ESBMC-PLC: Formal Verification of IEC 61131-3 Ladder Diagram Programs Using SMT-Based Model Checking
arXiv:2606.15461v1 Announce Type: new Abstract: PLCs execute safety-critical programs across industrial sectors. The dominant PLC notation, ladder diagram (LD) per IEC 61131-3, remains absent from formal verification: SMT-based model checkers cannot process LD's rung-and-coil graphics. This paper presents ESBMC-PLC, the first open-source formal verifier with native LD support (PLCopen XML format), implemented as a new ESBMC frontend. ESBMC-PLC translates LD rungs to GOTO IR, models the PLC scan cycle as a while(true) loop with nondeterministic inputs, and checks safety properties via SMT-based
The increasing complexity and safety-critical nature of industrial automation demands more rigorous verification methods, coinciding with advances in formal verification techniques like SMT-based model checking.
Formal verification of PLC programs in critical infrastructure enhances safety, security, and reliability, reducing risks of catastrophic failures and cyberattacks in industrial systems.
The ability to formally verify ladder logic programs natively introduces a new layer of assurance for industrial control systems, potentially mandating higher standards for PLC software development.
- · Industrial automation sector
- · Cybersecurity companies
- · Critical infrastructure operators
- · Formal verification tool developers
- · Companies with poor software development practices
- · Legacy industrial systems lacking verification
Increased reliability and security of industrial control systems across various sectors.
Potential for new regulatory standards requiring formal verification for safety-critical PLC applications.
Reduced downtime and operational costs due to fewer software-induced errors and greater system resilience.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at arXiv cs.CL