Static Analysis
Static Analysis

Static analyzers continuously detect and report on dataflow problems, software defects, language implementation errors, inconsistencies, dangerous usage, coding standard violations, and security vulnerabilities.

Prevent costly mistakes – detect defects early

QA-C/QA-C++ identifies software defects at the first stage in the development cycle. By catching bugs as they occur, the cost and effort needed to resolve them is significantly reduced.

C/C++ source code is analyzed and more than 1,700 potential problems are reported on. Static analysis with QA-C/QA-C++ automatically identifies dangerous structures, problems with reliability, maintainability and portability.

Produce clean code – no unpredictable behavior

There are many problems, that are not classified as incorrect by ISO standards, but which can result in unpredictable software behavior. 

Static analysis, with QA-C/QA-C++, identifies issues that are often easy for developers and compilers to miss. Automatically picking up these defects reduces the time developers spend manually solving problems that are not even technically mistakes.

Improve security – avoid code vulnerabilities

Some constructs in the C language can cause vulnerabilities that expose applications to attack. Static analysis can help you to avoid these risks: 

  • Dangerous use of functions for dynamic memory management.
  • Problems resulting from incorrect use of integers e.g. truncation errors, signed integer overflows and unsigned integer wrapping.
  • Buffer overruns and stack smashing.
  • Format string attacks.
  • Exploitable vulnerabilities when developing concurrent code e.g. race conditions.

Monitor your codebase – comprehensive configurable reporting

Comprehensive reporting helps you to find problems, showing where to take a closer look and identifying areas where the most work is needed. 

Compliance Report
Identifies areas that need more work to attain a higher compliance level

Code Review Report
Useful for peer-review enabling design, optimization and meeting requirements

Metric Data Report
Provides an XML file as a source of quality metrics data

Suppression Report
Gives details of message diagnostics suppressed during analysis

Guarantee portability – consistency across platforms

By monitoring implementation defined language features and language extensions, QA-C/QA-C ++ ensures that code works constantly across different platforms and compilers.

Continuous integration – Jenkins plugin


The QA-C/QA-C++ Jenkins plugin makes it easy developers and teams to share and integrate their contributions. 

QA-C can also be used with any other continuous integration tool using a comprehensive command line interface (QACLI). 

For more information see Continuous Integration.