Rigorous Design of PLC Networks using Formal Methods Radu Mateescu - - PowerPoint PPT Presentation

Rigorous Design of PLC Networks using Formal Methods

Radu Mateescu CONVECS team Inria Grenoble – Rhône-Alpes Université Grenoble Alpes / LIG http://convecs.inria.fr

2

CONVECS

(Construction of Verified Concurrent Systems)

Inria – CNRS – UGA common project-team within LIG

Radu Mateescu (Inria Senior Researcher) Hubert Garavel (Inria Senior Researcher) Frédéric Lang (Inria Researcher) Gwen Salaün (Professor, UGA) Wendelin Serwe (Inria Researcher) Gianluca Barbon (PhD) Lina Marsso (PhD) Ajay Muroor-Nadumane (PhD) Umar Ozeer (PhD) Lian Apostol (expert engineer)

Kobe-Grenoble Workshop - February 26-27, 2018

3

Scientific Field

Formal modelling of concurrent systems

• Behavioural specification languages
• Property specification languages

Compiler construction, code generation Functional verification

• Model checking
• Equivalence checking

Quantitative analysis

• Timed, probabilistic, stochastic

Real-life case-studies and applications Verification platform

CADP (> 50 tools + 17 libraries) http://cadp.inria.fr

Kobe-Grenoble Workshop - February 26-27, 2018

msg msg ack a b

||

a a b b

Interleaving semantics Asynchronous concurrent systems

4

The Bluesky for I-Automation Project

Minalogic, FUI 13rd call (2012-2016)

Partners: Crouzet Automatismes (now InnoVista Sensors), VM2M, Motwin, Inria, LCIS Objectives:  Simple solution for distributed automation applications  Hardware, software, communication infrastructures, and services  New generation of em4 PLCs connected to the IoT  Formal validation services for a rigorous development of distributed applications embedded on PLC networks

Kobe-Grenoble Workshop - February 26-27, 2018

BlueSky

5

Organization of the Project

Kobe-Grenoble Workshop - February 26-27, 2018

6

Design Flow based on Formal Methods

Kobe-Grenoble Workshop - February 26-27, 2018

designer of PLC applications em4soft executable em4 properties (TL) model checking and equivalence checking test generation and execution test stimuli system responses verdict + diagnostic verdicts test scenarios (SPTL) abstract description (GRL) service (GRL)

S S Y Y N N C C H H R R O O N N O O U U S A A S Y S Y N N C C H H R R O O N N O O U U S

7

GRL: A Formal Description Language for GALS Systems

GRL (GALS Representation Language)

 GALS system: Globally Asynchronous and Locally Synchronous  Principles of GRL: > Blocks: synchronous components > Environments: external constraints > Mediums: asynchronous communication > Formal semantics (process calculus)  Tool support: translators em4soft  GRL  LNT and CADP tools

Kobe-Grenoble Workshop - February 26-27, 2018

8

Asynchronous Validation Flow

Kobe-Grenoble Workshop - February 26-27, 2018

designer of PLC applications em4soft properties (TL) GRL2LNT verdict + diagnostic LNT2LOTOS + CAESAR state space (BCG) translation formulas (MCL) EVALUATOR abstract description (GRL)

CADP

behavioural specification (LNT)

9

Example: Car Park Management

Kobe-Grenoble Workshop - February 26-27, 2018

block In_Controller (in Open_Cmd : bool;

• ut Green_Light : bool; … out Door_Open : bool)

{receive Open_Distant_Cmd : bool; receive Decrease_Counter : bool} is allocate Block_Or as B01, …, Block_And as B16 perm pre_c9 : bool := true, pre_c10 : bool := true temp c1, c2, c3, …, c11 : bool, c6, c8 : int16 c2 := Open_Distant_Cmd; B01 (Open_Cmd, c2, ?c3); … Yellow_Light := Door_Open; B15 (c7, c10, ?Red_Light); B16 (c11, c10, ?Green_Light); pre_c10 := c10 end block block Out_Controller (in Open_Cmd : bool;

• ut Door_Open : bool)

{receive Open_Distant_Cmd : bool; send Decrease_Counter : bool} is allocate Block_Or as B01, Block_Timer_BW [true, false] as B02, Block_Timer_AC [0, 5, Cycle] as B05 temp c1 : bool B01 (Open_Cmd, Open_Distant_Cmd, ?c1); B02 (c1, ?Decrease_Counter); B05 (Decrease_Counter, _, ?Door_Open, ?_ ,?_, ?_, ?_) end block

GRL em4soft

translator GRL2LNT + CADP CADP + SEQ2SIM

10

Synchronous Validation Flow

SPTL (Synchronous Programming Testing Language)

Kobe-Grenoble Workshop - February 26-27, 2018 test stimuli generator (constraint resolution)

TESTIUM

system under test (black box) test stimuli system responses testing scenarios (SPTL) environment constraints (SPTL)

11

Example: Irrigation System

Kobe-Grenoble Workshop - February 26-27, 2018

12

Execution of a Testing Scenario

 Step by step mode  Automatic mode

Kobe-Grenoble Workshop - February 26-27, 2018

scenario Normal var time t1 time t2 begin {Humid = 35;Temp=28;t1.start} | [Humid = 35;Temp=(pre(Temp)+5)(t1>5)]| {Humid=36;Temp=60;t2.start} | [Humid=36;Temp>60;Temp<65(t2>5)] end

1 2 3 4 True True t1>5 t1≤5 t2≤5

test stimuli system responses

TESTIUM SPTL

13

Bluesky Project: Summary

Results

 New generation of PLCs from InnoVista Sensors  Languages et tools for validating distributed PLC applications > GRL and GRL2LNT tool: PhD of Fatma JEBALI (http://hal.inria.fr/tel-01511656/en) > SPTL and TESTIUM tool: PhD of Mouna TKA (http://www.theses.fr/2016GREAM020)

Ongoing Work

 Enhancing the validation flow to automate the testing of PLC networks  PhD of Lina MARSSO: Formal Methods for Testing Networks of Controllers co-supervised Inria – LCIS (ARC6 2016-2019) with the collaboration of Innovista Sensors

Kobe-Grenoble Workshop - February 26-27, 2018

14

Testing Flow for GALS Systems

Kobe-Grenoble Workshop - February 26-27, 2018

Thank you!

More information: http://convecs.inria.fr