Moby/plc { Graphical Development of PLC-Automata??? Josef Tapken and Henning Dierks University of Oldenburg { Department of Computer Science P.O.Box 2503, D-26111 Oldenburg, Germany Fax: +49 441 798-2965 E-Mail: ftapken,dierksg@informatik.uni-oldenburg.de Abstract. Moby/plc is a graphical design tool for PLC-Automata, a special class of hierarchical real-time automata suitable for the description of distributed real-time systems that are implementable on a widely used hardware platform, so-called Programmable Logic Controllers (PLCs). In this paper we sketch the modelling language in use and some features of Moby/plc, like several validation methods and code generation. 1 Introduction Moby/plc is a graphical design tool for distributed real-time systems which is based upon a formal description technique called PLC-Automata [6]. This class of hierarchical real-time automata is suitable (but not restricted) to the description of the behaviour of Programmable Logic Controllers (PLC) that are often used to solve real-time controlling problems. The automata are tailored to a structural compilation into executable PLC-code and are provided with a formal denotational semantics in Duration Calculus [3] as well as an operational semantics in terms of Timed Automata [1]. Both semantics are consistent and allow formal reasoning about properties of PLC-Automata [7]. The language of PLC-Automata, developed in the UniForM-project [8], has been applied to real-world case studies of the industrial partner, which produces tram- and railway control systems. This paper gives a survey of Moby/plc by introducing its implemented modelling language (Sec. 2), and by describing some of its features (Sec. 3).? cspringer-verlag. This paper is published in A.P.Ravn, and H.Rischel, editors, Proceedings of FTRTFT'98, Volumn 1486, LNCS, Springer, 1998?? This research was partially supported by the German Ministry for Education and Research (BMBF) as part of the project UniForM under grant No. FKZ 01 IS 521 B3 and partially by the Leibniz Programme of the Deutsche Forschungsgemeinschaft (DFG) under grant No. Ol 98/1-1.
2 PLC-Automata Programmable Logic Controllers (PLC) are real-time controllers with a cyclic behaviour. In each cycle the PLC polls input values from sensors or other PLCs, computes the new local state, and generates output values for actuators (or other PLCs). To deal with real-time problems, PLCs are enriched by a convenient timer concept. A PLC-Automaton describes the behaviour of a PLC by an extended nite state machine with three categories of variables, namely input, local, and output variables. A transition is labelled by a condition on these variables and a list of assignments to local and output variables. In every cycle a PLC-Automaton updates its input variables from the environment and performs (exactly) one transition according to the actual state and values of variables. The execution of a transition may be prohibited according to a state label which consists of a time value d (2 IR0) and a Boolean expression over the input variables. A state can only be left if it is held for longer than for d time units or the state expression evaluates to false. In order to increase their expressiveness and structuring facilities PLC-Automata are enhanced by a hierarchy concept which is based on state renement, i.e. a state can represent a set of substates and its label can also restrict the outgoing transitions of the substates. A system specication consists of a network of PLC-Automata which communicate asynchronously with each other through channels. Each channel links an output variable of one automaton to an input variable of another, i.e. communication is performed implicitly by updating every cycle the input variables of a PLC-Automaton with the current values of the corresponding output variables. The system network may also be structured hierarchically. In [5] the implemented version of PLC-Automata is related to its formal denition. All extensions implemented in Moby/plc, like variables and dierent kinds of transitions, are interpreted as abbreviations and can be unfolded. Fig. 1 shows a small part of a case study on securing a Single-tracked Line Segment (SLS) in Moby/plc. The case study is a topic within the UniForMproject and deals with the correct control of a single-tracked railway line by distributed PLCs. The right window of Fig. 1 contains the description of the system network and the left window gives the behavioural description of one component in terms of a PLC-Automaton. For further informations about the case study see [5]. 3 The Moby/plc-Tool An overview of the main components which are currently implemented in the Moby/plc-tool is given in Fig. 2. The central part of the tool is an interactive graphical editor for specifying a real-time system (i). Since the architectural part as well as the behavioural part of a specication may be structured hierarchically the editor comprises several dierent subeditors, e.g. system editors to describe
Fig. 1. SLS case study in Moby/plc the network of PLC-Automata or editors to specify automata and subautomata (see Fig. 1). In Moby/plc there are three ways to validate a given specication (ii, iii, iv). A simulator (ii) is able to execute a single or a set of PLC-Automata and to visualize its results directly in the graphical specication. The simulator is designed to support the interactive simulation of small modules as well as extensive tests of the whole specication in background mode [9]. Special analysis algorithms (iii) which are based on the Duration Calculus semantics of PLC-Automata can be used to statically calculate certain properties of an automaton, e.g. its reaction time on a given combination of inputs. The Timed Automata semantics denes how to compile a PLC-Automaton into a Timed Automaton. In order to use existing model checking systems for Timed Automata, we have currently implemented two compilers (iv) into the format of the Kronos tool [4] and of Uppaal [2]. The second compiler exploits the fact that Uppaal is able to handle automata extended by variables. Furthermore, a given specication can be translated automatically by a structural compilation into a special programming language for PLCs called ST (Structured Text)(v). By the use of commercial compilers the ST-code can be transformed into runnable source code for PLCs.
Analysis (iii) Algorithms Graphical Editor (i) (ii) Simulator Model Checking Compiler (iv) Visualisation Code-Generation (v) ST-Code PLC-Code Fig. 2. Components of Moby/plc 4 Conclusion In this paper we have sketched the modelling language and the features of the design tool Moby/plc. Although Moby/plc is already usable there are several extensions we are planning to implement. E.g. we want to evaluate and visualize the results of background runs of the simulator. In this context we need a formal description of the environment of a system. This can e.g. be achieved by a non-deterministic variant of PLC-Automata. Furthermore, it seems to be promising to expand the static analysis by further algorithms which calculate interesting properties based on the structure of a PLC-Automaton. Currently a graphical editor for Object-Z specications is developed. This editor should be integrated into Moby/plc in order to use Object-Z for the description of data aspects in PLC-Automata. Acknowledgements. The authors thank H. Fleischhack, E.-R. Olderog, and the other members of the \semantics group" in Oldenburg for fruitful discussions on the subject of this paper. References 1. R. Alur and D.L. Dill. A theory of timed automata. Theoretical Computer Science, 126:183{235, 1994. 2. J. Bengtsson, K.G. Larsen, F. Larsson, P. Pettersson, and Wang Yi. Uppaal { a Tool Suite for Automatic Verication of Real-Time Systems. In Hybrid Systems III, volume 1066 of LNCS, pages 232{243. Springer Verlag, 1996. 3. Zhou Chaochen, C.A.R. Hoare, and A.P. Ravn. A Calculus of Durations. Inform. Proc. Letters, 40/5:269{276, 1991. 4. C. Daws, A. Olivero, S. Tripakis, and S. Yovine. The tool Kronos. In Hybrid Systems III, volume 1066 of LNCS, pages 208{219. Springer Verlag, 1996. 5. H. Dierks and J. Tapken. Tool-Supported Hierarchical Design of Distributed Real- Time Systems. In Euromicro Workshop on Real Time Systems, pages 222{229. IEEE, 1998. 6. Henning Dierks. PLC-Automata: A New Class of Implementable Real-Time Automata. In ARTS'97, LNCS. Springer Verlag, May 1997.
7. Henning Dierks, Ansgar Fehnker, Angelika Mader, and Frits Vaandrager. Operational and Logical Semantics for Polling Real-Time Systems. In FTRTFT'98, LNCS. Springer Verlag, September 1998. 8. B. Krieg-Bruckner, J. Peleska, E.-R. Olderog, et al. UniForM Universal Formal Methods Workbench. In Statusseminar des BMBF Softwaretechnologie, pages 357{ 378. BMBF, Berlin, 1996. 9. Josef Tapken. Interactive and Compilative Simulation of PLC-Automata. In W. Hahn and A. Lehmann, editors, Simulation in Industry, ESS'97, pages 552 { 556. SCS, 1997.