C-STAT, IAR’s static code analysis tool, catches potential issues early, automating code quality assurance and ensuring compliance with industry safety standards. Perfect for developers in automotive, medical, and other safety-focused sectors, C-STAT helps you deliver reliable, high-quality applications while saving time and keeping your code rock-solid.
01
Static analysis of C and C++ code
Static analysis helps you to find potential issues in your code by doing an analysis on the source code level.
02
Check code compliance with standards
C-STAT includes nearly 1000 checks defined by MISRA C:2023 (supported on the Arm toolchain), MISRA C:2012, MISRA C++:2008, and MISRA C:2004 and more than 250 checks mapping to issues covered by CWE. It ensures secure CERT C coding and is also available as TÜV SÜD certified version for selected IAR functional safety editions.
03
Flexible, detailed and fast
C-STAT executes fast and provides you with comprehensive and detailed error information. You don't need to worry about complex tool setup and struggle with language support and general build issues.
04
Integrated with IAR Embedded Workbench
C-STAT is completely integrated in the IAR Embedded Workbench IDE and enables you to easy ensure code quality in your daily development flow. It's available for most IAR Embedded Workbench products.
FAQ for IAR C-STAT
What is static analysis?
- Static analysis finds potential issues in code by doing an analysis on the source code level. In addition to raising the code quality, the analysis also aids alignment with industry coding standards.
What kind of issues with my code can I find by using C-STAT?
- C-STAT checks for a wide range of known issues in C/C++ code. The analysis finds such things as buffer overflows, memory leaks, and null pointer dereferences. In total, the tool includes hundreds of checks that maps to issues covered by CWE and CERT C/C++. C-STAT covers all rules in the different CERT C sections listed at the CERT C wiki as of January 2020, with the exception of the API, CON, POS and WIN sections which are not applicable to our products, yielding a total of 90 covered rules.
What is CWE and CERT C/C++?
- CWE, the Common Weakness Enumeration, is a community-developed dictionary of software weakness types. CWE provides a unified, measurable set of software weaknesses in order to better understand and manage them and to enable efficient software security tools and services that can find them. Read more at cwe.mitre.org
- The CERT C/C++ Secure Coding Standards are standards published by the Computer Emergency Response Team (CERT) providing rules and recommendations for secure coding in the C/C++ programming languages. More information is available at www.cert.org
Can I analyze C/C++ source files individually?
- Yes! While C-STAT can analyze entire projects built with the IAR tools, it is possible to narrow down the analysis scope to a group of source files or even to a single source which, during development, saves time and keep focus.
Can I run C-STAT from the command line?
- Yes.
Does C-STAT support both C and C++?
- Yes.
Where can I find more information about all the checks that C-STAT performs?
- This information is available in the user guide.
Does my IAR Embedded Workbench version support C-STAT?
- Supported versions:
- - IAR Embedded Workbench for ARM, from version 7.40
- - IAR Embedded Workbench for MSP430, from version 6.30
- - IAR Embedded Workbench for AVR32, from version 4.30
- - IAR Embedded Workbench for AVR, from version 6.60
- - IAR Embedded Workbench for RX, from version 2.80
- - IAR Embedded Workbench for V850, from version 4.20
- - IAR Embedded Workbench for CR16C, from version 3.30
- - IAR Embedded Workbench for STM8, from version 2.20
- - IAR Embedded Workbench for 8051, from version 9.30
- - IAR Embedded Workbench for RL78, from version 2.20
- - IAR Embedded Workbench for RH850, from version 1.30
Get quote
Want to use this product in your development projects? Our sales team is here to guide you to the right solution. Complete this form, and we will get back to you with a price quote tailored to your needs.