A non-intrusive method to make safe existing PLC Program

Abstract

This paper presents an original non-intrusive method to make safe existing Programmable Logic Controller (PLC) program for manufacturing systems. In this work, manufacturing systems are considered as Discrete Event Systems (DES) with logical Inputs (sensors) and logical Outputs (actuators). Usually, to guarantee the safety of a PLC program it is necessary to use either tests or formal methods like model-checking to verify that safety and functional properties are respected. This works has to be managed by an expert who is not often the engineer in charge of PLC programming because it requires specific competencies. The idea in this paper is not to check a specific PLC program but to add at the end of the PLC program, a specific algorithm based on Boolean safety constraints (designed and formally checked by the expert) which is going to authorize or forbid the PLC outputs in order to guarantee the safety. The set of Boolean safety constraints is defined independently from the controller specification and depends only on the system. The algorithm is presented in details in the paper and illustrated with a 4 cylinders system. The approach has also been successfully applied on real PLC programs from SNCF (French acronym for National Society of French Railways) to control the Power Supply Equipment of the Electric Lines (PSEEL). This approach can also be used to design safe PLC program by separating the functional part from the safety part. That allows to result in a safe control, really different from a conventional approach based on a complete specification for instance in GRAFCET (IEC 60848) that does not distinguish the functional aspect from the safety aspect.