IAR C-STAT support

IAR C-STAT is a comprehensive static analysis tool for C/C++ source code. It can find errors and vulnerabilities supporting a number of coding standards such as MISRA C, MISRA C++, CERT C/C++ and CWE.

Installing IAR C-STAT

IAR C-STAT comes pre-installed with the IAR Build Tools and with the IAR Embedded Workbench. Refer to your respective product’s documentation for details.

Building with IAR C-STAT

To run IAR C-STAT, you will need CMake 4.1.0 or later. When building with west build append the additional parameter to select IAR C-STAT -DZEPHYR_SCA_VARIANT=iar_c_stat, e.g.

west build -b stm32f429ii_aca samples/basic/blinky -- -DZEPHYR_SCA_VARIANT=iar_c_stat

Configuring IAR C-STAT

The IAR C-STAT accepts parameters for customizing the analysis. The following table lists the supported options.

Parameter

Description

CSTAT_RULESET

The pre-defined ruleset to be used. (default: stdchecks, accepted values: all,cert,misrac2004,misrac2012,misrac++2008,stdchecks,security)

CSTAT_ANALYZE_THREADS

The number of threads to use in analysis. (default: <CPU count>)

CSTAT_ANALYZE_OPTS

Arguments passed to the analyze command directly. (e.g. --timeout=900;--deterministic;--fpe)

CSTAT_DB

Override the default location of the C-STAT SQLite database. (e.g. /home/user/cstat.db)

CSTAT_CLEANUP

Perform a cleanup of the C-STAT SQLite database. (e.g. true)

These parameters can be passed on the command line, or be set as environment variables. Below you will find an example of how to enable and combine non-standard rulesets at will:

# From the root of the zephyr repository
west build -b stm32f429ii_aca samples/basic/blinky -- -DZEPHYR_SCA_VARIANT=iar_c_stat -DCSTAT_RULESET=misrac2012,cert