Overview and description (Rules)

Check strict IEC rules The checks under the node "Check strict IEC rules" determine functionalities and data types that are allowed in TwinCAT, in extension of IEC61131-3.

Checking concurrent/competing access The following rules exist on this topic: SA0006: Write access from several tasks Determines variables with write access from more than one task. SA0103: Concurrent access on not atomic data Determines non-atomic variables (for example with data types STRING, WSTRING, ARRAY, STRUCT, FB instances, 64-bit data types) that are used in more than one task.   Please note that only direct access can be recognized. Indirect access operations, for example via pointer/reference, are not listed. Please also refer to the documentation on the subject "Multi-task data access synchronization in the PLC", which contains several notes on the necessity and options for data access synchronization.

Parameterizable rules

Please note that some rules can be parameterized and, for example, limits can be set individually. You can configure the parameters to be taken into account in the respective check by double-clicking on the row of the corresponding rule in the rule configuration (PLC project properties > "Static Analysis" category > "Rules" tab). You can set the control parameters in the dialog that opens. The currently configured parameters are displayed in the "Limits" column of the control configuration.

The following rules can be parameterized:

• SA0100: Variables greater than <n> bytes
• SA0101: Names with invalid length
• SA0166: Maximum number of input/output/VAR_IN_OUT variables
• SA0178: Cognitive complexity
• SA0179: Coupling between objects
• SA0181: Forbidden symbols

List unused objects

• SA0031: Unused signatures
• SA0032: Unused enumeration constants
• SA0033: Unused variables
• SA0035: Unused input variables
• SA0036: Unused output variables

Conversions

• SA0019: Implicit pointer conversions
• SA0130: Implicit expanding conversions
• SA0133: Explicit narrowing conversions
• SA0134: Explicit signed/unsigned conversions

Usage of direct addresses

• SA0005: Invalid addresses and data types
• SA0047: Access to direct addresses
• SA0048: AT declarations on direct addresses

Rules for operators

• SA0051: Comparison operations on BOOL variables
• SA0052: Unusual shift operation
• SA0053: Too big bitwise shift
• SA0054: Comparisons of REAL/LREAL for equality/inequality
• SA0055: Unnecessary comparison operations of unsigned operands
• SA0056: Constant out of valid range
• SA0057: Possible loss of decimal points
• SA0058: Operations of enumeration variables
• SA0059: Comparison operations always returning TRUE or FALSE
• SA0060: Zero used as invalid operand
• SA0061: Unusual operation on pointer
• SA0062: Expression is constant
• SA0063: Possibly not 16-bit-compatible operations
• SA0064: Addition of pointer
• SA0065: Incorrect pointer addition to base size
• SA0066: Use of temporary results

Rules for statements

• SA0090: POUs should have a only one exit point

FOR statements:

• SA0072: Invalid uses of counter variable
• SA0073: Use of non-temporary counter variable
• SA0081: Upper border is not a constant

CASE statements:

• SA0075: Missing ELSE
• SA0076: Missing enumeration constant
• SA0077: Enumeration type mismatch with CASE expression
• SA0078: Missing CASE branches

Check strict IEC rules

• SA0111: Pointer variables
• SA0112: Reference variables
• SA0113: Variables with data type WSTRING
• SA0114: Variables with data type LTIME
• SA0115: Declarations with data type UNION
• SA0117: Variables with data type BIT
• SA0119: Object-oriented features
• SA0120: Program calls
• SA0121: Missing VAR_EXTERNAL declarations
• SA0122: Array index defined as expression
• SA0123: Usages of INI, ADR or BITADR
• SA0147: Unusual shift operation - strict
• SA0148: Unusual bit access - strict

Rules for initializations

• SA0118: Initializations not using constants
• SA0124: Dereference access in initializations
• SA0125: References in initializations

Possible use of uninitialized variables

• SA0039: Possible null pointer dereferences
• SA0046: Possible use of not initialized interfaces
• SA0145: Possible use of not initialized references

Metrics

• SA0178: Cognitive complexity
• SA0179: Coupling between objects

More rules

• SA0001: Unreachable code
• SA0002: Empty objects
• SA0003: Empty statements
• SA0004: Multiple write access on output
• SA0006: Write access from several tasks
• SA0007: Address operators on constants
• SA0008: Check subrange types
• SA0009: Unused return values
• SA0010: Arrays with only one component
• SA0011: Useless declarations with only one component
• SA0012: Variables which could be declared as constants
• SA0013: Declarations with the same variable name
• SA0014: Assignments of instances
• SA0015: Access to global data via FB_init
• SA0016: Gaps in structures
• SA0017: Non-regular assignments to pointer variables
• SA0018: Unusual bit access
• SA0020: Possibly assignment of truncated value to REAL variable
• SA0021: Transporting the address of a temporary variable
• SA0022: (Possibly) unassigned return value
• SA0023: Complex return values
• SA0024: Untyped literals
• SA0025: Unqualified enumeration constants
• SA0026: Possible truncated strings
• SA0027: Multiple usage of name
• SA0028: Overlapping memory areas
• SA0029: Notation in code different to declaration
• SA0034: Enumeration variables with incorrect assignment
• SA0037: Write access to input variable
• SA0038: Read access to output variable
• SA0040: Possible division by zero
• SA0041: Possibly loop-invariant code
• SA0042: Usage of different access paths
• SA0043: Use of a global variable in only one POU
• SA0044: Declarations with reference to interface
• SA0095: Assignments in conditions
• SA0102: Access to program/fb variables from the outside
• SA0103: Concurrent access on not atomic data
• SA0105: Multiple instance calls
• SA0106: Virtual method calls in FB_init
• SA0107: Missing formal parameters
• SA0140: Statements commented out
• SA0150: Violations of lower or upper limits of the metrics
• SA0160: Recursive calls
• SA0161: Unpacked structure in packed structure
• SA0162: Missing comments
• SA0163: Nested comments
• SA0164: Multi-line comments
• SA0167: Report temporary FunctionBlock instances
• SA0168: Unnecessary assignments
• SA0169: Ignored outputs
• SA0170: Address of an output variable should not be used
• SA0171: Enumerations should have the 'strict' attribute
• SA0172: Possible attempt to access outside the array limits
• SA0175: Suspicious operation on string
• SA0180: Index range does not cover the entire array