Verification of Sequential Function Charts Using SMV S´ ebastien Bornot Ralf Huuck Ben Lukoschus Institute of Computer Science and Applied Mathematics University of Kiel, Preußerstr. 1–9, D-24105 Kiel, Germany Yassine Lakhnech Verimag, Centre Equation, 2 av. de Vignate, F-38610 Gi` eres, France Abstract Sequential function charts (SFCs) are defined as a modeling language in the IEC 1131-3 standard [1] and can be used to structure and drive programmable logic controllers (PLCs). It includes interesting concepts as hierarchy, history variables and priority. As the typical application area of this language is the control of industrial processes, it is obvious that safety and reliability is a crucial goal for systems using SFCs. In this work we give an abstract formal model for SFCs and present a method to automatically verify proper- ties concerning the safety of such systems using the model checking tool SMV (Symbolic Model Veri- fier) [2, 3]. Keywords: programmable logic controllers, sequential function charts, hierarchy, model checking, SMV 1 Introduction The market for industrial process control and in- strumentation has been continuously and rapidly growing within the last ten years and is expected to grow further in the future. Programmable logic controllers (PLCs) are the backbone of most au- tomation projects and their market is expected to increase in even greater portion. Among the in- dustries where they are used for controlling pur- poses are power generation, steel production, wa- ter, chemical and petrochemical [4]. Although PLCs are widely used, hardly any ver- ification tools are available for them. This contri- This work has been partially supported by the European Community in the Esprit Long-Term Research Project 23498 “VIRES” (Verifying Industrially Relevant Systems). bution aims at providing one solution for a high level validation of PLC programs and, thus, in- creasing the safety and reliability of PLC soft- ware. We focus on the structuring and program- ming language called sequential function charts, (SFCs), and present a model-checking [5, 6] ap- proach. Therefore, we provide a translation from an abstract model of SFCs to the input language of the Symbolic Model Verifier (SMV) [2, 3]. This enables the validation of SFCs by verifying CTL formulae [7]. The remainder of this work is organized as fol- lows: In order to give a clear idea of SFCs, we first introduce them informally in Section 2. Subse- quently, we present the formal syntax in Section 3 which later will be translated to the SMV syntax and briefly explain their semantics in Section 4. The translation itself as well as an illustrating ex- ample is described in Section 5. Finally, we draw some conclusions and discuss related work. 2 The SFC Language SFCs are defined in [1] as elements of a graphical programming and structuring language for PLCs. The SFC elements provide means of partitioning a PLC program organization unit into steps and tran- sitions. Each SFC has exactly one initial step. As- sociated which each step is a sequence of actions, which are either instructions in one of the other programming languages proposed by the standard or again an SFC. Hence, it is possible to have a nesting of SFCs. Moreover, with each transition a transition condition, also called guard, is associ- ated. An example of an SFC is depicted in Fig. 1.