Symbolic execution of programmable logic controller code

Shengjian Guo, Meng Wu, Chao Wang
2017 Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2017  
Programmable logic controllers (PLCs) are specialized computers for automating a wide range of cyber-physical systems. Since these systems are often safety-critical, software running on PLCs need to be free of programming errors. However, automated tools for testing PLC software are lacking despite the pervasive use of PLCs in industry. We propose a symbolic execution based method, named S PLC, for automatically testing PLC software written in programming languages speci ed in the IEC 61131-3
more » ... n the IEC 61131-3 standard. S PLC takes the PLC source code as input and translates it into C before applying symbolic execution, to systematically generate test inputs that cover both paths in each periodic task and interleavings of these tasks. Toward this end, we propose a number of PLC-speci c reduction techniques for identifying and eliminating redundant interleavings. We have evaluated S PLC on a large set of benchmark programs with both single and multiple tasks. Our experiments show that S PLC can handle these programs e ciently, and for multi-task PLC programs, our new reduction techniques outperform the state-of-the-art partial order reduction technique by more than two orders of magnitude. CCS CONCEPTS • Software and its engineering → Software veri cation and validation; Software testing and debugging; Software evolution;
doi:10.1145/3106237.3106245 dblp:conf/sigsoft/GuoWW17 fatcat:u2xfktp4wfghncok6w442nkyka