of Ladder Diagram into Time Petri Net Race Condition Formalisation

3

Implementation using MDE General approach Metamodels Transformations

4

Conclusion & Future Works

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 21 / 24

Conclusion & Future Works

Conclusion

Contribution: Ladder metamodel, Ladder translational semantics through Petri nets, Race condition formalisation. Conclusion: On the verification side:

Race conditions are indeed detected Initial coding has been changed to avoid useless behaviours

= ⇒ great improvement On the MDE side:

Should be able to handle large models Easy to implement the evolutions of the Ladder2PetriNet mapping

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 22 / 24

Conclusion & Future Works

Future Works

Use FIACRE as an intermediate language to verification tools (Topcased), Handle other Ladder concepts like function blocks, Ladder injector to automate the building of the Ladder model, Find the changing variable in the counter-example provided by the model-checker.

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 23 / 24

Conclusion & Future Works

Thank you for your attention... Questions?

Metamodels and transformations are available at

http://combemale.svn.enseeiht.fr/proto/fr.irit.acadie.ladder2tina/

Combemale et al. (IRIT CNRS) Race condition detection in Ladder diagrams ECMDA 2008 — June 10, 2008 24 / 24