Formal Verification of PLCs as a Service: A CERN-GSI Safety-Critical Case Study (extended version)

TL;DR

This paper presents a formal verification service for PLC programs that ensures safety compliance, reduces errors, and is applicable to real-world safety-critical systems, demonstrated through a CERN-GSI case study.

Contribution

It introduces a formal verification service for PLCs that includes modeling time-dependent components, offering an external, standards-compliant solution for safety-critical applications.

Findings

Successful verification of safety-critical PLCs at CERN-GSI

Extended modeling techniques for time-dependent components

Cost-effective external verification process

Abstract

The increased technological complexity and demand for software reliability require organizations to formally design and verify their safety-critical programs to minimize systematic failures. Formal methods are recommended by functional safety standards (e.g., by IEC 61511 for the process industry and by the generic IEC 61508) and play a crucial role. Their structured approach reduces ambiguity in system requirements, facilitating early error detection. This paper introduces a formal verification service for PLC (programmable logic controller) programs compliant with functional safety standards, providing external expertise to organizations while eliminating the need for extensive internal training. It offers a cost-effective solution to meet the rising demands for formal verification processes. The approach is extended to include modeling time-dependent, know-how-protected components, enabling formal verification of real safety-critical applications. A case study shows the application of PLC formal verification as a service provided by CERN in a safety-critical installation at the GSI particle accelerator facility.