Int J STTT (2002) 4: 21–33 / Digital Object Identifier (DOI) 10.1007/s10009-002-0079-0 Verification and optimization of a PLC control schedule 1 1 2 Ed Brinksma , Angelika Mader , Ansgar Fehnker 1 Faculty of Computer Science, University of Twente, Netherlands; E-mail: {brinksma,mader} 2 Electrical Computer Engineering, Carnegie Mellon University, USA; E-mail: ansgar@ Published online: 2 October 2002 –  Springer-Verlag 2002 Abstract. We report on the use of model checking tech- munity. The presence of both discrete and continuous niques for both the verification of a process control pro- phenomena in such systems poses an inspiring challenge gram and the derivation of optimal control schedules. Most for our specification and modelling techniques, as well as of this work has been carried out as part of a case study for for our analytic capacities. This has led to the develop- the EU VHS project (Verification of Hybrid Systems), in ment of new, expressive models, such as timed and hy- which the program for a Programmable Logic Controller brid automata [3, 16], and new verification methods, most (PLC) of an experimental chemical plant had to be de- notably model checking techniques involving a symbolic signed and verified. The original intention of our approach treatment of real-time (and hybrid) aspects [7, 11, 17]. was to see how much could be achieved here using the stan- An important example of hybrid (embedded) systems dard model checking environment of SPIN/Promela. As are process control programs, which involve the digital the symbolic calculations of real-time model checkers can control of processing plants, e.g., chemical plants. A class be quite expensive it is interesting to try and exploit the of process controllers


