|
MISRA C
MISRA C is a set of software development guidelines for the C (programming language), C programming language developed by Motor Industry Software Reliability Association, The MISRA Consortium. Its aims are to facilitate code safety, Computer security, security, porting, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C / C90 / C99. There is also a set of guidelines for MISRA C++ not covered by this article. History * Draft: 1997 * First edition: 1998 (rules, required/advisory) * Second edition: 2004 (rules, required/advisory) * Third edition: 2012 (directives; rules, Decidable/Undecidable) * MISRA compliance: 2016, updated 2020 For the first two editions of MISRA-C (1998 and 2004) all Guidelines were considered as Rules. With the publication of MISRA C:2012 a new category of Guideline was introduced - the ''Directive'' whose compliance is more open to interpretation, or relates to process or procedural matters. Adop ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
C (programming Language)
C (''pronounced like the letter c'') is a General-purpose language, general-purpose computer programming language. It was created in the 1970s by Dennis Ritchie, and remains very widely used and influential. By design, C's features cleanly reflect the capabilities of the targeted CPUs. It has found lasting use in operating systems, device drivers, protocol stacks, though decreasingly for application software. C is commonly used on computer architectures that range from the largest supercomputers to the smallest microcontrollers and embedded systems. A successor to the programming language B (programming language), B, C was originally developed at Bell Labs by Ritchie between 1972 and 1973 to construct utilities running on Unix. It was applied to re-implementing the kernel of the Unix operating system. During the 1980s, C gradually gained popularity. It has become one of the measuring programming language popularity, most widely used programming languages, with C compilers avail ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Static Code Analysis
In computer science, static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution. The term is usually applied to analysis performed by an automated tool, with human analysis typically being called "program understanding", program comprehension, or code review. In the last of these, software inspection and software walkthroughs are also used. In most cases the analysis is performed on some version of a program's source code, and, in other cases, on some form of its object code. Rationale The sophistication of the analysis performed by tools varies from those that only consider the behaviour of individual statements and declarations, to those that include the complete source code of a program in their analysis. The uses of the information obtained from the analysis vary from highlighting possible coding errors (e.g., the lint t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Klocwork
Klocwork is a static code analysis tool owned by Minneapolis, Minnesota-based software developer Perforce. Klocwork software analyzes source code in real time, simplifies peer code reviews, and extends the life of complex software. Overview Klocwork is used to identify security, safety and reliability issues in C, C++, C#, Java, JavaScript and Python code. The product includes numerous desktop plug-ins for developers, metrics and reporting. History Originally Klocwork’s technology was developed to address requirements for large-scale source code analysis to optimize software architecture for C code inside Nortel Networks and spun out in 2001. In January 2012, Klocwork Insight 9.5 was released. It provided on-the-fly static analysis in Visual Studio, like a word processor does with spelling mistakes. In May 2013, Klocwork Cahoots peer code review tool was launched. Awards and recognition In 2007, Klocwork was awarded the 2007 InfoWorld Technology of Year award for best so ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Perforce Software
Perforce, legally Perforce Software, Inc., is an American developer of software used for developing and running applications, including version control software, web-based repository management, developer collaboration, application lifecycle management, web application servers, debugging tools and Agile planning software. The company is based in Minneapolis, Minnesota, and is equally owned by private equity firms Clearlake Capital and Francisco Partners. History Perforce Software was founded in 1995 in Alameda, California by Christopher Seiwald, a software developer and computer science graduate from UC Berkeley. Its first product was also called Perforce, and was a version control system allowing companies to collaborate on large software projects by keeping track of changes to both the source code and binary files. In June 2013, the company released Helix Swarm, a tool for developers working in different geographic areas to collaborate on code review. In June 2014, the comp ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Helix QAC
Helix QAC, formerly QA·C is a commercial static code analysis software tool produced by Minneapolis, Minnesota-based software vendor Perforce Software.QAC means Quality Assurance and Control. The software was originally developed in 1986 by UK-based Programming Research Limited (PRQA) for the C language. Perforce acquired PRQA in May 2018. Helix QAC was used to make the C source code measurements given in the book ''Safer C'' by Les Hatton. HeliX QAC can be used for quality assurance of C source code and checking the code for conformance to coding guidelines such as MISRA C. Other functionality includes the ability to calculate code metrics for projects with large code-bases. The tools operate through an integrated development environment (IDE) designed to help maintain and understand old and new code using detailed cross references and a variety of graphical views. The tools can be used with a command line interface, and graphical IDE can be called to display the result. ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cppcheck
Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator and lead developer is Daniel Marjamäki. Cppcheck is free software under the GNU General Public License. Features Cppcheck supports a wide variety of static checks that may not be covered by the compiler itself. These checks are static analysis checks that can be performed at a source code level. The program is directed towards static analysis checks that are rigorous, rather than heuristic in nature. Some of the checks that are supported include: * Automatic variable checking * Bounds checking for array overruns * Classes checking (e.g. unused functions, variable initialization and memory duplication) * Usage of deprecated or superseded functions according to Open Group * Exception safety checking, for example usage of memory allocation and destructor checks * Memory leaks, e.g. due to lost scope without deallocation * Resour ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Synopsys
Synopsys is an American electronic design automation (EDA) company that focuses on silicon design and verification, silicon intellectual property and software security and quality. Products include tools for logic synthesis and physical design of integrated circuits, simulators for development and debugging environments that assist in the design of the logic for chips and computer systems. In recent years, Synopsys has expanded its products and services to include application security testing. Synopsys has gained attention due to its relationship with various Chinese state entities. In 2018, Synopsys formed a partnership with the People's Liberation Army National Defence University and, in 2022, the company came under investigation by the United States Department of Justice for technology transfers to sanctioned entities in China. History Synopsys was founded by Aart J de Geus and David Gregory in 1986 in Research Triangle Park, North Carolina. The company was initi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Coverity
Coverity is a proprietary static code analysis tool from Synopsys. This product enables engineers and security teams to find and fix software defects. Coverity started as an independent software company in 2002 at the Computer Systems Laboratory at Stanford University in Palo Alto, California. It was founded by Benjamin Chelf, Andy Chou, and Seth Hallem with Stanford professor Dawson Engler as a technical adviser. The headquarters was moved to San Francisco. In June 2008, Coverity acquired Solidware Technologies. In February 2014, Coverity announced an agreement to be acquired by Synopsys, an electronic design automation company, for $350 million net of cash on hand. Products Coverity is a static code analysis tool for C, C++, C#, Java, JavaScript, PHP, Python, .NET, ASP.NET, Objective-C, Go, JSP, Ruby, Swift, Fortran, Scala, VB.NET, and TypeScript. It also supports more than 70 different frameworks for Java, JavaScript, C# and other languages. Coverity Scan is a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
GrammaTech
GrammaTech is a software-development tools vendor based in Bethesda, Maryland with a research center based in Ithaca, New York. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech is a provider of application security testing products ( static application security testing, Software Composition Analysis) and software research services. Products CodeSonar is a source code and binary code static analysis tool that performs a whole-program, interprocedural analysis on C, C++, C#, Java, and binary executables. It identifies programming bugs and security vulnerabilities in software. CodeSonar is used in the Defense/Aerospace, Medical, Industrial Control, Electronic, Telecom/Datacom and Transportation industries. The U.S. Food and Drug Administration (FDA) Center for Devices and Radiological Health uses it to detect defects in fielded medical devices. The U.S. National Highway Traffic Safety Administration (NHTSA) and NASA used it in its Study ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
CodeSonar
CodeSonar is a static code analysis tool from GrammaTech. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers. CodeSonar provides information for every weakness found, including the trace through the source code that would trigger the bug as well as a call-tree visualization that represents how the weakness is related to the wider application. Functional safety compliance CodeSonar supports compliance with functional safety standards like IEC 61508, ISO 26262, DO-178B/C, or ISO/IEC TS 17961. CodeSonar's warning classes also support several cod ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Axivion Bauhaus Suite
The Bauhaus project is a software research project collaboration among the University of Stuttgart, the University of Bremen, and a commercial spin-off company Axivion formerly called Bauhaus Software Technologies. The Bauhaus project serves the fields of software maintenance and software reengineering. Created in response to the problem of software rot, the project aims to analyze and recover the means and methods developed for legacy software by understanding the software's architecture. As part of its research, the project develops software tools (such as the Bauhaus Toolkit) for software architecture, software maintenance and reengineering and program understanding.Quigley, Aaron J. Large Scale Relational Information Visualization, Clustering, and Abstraction'', pp. 155-159. Doctoral dissertation. Department of Computer Science and Software Engineering, University of Newcastle, August, 2001. The project derives its name from the former Bauhaus art school. History The Bauha ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
