Static analysis tool completely integrated with IAR Embedded Workbench and IAR Build Tools, helping you to ensure code quality in your application.


Static analysis of C and C++ code

Static analysis helps you to find potential issues in your code by doing an analysis on the source code level.


Check code compliance with standards

C-STAT includes almost 700 checks in total, some comply with rules as defined by MISRA C:2012, MISRA C++:2008 and MISRA C:2004 and more than 250 checks mapping to issues covered by CWE. In addition, it checks compliance with the coding standard CERT C for secure coding.


Flexible, detailed and fast

C-STAT executes fast and provides you with comprehensive and detailed error information. You don't need to worry about complex tool setup and struggle with language support and general build issues.


Integrated with IAR Embedded Workbench

C-STAT is completely integrated in the IAR Embedded Workbench IDE and enables you to easy ensure code quality in your daily development flow. It's available for most IAR Embedded Workbench products.

Demos of IAR C-STAT

Implement secure coding with SEI CERT C

In this video, Michael Fuhrmann shows you how using the CERT C coding standards can help you improve security, safety and reliability in your projects.

Find code defects before they get into the field

In this video, Shawn Prestridge goes through the different coding standards available and how avoiding common mistakes helps getting your devices ready to deploy quicker.

PDF datasheet

Details about IAR C-STAT

This datasheet provides you with all information needed about IAR C-STAT, so you can easily learn what's included and share it with your colleagues.

Download datasheet

Want to know more?

We are present worldwide to help you wherever you are, and we are happy to answer any questions you might have about our products.


What is static analysis?

Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.

What kind of issues with my code can I find by using C-STAT?

C-STAT checks for a wide range of known issues in C/C++ code. The analysis finds such things as buffer overflows, memory leaks, and null pointer dereferences. In total, the tool includes hundreds of checks that maps to issues covered by CWE and CERT C/C++. C-STAT covers all rules in the different CERT C sections listed at the CERT C wiki as of January 2020, with the exception of the API, CON, POS and WIN sections which are not applicable to our products, yielding a total of 90 covered rules.

What is CWE and CERT C/C++?

CWE, the Common Weakness Enumeration, is a community-developed dictionary of software weakness types. CWE provides a unified, measurable set of software weaknesses in order to better understand and manage them and to enable efficient software security tools and services that can find them. Read more at cwe.mitre.org

The CERT C/C++ Secure Coding Standards are standards published by the Computer Emergency Response Team (CERT) providing rules and recommendations for secure coding in the C/C++ programming languages. More information is available at www.cert.org

Do I need to a full working build in order to run C-STAT or can I use it to analyze individual files?

You do not need a full build of your project to run C-STAT. In fact, you do not need to build your project at all before checking your code, since C-STAT operates on the source code level. C-STAT can be used to check files individually, in addition to analyzing the entire project.

Can I run C-STAT from the command line?


Does C-STAT support both C and C++?


Where can I find more information about all the checks that C-STAT performs?

This information is available in the user guide (PDF).

Does my IAR Embedded Workbench version support C-STAT?

Supported versions:

  • IAR Embedded Workbench for ARM, from version 7.40  
  • IAR Embedded Workbench for MSP430, from version 6.30
  • IAR Embedded Workbench for AVR32, from version 4.30
  • IAR Embedded Workbench for AVR, from version 6.60
  • IAR Embedded Workbench for RX, from version 2.80
  • IAR Embedded Workbench for V850, from version 4.20
  • IAR Embedded Workbench for CR16C, from version 3.30
  • IAR Embedded Workbench for STM8, from version 2.20
  • IAR Embedded Workbench for 8051, from version 9.30
  • IAR Embedded Workbench for RL78, from version 2.20
  • IAR Embedded Workbench for RH850, from version 1.30

Get quote

Want to use this product in your development projects? Our sales team is here to guide you to the right solution. Complete this form, and we will get back to you with a price quote tailored to your needs.

* read our Privacy policy

Det här innehållet finns tyvärr inte på svenska.

Vår webbplats finns främst på vårt koncernspråk engelska, förutom det innehåll för investerare som vi är lagstadgade att kommunicera på svenska. Vi rekommenderar att du besöker vår globala webbplats på engelska för att få en bättre upplevelse.

Vi stöder inte längre Internet Explorer. För att få bästa möjliga upplevelse av iar.com rekommenderar vi att du uppgraderar till en modern webbläsare som Chrome eller Edge.