Abstract
Latent errors in control system software can be hard to detect through traditional testing techniques. Such errors, if left undetected, could manifest themselves as failures during run-time that could be potentially catastrophic and very expensive to fix. In this paper, we present a static code analysis approach to detect potential sources of such run-time errors during compile time itself, thus ensuring easy identification, safe execution and reducing the effort required during debugging. In order to detect run-time errors, the control system application is first parsed to generate a set of abstract syntax trees, which in turn are used to derive the control flow graph for the application. A hybrid algorithm, based on abstract interpretation and traditional data flow analysis techniques is used to check the control flow graph for type constraints, reachability and liveness properties. Additionally, the abstract syntax trees are used to check for datatype mismatches and compliance violations. A proof of concept prototype is implemented to demonstrate how the algorithm/approach can be used to analyze control applications developed using domain specific languages such as those complying with the IEC 61131-3 standard.