C-STAT performs advanced analysis of your C/C++ code and finds potential issues.
It helps you improve your code quality as well as prove alignment with standards such as MISRA C:2012.
Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.
Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.
C-STAT checks for a wide range of known issues in C/C++ code. The analysis finds such things as buffer overflows, memory leaks, and null pointer dereferences. In total, the tool includes hundreds of checks that maps to issued covered by CWE and CERT C/C++.
CWE, the Common Weakness Enumeration, is a community-developed dictionary of software weakness types. CWE provides a unified, measurable set of software weaknesses in order to better understand and manage them and to enable efficient software security tools and services that can find them. Read more at cwe.mitre.org
The CERT C/C++ Secure Coding Standards are standards published by the Computer Emergency Response Team (CERT) providing rules and recommendations for secure coding in the C/C++ programming languages. More information is available at www.cert.org
You do not need a full build of your project to run C-STAT. In fact, you do not need to build your project at all before checking your code, since C-STAT operates on the source code level. C-STAT can be used to check files individually, in addition to analyzing the entire project.
Yes.
Yes.
Currently, C-STAT is available for all supported cores in IAR Embedded Workbench for ARM, and for Texas Instruments MSP430.
This information is available in C-STAT user guide (788 downloads) .