|
MISRA C
MISRA C is a set of software development guidelines for the C (programming language), C programming language developed by Motor Industry Software Reliability Association, The MISRA Consortium. Its aims are to facilitate code safety, Computer security, security, porting, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C / C90 / C99. There is also a set of guidelines for MISRA C++ not covered by this article. History * Draft: 1997 * First edition: 1998 (rules, required/advisory) * Second edition: 2004 (rules, required/advisory) * Third edition: 2012 (directives; rules, Decidable/Undecidable) * MISRA compliance: 2016, updated 2020 * MISRA C:2023 (MISRA C Third edition, Second revision) For the first two editions of MISRA-C (1998 and 2004) all Guidelines were considered as Rules. With the publication of MISRA C:2012 a new category of Guideline was introduced - the ''Directive'' whose compliance is more open to interpret ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
C (programming Language)
C (''pronounced'' '' – like the letter c'') is a general-purpose programming language. It was created in the 1970s by Dennis Ritchie and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of the targeted Central processing unit, CPUs. It has found lasting use in operating systems code (especially in Kernel (operating system), kernels), device drivers, and protocol stacks, but its use in application software has been decreasing. C is commonly used on computer architectures that range from the largest supercomputers to the smallest microcontrollers and embedded systems. A successor to the programming language B (programming language), B, C was originally developed at Bell Labs by Ritchie between 1972 and 1973 to construct utilities running on Unix. It was applied to re-implementing the kernel of the Unix operating system. During the 1980s, C gradually gained popularity. It has become one of the most widely used programming langu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
C17 (C Standard Revision)
C17, formally ISO/IEC 9899:2018, is an open standard for the C (programming language), C programming language, prepared in 2017 and published on 2018-07-05. It replaced C11 (C standard revision), C11 (standard ISO/IEC 9899:2011), and is superseded by C23 (C standard revision), C23 (ISO/IEC 9899:2024) since October 2024. Since it was under development in 2017, and officially published in 2018, C17 is sometimes referred to as C18. Changes from C11 C17 fixes numerous minor defects in C11 (C standard revision), C11 without introducing new language features. The __STDC_VERSION__ macro is increased to the value 201710L. For a detailed list of changes from the previous standard, see ''Clarification Request Summary for C11''. Compiler support List of compilers supporting C17: * GNU Compiler Collection, GCC 8.1.0 * LLVM Clang 7.0.0 * IAR_Systems, IAR EWARM v8.40.1 * Microsoft Visual C++ VS 2019 (16.8) * LCC_(compiler)#Pelles_C, Pelles C 9.00 See also * C++23, C++20, C++17, C++ ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Helix QAC
Helix QAC, formerly QA·C is a commercial static code analysis software tool produced by Minneapolis, Minnesota-based software vendor Perforce Software. QAC means Quality Assurance and Control. The software was originally developed in 1986 by UK-based Programming Research Limited (PRQA) for the C language. Perforce acquired PRQA in May 2018. Helix QAC was used to make the C source code measurements given in the book ''Safer C'' by Les Hatton. HeliX QAC can be used for quality assurance of C source code and checking the code for conformance to coding guidelines such as MISRA C. Other functionality includes the ability to calculate code metrics for projects with large code-bases. The tools operate through an integrated development environment An integrated development environment (IDE) is a Application software, software application that provides comprehensive facilities for software development. An IDE normally consists of at least a source-code editor, build automation ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cppcheck
Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator and lead developer is Daniel Marjamäki. Cppcheck is Open-core software, with its open-source core code under the GNU General Public License. Features Cppcheck supports a wide variety of static checks that may not be covered by the compiler itself. These checks are static analysis checks that can be performed at a source code level. The program is directed towards static analysis checks that are rigorous, rather than heuristic in nature. Some of the checks that are supported include: * Automatic variable checking * Bounds checking for array overruns * Classes checking (e.g. unused functions, variable initialization and memory duplication) * Usage of deprecated or superseded functions according to Open Group * Exception safety checking, for example usage of memory allocation and destructor checks * Memory leaks, e.g. due to ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Synopsys
Synopsys, Inc. is an American electronic design automation (EDA) company headquartered in Sunnyvale, California, that focuses on silicon design and verification, silicon intellectual property and software security and quality. Synopsys supplies tools and services to the semiconductor design and manufacturing industry. Products include tools for logic synthesis and physical design of integrated circuits, simulators for development, and debugging environments that assist in the design of the logic for chips and computer systems. History Synopsys was founded by Aart de Geus, David Gregory, Alberto Sangiovanni-Vincentelli and Bill Krieger in 1986 in Research Triangle Park, North Carolina. The company was initially established as Optimal Solutions with a charter to develop and market logic synthesis technology developed by the team at General Electric's Advanced Computer-Aided Engineering Group. The company changed its name to Synopsys and moved to Mountain View, Califo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Coverity
Coverity is a proprietary static code analysis tool from Black Duck, Inc.. This product enables engineers and security teams to find and fix software defects. Coverity started as an independent software company in 2002 at the Computer Systems Laboratory at Stanford University in Palo Alto, California. It was founded by Benjamin Chelf, Andy Chou, David Park, and Seth Hallem with Stanford professor Dawson Engler as a technical adviser. The headquarters was moved to San Francisco. In June 2008, Coverity acquired Solidware Technologies. In February 2014, Coverity announced an agreement to be acquired by Synopsys, an electronic design automation company, for $375M in cash. Products Coverity is a static code analysis tool for C, C++, C#, Java, JavaScript, PHP, Python, .NET, ASP.NET, Objective-C, Go, JSP, Ruby, Swift, Fortran, Scala, VB.NET, and TypeScript. It also supports more than 70 different frameworks for Java, JavaScript, C# and other languages. Coverity Scan is a f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GrammaTech
GrammaTech is a cybersecurity research services company based in Ithaca, New York. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech software research services include the following; software analysis, vulnerability detection and mitigation, binary transformation and hardening, and autonomous computing. In September 2023, Battery Ventures acquired GrammaTech's software products division, including the CodeSonar and CodeSentry product lines. Thus establishing a new, independent entity that will operate under the CodeSecure, Inc. name and be headquartered in Bethesda, Maryland. Research GrammaTech's research division undertakes projects for private contractors, including several U.S. government agencies, such as NASA, the NSF, and many branches of the Department of Defense. GrammaTech's research is focused on both static analysis and dynamic analysis, on both source code and binaries. GrammaTech participated and came in 2nd place in DARPA's ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
CodeSonar
CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers. CodeSonar provides information for every weakness found, including the trace through the source code that would trigger the bug as well as a call-tree visualization that represents how the weakness is related to the wider application. Functional safety compliance CodeSonar supports compliance with functional safety standards like IEC 61508, ISO 26262, DO-178B/C, or ISO/IEC TS 17961. CodeSonar's warning classes also support ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Axivion Bauhaus Suite
The Bauhaus project is a software research project collaboration among the University of Stuttgart, the University of Bremen, and a commercial spin-off company Axivion, also known as ''Bauhaus Software Technologies''. The Bauhaus project serves the fields of software maintenance and software reengineering. Created in response to the problem of software rot, the project aims to analyze and recover the means and methods developed for legacy software by understanding the software's architecture. As part of its research, the project develops software tools (such as the Bauhaus Toolkit) for software architecture, software maintenance and reengineering and program understanding.Quigley, Aaron J. Large Scale Relational Information Visualization, Clustering, and Abstraction'', pp. 155-159. Doctoral dissertation. Department of Computer Science and Software Engineering, University of Newcastle, August, 2001. The project derives its name from the former Bauhaus art school. History The ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
AbsInt
AbsInt is a software-development tools vendor based in Saarbrücken, Germany. The company was founded in 1998 as a technology spin-off from the Department of Programming Languages and Compiler Construction of Prof. Reinhard Wilhelm at Saarland University. AbsInt specializes in software-verification tools based on abstract interpretation. Its tools are used worldwide by Fortune 500 companies, educational institutions, government agencies and startups. Products aiT WCET Analyzer statically computes safe upper bounds for the worst-case execution time of tasks in real-time systems. It directly analyzes binary executables and takes the intrinsic cache and pipeline behavior of the microprocessor into account. The U.S. National Highway Traffic Safety Administration (NHTSA) and NASA used it in its Study on Sudden Unintended Acceleration in the electronic throttle control systems of Toyota vehicles. StackAnalyzer determines the maximum stack usage of the tasks in embedded applications a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Astrée (static Analysis)
Astrée ("Analyseur statique de logiciels temps-réel embarqués") is a static analyzer based on abstract interpretation. It analyzes programs written in the programming languages C and C++, and emits an exhaustive list of possible runtime errors and assertion violations. The defect classes covered include divisions by zero, buffer overflows, dereferences of null or dangling pointers, data races, deadlocks, etc. Astrée includes a static taint checker and helps finding cybersecurity vulnerabilities, such as Spectre. It is proprietary software written in the language OCaml. The tool is tailored toward safety-critical embedded code: specific analysis techniques are used for common control theory constructs (finite-state machines, digital filters, rate limiters...) and floating-point numbers. Concurrent code is analyzed with a sound interleaving semantics that is aware of the concurrent threads of execution, their priorities and synchronization mechanisms. Astrée supports ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
