- REF: GMP (Good Manufacturing Practice) | GAMP 5 (Guide for Validation of Automated Systems)| 21 CFR Part 11 | IEC 25010
5 Reasons why Static Analysis of PLC Programming is Important
Static analysis is just as important as functional analysis when it comes to your PLC programs. Yet, the availability and use of static analysis tools in industry for PLC code is limited. In other domains, such as embedded systems and computer science, static analysis tools are more common and used more intensively. If static analysis is essential in other domains, then there must be a reason for this.
Static analysis, or verification testing, is the assessment of the source code in a non-runtime environment. This type of analysis looks at details such as the conformity with a coding standard or set of rules, the syntax of the code and code optimization. This white-box testing should take place during the development stage to check for any errors and to ensure that the program is of quality before deployment.
So, what are the advantages of static analysis for PLC programming?
1) PLC Programming Quality
One of the most important aspects of a PLC program is its quality, since it is a starting point for many other properties, including: maintainability, efficiency, reliability, and readability. To put it simply, a high-quality program is easier to maintain, more efficient, more reliable, and easier to read; all essential characteristics of software. There are also some IEC standards which cover software quality, such as IEC 25010, which require that programs encompass the properties mentioned above. But what is especially important for industry is the fact that poor quality code could lead to financial losses and time wasted during maintenance or due to the need to make modifications.
The use of static analysis during the development process can greatly improve the quality of PLC programs. To check for and fix bugs from an early stage creates a better quality code from the outset, as well as being quicker and cheaper to do at this stage. Furthermore, PLCs have a long useful life, therefore it is important that the quality is good from the beginning to avoid the need for constant maintenance.
2) More secure PLC code
Static code analysis can be used to verify the complexity and structure of the code. The more complex the code, the less it is secure, therefore it is necessary to make sure that your code is not too complex. This is particularly important for PLC programs since they are often used in safety critical environments. In these environments, the systems need to be as robust as possible to prevent any potentially dangerous issues.
Furthermore, many of the standards regarding the development of secure code, such as GAMP® 5 for pharmaceutical and IEC 61508 for electronic devices, recommend or require static analysis as a safety measure. Static analysis is especially useful for these regulated industries not just for confirming that the code is secure, but also because other information from the analysis can be used to support compliance documentation that will be created for the certification bodies.
3) Save money
Using static analysis as a preventative measure at the development stage can save money down the line. Firstly, bugs are cheaper and easier to fix during development rather than once the software has been deployed, thus it is worth taking the time at this point. Secondly, if there are no bugs in the code and the code is qualitative, then this means that any maintenance work should be easier, since the program should be fairly easy to understand even for someone who has never worked with it before, and therefore quicker to update. Less time spent maintaining the PLC program means less money spent on a maintenance engineer.
Additionally, if you maintain a lot of different PLCs, static analysis can help to keep them consistent which again makes maintenance easier and thus quicker and cheaper.
4) Formalize PLC program development processes
Safety is often critical for PLCs, thus the application of formal processes such as testing by static analysis is necessary to ensure a more robust and reliable system. Static analysis could be used as a regular part of the development process to evaluate the progress at different stages and to fix any bugs as the program moves forward. This is easier and more efficient than leaving it all till the end of development.
Another advantage is that it promotes the sharing of good practices which aids a better integration of new developers and can make relationships with system integrators easier when outsourcing code. Formalizing the development process in such a way is also important in order to reach a higher maturity level on the CMMI (Capability Maturity Model Integration) scale.
5) More comprehensive than functional analysis
Static analysis allows a program to be reviewed in greater detail because it analyses the entire source code rather than just testing the functionalities of the code. It also tends to be less costly than functional analysis. However, this does not mean that functional analysis is not important. For example, dynamic analysis tends to be used for testing if there are any issues once the software has already been released. For the best results, both static and functional analysis should be used to test your PLC programs. Bani Younis and Frey summarizes the difference between the two types of analysis nicely: “validation [dynamic analysis] is concerned with building the right product, and verification [static analysis] is concerned with building the product right.” 
The need for better development methods is increasing as PLC programs become bigger and more complex. Static analysis is a simple verification technique to integrate into the development process that is efficient and cost-effective, especially when automated. As seen above, not only does it help to improve the quality of the code and simplify the maintenance, it also reduces development and maintenance time and brings lower costs for the long term.
 Bani Younis, M.; Frey, G.: Formalization of Existing PLC Programs: A Survey. Proceedings of CESA 2003, Lille (France), Paper No. S2-R-00-0239, July, 2003.
Robyn Buckland is the International Marketing and Communication Manager at Itris Automation. Itris Automation is a software engineering company that provides development tools for the verification, conversion and documentation of PLC codes. They help companies improve their PLC development processes in order to deliver higher quality programs in shorter time frames. For more information, please go to https://www.itris-automation.com .