Integrated Static Analysis
Automated static analysis
synchronised with Cantata tests
The Key Features of Automated Static Analysis
Automated static analysis provides:
Cantata is integrated with static analysis tools. To confirm how your specific tools are supported, please contact QA Systems.
Synchronised Analysis and Testing
Example Integration with Helix QA-C
Which Static Analysis tools does Cantata integrate with?
Cantata can be integrated with any tool with a command line or API interface through the use of Cantata custom Makefiles pre or post build of tests.
Cantata has been integrated with many major static analysis tools. As code can change to meet both static analysis violations and test failures, ensuring that these actions are synchronised retains the benefits of both tools during development. With Cantata and static analysis tools integrated and run together on the same build, users can ensure tests and code quality are retained build over build.
Cantata can also be used within Continuous Integration systems. This automatically runs tests on code check-in. If your preferred Static Analysis tool is not already integrated with Cantata, please contact us and we would be happy to arrange an integration.
Code Defects and Security Vulnerabilities
Some constructs in the C & C++ languages can cause vulnerabilities which expose applications to attack. Static analysis tools can help you to avoid these risks:
- Dangerous use of functions for dynamic memory management.
- Problems resulting from incorrect use of integers e.g. truncation errors, signed integer overflows and unsigned integer wrapping.
- Buffer overruns and stack smashing.
- Format string attacks.
- Exploitable vulnerabilities when developing concurrent code e.g. race conditions.
Defect Prevention and Dataflow Analysis
Deep-flow dataflow analysis, the analysis can identify critical coding issues relating to control-flow, variable state and library usage. Dataflow analysis engines can use Satisfiability Modulo Theories (SMT) solver engines combined with C/C++ source code parsing. This can result in accurate dataflow and semantic modelling of C and C++ code.
Static analysis identifies software defects in the source code at the first stage in the development cycle. By catching bugs as they occur, the cost and effort needed to resolve them is significantly reduced.
Static analysis tools when integrated with Cantata automatically identify dangerous structures, problems with reliability, maintainability and portability.
Source: Perforce Tools (QA-C)
Comparison of Static Analysis Features
Code Reliability, Maintainability, Portability & Testability
Static analysis identifies issues that are often easy for developers and compilers to miss, automatically picking up these defects reduces the time developers spend manually solving problems. More bugs are identified while producing less false positives and negatives. This means that less development time is wasted investigating bugs that don’t exist.
Static analysis tools can guarantee portability and consistency across platforms by monitoring implementation defined language features and language extensions. They ensure that code works constantly across different platforms and compliers.
Coding Standards Compliance
International software safety standards require evidence of low-level testing to obtain certification for the device software. Coding standards compliance in static analysis tools is done automatically as most tools provide continuous checking to monitor coding standard compliance and identify bugs as they are created. Millions of lines of code can be automatically analysed to ensure that all new and existing code meets your organisations standards.
For more information on coding standards and their applicability see the links below:
CERT C/C++
Secure Coding Standard
MISRA C/C++
Guidelines for the use of the C/C++ languages in critical systems
AUTOSAR
Guidelines for the C++ language in safety-critical systems.