喜歡這套資料就充值下載吧。資源目錄里展示的都可在線預(yù)覽哦。下載后都有,請(qǐng)放心下載,文件全都包含在內(nèi),有疑問咨詢QQ:1064457796
可視化的PLC程序使用XML
米巴尼尤尼斯和G.弗雷
摘要:由于PLC程序日益復(fù)雜,在PLC應(yīng)用方面有越來越多的興趣愛好者。形式化方法,讓僵化的證明系統(tǒng)屬性被核查和驗(yàn)證。一個(gè)傳統(tǒng)思路的方法就是在PLC編程中設(shè)立一個(gè)正式的設(shè)計(jì)方法。不過,現(xiàn)有的軟件已被優(yōu)化,改變,或移植到新系統(tǒng).有需要找到從某一PLC程序開始的方法。因此,規(guī)范PLC程序是一個(gè)現(xiàn)在研究的熱點(diǎn)。該文章概述了基于形式化的PLC程序基礎(chǔ)上從新啟動(dòng)的方法。轉(zhuǎn)型成為一個(gè)獨(dú)立的格式和可視化的結(jié)構(gòu),在這個(gè)過程中,PLC程序的確定是作為這項(xiàng)措施的重要中間步驟。這表明如何XML和相應(yīng)的技術(shù)可用于形式化和可視化現(xiàn)有的PLC程序。
I導(dǎo)言
可編程邏輯控制器(PLC )是一種特殊類型的計(jì)算機(jī),它應(yīng)用于工業(yè)和安全的關(guān)鍵地方。應(yīng)用PLC的目的是控制某一特定的或可選擇的過程,它是通過產(chǎn)生的電控制信號(hào)回應(yīng)電器中相關(guān)的輸出信號(hào)來實(shí)現(xiàn)的。應(yīng)用在制造業(yè)和化工過程控制,機(jī)械加工,交通,電力分配,以及其他許多領(lǐng)域。PLC控制有著極大的不同,自動(dòng)化應(yīng)用范圍的復(fù)雜性從一個(gè)簡(jiǎn)單的小組運(yùn)作到控制一個(gè)會(huì)議室的的燈光和自動(dòng)窗成為一個(gè)全自動(dòng)化的生產(chǎn)線。
隨著他們應(yīng)用PLC知識(shí)的增加,他們把PLC應(yīng)用到復(fù)雜性和品質(zhì)要求高的地方,特別是對(duì)安全性要求特別嚴(yán)格的地方。由于在有限的時(shí)間里PLCD的發(fā)展應(yīng)用日益復(fù)雜,現(xiàn)有的軟件或PLC的模塊也在迅速發(fā)展,以此,需要一個(gè)正式的辦法加以規(guī)范 。為了確保高品質(zhì)的要求,我們需要檢查和驗(yàn)證程序,以及分析和模擬現(xiàn)有系統(tǒng)。其中一個(gè)重要的領(lǐng)域就是已經(jīng)在最近的時(shí)間成長在規(guī)范化的PLC程序是逆向工程。逆向工程是通過評(píng)估達(dá)到了解它的運(yùn)轉(zhuǎn)過程,以達(dá)到重復(fù)或加強(qiáng)的目的。而重用的PLC守則正在建立,作為一種打擊復(fù)雜PLC程序的工具,逆向工程在今后幾年將得到越來越多的重要性,特別是如果現(xiàn)有的硬件被適用于各種不同程序環(huán)境的新硬件所取代的情況下。
現(xiàn)有的PLC程序的可視化是逆向工程一個(gè)重要的中間步驟。本文章提供了一個(gè)方法,使用XML使PLC程序可視化,讓PLC程序工程師更容易把握方向和更好地了解。
該文件的結(jié)構(gòu)如下。首先,簡(jiǎn)單的介紹了PLC(根據(jù)國際電工委員會(huì)61131-3的標(biāo)準(zhǔn)給予)和相應(yīng)的編程技巧。在第三部分,在現(xiàn)有基礎(chǔ)上用形式化PLC程序重新設(shè)計(jì)方法的介紹。PLC代碼轉(zhuǎn)型成為一個(gè)獨(dú)立的格式被確定為在這個(gè)過程中重要的第一步。XML和相應(yīng)的技術(shù),例如XSL和XSLT(第四節(jié)可以使用的這種轉(zhuǎn)變)。第五部分提出了應(yīng)用XML的使PLC程序可視化的方法并用一個(gè)例子做出說明。最后一節(jié)總結(jié)了結(jié)果,并就今后的工作在這方面正在進(jìn)行的項(xiàng)目做了一個(gè)前景的展望。
2 PLC和IEC 61131
自從七十年代初期公布于世,由于它的成功的完成目的,取代了機(jī)器上的硬連線控制設(shè)備,PLC日益受到重視,。最終它作為一個(gè)獨(dú)特的應(yīng)用領(lǐng)域成長起來,它的研究和開發(fā),主要是為控制工程。
IEC61131是為工業(yè)自動(dòng)化第一次真正的努力來規(guī)范PLC的編程語言。在1993國際電工委員會(huì)[ 4 ]上公布了IEC 61131作為可編程控制器標(biāo)準(zhǔn)。在標(biāo)準(zhǔn)化PLC的編程語言之前,正在制定為了個(gè)別PLC實(shí)用的專有編程語言。為了提高不同產(chǎn)品的兼容性,開放性和互操作性以及為了促進(jìn)工具和方法的發(fā)展,國際電工委員會(huì)61131標(biāo)準(zhǔn)設(shè)立固定的一套符號(hào)。第三部分,定義了一個(gè)適合5種編程語言標(biāo)準(zhǔn):
Originated (IL)語言是一種低層次的文本語言, 其結(jié)構(gòu)類似于匯編語言。Originated語言L被視為PLC的在所有其他IEC61 131-3語言都可以翻譯語言。
梯形圖(L0)是一種被認(rèn)為起源于于美國的圖形語言。LDS符合從電子及電器電路實(shí)施控制邏輯的編程風(fēng)格。
結(jié)構(gòu)化文本(ST)是一個(gè)非常強(qiáng)大的高層次的語言。圣借從帕斯卡爾那里借用了它的語法,充實(shí)它的一些特點(diǎn)。圣包含一個(gè)現(xiàn)在編程語言多要求的所有要素。
功能塊圖(FBD)是一種圖形語言,在工業(yè)流程里是非常常見的。在這種語言中,控制器被認(rèn)為是可在功能塊之間流動(dòng)的信號(hào)和數(shù)據(jù)。FBD把換文本編程轉(zhuǎn)變?yōu)楣δ軌K編程,因而提高了模塊化和軟件重用性。
順序功能圖(SFC)是一個(gè)圖形化的語言。SFC要素的定義是為了構(gòu)建可編程序控制器程序的組織。
其中在IEC 61 131-3中出現(xiàn)的一個(gè)問題就是在PLC的編程工具的工程信息中沒有一個(gè)標(biāo)準(zhǔn)化的格式。目前,每個(gè)廠商都在運(yùn)用他們各自的具體的不同格式。這亦是其中一個(gè)原因就是被限制了的形式化的做法,以單一的程序或算法。不過,最近的PLC用戶組織PLCopen (見http://www.plcopen.org )組織了一個(gè)技術(shù)委員會(huì),以確定一個(gè)基于格式accordingto的IEC 61131-3的XML項(xiàng)目 。這種新格式將緩解形式化的工具,使之成為 PLC項(xiàng)目的所有相關(guān)的信息。
3重新設(shè)計(jì)的方法
對(duì)于重新設(shè)計(jì)所提出的態(tài)度,(參見圖1 )是基于認(rèn)為XML可作為一種中間媒體語言用來改造PLC的代碼。
這種轉(zhuǎn)變提供了取得avendor獨(dú)立規(guī)格代碼優(yōu)勢(shì),(即使PLCopen成功地確定了一種標(biāo)準(zhǔn)化的格式為PLC所應(yīng)用,仍將有很多現(xiàn)有的程序不符合這個(gè)標(biāo)準(zhǔn))。
圖 1
在此代碼基礎(chǔ)上的一個(gè)明智步驟轉(zhuǎn)型到一個(gè)正式的模型(自動(dòng)機(jī))正在計(jì)劃之中。這個(gè)模型可以用來進(jìn)行分析,模擬仿真,正式的檢查和驗(yàn)證,最終對(duì)同一PLC或其他產(chǎn)品重新執(zhí)行該優(yōu)化算法。
一個(gè)很大的可能就是這個(gè)完成編程的逆向啟動(dòng)只能是一個(gè)半自動(dòng)的過程,中間可視化的代碼是最重要的一點(diǎn)。在過程中的不同階段,代碼或形式化模型不同方面的都必須是可視化的設(shè)計(jì)方式,只有這樣設(shè)計(jì)者才可以進(jìn)一步的指導(dǎo)工作。XML以其強(qiáng)大的可視化和改造工具,成為解決這方面的工作的一種理想的工具。
4 作為一種可視化工具的XML
XML (可擴(kuò)展標(biāo)記語言)是一種簡(jiǎn)單而靈活的元語言,即一種描述其他語言的語言。由萬維網(wǎng)協(xié)會(huì)( W3C )裁定(W3C)作為一個(gè)方言SGML分支語言, XML的刪除兩個(gè)阻礙網(wǎng)絡(luò)發(fā)展制約因素。依賴于一個(gè)單一的,一成不變的文件類型( HTML ),這種文件類型中大部分被濫用任務(wù),這是從來沒有設(shè)計(jì)為對(duì)一方有利。充滿了SGML的復(fù)雜性,他的語法,讓許多強(qiáng)大的并且努力到計(jì)劃方案到了另一個(gè)方向。
圖 2
當(dāng)HTML描述了數(shù)據(jù)本身是怎樣顯現(xiàn)的同時(shí), XML描述了數(shù)據(jù)本身。一些行業(yè)和學(xué)科、醫(yī)療記錄及報(bào)紙出版,其中已使用XML交換信息,可以跨多個(gè)平臺(tái)來應(yīng)用。在一個(gè)信息獲取人可以使用各種不同的方式形式下,XML可可裁定描述幾乎任何種類的信息。它是專門設(shè)計(jì)用于支持從根本上使用不同形式的數(shù)據(jù)的系統(tǒng)之間的信息交流,例如民航處及調(diào)度之間的應(yīng)用。使用擁有強(qiáng)大的解析器和固有的簡(jiǎn)單性的條款XML,句法和語義語法比常規(guī)詞匯分析器和驗(yàn)證分析器的使用更有利,(參見圖2) 。
常規(guī)的程序代碼分析方法需要一個(gè)掃描儀(詞法分析儀)由剖析器檢查語法結(jié)構(gòu)的代碼產(chǎn)生了一套終端符號(hào)(令牌),并生成一個(gè)對(duì)象網(wǎng)。在該對(duì)象的內(nèi)部結(jié)構(gòu)的程序代表的確定對(duì)象和兩者之間的關(guān)系。雙方掃描器和分析器將使用的這種方法是面向文件的,這就意味著,分析不同類型的文件,需要重新生成的代碼為掃描儀和分析器。一個(gè)應(yīng)用這種方法的方法的例子可以在發(fā)現(xiàn) 。
使用XML的最有前途的方面,就是XML及其應(yīng)用的互補(bǔ)性轉(zhuǎn)變?yōu)闃?biāo)準(zhǔn)化,以便給它的用戶提供最大的靈活性?;谠揦ML的方法是十分有利的,因?yàn)樵~匯的規(guī)格是不變的組成部分,因此XML良好的形式從各自的個(gè)別申請(qǐng)是獨(dú)立的。因此, XML的解析器也可以吧XML文件在一個(gè)抽象的代表性換成以所謂的文檔對(duì)象模型( DOM ),不需使用語法。DOM的是一個(gè)應(yīng)用程序編程接口( apii )對(duì)HTML和格式良好的XML文件有效。它定義的邏輯結(jié)構(gòu)文件和文件的方式訪問和操縱。在DOM中的規(guī)格,任期“文件”是中被越來越多廣泛使用的意識(shí)。 XML被用來作為一種代表許多不同種的信息可能在不同的系統(tǒng)中存儲(chǔ)以及許多傳統(tǒng)上,這將被看作是數(shù)據(jù)而不是作為文件。不過, XML介紹了此數(shù)據(jù)文件,并且DOM可以用來管理這方面的數(shù)據(jù)。
XML的轉(zhuǎn)型語言XSLT的是能夠不僅轉(zhuǎn)換XML到另一個(gè)XML或HTML ,還能夠轉(zhuǎn)換到許多其他友好的用戶格式。前XSLT的來臨以前 ,改造XML成為任何其他格式只有通過在一個(gè)程序語言如C + + , Visual Basic或 Java定制開發(fā)的應(yīng)用程序來實(shí)現(xiàn)。這個(gè)程序與尊重的結(jié)構(gòu)性變化XML相比文件缺乏一般性。XSLT的演變,作為一個(gè)高層次的宣示性的語言,對(duì)利用的觀念,習(xí)俗申請(qǐng)的變革都是十分相似的。
XSLT的功能分為兩個(gè)步驟。在第一步,它執(zhí)行的結(jié)構(gòu)性轉(zhuǎn)型,以便為轉(zhuǎn)換成XML的結(jié)構(gòu),反映了所需的輸出。第二階段是格式化的新架構(gòu)成所需的格式,如HTML或PDF (參見圖3 ) 。
圖 3
這個(gè)轉(zhuǎn)變最重要的優(yōu)勢(shì)是它允許一個(gè)可以想象的簡(jiǎn)單而容易的文件或數(shù)據(jù)結(jié)構(gòu)良好嵌入內(nèi)部結(jié)構(gòu),以了解XML來制作。當(dāng)HTML被選擇作為格式轉(zhuǎn)化的產(chǎn)生的時(shí)候,是有可能使用HTML的廣泛能力來產(chǎn)生出可想象的和有吸引力的可視化程序。
每一個(gè)XML文件都有自己的語法和詞匯。因此,除了作為良好的形式, XML文件需要符合一套規(guī)則。根據(jù)W3C建議,這套規(guī)則已通過文件型態(tài)定義( DTD )或一個(gè)XML架構(gòu)加以界定。該定義的規(guī)則在一個(gè)DTD或一個(gè)XML Schema的國家層次和結(jié)構(gòu)制約的XML文件。
近期,一些另類語言已提出,DTD是用以界定文件文法。W3C XML Schema的語言重復(fù)了重要的功能DTDS ,并增加了一些特點(diǎn)。使用XML的語法,例如,明確之間的關(guān)系架構(gòu)和命名空間,一個(gè)有系統(tǒng)的區(qū)分元素的種類和數(shù)據(jù)類型,和單繼承的形式,類型的推導(dǎo)。在其他的話架構(gòu)提供了更豐富和更強(qiáng)大的方式描述的信息,比什么是可能的與DTDS 。圖 4顯示了XML技術(shù)討論上述之間的聯(lián)系。
圖 4
5 方法的可視化OFPLC程序
A.概況
由于Instruction List (IL)是在歐洲最常用的PLC編程語言,現(xiàn)在展示的介紹的做法是在此基礎(chǔ)上的語言。西門子第5步和標(biāo)準(zhǔn)版根據(jù)的IEC 61131-3正在被考慮。
XML文件顯示的生成顯示了不同方面的PLC程序,實(shí)現(xiàn)了在以下三個(gè)步驟(參見圖5):
??1. PLC程序到XML文件的轉(zhuǎn)換
??2. XML的的可行性和確定了語法的XML的XML架構(gòu)
? 3. 根據(jù)該指令集的來源,臨立會(huì),轉(zhuǎn)換的XML介紹元素的定義
圖 5
這三個(gè)步驟是討論分別分節(jié)B至D。小組E節(jié)解釋了在前一階段期間不同的XMLS的可視化取得的成績(jī)。
在整個(gè)這一節(jié)的一個(gè)例子是用來說明所提出的概念。(圖 6)顯示了在西門子公司名單中S5Z中PLC的代碼的書面指示。臨立會(huì)的代碼是寫在形式的地方,每列的元素,是一種地址,標(biāo)簽,指示,操作和說明或評(píng)構(gòu)成的分隔清單。
Kommentar :
Autor
Erstellt :15.07.2003 Geaendert am: B1B:O
NETZWERK 1 EMPFANGEN SLAVE 3 VON MASTER
NAME :EMPE'MAST
0005 :U M98.7 ABFRAGE OB EMPFANG MOEGLICH
0006
0007 :SPB= MOOl
0008
0009 :A DB140 EMPFANGSFACH IST DB 140
OOOA :L KF+20 LAENGE DES DATENPAKETS
oooc :T DLO
OOOD :L KF+O ZIELNUMMER O=MASTER
OOOF :T DRO
0010
0011 :UNM98.7 FANGEN WIEDER ERLAUBEN
0012 :S M98.7
0013 MOOl :NOP 0
0014
0015 :BE BAUSTEIN ENDE
圖6 第六西門子PLC程序中的書面指令
B. PLC程序轉(zhuǎn)換成為格式良好的XML
??由于ASCII格式PLC程序加上一個(gè)結(jié)構(gòu)與單獨(dú)列地址,標(biāo)簽,指示,運(yùn)算和說明劃定的表格,XSLT的可以把它轉(zhuǎn)換為格式良好的XML文件。通過這種轉(zhuǎn)變 獲得的XML文件是一個(gè)分層結(jié)構(gòu)的文件。
( 圖 7)顯示通過XML文件獲得改造的PLC。XML文件是在結(jié)構(gòu)上的等級(jí),其中的根元素是ilcodeblock是代表全PLC的代碼。每行的PLC代碼是包含在相應(yīng)的ilrow元素,這是米呃子元素。注:結(jié)構(gòu)選擇的XML代表性的IL代碼是面向在工作的建議。
圖 7
C. XML驗(yàn)證和XML架構(gòu)
由于前處理,除了正在完善被確認(rèn)XML文件,可以驗(yàn)證的使用驗(yàn)證解析器取得的XML,形成符合一套句法規(guī)則所界定的背景下的PLC編程語言。
D. 介紹的認(rèn)可
這一步,可視化的PLC程序在這個(gè)過程中使用XML確保XML文件將用于只包含有效可視化,可以用來變換,以及形成有效的另一個(gè)XML ,這是由于對(duì)鑒定指示擁有一個(gè)額外的屬性附加到指示標(biāo)記。此屬性通知是一個(gè)有效的指示,指示是否是有關(guān)的指令集。這個(gè)轉(zhuǎn)變的程序,也能指示附加屬性的標(biāo)記,宣布一項(xiàng)分類的指示到預(yù)定義類。
轉(zhuǎn)換的XML的指示識(shí)別的證明了XML的語義是與PLC的編程語言的操作類型相一致的。
在本節(jié)中的例子中,(參見圖8 ) ,新的XML包含額外的根據(jù)它所代表的類型分類指示的運(yùn)作屬性。步驟指示分為11不同類型的操作如合乎邏輯的,跳轉(zhuǎn),負(fù)載或轉(zhuǎn)讓的運(yùn)作轉(zhuǎn)讓等等。
(Instruction instructionId='Logical Operation")
U
SPB-
BE
圖 8
E. 可視化的XML
上述所產(chǎn)生的兩種XML文件可轉(zhuǎn)化為HTML或在XSL的幫助下轉(zhuǎn)換為其他可讀的文件。一個(gè)巧妙的XSL可以被設(shè)計(jì)用來產(chǎn)生一個(gè)可以容易想象的轉(zhuǎn)達(dá)PLC程序的邏輯或者其他特征的HTML文件。此外, DOM的結(jié)構(gòu)在嵌入在XML中(參見圖9 ),也可讓使用者用一個(gè)簡(jiǎn)單的方法瀏覽PLC程序。
例如在HTML中做的可視化程序 。這可視化已經(jīng)完成XML的轉(zhuǎn)換,他作為一個(gè)表中的子元素去驗(yàn)證的語法。
指示鑒定后的XML被轉(zhuǎn)化成使用XSL轉(zhuǎn)化,取得那里的指示和身份指示后,根據(jù)該行動(dòng)的類型提取的XML在 HTML表載列了兩欄(指示,指令編號(hào))是在可視化的。
HTML結(jié)構(gòu)的建議,這不是唯一的可能性,其中的XML可以可視化,但他們提供一個(gè)很容易的切實(shí)可行的方案,那就是為用戶把握的PLC代碼。
圖10顯示了相同的PLC的代碼,在圖4他作為一個(gè)HTML文檔轉(zhuǎn)換XML文檔,顯示的圖7使用的XSL 。這可視化,更好地了解PLC程序成為可能。
圖 9
圖 10
6 結(jié)論和展望
重新設(shè)計(jì)的PLC程序需要一個(gè)正式的辦法加以發(fā)展。在本文章中,是來解決這個(gè)任務(wù)一個(gè)方法的介紹。在給出了書面指示PLC程序的基礎(chǔ)上,在清單的通過一個(gè)明確步驟轉(zhuǎn)型為被建議的正式代表。由于這個(gè)過程不會(huì)完全自動(dòng),有必要采取靈活的可視化中間步驟。XML是作為一種靈活的,標(biāo)準(zhǔn)化的手段來充當(dāng)數(shù)據(jù)格式來描述的PLC代碼。相應(yīng)的XSL轉(zhuǎn)換和文檔對(duì)象模型的技術(shù)是作為工具,在重整過程為各種定制可視化任務(wù)。
基于XML的描述PLC程序的進(jìn)一步轉(zhuǎn)變,將適用于最后得出一個(gè)完全形式化描述原PLC的代碼。這將是在成立一個(gè)有限自動(dòng)機(jī)。在這個(gè)計(jì)劃過程中,他們通過一個(gè)知識(shí)庫確定共同的介素的結(jié)構(gòu)和正規(guī)化。
7 致謝
我們謹(jǐn)對(duì)“StiAung萊茵蘭普法爾茨杉木創(chuàng)新” 贊助項(xiàng)目下的616位工作人員表示最真摯的感謝。
參考文獻(xiàn)
【1】L. Baresi, M. Mauri, A. Monti, and M. Pezze, “PLCTools: Design, Formal Validation, and Code Generation for Programmable Controllers”, in. IEEE
Conference on Systems, Man, and Cybernefics (SMCZOOO), Nashville, USA, Oct. 2000, pp. 2437- 2442.
【2】 G. Frey and L. Litz, “Formal methods in PLC programming”, in IEEE Con on Systems, Man and Cybernetics (SMC’ZOOO), Nashville, USA, Oct. 2000, pp.2431-2436
【3】 M. Bani Younis and G. Frey, “Formalization of Existing PLC Programs: A Survey.“, in CESA 2003, Lille (France), Paper No. S2-R-00-0239, July 2003.
【4】International Electrotechnical Commission, IEC International Standard 1131-3, Programmable Controllers, Part 3, Programming Languages, 1993.
【5】World Wide Web Consortium: htfp;//www.w3.org/
【6】XML Home Page: hftp://xml.com/
【7】 R. Kliewer, Reverse Engineering von Steuerungssojiware.Ph.D. thesis, University of Kaiserslautern, Germany,Institute for Production-Automation, 1999.
【8】 M. Kay, XSLT - Programmer’s Reference. ISBN1861005067, Wrox Press Ltd2001
- 13 -
Visualization of PLC Programs using XML M. Bani Younis and G. Frey University of Kaiserslautem P. 0. Box 3049, D-67653 Kaiserslautem, Germany Abstrac: Due to the growing complexity of PLC programs there is an increasing interest in the application of formal methods in this area. Formal methods allow rigid proving of system properties in verification and validation. One way to apply formal methods is to utilize a formal design approach in PLC programming. However, for existing software that has to be optimized, changed, or ported to new systems .There is the need for an approach that can start from a given PLC program. Therefore, formalization of PLC programs is a topic of current research. The paper outlines a re-engineering approach based on the formalization of PLC programs. The transformation into a vendor independent format and the visualization of the structure of PLC programs is identified as an important intermediate step in this process. It is shown how XML and corresponding technologies can be used for the formalization and visualization of an existing PLC program. I. INTRODUCTION Programmable Logic Controllers (PLCs) are a special type of computers that are used in industrial and safety critical applications. The purpose of a PLC is to control a particular process, or a collection of processes, by producing electrical control signals in response to electrical process- related inputs signals. The systems controlled by PLCs vary tremendously, with applications in manufacturing, chemical process control, machining, transportation, power distribution, and many other fields. Automation applications can range in complexity from a simple panel to operate the lights and motorized window shades in a conference room to completely automated manufacturing lines. With the widening of their application horizon, PLC programs are being subject to increased complexity and high quality demands especially for safety-critical applications. The growing complexity of the applications within the compliance of limited development time as well as the reusability of existing software or PLC modules requires a formal approach to be developed I. Ensuring the high quality demands requires verification and validation procedures as well as analysis and simulation of existing systems to be carried out 2. One of the important fields for the formalization of PLC programs that have been growing up in recent time is Reverse-engineering 3. Reverse Engineering is a process of evaluating something to understand how it works in order to duplicate or enhance it. While the reuse of PLC codes is being established as a tool for combating the complexity of PLC programs, Reverse Engineering is supposed to receive increased importance in the coming years especially if exiting hardware has to be replaced by new hardware with different programming environments Visualization of existing PLC programs is an important intermediate step of Reverse Engineering. The paper provides an approach towards the visualization of PLC programs using XML which is an important approach for the orientation and better understanding for engineers working with PLC programs. The paper is structured as follows. First, a short introduction to PLCs and the corresponding programming techniques according to the IEC 61131-3 standard is given. In Section an approach for Re-engineering based on formalization of PLC programs is introduced. The transformation of the PLC code into a vendor independent format is identified as an important first step in this process. XML and corresponding technologies such as XSL and XSLT that can be used in this transformation are presented in Section IV. Section V presents the application of XML for the visualization of PLC programs and illustrates the approach with an example. The final Section summarizes the results and gives an outlook on future work in this ongoing project. PLC AND IEC 61131 Since its inception in the early 70s the PLC received increasing attention due to its success in fulfilling the objective of replacing hard-wired control equipments at machines. Eventually it grew up as a distinct field of application, research and development, mainly for Control Engineering. IEC 61 131 is the first real endeavour to standardize PLC programming languages for industrial automation. In I993 the International Electrotechnical Commission 4 published the IEC 61131 Intemational Standard for Programmable Controllers. Before the standardization PLC programming languages were being developed as proprietary programming languages usable to PLCs of a special vendor. But in order to enhance compatibility, openness and interoperability among different products as well as to promote the development of tools and methodologies with respect to a fixed set of notations the IEC 61131 standard evolved. The third part of this standard defines a suit of five programming languages: Instruction List (IL) is a low-level textual language with a structure similar to assembler. Originated in Europe IL is considered to be the PLC language in which all other IEC61 131-3 languages can be translated. Ladder Diagram (LO) is a graphical language that has its roots in the USA. LDs conform to a programming style borrowed from electronic and electrical circuits for implementing control logics. Structured Text (STJ is a very powerful high-level language. ST borrows its syntax from Pascal, augmenting it with some features from Ada. ST contains all the essential elements of a modem programming language. Function Block Diagram (FBD) is a graphical language and it is very common to the process industry. In this language controllers are modelled as signal and data flows through function blocks. FBD transforms textual programming into connecting function blocks and thus improves modularity and software reuse. Sequential Function Chart (SFC) is a graphical language. SFC elements are defined for structuring the organization of programmable controller programs. One problem with IEC 61 131-3 is that there is no standardized format for the project information in a PLC programming tool. At the moment there are only vendor specific formats. This is also one reason for the restriction of formalization approaches to single programs or algorithms. However, recently the PLC users organization PLCopen (see http:/www.plcopen.org) started a Technical Committee to define an XML based format for projects according to IEC 61131-3. This new format will ease the access of formalization tools to all relevant information of a PLC project. . RE-ENGINEERING APPROACH The presented approach towards re-engineering (cf. Fig.1) is based upon the conception that XML can be used as a medium in which PLC codes will be transformed. This transformation offers the advantage of obtaining avendor independent specification code. (Even if the PLCopen succeeds in defining a standardized format for PLC applications, there will remain a lot of existing programs that do not conform to this standard.) Based on this code a step-wise transformation to a formal model (automata) is planned. This model can then be used for analysis, simulation, formal verification and validation, and finally for the re-implementation of the optimized algorithm on the same or another PLC. Since re-engineering of complete programs will, in most cases, be only a semi-automatic process, intermediate visualization of the code is an important point. At different stages of the process different aspects of the code and/or formal model have to be visualized in a way that a designer can guide the further work. XML with its powerful visualization and transformation tools is an ideal tool for solving this task. IV. XML AS A TOOL FOR VISUALIZATION XML (extensible Markup Language) is a simple and flexible meta-language, i.e, a language for describing other languages. Tailored by the World Wide Web Consortium (W3C) as a dialect of SGML S, XML removes two constraints which were holding back Web developments 6. The dependence on a single, inflexible document type (HTML) which was being much abused for tasks it was never designed for on one side; and the complexity of full SGML, whose syntax allows many powerful but hard-to-program options on the other side. While HTML describes how data should be presented, XML describes the data itself. A number of industries and scientific disciplines-medical records and newspaper publishing among them-are already using XML to exchange information across platforms and applications. XML can be tailored to describe virtually any kind of information in a form that the recipient of the information can use in a variety of ways. It is specifically designed to support information exchange between systems that use fundamentally different forms of data representation, as for example between CAD and scheduling applications. Using XML with its powerful parsers and inherent robustness in terms of syntactic and semantic grammar is more advantageous than the conventional method of using a lexical analyzer and a validating parser (cf. Fig. 2, 7). The conventional method of analysis of program code requires a scanner (lexical analyser) which generates a set of terminal symbols (tokens) followed by a parser that checks the grammatical structure of the code and generates an object net. In the object net the internal structure of the program is represented by identified objects and the relations between them. Both the scanner and the parser to be used in this method are document oriented which implies that analysis of different types of documents requires rewriting the generated code for the scanner and the parser. An example of an application of this method can be found in 8. The most promising aspect of using XML instead is that XML and its complementary applications for transformations are standardized so as to provide maximum flexibility to its user. The XML based method is advantageous, since the lexical specification is an invariant component of XML; therefore the well-formedness is independent from the respective individual application. Hence, an XML-Parser also can transfer well-shaped XML documents in an abstract representation called Document Object Model (DOM) without using a grammar. DOM is an application programming interface (APII) for valid HTML and well-formed XML documents. It defines the logical structure of documents and the way a document is accessed and manipulated. In the DOM specification, the term document is used in a broad sense increasingly. XML is used as a way of representing many different kind of information that may be stored in diverse systems, and much of this would traditionally be seen as data rather than as documents. Nevertheless, XML presents this data as documents, and the DOM can be used to manage this data 5 . XSLT, the transformation language for XML is capable of transforming XML not only to another XML or HTML but to many other user-friendly formats. Before the advent of XSLT, the transformation of XML to any other format was only possible through custom applications developed in a procedural language such as C+, Visual Basic or, Java. This procedure lacked the generality with respect to the structural variation of XML documents. Capitalizing on the concept that the custom applications for the transformations are all very similar, XSLT evolved as a high-level declarative language 9. XSLT functions in two steps. In the first step, it performs a structural transformation so as to convert the XML into a structure that reflects the desired output. The second stage is formatting the new structure into the required format, such as HTML or PDF (cf. Fig. 3 ). The most important advantage of this transformation is that it allows a simple and easily-conceivable representation of the document or data structure embedded inside the well-structured but hard-to-understand XML to be produced. When HTML is chosen as the format of the transformed produce it is possible to use the extensive ability of HTML to produce an easily-conceivable and attractive visualization of a program. Every XML document has its own syntax and vocabulary. Therefore, in addition to being well-formed, the XML document needs to conform to a set of rules. According to W3C recommendations this set of rules has to be defined either through a Document Type Definition (DTD) or an XML Schema. The rules defined in a DTD or an XML Schema state the hierarchical and structural constraints of the XML document. The DTD is for defining the document grammars; more recently a number of alternative languages have been proposed. The W3C XML Schema language replicates the essential functionality of DTDs, and adds a number of features: the use of XML instance syntax rather than an ad hoc notation, clear relationships between schemas and namespaces, a systematic distinction between element types and data types, and a single-inheritance form of type derivation. In other words schemas offer a richer and more powerful way of describing information than what is possible with DTDs. Fig. 4 shows the XML technologies discussed above and the connection between them. V. AN APPROACH FOR THE VISUALIZATION OFPLC PROGRAMS A. Overview Since Instruction List (IL) is the most commonly used PLC language in Europe, the presented approach is based on this language. The proprietary IL dialect Siemens STEP 5 and the standardized version according to IEC 61131-3 are considered. The generation of XML documents showing different aspects of a PLC program is realized in the following three steps (cf. Fig. 5): 1.Transformation of the PLC program to an XML document 2.Validation of the XML against the XML Schema which sets the syntax of the XML 3.Identification of the Instruction elements of the transformed XML according to the instruction set of the source PLC These three steps are discussed in sub-sections B to D respectively. Sub-section E explains the visualization of the different XMLs obtained during the preceding steps. Throughout this Section an example is used to illustrate the presented concepts. Fig. 6 shows a PLC code written in Instruction List Siemens S5. The PLC code is written in atabular form where each row element is either a delimited list consisting of address, label, instruction, operand and description or a comment. Kommentar : Autor Erstellt :15.07.2003 Geaendert am: B1B:O NETZWERK 1 EMPFANGEN SLAVE 3 VON MASTER NAME :EMPEMAST 0005 :U M98.7 ABFRAGE OB EMPFANG MOEGLICH 0006 0007 :SPB= MOOl 0008 0009 :A DB140 EMPFANGSFACH IST DB 140 OOOA :L KF+20 LAENGE DES DATENPAKETS oooc :T DLO OOOD :L KF+O ZIELNUMMER O=MASTER OOOF :T DRO 0010 0011 :UNM98.7 FANGEN WIEDER ERLAUBEN 0012 :S M98.7 0013 MOOl :NOP 0 0014 0015 :BE BAUSTEIN ENDE Fig. 6 A PLC program written in Siemens S5 Instruction List B. Conversion of a PLC Program inio a well-formed XML Given a PLC program in ASCII format and in a tabular structure with separate columns for addresses, labels, instructions, operands and descriptions delimited by whitespaces, XSLT can convert it into a well-formed XML document. The XML document obtained through this transformation is a hierarchically structured document. Fig. 7 shows the XML document obtained through the transformation of the PLC code of Fig. 6. The XML document is structured in a hierarchy in which the root element is the IL Code Block representing the whole PLC code. Each of the rows of the PLC code is contained within a corresponding ILRow element which is M e r smtctured into child elements. Note: The structure chosen for the XML representation of IL-Code is oriented at the working proposal of the PLCopen. C. XML Validation against the XML Schema The XML obtained as a result of the previous processing can be validated using a validating parser that confirms that the XML document in addition to being well-formed conforms to the set of syntactic rules defined in context of the PLC programming language. D. rdenhpcation of instructions This step in the process of visualization of PLC programs using XML ensures that the XML document to be used for visualization contains only valid instructions.XSLT can be used to transform the well-formed and valid Xh4L to another XML which as a result of identification on instructions has an additional attribute appended to the instruction tags. This attribute notifies whether the instruction is a valid instruction of the concerned instruction set. This transformation procedure is also capable of attaching attributes to the instruction tags that declares a classification of the instructions into predefined classes. The instruction identification of the transformed XML proofs the semantic of the XML in accordance with the operation types of the PLC programming language. In the example of this section, (cf. Fig. 8), the new XML contains additional attributes which classify the instructions according to the type of operation it represents. The STEPS instructions are categorized into eleven different types of operations e.g. logical, jump, load or transfer operation assignment, etc. (Instruction instructionId=Logical Operation) U -. SPB- BE Fig. 8 A new transformed XML showing only the inslructions and the corresponding instruction ID E. Visualization of XML Both of the XML documents generated above can be transformed into HTML or other readable documents with the help of XSL. An ingenious XSL can be designed so as to produce an HTML which can convey the logical and other features of the PLC program in an easily conceivable form. Moreover, the DOM structure embedded in the XML (cf. Fig. 9), also enables the user to navigate through the PLC programs in an easy way. For the example the visualization is done in HTML. This visualization is done for the transformed XML after the validation of its syntax as a table where the child elements of the ILRow are the columns of this table. The XML after the instruction identification is transformed using the XSL, where the instruction and the instruction Id, obtained after extracting the XML according to the type of operations are visualized in a table containing two columns (Instruction, Instruction Id) in HTML. The HTML structures suggested here are not the only possibilities, with which the XML can be visualized, but they give a very easy practical option for the users grasp of the PLC code. Fig. IO shows the same PLC code as shown in Fig. 4 as a HTML document converted /www.w3.org/ 6. XML Home Page: hftp:/ 7. R. Kliewer, Reverse Engineering von Steuerungssojiware.Ph.D. thesis, University of Kaiserslautern, Germany,Institute for Production-Automation, 1999. 8. M. Kay, XSLT - Programmers Reference. ISBN1861005067, Wrox Press Ltd2001