Skip to main content

IAR Embedded Workbench for RL78 5.20

Briefly about C-STAT and the coding rules

In this section:

C-STAT is a static analysis tool that tries to find deviations from certain coding rules by performing one or more checks for the rule. The checks are grouped in packages. The various packages are:

  • STDCHECKS

    Contains checks for rules that come from CWE, as well as checks specific to C-STAT.

  • CERT

    Contains checks for CERT. In addition, some CERT rules and recommendations can be verified by checks for other standard rules, see Mapping of CERT rules to C-STAT checks.

  • SECURITY

    Contains checks for rules from SANS Top25, OWASP, and CWE.

  • MISRA C:2004

    Contains checks for selected rules of the MISRA C:2004 standard. This standard identifies unsafe code constructs in the C89 standard. These checks can also be used for identifying unsafe C89 constructs in C18 or C11 code.

  • MISRA C++:2008

    Contains checks for selected rules of the MISRA C++:2008 standard. This standard identifies unsafe code constructs in the 1998 C++ standard. These checks can also be used for identifying unsafe 1998 C++ constructs in C++14 code.

  • MISRA C:2012

    Contains checks for selected rules of the MISRA C:2012 standard. This standard identifies unsafe code constructs in the C99 and C89 standards. These checks can also be used for identifying unsafe C89 and C99 constructs in C18 or C11 code.

  • MISRA C:2023

    Contains checks for selected rules of the MISRA C:2023 standard. This standard identifies unsafe code constructs in the C99 and C89 standards. These checks can also be used for identifying unsafe C89 and C99 constructs in C18 or C11 code. Note that all MISRA C:2023 rules that also exist in MISRA C:2012 with amendment 1-4 use the MISRA C:2012 rule identifier (the MISRAC2012 prefix), to maintain compatibility with existing products. Example: MISRAC2012-Rule-7.6.

  • MISRA C++:2023

    Contains checks for selected rules of the MISRA C++:2023 standard. This standard identifies unsafe code constructs in the C++17 standard. These checks might not be adequate or appropriate for checking code written in other versions of C++.

The analysis of a specific file is terminated after a time limit that you can specify. When the time limit has been reached, the analysis will continue with the next file.

Each MISRA C rule is either mandatory, required, or advisory. The checks for the mandatory and required rules are by default on, whereas the checks for the advisory rules are by default off. Each rule specifies an unsafe code construct.

Note

Some checks compute summary information per file that can be used when analyzing other files. How this information is used depends on the order in which the files are analyzed. This means that the exact number of messages can differ, for example when running C-STAT in the IDE as opposed to using the command line tools.