IAR Systems offers the static analysis tool C-STAT and the runtime analysis tool C-RUN, both completely integrated in the embedded development toolchain IAR Embedded Workbench.
C-STAT finds potential issues in code by doing an analysis on the source code level. Such errors include memory leaks, dead code, arithmetic errors and array and string overruns that can cause safety and security issues and affect the performance and quality of a product. C-STAT checks compliance with rules as defined by the coding standards MISRA C:2004, MISRA C++:2008 and MISRA C:2012, as well as hundreds of rules based on for example CWE (the Common Weakness Enumeration) and the CERT C/C++ Secure Coding Standards.
C-RUN performs runtime analysis by monitoring application execution directly within the development environment. It finds actual arithmetic, bounds, and heap issues at runtime. Undetected, these issues can cause serious problems with the application.
Using these code analysis tools together enable complete control of the code.