Analysis of Logic Controllers by Transformation of SFC into Timed Automata

Stursberg, Olaf; Lohmann, Sven

doi:10.1109/cdc.2005.1583409

Cited by 11 publications

(8 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This scheme is referred to as cycletriggered translation later on. In contrast, the approach in [12], [11] is based on the idea of modeling the cycle only if an (external or internal) event leads to the change of at least one variable in the control program -this scheme is named event-triggered. The objective of this paper is to investigate and to compare the two approaches for the example of a laboratory plant with a special focus on the efficiency of the verification.…”

Section: Introductionmentioning

confidence: 94%

“…This time (which can be manually adjusted on most PLCs) must be sufficiently small to ensure that the controller reacts sufficiently fast as response to events generated in the plant. An alternative scheme, the event triggered approach (ETA), was sketched in [11] and is illustrated in the lower part of Fig. 6: only those PLC cycles are considered within which any of the variables contained in the TA model changes its value, e.g.…”

Section: Alternative Execution Modelsmentioning

confidence: 99%

“…These time delays can be critical for the safety of the controlled plant. A formal definition of the syntax and semantics of SFC was given in [11].…”

Section: Thc033mentioning

confidence: 99%

“…The first is called cycle driven approach (CDA) [1] and the second one event triggered approach (ETA) [12], [11]. Both approaches use the same scheme for the translation of the structural layout of the SFC (i.e.…”

Section: Alternative Execution Modelsmentioning

confidence: 99%

See 3 more Smart Citations

Comparison of Event-Triggered and Cycle-Driven Models for Verifying SFC Programs

Lohmann

Stursberg

Engell

2007

2007 American Control Conference

View full text Add to dashboard Cite

As a complement to testing procedures, verification techniques as e.g. model checking have been proposed to analyze logic controllers specified as Sequential Function Charts (SFC). For the success of these techniques suitable execution models of the SFC and of the programmable logic controllers (PLC) on which the SFC are implemented and operated in practice are crucial. This paper investigates and compares two different recently suggested transformation schemes for mapping SFC into timed automata (TA): an event-triggered and a cycle driven scheme. For the example of a laboratory experiment, the paper shows how the schemes lead to TA models of the controller which can, when complemented with appropriate plant models, be used for verifying properties as e.g. safety by employing the software tool UPPAAL. The event-triggered transformation scheme is found to lead to considerably smaller TA models and hence to be more suitable for verification purposes. I. INTRODUCTIONLogic controllers specified as Sequential Function Charts (SFC) have become increasingly popular in the process and manufacturing industry. SFC are defined in the standard IEC 61131-3 [7] as one of five programming languages for programmable logic controllers (PLC). These are standard devices for sequential control due to their robustness and reliability, and are often embedded into hierarchical automation architectures for larger plants.The correctness of SFC programs implemented on PLC is obviously crucial for the overall success and the safety of plant operation. While the design of the control programs becomes increasingly more complex due to a larger number of functions included, competitive markets require shorter development and start-up times. In order to reduce the time needed to check the correctness of the PLC programs, verification can be a valuable substitute of testing, as it replaces the tedious (manual) choice of scenarios to be investigated by an algorithmic search over all possible cases and executions. If appropriate plant models are available, algorithmic verification by model checking [4] can prove that the logic controller controls the plant such that requirements as e.g. safety, goalattainment, or deadlock-avoidance are achieved.In order to apply model checking to the control program, the SFC (which is a partly graphical repre-

show abstract

Section: Introductionmentioning

confidence: 94%

Section: Alternative Execution Modelsmentioning

confidence: 99%

“…These time delays can be critical for the safety of the controlled plant. A formal definition of the syntax and semantics of SFC was given in [11].…”

Section: Thc033mentioning

confidence: 99%

Section: Alternative Execution Modelsmentioning

confidence: 99%

See 2 more Smart Citations

Comparison of Event-Triggered and Cycle-Driven Models for Verifying SFC Programs

Lohmann

Stursberg

Engell

2007

2007 American Control Conference

View full text Add to dashboard Cite

show abstract

“…Some of them ( [2] and [19] for example) start from a model in SFC 2 language [7]; however this language is an implementation and not a specification language (the interested reader is referred to [16] for further details on the semantic differences between Grafcet and SFC); this explains why these approaches were not selected for this work. On the opposite, [11] presents a method to translate an untimed Grafcet specification into three sets of algebraic equations:…”

Section: Controller Modelmentioning

confidence: 99%

Coupling timed plant and controller models with urgent transitions without introducing deadlocks

Perin

Faure

2012

Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies &Amp; Factory Automation (ETFA 2012)

View full text Add to dashboard Cite

This paper focuses on timed models which represent closed-loop systems composed of a plant and a logic controller. Both the plant and controller models are described in a formalism where urgent transitions are possible, to avoid non-realistic evolutions, and without deadlock when they are separated.It is first shown that deadlocks may occur in the plant model as soon as both models are coupled. To solve this issue, shared variables which model the changes of the inputs of the controller are defined and introduced in some actions of the plant model as well as in some guards of the controller model; the aim of these variables is to authorize evolutions of the controller only when at least one input has changed. This solution removes the previously pinpointed deadlocks and guarantees the reactivity of the controller.

show abstract

Systematic Logic Controller Design as Sequential Function Chart Starting from Informal Specifications

Lohmann

Engell

2008

Chinese Journal of Chemical Engineering

View full text Add to dashboard Cite

Analysis of Logic Controllers by Transformation of SFC into Timed Automata

Cited by 11 publications

References 5 publications

Comparison of Event-Triggered and Cycle-Driven Models for Verifying SFC Programs

Comparison of Event-Triggered and Cycle-Driven Models for Verifying SFC Programs

Coupling timed plant and controller models with urgent transitions without introducing deadlocks

Systematic Logic Controller Design as Sequential Function Chart Starting from Informal Specifications

Contact Info

Product

Resources

About