1Visualization of PLC Programs using XMLM. Bani Younis and G. FreyJuniorprofessorship Agentenbased AutomationUniversity of KaiserslautemP. 0. Box 3049, D-67653 Kaiserslautem, GermanyAbstract - Due to the growing complexity of PLC programs there is an increasing interest in the application of formal methods in this area. Formal methods allow rigid proving of system properties in verification and validation. One way to apply formal methods is to utilize a formal design approach in PLC programming. However, for existing software that has to be optimized, changed, or ported to new systems .There is the need for an approach that can start from a given PLC program. Therefore, formalization of PLC programs is a topic of current research. The paper outlines a re-engineering approach based on the formalization of PLC programs. The transformation into a vendor independent format and the visualization of the structure of PLC programs is identified as an important intermediate step in this process. It is shown how XML and corresponding technologies can be used for the formalization and visualization of an existing PLC program.I. INTRODUCTIONProgrammable Logic Controllers (PLCs) are a special type of computers that are used in industrial and safety critical applications. The purpose of a PLC is to control a particular process, or a collection of processes, by producing electrical control signals in response to electrical process- related inputs signals. The systems controlled by PLCs vary tremendously, with applications in manufacturing, chemical process control, machining, transportation, power distribution, and many other fields. Automation applications can range in complexity from a simple panel to operate the lights and motorized window shades in a conference room to completely automated manufacturing lines.With the widening of their application horizon, PLC programs are being subject to increased complexity and high quality demands especially for safety-critical applications. The growing complexity of the applications within the compliance of limited development time as well as the reusability of existing software or PLC modules requires a formal approach to be developed [I]. Ensuring the high quality demands requires verification and validation procedures as well as analysis and simulation of existing systems to be carried out [2]. One of the important fields for the formalization of PLC programs that have been growing up in recent time is Reverse-engineering [3]. Reverse Engineering is a process of evaluating something to understand how it works in order to duplicate or enhance it. While the reuse of PLC codes is being established as a tool for combating the complexity of PLC programs, Reverse Engineering is supposed to receive increased importance in the coming years especially if exiting hardware has to be replaced by new hardware with different programming environmentsVisualization of existing PLC programs is an important intermediate step of Reverse Engineering. The paper provides an approach towards the visualization of PLC programs using 2XML which is an important approach for the orientation and better understanding for engineers working with PLC programs. The paper is structured as follows. First, a short introduction to PLCs and the corresponding programming techniques according to the IEC 61131-3 standard is given. In Section Ⅲ an approach for Re-engineering based on formalization of PLC programs is introduced. The transformation of the PLC code into a vendor independent format is identified as an important first step in this process. XML and corresponding technologies such as XSL and XSLT that can be used in this transformation are presented in Section IV. Section V presents the application of XML for the visualization of PLC programs and illustrates the approach with an example. The final Section summarizes the results and gives an outlook on future work in this ongoing project.Ⅱ PLC AND IEC 61131Since its inception in the early ‘70s the PLC received increasing attention due to its success in fulfilling the objective of replacing hard-wired control equipments at machines. Eventually it grew up as a distinct field of application, research and development, mainly for Control Engineering. IEC 61 131 is the first real endeavour to standardize PLC programming languages for industrial automation. In I993 the International Electrotechnical Commission [4] published the IEC 61131 Intemational Standard for Programmable Controllers. Before the standardization PLC programming languages were being developed as proprietary programming languages usable to PLCs of a special vendor. But in order to enhance compatibility, openness and interoperability among different products as well as to promote the development of tools and methodologies with respect to a fixed set of notations the IEC 61131 standard evolved. The third part of this standard defines a suit of five programming languages:Instruction List (IL) is a low-level textual language with a structure similar to assembler. Originated in Europe IL is considered to be the PLC language in which all other IEC61 131-3 languages can be translated.Ladder Diagram (LO) is a graphical language that has its roots in the USA. LDs conform to a programming style borrowed from electronic and electrical circuits for implementing control logics.Structured Text (STJ is a very powerful high-level language. ST borrows its syntax from Pascal, augmenting it with some features from Ada. ST contains all the essential elements of a modem programming language.Function Block Diagram (FBD) is a graphical language and it is very common to the process industry. In this language controllers are modelled as signal and data flows through function blocks. FBD transforms textual programming into connecting function blocks and thus improves modularity and software reuse.Sequential Function Chart (SFC) is a graphical language. SFC elements are defined for structuring the organization of programmable controller programs.One problem with IEC 61 131-3 is that there is no standardized format for the project information in a PLC programming tool. At the moment there are only vendor specific formats. This is also one reason for the restriction of formalization approaches to single programs or algorithms. However, recently the PLC users’ organization PLCopen (see http://www.plcopen.org) started a Technical Committee to define an XML based format for projects according to IEC 61131-3. This new format will ease the access of formalization tools to all relevant information of 3a PLC project.Ⅲ. RE-ENGINEERING APPROACHThe presented approach towards re-engineering (cf. Fig.1) is based upon the conception that XML can be used as a medium in which PLC codes will be transformed.This transformation offers the advantage of obtaining avendor independent specification code. (Even if the PLCopen succeeds in defining a standardized format for PLC applications, there will remain a lot of existing programs that do not conform to this standard.) Based on this code a step-wise transformation to a formal model (automata) is planned. This model can then be used for analysis, simulation, formal verification and validation, and finally for the re-implementation of the optimized algorithm on the same or another PLC.Since re-engineering of complete programs will, in most cases, be only a semi-automatic process, intermediate visualization of the code is an important point. At different stages of the process different aspects of the code and/or formal model have to be visualized in a way that a designer can guide the further work. XML with its powerful visualization and transformation tools is an ideal tool for solving this task.IV. XML AS A TOOL FOR VISUALIZATIONXML (extensible Markup Language) is a simple and flexible meta-language, i.e, a language for describing other languages. Tailored by the World Wide Web Consortium (W3C) as a dialect of SGML [S], XML removes two constraints which were holding back Web developments [6]. The dependence on a single, inflexible document type (HTML) which was being much abused for tasks it was never designed for on one side; and the complexity of full SGML, whose syntax allows many powerful but hard-to-program options on the other side.While HTML describes how data should be presented, XML describes the data itself. A number of industries and scientific disciplines-medical records and newspaper publishing among them-are already using XML to exchange information across platforms and applications. XML can be tailored to describe virtually any kind of information in a form that the recipient of the information can use in a variety of ways. It is specifically designed to support information exchange between systems that use fundamentally different forms of data representation, as for example between CAD and scheduling applications.4Using XML with its powerful parsers and inherent robustness in terms of syntactic and semantic grammar is more advantageous than the conventional method of using a lexical analyzer and a validating parser (cf. Fig. 2, [7]).The conventional method of analysis of program code requires a scanner (lexical analyser) which generates a set of terminal symbols (tokens) followed by a parser thatchecks the grammatical structure of the code and generates an object net. In the object net the internal structure of the program is represented by identified objects and the relations between them. Both the scanner and the parser to be used in this method are document oriented which implies that analysis of different types of documents requires rewriting the generated code for the scanner and the parser. An example of an application of this method can be found in [8].The most promising aspect of using XML instead is that XML and its complementary applications for transformations are standardized so as to provide maximum flexibility to its user.The XML based method is advantageous, since the lexical specification is an invariant component of XML; therefore the well-formedness is independent from the respective individual application.Hence, an XML-Parser also can transfer well-shaped XML documents in an abstract representation called Document Object Model (DOM) without using a grammar. DOM is an application programming interface (APII) for valid HTML and well-formed XML documents. It defines the logical structure of documents and the way a document is accessed and manipulated. In the DOM specification, the term “document“ is used in a broad sense increasingly. XML is used as a way of representing many different kind of information that may be stored in diverse systems, and much of this would traditionally be seen as data rather than as documents. 5Nevertheless, XML presents this data as documents, and the DOM can be used to manage this data[5].XSLT, the transformation language for XML is capable of transforming XML not only to another XML or HTML but to many other user-friendly formats. Before the advent of XSLT, the transformation of XML to any other format was only possible through custom applications developed in a procedural language such as C++, Visual Basic or, Java. This procedure lacked the generality with respect to the structural variation of XML documents. Capitalizing on the concept that the custom applications for the transformations are all very similar, XSLT evolved as a high-level declarative language [9]. XSLT functions in two steps. In the first step, it performs a structural transformation so as to convert the XML into a structure that reflects the desired output. The second stage is formatting the new structure into the required format, such as HTML or PDF (cf. Fig. 3 ). The most important advantage of this transformation is that it allows a simple and easily-conceivable representation of the document or data structure embedded inside the well-structured but hard-to-understand XML to be produced. When HTML is chosen as the format of the transformed produce it is possible to use the extensive ability of HTML to produce an easily-conceivable and attractive visualization of a program.Every XML document has its own syntax and vocabulary. Therefore, in addition to being well-formed, the XML document needs to conform to a set of rules. According to W3C recommendations this set of rules has to be defined either through a Document Type Definition (DTD) or an XML Schema. The rules defined in a DTD or an XML Schema state the hierarchical and structural constraints of the XML document.The DTD is for defining the document grammars; more recently a number of alternative languages have been proposed. The W3C XML Schema language replicates the essential functionality of DTDs, and adds a number of features: the use of XML instance syntax rather than an ad hoc notation, clear relationships between schemas and namespaces, a systematic distinction between element types and data types, and a single-inheritance form of type derivation. In other words schemas offer a richer and more powerful way of describing information than what is possible with DTDs. Fig. 4 shows the XML technologies discussed above and the connection 6between them.V. AN APPROACH FOR THE VISUALIZATION OFPLC PROGRAMSA. OverviewSince Instruction List (IL) is the most commonly used PLC language in Europe, the presented approach is based on this language. The proprietary IL dialect Siemens STEP 5 and the standardized version according to IEC 61131-3 are considered.The generation of XML documents showing different aspects of a PLC program is realized in the following three steps (cf. Fig. 5):1.Transformation of the PLC program to an XML document2.Validation of the XML against the XML Schema which sets the syntax of the XML3.Identification of the Instruction elements of the transformed XML according to the instruction set of the source PLCThese three steps are discussed in sub-sections B to D respectively. Sub-section E explains the visualization of the different XMLs obtained during the preceding steps.7Throughout this Section an example is used to illustrate the presented concepts. Fig. 6 shows a PLC code written in Instruction List Siemens S5. The PLC code is written in atabular form where each row element is either a delimited list consisting of address, label, instruction, operand and description or a comment.Kommentar :AutorErstellt :15.07.2003 Geaendert am: B1B:ONETZWERK 1 EMPFANGEN SLAVE 3 VON MASTERNAME :EMPE'MAST0005 :U M98.7 ABFRAGE OB EMPFANG MOEGLICH00060007 :SPB= MOOl00080009 :A DB140 EMPFANGSFACH IST DB 140OOOA :L KF+20 LAENGE DES DATENPAKETSoooc :T DLOOOOD :L KF+O ZIELNUMMER O=MASTEROOOF :T DRO00100011 :UNM98.7 FANGEN WIEDER ERLAUBEN0012 :S M98.70013 MOOl :NOP 000140015 :BE BAUSTEIN ENDEFig. 6 A PLC program written in Siemens S5 Instruction ListB. Conversion of a PLC Program inio a well-formed XML8Given a PLC program in ASCII format and in a tabular structure with separate columns for addresses, labels, instructions, operands and descriptions delimited by whitespaces, XSLT can convert it into a well-formed XML document. The XML document obtained through this transformation is a hierarchically structured document.Fig. 7 shows the XML document obtained through the transformation of the PLC code of Fig. 6. The XML document is structured in a hierarchy in which the root element is the IL Code Block representing the whole PLC code. Each of the rows of the PLC code is contained within a corresponding ILRow element which is M e r smtctured into child elements.Note: The structure chosen for the XML representation of IL-Code is oriented at the working proposal of the PLCopen.C. XML Validation against the XML SchemaThe XML obtained as a result of the previous processing can be validated using a validating parser that confirms that the XML document in addition to being well-formed conforms to the set of syntactic rules defined in context of the PLC programming language.D. rdenhpcation of instructionsThis step in the process of visualization of PLC programs using XML ensures that the XML document to be used for visualization contains only valid instructions.XSLT can be used to transform the well-formed and valid Xh4L to another XML which as a result of identification on instructions has an additional attribute appended to the instruction tags. This attribute notifies whether the instruction is a valid instruction of the concerned instruction set. This transformation procedure is also capable of attaching attributes to the instruction tags that declares a classification 9of the instructions into predefined classes.The instruction identification of the transformed XML proofs the semantic of the XML in accordance with the operation types of the PLC programming language.In the example of this section, (cf. Fig. 8), the new XML contains additional attributes which classify the instructions according to the type of operation it represents. The STEPS instructions are categorized into eleven different types of operations e.g. logical, jump, load or transfer operation assignment, etc.(Instruction instructionId='Logical Operation“)U-.SPB-BEFig. 8 A new transformed XML showing only the inslructions and thecorresponding instruction IDE. Visualization of XMLBoth of the XML documents generated above can be transformed into HTML or other readable documents with the help of XSL. An ingenious XSL can be designed so as to produce an HTML which can convey the logical and other features of the PLC program in an easily conceivable form. Moreover, the DOM structure embedded in the XML (cf. Fig. 9), also enables the user to navigate through the PLC programs in an easy way.For the example the visualization is done in HTML. This visualization is done for the transformed XML after the validation of it's syntax as a table where the child elements of the ILRow are the columns of this table.10The XML after the instruction identification is transformed using the XSL, where the instruction and the instruction Id, obtained after extracting the XML according to the type of operations are visualized in a table containing two columns (Instruction, Instruction Id) in HTML.The HTML structures suggested here are not the only possibilities, with which the XML can be visualized, but they give a very easy practical option for the user's grasp of the PLC code.Fig. IO shows the same PLC code as shown in Fig. 4 as a HTML document converted //www.w3.org/6. XML Home Page: hftp://xml.com/7. R. Kliewer, Reverse Engineering von Steuerungssojiware.Ph.D. thesis, University of Kaiserslautern, Germany,Institute for Production-Automation, 1999.8. M. Kay, XSLT - Programmer’s Reference. ISBN1861005067, Wrox Press Ltd200113可視化的PLC程序使用XML米巴尼尤尼斯和 G.弗雷摘要:由于 P LC程序日益復(fù)雜,在 PLC應(yīng)用方面有越來(lái)越多的興趣愛(ài)好者。形式化方法,讓僵化的證明系統(tǒng)屬性被核查和驗(yàn)證。一個(gè)傳統(tǒng)思路的方法就是在 PLC編程中設(shè)立一個(gè)正式的設(shè)計(jì)方法。不過(guò),現(xiàn)有的軟件已被優(yōu)化,改變,或移植到新系統(tǒng).有需要找到從某一 PLC程序開(kāi)始的方法。因此,規(guī)范 PLC程序是一個(gè)現(xiàn)在研究的熱點(diǎn)。該文章概述了基于形式化的 PLC程序基礎(chǔ)上從新啟動(dòng)的方法。轉(zhuǎn)型成為一個(gè)獨(dú)立的格式和可視化的結(jié)構(gòu),在這個(gè)過(guò)程中,PLC 程序的確定是作為這項(xiàng)措施的重要中間步驟。這表明如何 XML和相應(yīng)的技術(shù)可用于形式化和可視化現(xiàn)有的 PLC程序。一 導(dǎo)言 可編程邏輯控制器(PLC )是一種特殊類型的計(jì)算機(jī),它應(yīng)用于工業(yè)和安全的關(guān)鍵地方。應(yīng)用 PLC的目的是控制某一特定的或可選擇的過(guò)程,它是通過(guò)產(chǎn)生的電控制信號(hào)回應(yīng)電器中相關(guān)的輸出信號(hào)來(lái)實(shí)現(xiàn)的。應(yīng)用在制造業(yè)和化工過(guò)程控制,機(jī)械加工,交通,電力分配,以及其他許多領(lǐng)域。PLC 控制有著極大的不同,自動(dòng)化應(yīng)用范圍的復(fù)雜性從一個(gè)簡(jiǎn)單的小組運(yùn)作到控制一個(gè)會(huì)議室的的燈光和自動(dòng)窗成為一個(gè)全自動(dòng)化的生產(chǎn)線。隨著他們應(yīng)用 PLC知識(shí)的增加,他們把 PLC應(yīng)用到復(fù)雜性和品質(zhì)要求高的地方,特別是對(duì)安全性要求特別嚴(yán)格的地方。由于在有限的時(shí)間里 PLCD的發(fā)展應(yīng)用日益復(fù)雜,現(xiàn)有的軟件或 PLC的模塊也在迅速發(fā)展,以此,需要一個(gè)正式的辦法加以規(guī)范 。為了確保高品質(zhì)的要求,我們需要檢查和驗(yàn)證程序,以及分析和模擬現(xiàn)有系統(tǒng)[ 2 ] 。其中一個(gè)重要的領(lǐng)域就是已經(jīng)在最近的時(shí)間成長(zhǎng)在規(guī)范化的 PLC程序是逆向工程[ 3 ] 。逆向工程是通過(guò)評(píng)估達(dá)到了解它的運(yùn)轉(zhuǎn)過(guò)程,以達(dá)到重復(fù)或加強(qiáng)的目的。而重用的 PLC守則正在建立,作為一種打擊復(fù)雜 PLC程序的工具,逆向工程在今后幾年將得到越來(lái)越多的重要性,特別是如果現(xiàn)有的硬件被適用于各種不同程序環(huán)境的新硬件所取代的情況下。現(xiàn)有的 PLC程序的可視化是逆向工程一個(gè)重要的中間步驟。本文章提供了一個(gè)方法,使用 XML使 PLC程序可視化,讓 PLC程序工程師更容易把握方向和更好地了解。該文件的結(jié)構(gòu)如下。首先,簡(jiǎn)單的介紹了 PLC(根據(jù)國(guó)際電工委員會(huì) 61131-3的標(biāo)準(zhǔn)是給予)和相應(yīng)的編程技巧,。在第三部分,在現(xiàn)有基礎(chǔ)上用形式化 PLC程序重新設(shè)計(jì)方法的介紹。PLC 代碼轉(zhuǎn)型成為一個(gè)獨(dú)立的格式被確定為在這個(gè)過(guò)程中重要的第一步。XML 和相應(yīng)的技術(shù),例如 XSL和 XSLT(第四節(jié)可以使用的這種轉(zhuǎn)變)。第五部分提出了應(yīng)用 XML的使 PLC程序可視化的方法并用一個(gè)例子做出說(shuō)明。最后一節(jié)總結(jié)了結(jié)果,并就今后的工作在這方面正在進(jìn)行的項(xiàng)目做了一個(gè)前景的展望。二 PLC 和 IEC 61131自從七十年代初期公布于世,由于它的成功的完成目的,取代了機(jī)器上的硬連線控制設(shè)備,PLC 日益受到重視,。最終它作為一個(gè)獨(dú)特的應(yīng)用領(lǐng)域成長(zhǎng)起來(lái),它的研究和開(kāi)發(fā),主要是為控制工程。IEC61131是為工業(yè)自動(dòng)化第一次真正的努力來(lái)規(guī)范 PLC的編程語(yǔ)言。在 1993國(guó)際電工委員