Static code analysis of IEC 61131-3 Programs: Comprehensive tool support and experiences from large-scale industrial application
|H. Prähofer, F. Angerer, R. Ramler, F. Grillenberger. Static code analysis of IEC 61131-3 Programs: Comprehensive tool support and experiences from large-scale industrial application. IEEE Transactions on Industrial Informatics, volume 13, number 1, pages 37-47, DOI 10.1109/TII.2016.2604760, 8, 2016.|
|Journal||IEEE Transactions on Industrial Informatics|
Static code analysis techniques examine programs without actually executing them. The main benefits lie in improving software quality by detecting problematic code constructs and potential defects in early development stages. Today, static code analysis is a widely used quality assurance technique and numerous tools are available for established programming languages like C/C++, Java, or C#. However, in the domain of PLC programming, static code analysis tools are still rare, although many properties of PLC programming languages are beneficial for static analysis techniques. Therefore, an approach and tool for static code analysis of IEC 61131-3 programs has been developed which is capable of detecting a range of issues commonly occurring in PLC programming. The approach employs different analysis methods, like pattern-matching on program structures, control flow and data flow analysis, and, especially, call graph and pointer analysis techniques. Based on results from an initial analysis project, where common issues for static analysis of PLC programs have been investigated, this paper illustrates adoption and extensions of analysis techniques for PLC programs and presents results from large-scale industrial application.