Information Technology Reference
In-Depth Information
Automatic Fault Localization for
Programmable Logic Controllers
André Sülflow and Rolf Drechsler
Institute of Computer Science, University of Bremen
28359 Bremen, Germany
{suelflow, drechsle}@informatik.uni-bremen.de
Abstract.
Programmable Logic Controllers
(PLCs) are widely ap-
plied to control safety critical systems. E
cient formal and non-
formal methods to detect faulty behavior have been developed, but
finding the cause of the buggy behavior is often still a manual process.
Automatic fault localization for PLCs is studied in this paper. Meth-
odsforautomateddebuggingareanalyzedandcomparedwithrespect
to accuracy and run time. The experimental results on industrial
models show a high accuracy at low run time costs.
Keywords: Debugging, Boolean SAT, Program slicing, Programmable Logic
Controllers
1
Introduction
A
Programmable Logic Controller
(PLC) is a re-programmable computer
based on sensors and actors that is running a user defined software peri-
odically. That makes a PLC highly configurable and applicable in various
industrial sectors, e.g., in nuclear power plants and in railway interlocking
systems. The assurance of the correct behavior in safety critical systems is
a must. In this work PLCs suitable to control railway electronic interlocking
specified to
Safety Integrity Level 3
(IEC61508) are considered.
Model checking of PLC software was proposed in, e.g., [3,11,15,18]. The
output of a model checker is either a proof of correctness of the model with
respect to a specification or a failure trace, i.e., a counter-example that shows
the incorrect behavior. Debugging the observed faulty behavior often relies
on manual simulation and is a time consuming task. Automated debugging
of faulty behavior in PLC programs has not been considered so far and is in
focus of this paper.
Several techniques for automated debugging have been proposed for soft-
ware (e.g. [22,2,13,9]) as well as for hardware (e.g. [21,6,17,7]). The aim of
This work has been supported in part by the Rail Automation Graduate School
(Siemens Transportation, Braunschweig, Germany) and the European Union
(project DIAMOND, FP7-2009-IST-4-248613).
