IAR Systems simplifies full CERT C compliance

1 min read

IAR Systems is making available a major update of its static code analysis tool C-STAT in the complete C/C++ compiler and debugger toolchain IAR Embedded Workbench.

In addition to the broad compliance with industry coding standards defined by MISRA and CWE, the updated version of C-STAT extends its compliance into complete coverage for the CERT C Coding Standard.

The Standard, which is developed and owned by the Software Engineering Institute at Carnegie Mellon University, provides rules for secure coding in the C programming language. The goal of these rules and recommendations is to develop safe, reliable, and secure systems, for example by eliminating undefined behaviours that can lead to undefined program behaviours and exploitable vulnerabilities.

C-STAT is an add-on tool to IAR Embedded Workbench and performs advanced code analysis to find potential issues.

The analysis provides code alignment with industry standards like MISRA C:2012, MISRA C++:2008 and MISRA C:2004, and also detects defects, bugs, and security vulnerabilities as defined by the Common Weakness Enumeration (CWE) and CERT C.

It is fully integrated with the IAR Embedded Workbench IDE, enabling static analysis in a straightforward way and as a natural part of a developer’s daily development workflow. This helps developers to ensure their code is safe and of high quality at an early stage, which also aids companies to shorten their time to market as impact of errors further down the line might be very time consuming and expensive.

C-STAT was launched in 2015 as a response to customers’ requests on static code analysis early in the development cycle. Since then, IAR Systems has continuously refined its technology to meet new demands and standards.