• Technical Support
  • Contacto
  • Blog
  • Español
    • English
    • Français
    • Deutsch
    • Italiano
    • Português
    • 简体中文
  • Herramientas
    • ANÁLISIS ESTÁTICO
      • QA-MISRA
        Análisis en profundidad para el código industrial en C/C++
      • Cantata Test Architect
        Comprender, definir y controlar la arquitectura del software
      • Métricas de Código Fuente
        Métricas de código fuente automatizadas para C / C ++
      • Obtener una demostración
         
    • TESTS DEL SOFTWARE
      • Cantata
        Pruebas de unidades e integración automatizadas de código C/C++
      • Cantata Team Reporting
        Complemento del panel de gestión de estado
      • AdaTEST 95
        Pruebas de unidades e integración automatizadas de código Ada
      • ¿Por qué pagar por una herramienta de prueba de unidades?
  • Soluciones
    • SECTORES
      • Automóvil
      • Energía
      • Dispositivos Médicos
      • Automatización Industrial
      • Ferrocarriles
      • Aeroespacial y Defensa
      • Crítico para el Negocio
      • E
      • E
      • Obtener una demostración
         
    • SOLUCIONES
      • ISO 26262
      • IEC 60880
      • IEC 62304
      • IEC 61508
      • EN 50128 / 50657
      • DO-178C
      • MISRA
      • AUTOSAR
      • CERT
      • ¿Por qué pagar por una herramienta de prueba de unidades?
  • Academia
    • Seminarios
    • Formaciones
    • Seminarios web
    • Orador
    • Formulario de Inscripción
  • Empresa
    • Sobre la Empresa
    • Equipo de Gestión
    • Socios
    • Noticias
    • Eventos
    • Bolsa de Trabajo
    • Obtener una Demostración
  • Recursos
  • Porsche
  • Español
    • Inglés
    • Francés
    • Alemán
    • Italiano
    • Portugués, Portugal
    • Chino simplificado
  • Herramientas
    • ANÁLISIS ESTÁTICO
      • QA-MISRA
      • Cantata Test Architect
      • MÉTRICAS DE CÓDIGO FUENTE
    • Software Testing
      • Cantata Team Reporting
      • Cantata
      • Adatest 95
  • Soluciones
    • Sectores
      • Automóvil
      • Energía
      • Dispositivos Médicos
      • Automatización Industrial
      • Ferrocarriles
      • Aeroespacial y Defensa
      • Crítico para el Negocio
    • Soluciones
      • ISO 26262
      • IEC 60880
      • IEC 62304
      • IEC 61508
      • EN 50128 / 50657
      • DO-178C
      • Misra
      • Autosar
      • CERT
  • Academia
    • Seminarios
    • Formaciones
    • Seminarios web
    • Orador
    • Testimonials
  • Empresa
    • Sobre la Empresa
    • Equipo de Gestión
    • Socios
    • Noticias
    • Eventos
    • Bolsa de Trabajo
  • Recursos
  • Blog
  • Contacto
QA Systems > Software testing tools for embedded software in C/C++ > Integrated Static Analysis

The Key Features of Automated Static Analysis

Automated static analysis

  • Which static analysis tools does Cantata integrate with?
  • Identifies code defects and security vulnerabilities
  • Advanced defect prevention & dataflow analysis
  • Improves code reliability, maintainability, portability and testability
  • Coding standards compliant e.g. MISRA, CERT & AUTOSAR

Synchronised Analysis and Testing

Example Integration with Helix QA-C

Which Static Analysis tools does Cantata integrate with?

Cantata can be integrated with any tool with a command line or API interface through the use of Cantata custom Makefiles pre or post build of tests.

Cantata has been integrated with many major static analysis tools. As code can change to meet both static analysis violations and test failures, ensuring that these actions are synchronised retains the benefits of both tools during development. With Cantata and static analysis tools integrated and run together on the same build, users can ensure tests and code quality are retained build over build.

Cantata can also be used within Continuous Integration systems. This automatically runs tests on code check-in. If your preferred Static Analysis tool is not already integrated with Cantata, please contact us and we would be happy to arrange an integration.

Code Defects and Security Vulnerabilities

Some constructs in the C & C++ languages can cause vulnerabilities which expose applications to attack. Static analysis tools can help you to avoid these risks:  

– Dangerous use of functions for dynamic memory management.  

– Problems resulting from incorrect use of integers e.g. truncation errors, signed integer overflows and unsigned integer wrapping.  

– Buffer overruns and stack smashing. 

– Format string attacks. 

– Exploitable vulnerabilities when developing concurrent code e.g. race conditions. 

Defect Prevention and Dataflow Analysis

Deep-flow dataflow analysis, the analysis can identify critical coding issues relating to control-flow, variable state and library usage. Dataflow analysis engines can use Satisfiability Modulo Theories (SMT) solver engines combined with C/C++ source code parsing. This can result in accurate dataflow and semantic modelling of C and C++ code.

Static analysis identifies software defects in the source code at the first stage in the development cycle. By catching bugs as they occur, the cost and effort needed to resolve them is significantly reduced.

Static analysis tools when integrated with Cantata automatically identify dangerous structures, problems with reliability, maintainability and portability.

Source: Perforce Tools (QA-C)

Comparison of Static Analysis Features

Code Reliability, Maintainability, Portability & Testability

Static analysis identifies issues that are often easy for developers and compilers to miss, automatically picking up these defects reduces the time developers spend manually solving problems. More bugs are identified while producing less false positives and negatives. This means that less development time is wasted investigating bugs that don’t exist.

Static analysis tools can guarantee portability and consistency across platforms by monitoring implementation defined language features and language extensions. They ensure that code works constantly across different platforms and compilers.

Coding Standards Compliance

International software safety standards require evidence of low-level testing to obtain certification for the device software. Coding standards compliance in static analysis tools is done automatically as most tools provide continuous checking to monitor coding standard compliance and identify bugs as they are created. Millions of lines of code can be automatically analysed to ensure that all new and existing code meets your organisations standards.

For more information on coding standards and their applicability see the links below:

CERT C/C++

Secure Coding Standard

MISRA C/C++

Guidelines for the use of the C/C++ languages in critical systems

AUTOSAR

Guidelines for the C++ language in safety-critical systems.

LEARN MORE ABOUT STATIC METRICS
LEARN MORE ABOUT ARCHITECTURAL STATIC ANALYSIS

QA Systems GmbH
Roggenstrasse 11
71334 Waiblingen | Germany

© 2021 QA SYSTEMS GMBH

Phone: +49 (0)711 138183 -0
Fax: +49 (0)711 138183 -10
E-Mail: [email protected]systems.de

  • Imprint
  • Privacy Policy
  • Contact
  • Resources

Newsletter

Get the latest technology news updates, product releases plus tips and tricks:

Suscribirse al Boletín
  • Seguir
  • Seguir

Newsletter

Get the latest technology news updates, product releases plus tips and tricks:

Suscribirse al Boletín
  • Seguir
  • Seguir

Phone: +49 (0)711 138183 -0
Fax: +49 (0)711 138183 -10
[email protected]

  • Imprint
  • Privacy Policy
  • Contact
  • Resources

QA Systems GmbH
Roggenstrasse 11
71334 Waiblingen Stuttgart | Germany

© 2021 QA SYSTEMS GMBH

Start
Trial
×

Login

¿Olvidó su contraseña?

Or

 

Create an Account

Sign up for access to premium content
Register for full access to our extensive resources library.
  • Este campo es un campo de validación y debe quedar sin cambios.

×

Integrated Static Analysis

Academy Registration Form

  • Contact details attendee

  • QA Systems arranges a block booking of rooms for seminar participants at the respective hotels, usually with special rates. The participants are responsible for their own reservation, payment, etc. If you wish to receive the hotel information, please tick:
  • Este campo es un campo de validación y debe quedar sin cambios.