C-STAT – Static code Analysis

For more information:

Ohad Beit-On

ohad@sightsys.co.il

054-2584032

C-STAT Static analysis

C-STAT performs advanced analysis of your C/C++ code and finds potential issues.

It helps you improve your code quality as well as prove alignment with standards such as MISRA C:2012.

Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.

Key features

  • Analysis of C and C++ code
  • Checks compliance with rules as defined by MISRA C:2004, MISRA C++:2008 and MISRA C:2012
  • Includes approximately 250 checks mapping to hundreds of issues covered by CWE and CERT C/C++
  • Intuitive and easy-to-use settings
  • Flexible rule selection on rule-set level as well as on individual rule level
  • Fully integrated with the IAR Embedded Workbench IDE
  • Comprehensive and detailed error information
  • Fast execution
  • Available as an add-on product for:
    IAR Embedded Workbench for ARM, from version 7.40
    IAR Embedded Workbench for MSP430, from version 6.30
    IAR Embedded Workbench for AVR32, from version 4.30

 

C-STAT Demo

 

 

Working with C-STAT and C-RUN in IAR Embedded Workbench

 

 

FAQ

What is static analysis?

Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.

What kind of issues with my code can I find by using C-STAT?

C-STAT checks for a wide range of known issues in C/C++ code. The analysis finds such things as buffer overflows, memory leaks, and null pointer dereferences. In total, the tool includes hundreds of checks that maps to issued covered by CWE and CERT C/C++.

What is CWE and CERT C/C++?

CWE, the Common Weakness Enumeration, is a community-developed dictionary of software weakness types. CWE provides a unified, measurable set of software weaknesses in order to better understand and manage them and to enable efficient software security tools and services that can find them. Read more at cwe.mitre.org

The CERT C/C++ Secure Coding Standards are standards published by the Computer Emergency Response Team (CERT) providing rules and recommendations for secure coding in the C/C++ programming languages. More information is available at www.cert.org

Do I need to a full working build in order to run C-STAT or can I use it to analyze individual files?

You do not need a full build of your project to run C-STAT. In fact, you do not need to build your project at all before checking your code, since C-STAT operates on the source code level. C-STAT can be used to check files individually, in addition to analyzing the entire project.

Can I run C-STAT from the command line?

Yes.

Does C-STAT support both C and C++?

Yes.

Which architectures does C-STAT support?

Currently, C-STAT is available for all supported cores in IAR Embedded Workbench for ARM, and for Texas Instruments MSP430.

Where can I find more information about all the checks that C-STAT performs?

This information is available in C-STAT user guide

.

 

Compilers for C/C++Real Time Operating SystemsDebuggers & JTAG EmulatorsEvaluation Boards & Starter KitsMiddleware & SW componentsHW Testing solutions – Boundary-Scan (JTAG) & FunctionalProtocol and Bus Analyzers & StimulatorsHome of CANopen, EtherCAT, PowerLink, ProfiNet– SW Protocols, devices & SolutionsIn-Circuit/Parallel Engineering & Production Device Programmers (Flash/EPROMs/CPLDs…)Video & Audio SW CODECs components

For more information: Ohad Beit-On ohad@sightsys.co.il 054-2584032