C-STAT Static analysis

C-STAT Static analysis

C-STAT performs advanced analysis of your C/C++ code and finds potential issues. It helps you improve your code quality as well as prove alignment with standards such as MISRA C:2012.

Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.

Key features

FAQ

What is static analysis?

Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.

What kind of issues with my code can I find by using C-STAT?

C-STAT checks for a wide range of known issues in C/C++ code. The analysis finds such things as buffer overflows, memory leaks, and null pointer dereferences. In total, the tool includes hundreds of checks that maps to issued covered by CWE and CERT C/C++.

What is CWE and CERT C/C++?

CWE, the Common Weakness Enumeration, is a community-developed dictionary of software weakness types. CWE provides a unified, measurable set of software weaknesses in order to better understand and manage them and to enable efficient software security tools and services that can find them. Read more at cwe.mitre.org

The CERT C/C++ Secure Coding Standards are standards published by the Computer Emergency Response Team (CERT) providing rules and recommendations for secure coding in the C/C++ programming languages. More information is available at www.cert.org

Do I need to a full working build in order to run C-STAT or can I use it to analyze individual files?

You do not need a full build of your project to run C-STAT. In fact, you do not need to build your project at all before checking your code, since C-STAT operates on the source code level. C-STAT can be used to check files individually, in addition to analyzing the entire project.

Can I run C-STAT from the command line?

Yes.

Does C-STAT support both C and C++?

Yes.

Where can I find more information about all the checks that C-STAT performs?

This information is available in the user guide (PDF).

Static analysis in IAR Embedded Workbench

C-STAT is completely integrated in the IDE. See how easy it is to work with in this short demo.

Code Analysis in IAR Embedded Workbench for ARM

In this video, you get a demo of how to work with integrated code analysis in IAR Embedded Workbench for ARM. 

Landis+Gyr are using C-STAT

"C-STAT is easy to integrate into our development process and quickly indicates where errors or potential problems exist in the code."

© IAR Systems 1995-2016 - All rights reserved.