Static code analysis tool adds security rules - Embedded.com

Static code analysis tool adds security rules

IAR Systems has announced an update of its static code analysis tool C-STAT, an add-on product completely integrated in the complete C/C++ compiler and debugger toolchain IAR Embedded Workbench. The latest version of C-STAT adds coverage for MISRA C:2012 Amendment 1.

C-STAT performs advanced code analysis to find potential issues. The analysis provides code alignment with industry standards like MISRA C:2012, MISRA C++:2008, and MISRA C:2004 and also detects defects, bugs, and security vulnerabilities as defined by the Common Weakness Enumeration (CWE) and CERT C. In addition to this broad compliance, the updated version of C-STAT extends its coverage for the MISRA C:2012 Coding Standard through complete support for the MISRA C:2012 Amendment 1. This Amendment adds 14 additional rules to MISRA C:2012, with a focus on security concerns highlighted by the ISO C Secure Guidelines. Several of these rules address specific issues pertaining to the use of untrustworthy data, a well-known security vulnerability in many embedded applications.

“Since the launch of C-STAT five years ago, we have refined the technology according to customers’ requests, lately with a special focus on security through complete CERT C compliance launched earlier in 2020,” said Anders Holmberg, General Manager Embedded Development Tools, IAR Systems. “By adding coverage for MISRA C:2012, Amendment 1, we help our customers even further to ensure secure, high-quality code at an early stage of their projects.”

Fully integrated with the IAR Embedded Workbench IDE, C-STAT enables static analysis in a straightforward way and as a natural part of a developer’s daily development workflow. This helps developers to ensure their code is safe and of high quality at an early stage, which also aids companies to shorten their time to market, as errors further down the line might be very time-consuming and expensive to correct. More information about C-STAT is available at www.iar.com/cstat.

>> This article was originally published on our sister site, EEWeb.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.