A Generic Static Analysis Framework for Domain-specific Languages

Software used to monitor and control operations within an automation system is defined using domain-specific languages. Latent errors in the control code, if left undetected, can lead to unexpected system failures compromising the safety and the security of the automation system. Traditional analysis techniques are insufficient to detect such errors as they do not cater specifically to the underlying domain-specific language. However, given the diversity of different automation domains, there is no standard platform for analysis of these languages. This paper proposes a generic static analysis framework for domain-specific languages used in the automation domain. The analysis approach exhaustively detects runtime errors in control code and ensures compliance to good programming practices. These runtime errors and coding violations are checked against abstract syntax trees and control flow graphs derived from the code. Data Flow Analysis (DFA), Abstract interpretation and pattern-based matching techniques are used to identify domain specific errors and coding violations for control languages.

[1]  Stefan Hauck-Stattelmann,et al.  Applying static code analysis on industrial controller code , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[2]  Agostino Cortesi Widening Operators for Abstract Interpretation , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[3]  F. Allen,et al.  Control flow analysis , 1970, Symposium on Compiler Optimization.

[4]  Ghulam Rasool,et al.  Multilingual source code analysis: State of the art and challenges , 2015, 2015 International Conference on Open Source Systems & Technologies (ICOSST).

[5]  Herbert Prähofer,et al.  Points-to analysis of IEC 61131-3 programs: Implementation and application , 2013, 2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA).

[6]  Stefan Hauck-Stattelmann,et al.  A static code analysis tool for control system software , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[7]  Víctor M. González Suárez,et al.  Applying Model Checking to Industrial-Sized PLC Programs , 2015, IEEE Transactions on Industrial Informatics.

[8]  Ulf Nilsson,et al.  A Comparative Study of Industrial Static Analysis Tools , 2008, SSV.

[9]  Sreeja Nair,et al.  A Static Analyzer for Industrial Robotic Applications , 2017, 2017 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[10]  Olaf Stursberg,et al.  Verification of PLC Programs Given as Sequential Function Charts , 2004, SoftSpez Final Report.

[11]  A. Miné Weakly Relational Numerical Abstract Domains , 2004 .

[12]  Yi Zhang,et al.  ROSRV: Runtime Verification for Robots , 2014, RV.

[13]  Ralf Huuck,et al.  Utilizing Static Analysis for Programmable Logic Controllers , 2014 .

[14]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[15]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[16]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[17]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[18]  Steven Dubowsky,et al.  On the Dynamic Analysis and Behavior of Industrial Robotic Manipulators With Elastic Members , 1983 .

[19]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[20]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[21]  Ralf Pinger,et al.  Automation of Formal Verification of PLC Programs Written in IL , 2007, VERIFY.