⚠️ Note: Development is on hold. More advanced analysis techniques are needed to cover real-world issues. Some companies are using the analyzer as it is, which is fine if they comply with the LGPL. But for serious results, consider collaborating with a skilled team dedicated to security tooling.📩 Contact: [email protected]
This project aims to implement an open source tool for static code analysis of IEC 61131-3 programs.
This tool currently supports Structured Text programming language, PLCOpen XML and SEL XML formats. It works with extended Structured Text dialect that is completely compatible with matiec transpiler.
If you find, that iec-checker
doesn't work with Structured Text extensions provided by your PLC vendor, please let me know. This can probably be easily implemented with some tweaks in the parser.
The following features are currently implemented:
- PLCOpen Guidelines checks:
- CP1: Access to a member shall be by name
- CP2: All code shall be used in the application
- CP3: All variables shall be initialized before being used
- CP4: Direct addressing should not overlap
- CP6: Avoid external variables in functions, function blocks and classes
- CP8: Floating point comparison shall not be equality or inequality
- CP9: Limit the complexity of POU code
- CP13: POUs shall not call themselves directly or indirectly
- CP25: Data type conversion should be explicit
- CP28: Time and physical measures comparisons shall not be equality or inequality
- L10: Usage of CONTINUE and EXIT instruction should be avoided
- L17: Each IF instruction should have an ELSE clause
- N3: Define the names to avoid
- Declaration analysis for derived types
- Intraprocedural control flow analysis: detection of unreachable code blocks inside the POUs
- Detection of unused variables
- Ability to integrate with other tools. Checker can dump its IR into a JSON file (
--dump
argument) and produce warnings in JSON format (--output-format-format json
). - Can be extended with plugins written in Python. See demo plugin that plots the control flow graph: cfg_plotter.py.
You can download the latest binary release for Linux and Windows x86_64 from GitHub releases.
Install the latest OCaml compiler and opam. Consider installation instructions at ocaml.org and opam.ocaml.org.
Then install the required dependencies:
opam install --deps-only . # first time only
Build and install the bin/iec_checker
binary:
make build
Install OCaml for Windows according to the installation guide. The graphic installer works well "out of the box".
Then open installed Cygwin shell, clone the repository and use the installation instructions from the "Linux" section.
There is also a convenient checker.py script that wraps OCaml binary and provide additional options like extended formatting support and running the Python plugins. The test suite is also written in Python and requires a Python interpreter with some additional packages.
Get Python 3 and install dependencies in the virtual environment:
virtualenv venv --python=/usr/bin/python3
source venv/bin/activate
pip3 install -r requirements.txt
pip3 install -r requirements-dev.txt
Then run unit tests:
make test
Check some demo programs written in Structured Text:
bin/iec_checker test/st/*.st
You can also use --help
argument to display help.