ECLAIR is a powerful platform for the automatic analysis, verification, testing and transformation of C and C++ programs.
ECLAIR can be instantiated over a whole range of software verification activities, which are provided in the form of packages.
- a state-of-the-art, medium-weight static analyzer suitable for execution on the developer's desktop that almost completely automates the assessment of compliance with respect to MISRA C:2012 Revision 1, BARR-C:2018 and AUTOSAR C:2009;
- a precise and flexible implementation of the source code metrics defined by HIS.
Similar packages exist for MISRA C++:2008 and other coding standards.
ECLAIR Bug Finder
This package includes a very fast static analyzer for C and C++ suitable for execution on the developer's desktop, which is able to detect and report bugs and weaknesses that can lead to crashes, misbehaviors and security vulnerabilities.
Characterized by an extremely high signal-to-noise ratio, ECLAIR Bug Finder identifies security vulnerabilities, dead code, API misuses and other errors in C and C++ source code, including: buffer overflows, dereferences of null pointers, pointer arithmetic errors, use of uninitialized variables, uninitialized or invalid return values, divisions by zero, undefined operations, dead stores, leaks of stack memory addresses, memory leaks, unreachable code, double-free, use-after-free, other dynamic memory allocation issues, lossy implicit conversions, excessive padding (memory waste), vararg functions mistakes, string manipulation errors, library API violations, insecure use of library functions, multithreading issues, dynamic type errors, and other common programming mistakes.
ECLAIR Unique Features
ECLAIR is fit for use in mission and safety-critical software projects: it has been designed from the outset to meet the requirements of most demanding industry standards.
Some of its unique features are described below: they are common to all the packages running under ECLAIR.
Proper Integration with the Toolchain
ECLAIR intercepts every invocation of the toolchain components (compilers, linker, assembler, archive manager) and it automatically extracts and interprets the options that the build system has passed to them. This allows for the seamless integration with any build system. Moreover, you do not need to engage in error-prone activities such as:
- specifying which files make up the application, and where the right header files are located;
- configuring the static analyzer so that the analysis parameters match the options given to the compilers (several options do affect the program semantics)..
All this is automatic and supports any build processes without the need to develop and maintain a separate analysis procedure: with ECLAIR the existing build procedure can be used verbatim. One of the key properties of ECLAIR is that it understands the analysis-relevant options of the supported compilers.
Powerful Reporting Capabilities
ECLAIR can be configured to automatically produce compliance matrices required to meet contractual obligations and industrial standards such as ISO 26262.
The compliance matrix is obtained from the actual configuration, which, if properly done, will contain the reason for each deviation. Thus, carrying its rationale, any deviation goes straight from the configuration to the matrix.
In addition, thanks to ECLAIR's ability to intercept and fully understand the communication with the toolchain, the compliance matrix contains full details about the code and its analysis: which files have been compiled and/or analyzed (with full path and a cryptographic hash of their contents), the compiler/linker options, the full version of ECLAIR, ..., with even a cryptographic hash of the generated executables.. All this allows reliably linking the compliance matrix to the code that is actually run.
ECLAIR HTML reports have no equals on the market in terms of readability and usability: see by yourself.