Proceedings of the 8th International TA2.

1
Workshop on Discrete Event Systems
Ann Arbor, Michigan, USA, July 10-12, 2006

Modeling Techniques for Distributed Control Systems based on the

IEC 61499 Standard – Current Approaches and Open Problems
Georg Frey and Tanvir Hussain

Abstract—The introduction of distributed systems to the Although IEC 61499 has some similarities with its
automation area not only brought new design methods but also predecessor IEC 61131 regarding the structural hierarchy
new analysis problems. This paper is an attempt to survey and atomic structural construct, namely the FB, it introduced
current approaches in modeling systems based on the recent a remarkably different concept. Firstly, this standard
standard IEC 61499 and to point out some open problems. The
introduced an event driven approach of interaction among
modeling approaches can be classified into two groups namely
those dealing with design problems and those dealing the FBs while the existing standards and languages employ
principally with formal analysis. The survey notes some design data or signal based communication among the constructs
approaches but then focuses on the formal approaches. It also assuming cyclic execution. Secondly, it is introduced as a
points out the open issues and problems within the standard generic standard and therefore does not limit the user to use
(execution model, event-handling, and data-handling) which a specific language of implementation, communication
are leading to differences in various formal approaches used
protocol or hardware elements. It thus paves the way
for analyzing the IEC 61499 applications.
towards building up heterogeneous networks of distributed
I. INTRODUCTION control applications. Thirdly, there is certain leeway for the
developers regarding distribution of the software on choice
R ECENT developments in the field of manufacturing
evolved a series of new concepts beginning with the
inception of Lean Manufacturing and going through Fractal
of hardware resources or platforms. Finally, this new
standard also introduces flexibilities regarding assignment of
programming task to the program constructs, i.e., FBs.
and Bionic to the evolution of Holonic or Agent-based The new standard instigated efforts from academics in
Manufacturing Systems. The motivation behind this series two directions. Clearly, regarding the field of application
of concepts was to introduce flexibility and re- (e.g. industrial and real-time applications) the question of
configurability and thus to achieve the goal of customer- formal analysis of the applications arose. Moreover, this
oriented, highly varied production with short technology and standard introduced a totally new concept of development,
product life cycles [1]. These ultimately invoked the which to be accepted by the developers should certainly be
development of new standards in the area of Industrial accompanied by a clear and structured development process.
Process Measurement and Control Systems (IPMCSs), the This development process however is not included in the
field which has an important role in the realization of standard. Therefore, a direction of research evolved which
flexible and reconfigurable manufacturing systems. was principally concerned with the methodology of dealing
In the meantime, a number of technical novelties with the development process. The effort in this direction is
emerged, such as, advanced field-bus communication, small not only to bring up development processes so as to draw
intelligent devices (sensors/actuators) incorporating the resemblance to existing ones but also to introduce
microprocessors and soft-controllers. The new technologies completely new ones inspired by those from the realm of
made it possible to build distributed applications running on Object Orientation (OO) (i.e., design patterns, UML etc.).
a network of heterogeneous devices, and to connect such The rest of this paper is organized as follows, Section II
industrial systems to business management systems. To discusses briefly some modeling approaches regarding the
program these systems proprietary solutions were no longer design of IEC 61499 compliant applications. Thereafter,
adequate, neither were the available modeling Section III focuses on the formal modeling approaches
methodologies sufficient for the realization of distributed conceived for the standard. Section IV points out some open
applications [2]. Understanding this need the International problems and finally Section V presents concluding
Electrotechnical Commission (IEC) initiated development of remarks.
the standard 61499 [3]. This standard modified the IEC
61131-3 Function Block (FB) concept [4] taking into II. MODELING APPROACHES FOR DESIGN
account the FB concept in field-bus standardization IEC
61804 [5]. Evolution of IEC 61499 can be conceived as an attempt to
diminish the difference between the business and industrial
world of software development. Preceding standards and
G. Frey and T. Hussain are with the Department of Electrical and
Computer Engineering at the University of Kaiserslautern, Erwin-
technologies in the industrial software domain are based
Schrödinger-Str. 12, Kaiserslautern, Germany (e-mail: {frey, principally on functions whereas IEC 61499 introduces the
hussain}@eit.uni-kl.de).

1-4244-0053-8/06/$20.00 ©2006 IEEE 176

OO paradigm in this domain. Moreover, it can be foreseen elements of FB domain into UML was done for example
to be a tool in integrating the Holonic and Agent-based through stereotypes, introduction of the hierarchical
concepts into industrial applications. Now, this Component Interaction Diagrams (CID) etc. and these
revolutionary shift of software ideology that this new features are also practicable as long as one uses CORFU
standard is supposed to bring poses a major challenge in the ESS. An extension of this concept is detailed in [10]. Here,
process of its software development. Therefore, there need the Model-Integrated Mechatronics (MIM) paradigm is
to be similarities with existing standards built or relevant introduced and integrated in UML to apply domain-specific
development standards from the OO domain to be tailored modeling languages for the concurrent engineering of
so as to achieve comprehensibility and consequent mechanical, electronic and software components of
acceptance. The earliest efforts regarding the proposition of mechatronic systems.
a development framework went in the direction of Dubinin, V. and Vyatkin, V. in [11] proposed the UML-
underpinning the similarities with the existing development FB language that supports the modeling, design and
strategies. Then the concept of using Unified Modeling maintenance of automation software by combining some
Language (UML) came up. UML’s multitudes of diagrams UML features with IEC 61499 constituents. UML-FB has
which are capable of underpinning various aspects at class diagrams profiled by stereotypes for structural
various stages of development give the developer a leeway specification, sequence and collaboration diagrams for
of specifying the development concepts in an opportune defining dynamics in FBs, resource and device levels and
way. Therefore, the ideas of the researchers proposing the state chart diagrams to portray the ECC behaviors. This
use of UML differ remarkably from one another. Table I concept was further extended in [12].
summarizes the approaches proposed for the developments Panjaitan and Frey [14] proposed a design approach
of IEC 61499 compliant applications and what follows is a named Functionality Based Control (FBC) to improve the
brief discussion of them, a more exhaustive discussion on quality of the design process in Distributed Control Systems.
modeling approaches can be found in [6]. This approach capitalizes on the use of generic
functionalities in order to get an “easy to design” aspect.
TABLE I
OVERVIEW OF MODELING APPROACHES FOR DEVELOPMENT Here, the behavioral description is done using UML
OF IEC 61499 APPLICATIONS diagrams. Furthermore, to avoid the complexities of FB
Researchers Approaches Ref. interconnections a concept to control the functionalities on
J.H. Christensen Design Pattern [7] the resource level through Scheduler, Selector and
X. Cai, V. Vyatkin, and Synchronizer (S³) is introduced. Using this concept, the
Design Pattern [8]
H.-M. Hanisch
functionality of different controlled objects is separated
Model Driven Architecture [9],
K. Thramboulidis
(MDA) and MIM [10] from the sequence of control tasks. The sequence of actions
V. Dubinin, [11],
can be later modeled in a task schedule using UML
Stereotype Identification sequence or activity diagram or Gantt charts [15].
V. Vyatkin [12]
T. Heverhagen, R. Tracht, Model Driven Architecture Heverhagen, T. et al introduced a new profile for FB
[13] Adapters (FBAs) which is capable of providing interfaces
and R. Hirschfeld (MDA)
S. Panjaitan and G. Frey Functionality Based Control [14] between ports of UML diagrams and FBs along with a
proper mapping of the interfaces [13]. They defined FBA’s
Christensen, J.H. pioneered the efforts of building a semantic and mapped it as a subset language into state
framework for IEC 61499 compliant applications and in [7] charts. This approach actually does not try to set UML on
restated two well-known design patterns namely top of IEC 61499 as the others but at the same level
Model/View/Controller (MVC) and Proxy in the context of promising seamless integration.
IEC 61499. He furthermore introduced another new one To summon up, most current design approaches for IEC
called Distributed Application. Later Cai, X. et al proposed 61499 try to bridge the gap between the FB concept and the
an extended version of MVC and a layered MVC OO world.
architecture [8] and showed its application. While design
patterns bring up conceptual similarities with known III. MODELING APPROACHES FOR FORMAL ANALYSIS
practices they fail to simplify and extend the The works in this direction are generally spurred by the
comprehensibility of the design process. need for formal verification of the developed distributed
Thramboulidis, K. attempted to integrate UML with the real-time control system. The already industrially accepted
FB constructs and presented a model driven approach which systems (i.e. Programmable Logic Controllers (PLC) and
can lead a developer from requirements elicitation through their programming languages) and standards (i.e. IEC
use cases to the formulation of FB design model and then 61131) have also received certain attention for formal
move further to the implementation using UML-RT (UML analysis [16], [17], [18]. Most of the works in the realm of
tailored for Real Time applications) [9]. A development tool IEC 61499 concerning formal analysis were also somehow
named CORFU ESS was also introduced. The integration of

177
inspired by the previous works – often by the same
researchers – on IEC 61131.
In comparison to design approaches there is much less
documented work in the direction of formal analysis. This
may be in part due to the ambiguities of the IEC standard
that makes it necessary to add assumptions before defining a
formal model. The assumptions made by different
researchers though have few similarities; they diverge also
at many points. This leads to different research teams
developing incompatible solutions and hinders a fast grow
of the field. The following discussion attempts to pinpoint
the strengths and weaknesses of the different published
approaches regarding formal analysis of IEC 61499 and (a)
Table II lists those in short. In contrast to the discussion in
the previous section this survey on formal approaches is
exhaustive to the authors’ best knowledge.
TABLE II
OVERVIEW OF FORMAL MODELING AND ANALYSIS
APPROACHES FOR IEC 61499 APPLICATIONS

Researchers Approaches Tools Ref.

[22], [23], (b)
V. Vyatkin and H.-M. NCES / VEDA,
[24], [25],
Hanisch SNS SESA Fig. 1 Example of (a) basic FB and (b) its ECC according to IEC 61499
[26], [27]
standard
H. Wurmus, N. Hagge,
CNet - [28]
and B. Wagner Vyatkin, V. and Hanisch, H.-M deserve credit for the
M. Stanica and H. Timed
UPPAAL [30], [31]
earliest initiative on formal analysis of IEC 61499 compliant
Guéguen Automata distributed applications. Their work was inspired by the
C. Schnakenbourg, J.-M. previous accomplishments [19], [20] which principally used
SIGNAL SILDEX [33]
Faure, and J.-J. Lesage
Net Condition/Event Systems (NCES) [21] and its timed
W. Zhang, C. Diedrich,
and W. A. Halang
FSM - [35] extension (TNCES) for formally modeling the behavior of
PLC programs. This formal approach models the basic FBs
Before delving into the detail we glimpse shortly to some in terms of 5 different state machines which deal with the
important aspects of the IEC 61499 standard which received event inputs, data inputs, EC operations, ECC and output
most concern in the analytic researches. In most of the events [22]. The ECC state machine module is further aided
research efforts the main focus is on the Execution Control by a Transition Evaluation Module (TEM) that ensures
Chart (ECC) (c.f. Fig. 1) which is a specialized state proper transition triggering. The model holds the feature of
machine that defines the internal behavior of basic FB implementation or hardware independence as the ECC state
instances. This chart is an aid to the programmers in machine module leaves the scheduling as well as completion
decomposing complex behaviors into smaller pieces called of the algorithm execution outside. However, as long as the
Execution Control (EC) states. These states are further event handling is concerned the model is such that, if a
attached with one or more algorithms and output events. The transition is fired by the event a related state will be
EC transitions are triggered through predicates composed of employed otherwise that event will be lost. Implicitly events
input events and internal or input variables. The activation will be lost if they are not used immediately due to no
of an EC state implies the execution of the attached available transition firing. Later on, in the course of the
algorithms and the consequent firing of output events. concerned work the state machine modules were recognized
Dealing with a single ECC is not of major concern within as Signal/Net Systems (SNS) and models of the FBs were
the formal analysis of IEC 61499 rather it is the overall combined to build up the resource level model [23]. The
behavior of a network of FBs and corresponding ECCs in proposed resource model deals with the processing of
the resource level or those in the application or device levels invocation of ECC requests. In order to deal with the loss of
which are the subject of the research activities. In these events while the ECCs of the constituent blocks are busy
perspectives the definition of the underlying scheduler as certain assumptions are made regarding the resource model.
well as the handling of the events and concerning invocation These assumptions considers that the physical resource is
of EC states deserves to be defined unambiguous, capable of executing simultaneously as many algorithms as
unfortunately this is not the case in the current standard. required and several copies of the same algorithm can be
executed independently which implies that the underlying
physical device is supposed to be infinitely fast. A software

178
tool named Verification Environment for Distributed resource-level model in accordance with this approach will
Application (VEDA) [24] also evolved during this work be composed of the combinations of modules corresponding
which consists of a graphical editor for SNS models, a plant- to the FBs of that resource along with a timed automata
controller closed-loop simulation environment and a model modeling a non preemptive and stochastic scheduler which
checker. With the use of embedded model checker of VEDA then further restricts the verifiable model to be of an
and/or renowned SESA tool it is possible to verify whether application where FBs cannot operate concurrently. This
liveness, guaranteed response to the event inputs, model further assumes a single scheduler to handle the
reversibility to start states in the ECC and certain safety execution of FBs residing on different resources and in that
specifications are fulfilled. Further outcomes of this formal case the SIFBs are modeled simply through approximate
analysis approach are elucidated in [25], [26], [27]. Still the time delays. On the whole the proposed approach has shown
approach does not explain how to model the SIFB elements a different direction in the realm of formal analysis of IEC
as well as the communication model among the resources 61499 but the assumptions could restrict its application in
within an application. real-life distributed application scenarios for which the IEC
Wurmus, H. and Wagner, B. in [28] presented a Petri net 61499 standard could be of distinct advantage. During this
based modeling approach. Their model deals with events work a tool has been developed for automatic transformation
only and proposed that data could be integrated either of IEC 61499 application to Uppaal [32] compliant timed
employing the variant of Petri net called Signal Interpreted automata models so that formal verification regarding causal
Petri Net (SIPN) or tokens embodying data elements. Later liveness (a particular output event is deterministically
Hagge, N. and Wagner, B. contrived to formulate a model of following the occurrence of a corresponding input event)
IEC 61499 in terms of CNet (Component Net) [29]. CNet is and safety in terms of overall liveness.
characterized by concise interface description and PNet, a Schnakenbourg, C. et al proposed another formal analysis
variant of colored Petri net is then used to model the model [33] based on the synchronous language SIGNAL
behavior of the component that CNet portrays. The CNet [34]. The idea is to remark the similarities between SIGNAL
based modeling does not model the ECC with strict process diagrams and IEC 61499 FB diagrams and thus
correspondence and due to the encapsulation of data into model the IEC 61499 compliant application in terms of the
tokens requires additional PNet elements for realizing SIGNAL language and then to verify it through the SILDEX
connections into FB networks. But a better correspondence tool. In this model more concern was on the event handling
of IEC 61499 to CNet model could enable twofold but an elaborate solution for dealing with the ECC, or for
advantages, firstly, this will enable the use of formal dealing with resources in distributed applications etc.
verification methods (i.e. reachability, liveness) formulated remained unaddressed. Moreover, the model deals with
for CNet and secondly, it will offer an easier way of logical time mainly due to its compliance with the SILDEX
transforming IEC 61499 models into java-based tool, but it is presupposed that it is possible to map it to
implementations. physical time giving the logical clock spans a real value. The
Stanica, M. and Guéguen, H. contrived a formal modeling SILDEX tool can then be used to perform verification of
concept for IEC 61499 in terms of timed automata. They certain safety properties, for example, when the emergency
introduced a modular modeling concept which assigns to button is pressed whether certain overall states are reached
each FB a set of timed automata. The automata that models or not etc.
the ECC is certainly at the kernel of this set and is Zhang, W. et al proposed a distinctive approach regarding
augmented by those relating to the event inputs and two formal modeling of IEC 61499 applications which employs
further ones for synchronization [30], [31]. The model Finite State Machines (FSM) [35]. The primary concern of
presupposes abstraction of data-flow in the FB network and the work was to form FSM models of the FBs so as to
consequently hinders the inclusion of data value based EC perform verification using available FSM-based tools. The
transitions and forces to abstract also the algorithm presented example in [35] shows the translation of a basic
execution and hence represents it in the automata in terms of FB’s ECC to FSM and then connectedness of the FSM (in
pre-calculated minimal and maximal execution times. the sense of automata theory) was attempted to be verified
Moreover, the event occurrences are handled such that as using an FSM based verification tool. The proposed concept
long as an FB is engaged in dealing with a particular event left complex considerations like multiple algorithms
input it memorizes the event inputs occurring meanwhile but attached to an EC state, simultaneous triggering of EC states
deletes the buffer as soon as the event processing is finished. and tool development for future research.
In case of parallel EC transitions it is assumed that only the
one preceding in the corresponding XML specification of IV. OPEN PROBLEMS
the FB will be triggered. These assumptions on event-
handling and prioritization of transitions certainly reduce the A. Execution Model
complexity of the resulting models but restrict its application The IEC 61499 standard does not exhaustively define an
to very simple IEC 61499-compliant applications. The execution model. This leaves ambiguousness in the actual

179
execution of an IEC compliant application. To derive a Additionally, a shared variable can only store a single value
formal model however, these ambiguities have to be whereas messages are generally queued.
resolved. As pointed out in [36] the standard practically
C. Data-Handling
allows 7 different execution models for a single resource.
The problem is further complicated if several resources are In all the approaches where not only the ECC but also the
allowed which is quite frequent in distributed systems. This underlying algorithm or even the controlled process is
means that it is not sufficient to add a scheduler to the model modeled, a further problem arises. Data connections in IEC
like it is done in [31]. Precisely, each resource needs its own 61499 FBs are associated with event connections. The
scheduling function and the possibility has to be taken into association of an event and a data connection means that the
account that these schedulers work in different modes, for data is read into the FB at the moment the event is received.
example, preemptive in one resource and non-preemptive in Afterwards the data value is kept on this stored snapshot
another. Assuming that the single FBs (or as a more abstract until the next event occurs. The standard is not really clear
attempt their ECCs) are modeled in some discrete event on when the data at a data connection is moved to the
formalism, the composition of these models to an overall internal buffer. There are at least two possible
model of the system has to be done in one of the three interpretations: (a) At the moment the event occurs at the
following ways, depending on the mapping of the FBs to event-input of the FB and (b) At the moment the event is
resources and the underlying scheduling function: “consumed” by the FB’s ECC.
a) Sequential: For FBs running in the same resource under Both of the interpretations may of course lead to different
a single-task (possible PLC-like) execution model. Note: dynamic behaviors. Moreover, independent from the chosen
even this simple case has an additional problem: unlike for solution to this ambiguity there is a much stronger problem
example in the FB Diagram of IEC 61131, 61499 does not in data handling. The process data handled by an IEC 61499
define an order of the constituent FBs in a diagram. Hence application can no longer be seen as an image of the process
here is another weak point that could lead to different at one point in time (as it was possible in the PLC era).
interpretations. Actually, different FBs may have images of the same part of
b) Synchronous: For FBs running in one resource under a a process that stem from different points in time (due to their
multi-tasking-system that realizes task switching times scheduling or their execution time).
which is very short compared to the execution times in the
application. In this case, it could be safely assumed that the V. CONCLUSIONS
algorithms run in parallel. IEC 61499 is the first attempt to introduce a truly event
c) Asynchronous: For FBs running on different resources based model in industrial applications. As with most new
where it is not possible to make an assumption like in the paradigms it will take some time before we see wide-spread
synchronous case. use of this technology. Anyway, this should pave the way
for many interesting utilizations of DES theory in real-world
B. Event-Handling
settings. The problem with IEC 61499 for formal modeling
Another aspect of the standard that needs further attention and analysis is the standard itself. It leaves too many points
is that of event handling and its physical implementation. undefined especially in the execution model, the event
The execution model along with the rules governing handling, and the data handling. To cope with this there
prioritization and acceptance of events and corresponding seems to be two solutions:
event queue management decides the behavior of the 1) To make assumptions on how the ambiguities in the
application. As pointed out in [37] the execution model standard should be resolved prior to building a formal
along with the implementation aspects offer the developer of model.
the IEC 61499 applications certain opportunities for picking 2) To build a formal model that is capable of representing
up a particular event handling rule. Moreover, the physical the FBs in an implementation independent way and add
realizations of the events are also an important separate models of corresponding implementation aspects
consideration. For example, there should be certain (schedulers, event-handlers, communication facilities).
differences among the events exchanged among the FBs of The first solution is the one taken by all known
same and different resources. A usual proposition could be approaches. It clearly reduces the complexity of the models.
to implement the event exchanges among the FBs of a However, the validity of the results depends on the actual
resource as shared variables and among those of different implementation of the system. A problem in some of the
resources as messages conforming to certain interaction current works is that the taken assumptions are either not
rules (i.e., XML schema, ontology etc.). stated clearly or that they are not presented as assumptions
For a corresponding formal model this difference will but as part of the standard. This makes it sometimes hard to
have certain consequences. While in the case of a shared see the clear impact of the work.
variable there is no transmission time, a communication link The second approach will lead to more generic solutions.
may induce delays that have to be considered in the model. Scheduling and communication as well as event-handling

180
are clearly aspects of the underlying system components [19] H.-M. Hanisch, J. Thieme, A. Lüder and O. Weinhold, “Modeling of
PLC behavior by means of timed net condition/event systems,” in
(hardware, OS, and function block runtime environment). Proc. Intl. Conf. on Emerging Technologies and Factory Automation
Unfortunately not all those aspects are well documented. (ETFA’ 97), Los Angeles, USA, 1997, pp. 361–396.
In either case, IEC 61499 offers many interesting research [20] L.E. Pizon, H.-M. Hanisch and M.A. Jafari, “Sequential specifications
modeling with temporal logic and net/condition event systems,” in
opportunities with the potential of theoretical advances
Proc. Intl. Workshop on Discrete Event Systems (WODES’ 98),
combined with practical relevance. Cagliari, Italy, 1998, pp. 414–419.
[21] H.-M. Hanisch and M. Rausch, “Synthesis of supervisory controllers
REFERENCES based on a novel representation of condition/event systems,” in Proc.
IEEE Intl. Conf. on Systems, Man and Cybernetics (SMC’95),
[1] A. Tharumarahah, “From Fractals and Bionics to Holonics,” in Agent- Vancouver, Canada, 1995, pp. 3069–3074.
Based Manufacturing, S.M. Deen, Ed. Heidelberg: Springer-Verlag, [22] V. Vyatkin and H.-M. Hanisch, “A Modeling approach for
2003, pp. 11–30. Verification of IEC 61499 Function Blocks using Net Condition/Event
[2] R. Lewis, Modelling control systems using IEC 61499, London, Systems,” in Proc. IEEE Conf. on Emerging Technologies in Factory
United Kingdom: The Institution of Electrical Engineers, 2001. Automation (ETFA’99), Barcelona, Spain, 1999, pp. 261–270.
[3] IEC 61499-1: Function Blocks – Part 1: Architecture, IEC Standard, [23] V. Vyatkin and H.-M. Hanisch, “Modeling of IEC 61499 function
2005. blocks – a clue to their verification,” in Proc. XI Workshop on
[4] K. H. John and M. Tiegelkamp, IEC 61131-3: Programming Supervising and Diagnostics of Machining Systems, Wroclaw, 2000.
Industrial Automation Systems, Heidelberg: Springer-Verlag, 2001. [24] V. Vyatkin and H.-M. Hanisch, “Software Environment for
[5] IEC 61804-2: Specification of FB concept and Electronic Device Automated Verification of Distributed Industrial Controllers
Description Language (EDDL), IEC Standard, 2004. Following IEC611499,” in Proc. XII. Workshop on Supervising and
[6] K. Thramboulidis, “IEC 61499 in Factory Automation”, in Proc. IEEE Diagnostics of Machining Systems, Karpacz, Poland, 2001, pp. 62–72.
Intl. Conf. on Industrial Electronics, Technology and Automation [25] V. Vyatkin, H.-M. Hanisch, P. Starke and S. Roch, “Formalisms for
(CISSE-IETA’05), Bridgeport, USA, 2005. Verification of Discrete Control Applications on Example of IEC
[7] J.H. Christensen, “Design Patterns for System Engineering with IEC 61499 Function Blocks,” in Proc. Fachtagung Verteilte
61499,” in Proc. Fachtagung Verteilte Automatisierung, Magdeburg, Automatisierung, Magdeburg, Germany, 2000, pp. 72–79.
Germany, 2000, pp. 63–71. [26] V. Vyatkin and H.-M. Hanisch, “Bringing the Model-Based
[8] X. Cai, V. Vyatkin and H.-M. Hanisch, “Design and Implementation Verification of Distributed Control Systems into the Engineering
of a Prototype Control System According to IEC 61499,” in Proc. Practice,” in Proc. 6th IFAC Workshop on Intelligent Manufacturing
IEEE Conf. on Emerging Technologies in Factory Automation Systems, Poznan, Poland, 2001, pp. 152–157.
(EFTA’03), Lisbon, Portugal, 2003, pp 269–276. [27] V. Vyatkin and H.-M. Hanisch, “Verification of distributed control
[9] K. Thramboulidis, “Using UML in Control and Automation: A Model systems in intelligent manufacturing,” Journal of Intelligent
Driven Approach,” in Proc. 2nd Intl. Conf. on Industrial Informatics Manufacturing 1/2003, pp. 123–136.
(INDIN’04), Berlin, Germany, 2004, pp 277–282. [28] H. Wurmus and B. Wagner, “IEC 61499 konforme Beschreibung
[10] K. Thramboulidis, “Model-Integrated Mechatronics-Toward a New verteilter Steuerungen mit Petri-Netzen,” in Proc. Fachtagung
Paradigm in the Development of Manufacturing System,” IEEE Verteilte Automatisierung, Magdeburg, Germany, 2000.
Transaction on Industrial Informatics, vol. 1. no .1 pp 54–61, Feb., [29] N. Hagge and B. Wagner, “A New Function Block Modeling
2005. Language Based on Peti Nets for Automatic Code Generation,” IEEE
[11] V. Dubinin and V. Vyatkin, “UML-FB – A Language for Modeling Transactions on Industrial Informatics, vol. 1, no. 4, pp. 226–237.
and Implementation of Industrial Process Measurement and Control [30] M. Stanica and H. Guéguen, “A Timed Automata Model of IEC 61499
System on the Basis of IEC 61499 Standard,” in Proc. 6th Intl. Conf. of Basic Function Blocks Semantic,” in Proc. Euromicro European
Science and Technology (NITS’04), Penza, Russia, 2004, pp. 77–83. Conf. on Real-Time Systems (ECRTS'03), Porto, Portugal, 2003.
[12] V. Dubinin and V. Vyatkin, “Engineering of Validatable Automation [31] M. Stanica and H. Guéguen, “Using Timed Automata for the
Systems Based on an Extension of UML Combined with Function Verification of IEC 61499 Application,” in Proc. Intl. Workshop On
Blocks of IEC 61499,” in Proc. IEEE Intl. Conf. on Robotics and Discrete Event Systems (WODES’04), Reims, France, 2004.
Automation (ICRA’05), Barcelona, Spain, 2005, pp. 4007–4012. [32] J. Bengtsson, K. G. Larsen, F. Larsson, P. Pettersson and W. Yi,
[13] T. Heverhagen, R. Tracht and R. Hirschfeld, “A Profile for Integrating “Uppaal - a Tool Suite for Automatic Verification of Real-Time
Function Block into the Unified Modeling Language,” in Proc. Intl. Systems,” in Proc. 4th DIMACS Workshop on Verification and
Workshop on Specification and Validation of UML models for Real Control of Hybrid Systems, New Jersey, USA, 1995, pp. 232–243.
Time and Embedded System (SVERTS’03), San Francisco, California, [33] C. Schnakenbourg, J.-M. Faure and J.-J. Lesage, “Towards IEC 61499
2003. Function Blocks Diagrams Verification”, in Proc. IEEE Conf. on
[14] S. Panjaitan and G. Frey, “Designing Generic/Reusable Functionality Systems, Man and Cybernetics (SMC 2002), Hammamet, Tunisia,
Based Controllers for Distributed Control using UML,” in Proc. IEEE 2002.
Intl. Conf. on Robotics and Automation (ICRA 2006), Orlando, [34] P. Leguernic, M. Leborgne, T. Gautier and C. Lemaire, “Programming
Florida, 2006, to be published. real-time applications with SIGNAL,” in Proceedings of the IEEE,
[15] S. Panjaitan; T. Hussain and G. Frey, “Development of re- vol. 79, no. 9, pp. 1321–1336.
configurable distributed Controllers in 61499 based on Task [35] W. Zhang, C. Diedrich and W.A. Halang, “Module and Integration
Schedules described by UML diagrams or Gantt Charts,” in Proc. 3rd Verification for Function Block-based Safety-related System
Intl. IEEE Conf. on Industrial Informatics, INDIN 2005, Perth, Development,” in Proc. 2nd Intl. Conf. on Industrial Informatics
Australia, 2005. (INDIN’04), Berlin, Germany, 2004, pp 210–215.
[16] G. Frey and L. Litz, “Formal methods in PLC programming,” in Proc. [36] L. Ferrarini and C. Veber, “Implementation approaches for the
IEEE Conf. on Systems, Man and Cybernetics (SMC 2000), Nashville, execution model of IEC 61499 applications”, in Proc. 2nd Intl. Conf.
USA, 2000, pp. 2431–2436. on Industrial Informatics (INDIN’04), Berlin, Germany, 2004, pp
[17] M. Bani Younis and G. Frey, “Formalization of existing PLC 612–617.
programs: A Survey,” in Proc. IMACS Multiconference in [37] W. E. Rumpl, F. Auinger, C. Dutzler and A. Zoitl, “Platforms for
Computational Engineering in Systems Applications (CESA’03), Lille, scalable flexible automation considering the concepts of IEC 61499,”
France, 2003. in Proc. IFIP/IEEE Intl. Conf. on Information Technology for
[18] S. Lampérière-Couffin, O. Rossi, J.-M. Roussel and J.-J.Lesage, Balanced Automation Systems in Manufacturing and Services,
“Formal Validation of PLC Programs: A Survey” in Proc. European Cancun, Mexico, 2002, pp. 237–246
Control Conference (ECC99), Karlsruhe, Germany, 1999, paper 741.

181