Points-to analysis of IEC 61131-3 programs: Implementation and application

Author

Angerer, Florian ; Prahofer, Herbert ; Ramler, Rudolf ; Grillenberger, Friedrich

Author_Institution

CD Lab. MEVSS, Johannes Kepler Univ. Linz, Linz, Austria

fYear

2013

fDate

10-13 Sept. 2013

Firstpage

1

Lastpage

8

Abstract

A call graph of a program represents the information which executable program element calls which other executable program elements. Based on the call graph, points-to sets can be computed, which represent the memory locations a reference variable can possibly point to. Call graph and points-to sets provide important information for static program analysis. This is especially true for PLC programs which heavily use pointer variables. However, due to the complexity of the algorithms, call graph and points-to analysis methods are not widely available in static analysis. In this paper, we present an approach for call graph and points-to analysis of IEC 61131-3 programs. We present the algorithm for computing call graph and points-to sets and its implementation in a tool environment, show several different application scenarios, and present first results from industrial application.

Keywords

IEC standards; directed graphs; program diagnostics; IEC 61131-3 programs; PLC programs; algorithms complexity; call graph; executable program element; memory locations; pointer variables; points-to analysis methods; points-to sets; static program analysis; Abstracts; Algorithm design and analysis; Context; IEC standards; Receivers; Resource management; Syntactics;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Technologies & Factory Automation (ETFA), 2013 IEEE 18th Conference on

Conference_Location

Cagliari

ISSN

1946-0740

Print_ISBN

978-1-4799-0862-2

Type

conf

DOI

10.1109/ETFA.2013.6648062

Filename

6648062