Automated Testing And Regression Testing For PLC Programs Conforming To IEC 61131-3

Industrial Control Systems(ICS)have been used widely in many safety-critical domains,such as smart power grids,nuclear power plants,and transportation systems.These areas play an essential role in modern society.A programmable logic controller(PLC)is an industrial computer that is capable of being programmed to perform control functions.Now,PLCs are the most widely-used industrial process control technology.Since the PLC software controls safety-critical infrastructures,its inherent defects may have severe consequences,such as financial and property losses.Since PLCs control safety-critical infrastructures,examining the PLC software satisfies the high-reliability specifications necessary to ensure the safeness of PLCs.However,prior works have limitations in finding defects in the PLC source code.Static verification techniques suffer from notable false positives without capturing runtime behavior.The symbolic execution and conformance testing technique captures the relations of inputs and outputs.It is not sufficient to consider only the data constraints as the PLC operates in real-time.In this paper,we propose a novel approach in the detection of the runtime behavior of PLC programs with incorporated time constraints.This testing approach automatically finds implementation errors in PLC programs by mining invariants from runtime traces.As the existing tools mine only data or time invariants which are inadequate to test PLC programs,our approach focuses on the interplay of data and time invariants.Dynamically detected data-time invariants are then checked with the safety specifications.We evaluate the usefulness of our approach in two real-life cases.The experimental results show that the proposed approach can find errors in PLC programs effectively.The software running inside the PLCs may be modified to satisfy the changed specifications.As the PLC mostly operates in a safety-critical environment,it is necessary to perform regression testing for the modified program.Existing regression testing techniques for PLC programs prioritize test cases of an existing test suite to detect errors in the modified program earlier.However,it is also critical to validate whether the behavior of the modified PLC program satisfying the changed specifications.In this paper,we propose a novel regression testing framework for PLC programs.Our framework identifies the modified part using the program slicing technique and generates test cases for the program slice including textual change.The test inputs of each slice containing changes are then exercised,and we mine data-time invariants to check whether the runtime behavior satisfies the new specifications.We evaluate the effectiveness of our framework with a real-life case.The experimental results show that the proposed framework effectively tests whether the modified PLC program matches the changed specifications.The general limitation of dynamic invariant detection is that it is constrained to a set of observed executions.The mined specification may not reflect the runtime behavior well if there are some missed execution paths of the program under test.In this paper,we propose a novel automatic test case generation algorithm.The algorithm aims to reach high branch coverage with fewer test case numbers.Besides,we mutate the automatically generated test suites to make the dynamically detected invariants more accurate.