Static Code Analysis in CI/CD using Lizard

Share Info & Ideas How-To & Wikis
1

Static Code Analysis in CI/CD for Structured Text

To raise the quality and maintainability of our B&R projects, we integrated Lizard, a static code analysis tool, into our CI/CD pipeline.

We found it really useful for keeping our code maintainable, and thought it might be interesting for other developers here, who struggle with an ever growing code base.

Even though we are not affiliated with Lizard, we made some contributions for supporting Structured Text. This allowed us to apply it on our whole code base, which is on large parts written in ST.

Why Static Analysis?

Unlike testing, static analysis inspects code without executing it. This means potential issues are caught early and automatically:

  • Functions with high cyclomatic complexity (CCN) or high nesting depth (ND) are flagged before they become unmaintainable.

  • Duplicate code blocks are detected, encouraging refactoring and reuse.

  • Quality metrics are tracked consistently over time.

Example Test Report

================================================
  NLOC    CCN   ND   token  PARAM  length  location
----------------------------------------------------
     35    12    6     120      3      50  src/MotionControl.st:func_MoveAxis()
     20     4    2      80      2      25  src/Sensor.st:func_CheckLimits()
================================================

  • CCN=12 β†’ function has a high branching complexity, should be refactored.

  • ND=6 β†’ deep nesting, code may be hard to follow and maintain.

  • CCN=4 / ND=2 β†’ acceptable, no action needed.

Integration in CI/CD

We already implemented a CI/CD pipeline, which basically executes the following steps if a developer commits some new code:

  1. Build & test: Execute all Unit Tests and report failure.

  2. Code Linter: Checks Spelling, formatting, etc.

  3. Static analysis with Lizard: Report complexity and code duplicates.

This ensures immediate feedback for the developer and enforces at least a minimum of code quality.

Looking for Insights

We would be interested to hear from your experiences with similar tools:

  • Do you already use static code analysis in your PLC projects?

  • Have you tried other tools that work well with Structured Text?

  • Any lessons learned or best practices to share?

11 Likes
2

Very interesting.

Since you mentioned code linting. What tools do you you use for that purpose?

3

Hi Lukas

Thanks for sharing a used tool. For code formatting we are using AStyle for code formatting and CppCheck for static code analysis.
Both integrated in our CI/CD process.

Cheers
Patrick

4

Hi Martin,

depending on the project, we use cspell for grammar and pre-commit for handling file/line endings and trailing whitespaces, but also various self made stuff e. g. for sorting structures alphabetically, enforcing naming conventions and so on.

Also, for specific library functions where references are passed via UDINT, the correct address resolution via & is checked to avoid some pitfalls we encountered with this in the past.

5

Hi Patrick,

AStyle looks quite interesting!

I assume you got a codebase of mostly c then, or did you find it useful for structured text as well?

6

Hi Lukas

You assumed correct ;-).
Our codebase is completely written in C so therefore i don’t know if the tool is suitable for a mixed or ST codebase you.

Cheers
Patrick

1 Like