View metadata, citation and similar papers at core.ac.

uk brought to you by CORE

provided by DSpace at VSB Technical University of Ostrava

Overview of distributed control systems formalisms 253

OVERVIEW OF DISTRIBUTED CONTROL SYSTEMS FORMALISMS

P. Hole ko

Department of Control and Information Systems, Faculty of Electrical Engineering, University of Žilina
Univerzitná 8216/1, SK 010 26, Žilina, Slovak republic, tel.: +421 41 513 3343, e-mail: holecko@fel.uniza.sk

Summary This paper discusses a chosen set of mainly object-oriented formal and semiformal methods, methodics,
environments and tools for specification, analysis, modeling, simulation, verification, development and synthesis of
distributed control systems (DCS).

1. INTRODUCTION interconnected by a network for the purpose of

communication and monitoring.
Increasing demands on technical parameters, In the next section the problem of formalizing
reliability, effectivity, safety and other the processes of DCS’s life-cycle will be discussed.
characteristics of industrial control systems initiate
distribution of its control components across the 3. FORMAL METHODS
plant. The complexity requires involving of formal
The main motivations of using formal concepts
methods in the process of specification, analysis,
are [9]:
modeling, simulation, verification, development, and
In the process of formalizing informal
in the optimal case in synthesis of such systems.
requirements, ambiguities, omissions and
contradictions will often be discovered;
2. DISTRIBUTED CONTROL SYSTEM
The formal model may lead to hierarchical semi-
A common general definition of a distributed automated (or even automated) system
system describes it as a system consisting of several development methods;
intelligent devices cooperating for common purpose. The formal model can be verified for correctness
Intelligent devices (microcomputers, workstations, by mathematical methods;
robots etc.) support processes, which coordinate A formally verified subsystem can be
activities and information exchange via a incorporated into a larger system with greater
communication network. In order to call a device confidence that it behaves as specified;
“intelligent”, it must fulfill following requirements Different designs can be evaluated and compared.
(Fig. 1):
Contain some kind of processor or CPU for In general, formal methods for distributed control
processes realization and decision making; systems must address the following problems:
Dispose sufficient memory capacity for I. Modeling - Select appropriate models and
information storage. formal notations for adequately describing
controlled and control system. These notations must
deal with the dynamic and reactive nature of the
controlled system, and allow for the proper
expression of timing properties.
II. Verification - The verifier is presented with a
formal mathematical model of the system, and a
specification S of how the controlled system should
behave. The verification problem involves
demonstrating that the model of the system satisfies
IU – Intelligent Unit the specification S.
GW – Gateway III. Developme nt - In controller development a
P – Process specification S is given that the plant must satisfy
ASIC – Application (the controller is not given). A disciplined method is
Specific Integrated sought whereby designers can be helped to construct
Circuit
a controller so that system model satisfies S. In
development the controller should be built in a
Fig. 1 Example of distributed control system and modularly structured compositional fashion
intelligent device structure (controller architecture)
.

The term Distributed Control System (DCS) IV. Synthesis – If controller development is fully
denotes a control system, usually of a manufacturing automated, then such process is called synthesis.
system, process or other type of dynamic system, in A chosen set of methodics, environments and
which the control elements are distributed and tools fully or partially satisfying the specified
254 Advances in Electrical and Electronic Engineering

requirements related to formalisms will be approach is dedicated to a special class of DCS,

introduced. which are organized as several periodic processes,
with nearly the same working period, but without
3.1 Sequential Function Chart common clock, and which communicate by means
of shared memory through serial links or field
The primary objective of Sequential Function busses.
Chart (SFC++) is the implementation of graphical
modeling formalism for design, validation,
simulation and automatic code generation of Specification: centralized model
industrial systems, graphical language for
programming its control software and supervisory
level control tool for control, monitoring, SCADE editor
diagnostics etc. [10]. The aim of the running project Simulation
Automated tests
is also creation of visual programming environment, SCADE generation
which integrates the advantages of object-oriented function Formal verification
model
modeling for design and simulation and the
performance of distributed control systems (i.e.
Distribution
computers with real-time operating systems SCADE editor protocol
interconnected via industrial networks). To bypass
the differences between object-oriented model and
SCADE
implementation level, on which run several parallel Distributed
Robust properties
tasks, a standard formalism (IEC, 1988; UTE, 1992) analyzator
functions
is used for describing of system dynamics and
programming of control system based on Sequential Environment
SCADE editor
Function Chart (SFC). emulation

Debugging Distributed Simulation

I/O Module implementation Automated tests
Module
model generation
Formal verification
Performance validation
RunTime
Module Local Data
SCADE code Communication
System SFC++ generator library
Model Editor Evolution Event
Module Manager
Development Subsystem RunTime Subsystem
code code code

Fig. 3 CRISYS methodology scheme

Fig. 2 SFC++ logical architecture

3.3 The ISILEIT project

SFC++ is intended for control systems using
single or multiprocessor computers or PLCs with The ISILEIT (Integrative Specification of
real-time operating systems ((RTOS) interconnected Distributed Control Systems for the Flexible
by local networks and with control buses connecting Automated Manufacturing) project aims at the
the process and other devices. development of a seamless methodology for the
integrated design, analysis and validation of
3.2 The Crisys project distributed production control systems [6]. Its focus
is the use of existing techniques which should be
The Crisys project aims at improving, improved with respect to formal analysis, simulation
unification and formalization of the actual methods, and automatic code generation. The integration of
techniques and tools used in the industries concerned SDL block diagrams, UML statecharts and
with process control, in order to support a global collaboration diagrams formed an executable
system approach when developing DCS [2],[3]. The specification language that allows specifying
main result of Crisys project is quasi-synchronous reactive behavior as well as complex application
approach based on synchronous language Lustre [7] specific object structures. To ensure the correctness
and associated tool SCADE (Safety Critical of the design at the earliest stage, validation in form
Application Development Environment) [1]. This of simulation and formal verification is integrated
Overview of distributed control systems formalisms 255

into the process. The developed simulation common object-oriented problems in general
environment can be used to prove that the generated domain.
executable code meets the requirements.
3.5 Architecture Description Language

System
The Architecture Description Language (ADL)
specification Create system is defined as a language which disposes of
Create system
model
specification
(FUJABA) capabilities for modeling conceptual architecture of
both hardware and software systems [8]. The
System object
V Instance of ASM language provides models, notations and tools for
model data structure
V E description of components and its interactions,
particularly with regard to large-scale high-level
A R designs. It supports the selection of principles,
Generate Instantiate system in
executable model L I ASM meta-model
application of architecture paradigms, abstraction
and designs implementation.
I F
Java
D I ASM model The main properties of the language include
appliaction
explicit specification of:
A C components,
Validate system
T A Prepare ASM for connectors,
model by
model-checking interfaces,
execution I T configurations.
O I Model checking
A component represents a computation unit or
N O input
data store and forms loci of computation and state. A
N connector is a construction block used for modeling
Run model-checker
of interactions among components and for modeling
Design errors
or rules, which govern those interactions. The
Fig. 4 ISILEIT methodology evaluation activities interfaces ensure correct connectivity and
communication of components. Architectural
configuration or topology is connected graph of
3.4 DCS Modeler, DCS Simulator components and connectors which describes
architectural structure.
During design of object-oriented simulation
model of a DCS several requirements were
considered [4]: 3.6 IEC 614 99

a) Dynamic behavior of each component device The IEC 61499 standard modified the Function
within DCS can be considered to be a Finite State Block (FB) concept of the IEC 61131-3 standard
Machine (FSM); taking into account the FB concept in field-bus
b) Overall state of simulation model of a DCS is standardization IEC 61804 [5]. Thus the elementary
changing and is determined through model of IEC 61499 is a function block, which
communication events among component device forms the basic structural block of the entire
models; application. There are two types of function blocks:
c) Component device models of simulation model of basic function blocks and composite function blocks.
a DCS should correspond with physical sensors Composite function blocks contain other composite
and actuators in order to simplify the construction blocks and/or basic function blocks. Basic function
of DCS simulation model; block contains algorithm and an Execution Control
d) Device model consists of diverse combinations of Chart (ECC). Even though the IEC 61499 has some
device component models; similarities with its predecessor IEC 61131
e) Events among component device models are regarding structural hierarchy and atomic structural
transmitted at a level within device or at a level construct, function blocks concept, it established a
among devices. special different concept. Primarily the standard
introduced an event-driven approach of interaction
The DCS simulation model should be combined among function blocks, whereas existing standards
with network model in order to evaluate the event and languages use data or signal communication
communication at the inter-device level. To solve among elements with assumption of cyclic
these requirements principles using Design Patterns execution. The standard is defined as a generic
are widely used. This approach specifies reusable standard hence not limiting user to apply of a
mechanisms for cooperation and interaction between specific implementation language, communication
classes or between objects for the purpose of solving protocol or hardware components. This enables
256 Advances in Electrical and Electronic Engineering

generation of heterogeneous networks of distributed REFERENCES

control applications.
[1] Bergerand, J.L., Pilaud, E.: SAGA: A Software
Development Environment for Dependability in
Automatic Control. Safecomp’88, Pergamon
event inputs event outputs Press, 1988.
FB call name [2] Caspi, P., Curic, A., Maignan, A., Sofronis, C.,
event flow event flow Tripakis, S., Niebert, P.: From Simulink to
SCADE/Lustre to TTA: a Layered Approach
Algorithm for Distributed Embedded Applications.
realization control
(hidden)
Proceedings of the 2003 ACM SIGPLAN
conference on Language, compiler, and tool for
embedded systems, pp. 153-162, San Diego,
California, USA, ISSN 0362-1340, 2003.
FB type
[3] Caspi, P., Mazuet, C., Paligot, N.R.: About the
data flow Algorithm (hidden) data flow
Design of Distributed Control Systems: The
Quasi-Synchronous Approach. SAFECOMP
2001, LNCS 2187, pp. 215-226, 2001.
Internal data
(hidden) [4] Tomura, T., Uehiro, K., Kanai, S., Yamamoto,
S.: Developing Simulation Models of Open
Distributed Control System by Using Object-
Oriented Structural and Behavioral Patterns.
Proceedings of the Fourth International
data inputs data outputs
Symposium on Object-Oriented Real-Time
source capabilities Distributed Computing (ISORC’01), 2001.
(FB realization planning, projection to [5] Frey, G., Hussain, T.: Modeling Techniques for
communication objects and process variables)
Distributed Control Systems based on the IEC
61499 - Current Approaches and Open
Fig. 5 Function Block (FB) model according to IEC
61499-1 standard Problems. Proceedings of the 8th International
Workshop on Discrete Event Systems
(WODES 2006), Ann Arbor, Michigan, USA,
The IEC 61499 standard defines open pp. 176-181, 2006.
architecture for design, development, simulation, [6] Giese, H., Kardos, M., Nickel, U.: Integrating
testing and implementation of distributed control Verification in a Design Process for
and automation systems. Distributed Production Control Systems. Proc.
of Second International Workshop on
4. CONCLUSION Integration of Specification Techniques for
The introduced selected set of formal and Applications in Engineering (INT2002),
semiformal methodics, methods, environments and Grenoble, France, 2002.
tools is designed to be involved in the process of [7] Halbwachs, N., Caspi, P., Raymond, P., Pilaud,
specification, design, analysis, modeling, simulation, D.: The synchronous dataflow programming
verification, development and synthesis of language Lustre. Proceedings of the IEEE, pp.
distributed control systems used in industrial 1305-1320, ISSN 0018-9219, 1991.
environments. The formalization of these activities [8] Medvidovic, N., Colbert, E.: Architecture
enables exact formulation and testing of diverse Description Languages. Center for Software
system requirements, parameters, functionalities, Engineering, 2003.
structures etc. The formal outputs of these processes [9] Ostroff J.S.: Formal Methods for the
may be subject of appraisal of supervisory authority Specification and Design of Real-Time Safety
to guarantee the correctness of the entire procedure Critical Systems. Journal of Systems and
and meeting the specified requirements. Software, Vol. 18, No. 1, pp 33-60, April 1992.
[10] Pardo, X.C., Ferreiro, R., Vidal, J.: SFC++:
A Tool for Developing Distributed Real Time
Acknowledgement Control Software. Advanced technologies in
manufacturing, pp. 197-202, ISBN 84-95138-
The work has been supported by KEGA project Nr. 08-5, 1998.
K-057-06-00: Innovation of laboratory education
methodics on the basis of modelling and simulation [11] Zeigler, B., Praehofer, H., Kim, T.G.: Theory
in Matlab program environment in combination with of Modeling and Simulation, Second Edition.
educational models using e-learning. Academic Press, USA, ISBN 0-12-778455-1,
2000.