Static analyzers continuously detect and report on dataflow problems, software defects, language implementation errors, inconsistencies, dangerous usage, coding standard violations, and security vulnerabilities.
Continuously inspect source code for conformance to the coding standard of your choice
Give your developers real-time contextual feedback that helps them correct and learn from mistakes
Reduce bottlenecks caused by manual code review and slow analysis tools and methods
Analyze your source code without executing programs whether in C, C++, C#, or Java
SGS-TÜV Saar has certified QA·C and QA·C++ as “usable in the development of safety related software” for the key safety critical standards, IEC 61508, ISO 26262, EN 50128, IEC 60880 and IEC 62304, enabling our customers to achieve product certifications to these standards more easily and in less time.
Identify software defects at creation, simplify your development lifecycle and reduce costs and cycle time.
Static Analyzers can detect and report on dataflow problems, software defects, language implementation errors, inconsistencies, dangerous usage and coding standard violations quickly and efficiently.
QA·Static Analyzers identify issues compilers and most developers miss. These include lesser known issues explicitly stated in the ISO standards and language constructs that, while not classified as incorrect, may result in unpredictable behavior.
That means fewer defects survive testing and your developers waste less time manually addressing issues that don’t exist.
Avoid constructs in the C and Java languages that can lead to vulnerabilities that attackers can exploit. Some of the risks that Static Analyzers help you avoid include:
Our analysis toolsets identify critical coding issues relating to control-flow, variable state, library usage and semantic modeling of your code.
Our Dataflow analysis engine incorporates an advanced, industry-proven Satisfiability Modulo Theories (SMT) solver engine – a technology first for deep-flow static analysis products.
The compliance report helps you visualize which areas of the codebase require the most attention to reach a higher level compliance.
The code review report refocuses peer review on discussing design, optimization, and meeting requirements rather than costly manual investigation of code conformance and correctness.
The metrics data report provides you with an XML file that you can use as a source of quality metrics data for your own further examination.
The suppression report provides information on message diagnostics which have been suppressed during analysis.
Static Analyzers make you aware of implementation defined language features and language extensions, so that code behaves consistently across different compilers and platforms.
Developers in organizations of any size who want to create better code without the constant intrusion of “QA testing plans.”
QA managers and team leaders who want to enable their team to find and correct their own defects.
Engineering leaders who need to eliminate business risks while reducing lead times and costs of software development.
"Our approach has turned completely on its head! In the beginning we assumed there was a trade-off and that better quality software meant more overheads and longer delivery times. We found that if we used V&V to try to inject the quality at the end of the process, this is indeed the case.
However, by having our developers produce quality code from the outset – by adopting coding standards and analyzing with QA·C - not only are we delivering consistently high quality code, our delivery times have improved and so have our profits!"
Samir Kulkarni - Head of Productivity and Functional Excellence
See full story: From Compliance to Exploitation: Defect Prevention is Better than Cure >
Get consistency across programming languages and common result formats, and have your data handled seamlessly by all downstream components such as QA∙Verify results analysis and distribution tools.
Advanced static analysis of C, providing sophisticated bug detection and compliance to coding standards.
See MISRA and other Compliance Modules for QA·C
Find out how to Integrate QA·C into IAR Embedded Workbench
Find out more about DO-178B Qualification Pack
Our most sophisticated static analysis solution for advanced C++ environments
See MISRA and other Compliance Modules for QA·C++
Ensure compliance for modern C# code to detect and prevent defects
|Download QA·C# datasheet|
A static analysis toolset for Java code.
QA·J combines three highly-regarded open source tools for analyzing Java code: Checkstyle, FindBugs and PMD. Together, these have nearly 1000 checks. The tools are integrated into a common framework, making them easy to configure and use.
|Download QA·J datasheet|