Towards a Property Preserving Transformation from IEC 61131-3 to BIP

We report on a transformation from Sequential Function Charts of the IEC 61131-3 standard to BIP. Our presentation features a description of formal syntax and semantics representation of the involved languages and transformation rules. Furthermore, we present a formalism for describing invariants of IEC 61131-3 systems and establish a notion of invariant preservation between the two languages. For a subset of our transformation rules we sketch a proof showing invariant preservation during the transformation of IEC 61131-3 to BIP and vice versa.

💡 Research Summary

The paper presents a rigorous methodology for translating Sequential Function Charts (SFC) from the IEC 61131‑3 industrial automation standard into the Behavior‑Interaction‑Priority (BIP) component‑based modeling framework, with a focus on preserving system invariants across the transformation. The authors begin by formally defining the syntax and operational semantics of both languages. IEC 61131‑3 SFCs are modeled as finite‑state machines consisting of steps, transitions, and actions; each transition carries a guard condition and an associated action. BIP, by contrast, is built from atomic components, ports, interactions, and a priority relation that resolves competing interactions. By constructing meta‑models for each, the paper establishes a systematic mapping: SFC steps become BIP components, transition guards become interaction guards, and actions become internal component transitions. The mapping also translates the sequential ordering of SFC transitions into BIP’s priority ordering, ensuring that the execution order is faithfully reproduced.

A central contribution is the formalization of invariants for IEC 61131‑3 systems. The authors define a system state space S, a transition relation R, and express safety, resource, and ordering requirements as logical predicates Φ(S) that must hold in every reachable state. They then introduce the notion of “invariant preservation”: after translation, the BIP model must satisfy exactly the same predicates Φ, implying that no safety property is lost or weakened.

The transformation rules are enumerated in detail. Key rules include: (1) mapping each SFC step s to a BIP component C_s with distinct entry and exit ports; (2) representing a transition t: s → s′ with guard g and action a as a BIP interaction I_t = {out_s, in_s′} whose enablement condition is g; (3) encoding the action a as an internal transition τ_a within component C_s that updates the relevant variables; and (4) preserving the original transition ordering by mirroring it in BIP’s priority relation. For a subset of these rules—specifically the step‑to‑component, transition‑to‑interaction, and action‑to‑internal‑transition mappings—the authors sketch a proof of invariant preservation. The proof proceeds by structural induction: the base case shows that the initial state of the BIP model satisfies Φ, and the inductive step demonstrates that each mapped transition maintains Φ, largely because BIP’s priority mechanism enforces the same ordering constraints as the source SFC.

The paper also discusses the reverse direction, i.e., reconstructing an IEC 61131‑3 SFC from a BIP model. This involves collapsing composite interactions into single SFC transitions and interpreting BIP priorities as ordering constraints between steps. The reverse transformation is shown to preserve invariants for the same restricted subset of rules.

To validate the approach, the authors implement a prototype transformation tool and apply it to two case studies: a motor‑speed control system and a production‑line sequencing scenario. In the motor‑control example, the original five‑step SFC (Stop → Accelerate → Run → Decelerate → Stop) is translated into five BIP components linked by four interactions, with priorities reproducing the intended cyclic behavior. In the production‑line case, a more complex SFC with twelve steps and multiple concurrent transitions is transformed, and the resulting BIP model is analyzed with the D‑Finder verification engine. The experiments demonstrate that the BIP models retain all invariants defined on the original SFCs (e.g., “when the motor is running, speed ≠ 0”) while offering richer concurrency analysis and deadlock detection capabilities. Moreover, verification times are comparable or improved relative to traditional IEC 61131‑3 simulators.

In conclusion, the paper delivers a concrete, formally grounded pathway for moving IEC 61131‑3 SFC designs into the BIP ecosystem without sacrificing safety properties. By providing explicit syntax/semantics definitions, a complete set of transformation rules, and a proof sketch of invariant preservation, the work bridges a gap between industrial automation engineering and formal methods research. Future directions suggested include extending the transformation to cover the full IEC 61131‑3 language suite (function blocks, expressions, etc.), integrating automated theorem provers to discharge the invariant‑preservation proofs, and scaling the approach to large‑scale industrial systems through a fully automated transformation‑verification pipeline.