Alexander Aiken, Manuel Fähndrich, and Zhendong Su
Relay Ladder Logic (RLL) is a programming language widely used for complex embedded control applications such as manu- facturing and amusement park rides. The cost of bugs in RLL programs is extremely high, often measured in millions of dollars (for shutting down a factory) or human safety (for rides). In this paper, we describe our experience in applying constraint-based program analysis techniques to analyze production RLL programs. Our approach is an interesting combination of probabilistic testing and program analysis, and we show that our system is able to detect bugs with high probability, up to the approximations made by the conservative program analysis. We demon- strate that our analysis is useful in detecting some flaws in production RLL programs that are difficult to find by other techniques.
In Proceedings of the 1st Conference on Tools and Algorithms for the Analysis and Construction of Systems