Static analysis tool completely integrated with IAR Embedded Workbench, helping you to ensure code quality in your application.


Static analysis of C and C++ code

Static analysis helps you to find potential issues in your code by doing an analysis on the source code level.


Check code compliance with standards

C-STAT includes almost 700 checks in total, some comply with rules as defined by MISRA C:2012, MISRA C++:2008 and MISRA C:2004 and more than 250 checks mapping to issues covered by CWE. In addition, it checks compliance with the coding standard CERT C for secure coding.


Flexible, detailed and fast

C-STAT executes fast and provides you with comprehensive and detailed error information. You don't need to worry about complex tool setup and struggle with language support and general build issues.


Integrated with IAR Embedded Workbench

C-STAT is completely integrated in the IAR Embedded Workbench IDE and enables you to easy ensure code quality in your daily development flow. It's available for most IAR Embedded Workbench products.

Demos of C-STAT

Implement secure coding with SEI CERT C

In this video, Michael Fuhrmann shows you how using the CERT C coding standards can help you improve security, safety and reliability in your projects.

Find code defects before they get into the field

In this video, Shawn Prestridge goes through the different coding standards available and how avoiding common mistakes helps getting your devices ready to deploy quicker.

PDF datasheet

Details about C-STAT

This datasheet provides you with all information needed about C-STAT, so you can easily learn what's included and share it with your colleagues.

Download datasheet

Want to know more about this product?

We are present worldwide to help you wherever you are, and we are happy to answer any questions you might have about our products.


What is static analysis?

Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.

What kind of issues with my code can I find by using C-STAT?

C-STAT checks for a wide range of known issues in C/C++ code. The analysis finds such things as buffer overflows, memory leaks, and null pointer dereferences. In total, the tool includes hundreds of checks that maps to issues covered by CWE and CERT C/C++. C-STAT covers all rules in the different CERT C sections listed at the CERT C wiki as of January 2020, with the exception of the API, CON, POS and WIN sections which are not applicable to our products, yielding a total of 90 covered rules.

What is CWE and CERT C/C++?

CWE, the Common Weakness Enumeration, is a community-developed dictionary of software weakness types. CWE provides a unified, measurable set of software weaknesses in order to better understand and manage them and to enable efficient software security tools and services that can find them. Read more at cwe.mitre.org

The CERT C/C++ Secure Coding Standards are standards published by the Computer Emergency Response Team (CERT) providing rules and recommendations for secure coding in the C/C++ programming languages. More information is available at www.cert.org

Do I need to a full working build in order to run C-STAT or can I use it to analyze individual files?

You do not need a full build of your project to run C-STAT. In fact, you do not need to build your project at all before checking your code, since C-STAT operates on the source code level. C-STAT can be used to check files individually, in addition to analyzing the entire project.

Can I run C-STAT from the command line?


Does C-STAT support both C and C++?


Where can I find more information about all the checks that C-STAT performs?

This information is available in the user guide (PDF).

Get quote

Want to use this product in your development projects? Our sales team is here to guide you to the right solution for you. Complete this form and we will get back to you with a price quote tailored for your needs. We look forward to your request!

* read our Privacy policy

We do no longer support Internet Explorer. To get the best experience of iar.com, we recommend upgrading to a modern browser such as Chrome or Edge.