• Support
  • Contact
  • Blog
  • English
    • Français
    • Deutsch
    • Italiano
    • Português
    • Español
    • 简体中文
  • Tools
    • Static Analysis
      • QA-MISRA
        In-depth analysis for industrial scale C/C++ code
      • Cantata Test Architect
        Understand, define and control software architecture
      • Source Code Metrics
        Automated source code metrics for C/C++
      • Get a demo
    • Software Testing
      • Cantata
        Automated unit and integration testing for C/C++ code
      • Cantata Team Reporting
        Test status management dashboard add-on
      • AdaTEST 95
        Automated unit and integration testing for Ada code
      • Why Pay for Unit Test Tool?
  • Solutions
    • Sectors
      • Automotive
      • Energy
      • Medical Devices
      • Industrial Automation
      • Railways
      • Aerospace/Defence
      • Business Critical
      • E
      • E
      • Get a demo
    • Safety Standards
      • ISO 26262
      • IEC 60880
      • IEC 62304
      • IEC 61508
      • EN 50128 / 50657
      • DO-178C
      • MISRA
      • AUTOSAR
      • CERT
      • Why bother to unit test?
  • Academy
    • Seminars
    • Trainings
    • Webinars
    • Speakers
    • Program 2022
  • Company
    • About Us
    • Management Team
    • Partners
    • Newsletters & Press Releases
    • Events
    • Careers
    • Get a demo
  • Resources
  • Porsche
  • English
    • French
    • German
    • Italian
    • Portuguese (Portugal)
    • Spanish
    • Chinese (Simplified)
  • Tools
    • Static Analysis
      • QA-MISRA
      • Cantata Test Architect
      • Source Code Metrics
    • Software Testing
      • Cantata
      • Cantata Team Reporting
      • Adatest 95
  • Solutions
    • Sectors
      • Automotive
      • Energy
      • Medical Devices
      • Industrial Automation
      • Railways
      • Aerospace/Defence
      • Business Critical
    • Safety Standards
      • ISO 26262
      • IEC 60880
      • IEC 62304
      • IEC 61508
      • EN 50128/50657
      • DO 178
      • Automated Compliance with the MISRA guidelines for safety critical C/C++ code
      • Automated Compliance with the AUTOSAR guidelines for safety critical C/C++ code
      • Automated Compliance with the CERT C/C++ coding standards for safety critical C/C++ code
  • Academy
    • Seminars
    • Trainings
    • Webinars
    • Speakers
  • Company
    • About Us
    • Management Team
    • Partners
    • Newsletters & Press Releases
    • Events
    • Careers
  • Resources
  • Contact
  • Blog
QA Systems > Software testing tools for embedded software in C/C++ > Integrated Static Analysis

The Key Features of Automated Static Analysis

Automated static analysis

  • Which static analysis tools does Cantata integrate with?
  • Identifies code defects and security vulnerabilities
  • Advanced defect prevention & dataflow analysis
  • Improves code reliability, maintainability, portability and testability
  • Coding standards compliant e.g. MISRA, CERT & AUTOSAR

Synchronised Analysis and Testing

Play button

Example Integration with Helix QA-C

Which Static Analysis tools does Cantata integrate with?

Cantata can be integrated with any tool with a command line or API interface through the use of Cantata custom Makefiles pre or post build of tests.

Cantata has been integrated with many major static analysis tools. As code can change to meet both static analysis violations and test failures, ensuring that these actions are synchronised retains the benefits of both tools during development. With Cantata and static analysis tools integrated and run together on the same build, users can ensure tests and code quality are retained build over build.

Cantata can also be used within Continuous Integration systems. This automatically runs tests on code check-in. If your preferred Static Analysis tool is not already integrated with Cantata, please contact us and we would be happy to arrange an integration.

Code Defects and Security Vulnerabilities

Some constructs in the C & C++ languages can cause vulnerabilities which expose applications to attack. Static analysis tools can help you to avoid these risks:  

– Dangerous use of functions for dynamic memory management.  

– Problems resulting from incorrect use of integers e.g. truncation errors, signed integer overflows and unsigned integer wrapping.  

– Buffer overruns and stack smashing. 

– Format string attacks. 

– Exploitable vulnerabilities when developing concurrent code e.g. race conditions. 

Defect Prevention and Dataflow Analysis

Deep-flow dataflow analysis, the analysis can identify critical coding issues relating to control-flow, variable state and library usage. Dataflow analysis engines can use Satisfiability Modulo Theories (SMT) solver engines combined with C/C++ source code parsing. This can result in accurate dataflow and semantic modelling of C and C++ code.

Static analysis identifies software defects in the source code at the first stage in the development cycle. By catching bugs as they occur, the cost and effort needed to resolve them is significantly reduced.

Static analysis tools when integrated with Cantata automatically identify dangerous structures, problems with reliability, maintainability and portability.

Source: Perforce Tools (QA-C)

Comparison of Static Analysis Features

Code Reliability, Maintainability, Portability & Testability

Static analysis identifies issues that are often easy for developers and compilers to miss, automatically picking up these defects reduces the time developers spend manually solving problems. More bugs are identified while producing less false positives and negatives. This means that less development time is wasted investigating bugs that don’t exist.

Static analysis tools can guarantee portability and consistency across platforms by monitoring implementation defined language features and language extensions. They ensure that code works constantly across different platforms and compilers.

Coding Standards Compliance

International software safety standards require evidence of low-level testing to obtain certification for the device software. Coding standards compliance in static analysis tools is done automatically as most tools provide continuous checking to monitor coding standard compliance and identify bugs as they are created. Millions of lines of code can be automatically analysed to ensure that all new and existing code meets your organisations standards.

For more information on coding standards and their applicability see the links below:

CERT C/C++

Secure Coding Standard

MISRA C/C++

Guidelines for the use of the C/C++ languages in critical systems

AUTOSAR

Guidelines for the C++ language in safety-critical systems.

LEARN MORE ABOUT STATIC METRICS
LEARN MORE ABOUT ARCHITECTURAL STATIC ANALYSIS

QA Systems GmbH
Roggenstrasse 11
71334 Waiblingen | Germany

© 2022 QA SYSTEMS GMBH

The product names Cantata and QA-MISRA are registered trademarks of QA Systems GmbH.

“MISRA” and “MISRA C” are registered trademarks owned by MISRA Consortium Limited.
QA-MISRA is an independent tool of QA Systems and is not associated with the MISRA Consortium Limited.

Phone: +49 (0)711 138183 -0
Fax: +49 (0)711 138183 -10
E-Mail: [email protected]

  • Imprint
  • Privacy Policy
  • Contact
  • Resources

Newsletter

Get the latest technology news updates, product releases plus tips and tricks:

subscribe to newsletter
  • Follow
  • Follow

Newsletter

Get the latest technology news updates, product releases plus tips and tricks:

subscribe to newsletter
  • Follow
  • Follow

Phone: +49 (0)711 138183 -0
Fax: +49 (0)711 138183 -10
[email protected]

  • Imprint
  • Privacy Policy
  • Contact
  • Resources

QA Systems GmbH
Roggenstrasse 11
71334 Waiblingen Stuttgart | Germany

© 2021 QA SYSTEMS GMBH

Start
Trial
×

Login

Forgot your password?

Or

 

Create an Account

Sign up for access to premium content
Register for full access to our extensive resources library.
  • This field is for validation purposes and should be left unchanged.

×

Integrated Static Analysis

Academy Registration Form

  • Contact details attendee

  • QA Systems arranges a block booking of rooms for seminar participants at the respective hotels, usually with special rates. The participants are responsible for their own reservation, payment, etc. If you wish to receive the hotel information, please tick:
  • This field is for validation purposes and should be left unchanged.