- Important information
- New features
- Known problems
- Program corrections
- User guide corrections
- Miscellaneous
- Release history
Important information
- None.
New features
- None
Known problems
- None
Program corrections
- None
User guide corrections
- None.
Miscellaneous
- Nothing.
Release history
4.21.2 2021-08-12
4.21.1 2021-04-29
Program corrections
-
[CSTAT-482]
The check MISRAC2012-Rule-1.3_u calculates the underlying type's size of an array of pointers incorrectly.
-
[CSTAT-465]
The check MISRAC++2008-2-10-6 incorrectly reports conflicting names for the same template if it is instantiated more than once.
-
[CSTAT-454]
The checks MISRAC++2008-0-2-1, MISRAC2004-18.2, MISRAC2012-Rule-19.1, and UNION-overlap-assign can produce a false positive regarding overlapping assignments if a union access is inside a subscript operator.
For example:
void fn()
{
union {
int a;
int b;
} U;
int arr[5];
arr[U.a] = U.b; /* False positive here */
}
-
[CSTAT-453]
The check MISRAC++2008-0-1-7 incorrectly gives a warning when the return value of an overloaded operator is discarded.
-
[CSTAT-451]
The check SEC-BUFFER-tainted-index can fail to identify a possible violation when a tainted value is sent as a function parameter and the function uses the tainted value as an array index.
-
[CSTAT-450]
The checks MISRAC++2008-5-0-15_a and MISRAC2004-17.4_a incorrectly allow pointer arithmetic to be used on structure members declared as pointers.
-
[CSTAT-449]
For the checks MISRAC++2008-5-0-13_c, MISRAC2004-13.2_c, and MISRAC2012-Rule-14.4_c, using a function pointer as a controlling expression generates a message even if the return type of the function is essentially Boolean.
-
[CSTAT-440]
Re-analyzing an unchanged source file in C-STAT can result in a lower number of messages reported compared to the previous analysis.
-
[CSTAT-439]
The checks CONST-member-ret and MISRAC++2008-9-3-1 generate a message when a const member function returns a pointer-to-const to class-data, even if the member variable is declared as a pointer-to-const.
-
[CSTAT-434]
C-STAT can calculate the size for function parameters of type void * incorrectly, which leads to misleading results of the analysis.
-
[CSTAT-433]
The check MISRAC2012-Dir-4.6_a triggers erroneously if expr in int8_t arr[expr]; is a composite expression and consists of implicit or explicit casts.
-
[CSTAT-432]
The check MISRAC2012-Rule-18.8 erroneously reports a problem with the declaration of a variable length array if expr in int arr[expr] is something other than a constant integer.
-
[CSTAT-430]
In the report of the analysis results, the table "Project wide enabled checks" incorrectly lists the enabled checks and all of their identical equivalents from other packages. Only the enabled checks should be listed.
New features
Extended coverage of CERT C
The static analysis tool C-STAT has extended its coverage of the SEI CERT C Coding Standard. The SEI CERT C Coding Standard's goal is to provide rules for developing safe, reliable, and secure systems in the C programming language, with support for C11 constructs. C-STAT covers all rules in the different CERT C sections listed on the CERT C wiki as of January 2020, with the exception of the API, CON, POS, and WIN sections, which are not applicable to IAR Systems products, yielding a total of 90 covered rules.
Link analysis trace information
The link analysis messages now display trace information when relevant. For checks looking for conflicting symbol names, all conflicting declarations are now listed in the trace information instead of each pair of conflicts being described in a separate message. This might lead to fewer reported messages for the same number of found issues.
4.20.1 2019-12-04
Program corrections
-
[CSTAT-427]
Performing a re-analysis on a project that has messages in a header file, which in turn is included by more than one source file, can cause C-STAT to crash.
-
[CSTAT-426]
The check PTR-null-cmp-bef will only give one warning, regardless of how many violations against the rule it finds.
-
[CSTAT-425]
If C-STAT analyzes the same code a second time, and the only change in the code is an added comment directive, the directive does not have any effect.
-
[CSTAT-424]
C-STAT estimates the size of an array of pointers incorrectly.
-
[CSTAT-421]
The check for MISRAC++2008-6-5-4 incorrectly produces a message if the loop counter in a function is an iterator.
-
[CSTAT-420]
Checks for the rules MISRAC++2008-6-2-1 and MISRAC2012-Rule-13.4_b incorrectly generate a message for compiler-generated code with assignments in sub-expressions. (Such code patterns can be introduced by, for instance, range-based for loops.)
-
[CSTAT-419]
The directive in a comment for disabling a check for the immediately following function (//cstat #tag) can sometimes fail to disable the specified check.
-
[CSTAT-418]
The --exclude option does not work when the path is absolute.
-
[CSTAT-417]
In some cases, C-STAT interprets the result of the addition operators + or += as to be of unsigned type, even if none of the operands are of unsigned type.
-
[CSTAT-415]
The check MISRAC2012-Dir-4.8 incorrectly warns when there is no pointer to a visible struct or union that can be dereferenced.
-
[CSTAT-413]
MISRAC2012-Rule-1.3_t: The message incorrectly says "copying x bytes to..." instead of "copying x bytes to/from..." while the size of both the source and the destination of the memcpy function call are checked.
-
[CSTAT-412]
Using the wildcardcharacter (*) in C-STAT comment directives has no effect.
-
[CSTAT-411]
When using comment characters and operators to disable or enable C-STAT messages for specific checks, /*cstat op [op op...]*/, the last op and */ must be separated with a whitespace.
-
[CSTAT-409]
C-STAT can in some cases report an incorrect size for objects that are accessed via either the . (dot) or -> (arrow) operator.
-
[CSTAT-408]
For MISRAC2012-Rule-8.7, a function definition is incorrectly not considered as a reference of a function.
-
[CSTAT-407]
MISRAC2012-Rule-14.1_a and MISRAC++2008-6-5-1_a incorrectly warn when any object in the controlling expression is of type float. These checks should only warn if the loop counter is of type float.
-
[CSTAT-406]
C-STAT can generate messages that incorrectly refer to line '0' (MISRAC2004-1.1 is an exception to this).
-
[CSTAT-404]
A typedef in a header file can incorrectly be seen as non-unique when the header file is included from multiple source files. This can make MISRAC2012-Rule-5.6 report a false positive.
-
[CSTAT-403]
Declarations in a header file can incorrectly be seen as multiple declarations, when the header file is included from multiple source files, and make MISRAC2012-Rule-8.5_b generate a false positive.
-
[CSTAT-402]
Certain declarations, break and continue statements inside if, for and while statements, can make rule CERT-EXP19-C produce false positives.
-
[CSTAT-401]
MISRAC2012-Rule-13.1 yields a false positive. Taking the address of a volatile object is considered as an operation with a side-effect.
-
[CSTAT-400]
Using NULL in assert macros triggers false positives for MISRAC2012-Rule-11.9.
-
[CSTAT-399]
C-STAT considers accessing a volatile object through the -> (arrow) or . (dot) operators as a volatile write operation.
-
[CSTAT-398]
It is not possible to suppress link analysis messages in C-STAT.
-
[CSTAT-396]
Using a section operator, for example __segment_begin, as a function parameter causes an internal error in C-STAT.
-
[CSTAT-393]
Running an analysis on an unchanged file with the check MISRAC2012-Dir-4.6_a enabled can in rare cases cause C-STAT to report an internal error.
-
[CSTAT-392]
The check MISRAC2012-Rule-13.1 reports a false positive when the right-hand side of an assignment is cast from a non-volatile value to a pointer-to-volatile value.
-
[CSTAT-391]
In some rare cases, C-STAT can misidentify how function parameters are used.
-
[CSTAT-389]
Arrays with more than 100 elements can cause C-STAT to crash if the check MISRAC2012-Rule-10.3 is enabled.
-
[CSTAT-387]
C-STAT does incorrectly not consider returning a struct from a function to be a use of the struct.
-
[CSTAT-386]
Source files larger than 16 MBytes can cause C-STAT to crash.
-
[CSTAT-382]
Specifying the C-STAT option --exclude with the parameter dir, only works when all letters in dir are lower case.
-
[CSTAT-377]
Saving a function address is considered as a function call. This can lead to false positives for checks which look for recursion, such as MISRAC2012-Rule-17.2_b.
-
[CSTAT-375]
If an analysis of a source file only consists of suppressed messages, IAR Embedded Workbench will not output "Analyzing xxxx" in the Build window.
-
[CSTAT-372]
Array indices are calculated incorrectly when the array is a field (but not the first field) of a struct.
-
[CSTAT-364]
The severity level for the checks MISRAC2012-Rule-8.9_a and MISRAC2012-Rule-8.9_b is incorrect. It should be Low, not Medium.
New features
To achieve better correlation between the number of C-STAT messages and the number of potential problems, checks that identify identical problems are now consolidated in the analysis report. For example, if both MISRAC++2008-6-2-1 and MISRAC2012-Rule-13.4_b are enabled and a potential problem is detected, only one message will be produced, mentioning both checks. This might lead to a decrease in the number of messages (but not in reported potential problems).
It is now possible to suppress link analysis messages.
4.10.1 2018-12-18
Program corrections
-
[CSTAT-382]
Specifying the C-STAT option --exclude with the parameter dir, only works when all letters in dir are lower case.
See also CSTAT-329
-
[CSTAT-377]
Saving a function address is considered as a function call. This can lead to false positives for checks which look for recursion, such as MISRAC2012-Rule-17.2_b.
-
[CSTAT-375]
If an analysis of a source file only consists of suppressed messages, IAR Embedded Workbench will not output "Analyzing xxxx" in the Build window.
-
[CSTAT-372]
Array indices are calculated incorrectly when the array is a field (but not the first field) of a struct.
-
[CSTAT-368]
MISRAC2012-Rule-17.5 might report false positives if the parameter is a global array.
-
[CSTAT-364]
The severity level for the checks MISRAC2012-Rule-8.9_a and MISRAC2012-Rule-8.9_b is incorrect. It should be Low, not Medium.
-
[CSTAT-363]
if (++foo != 0) or if (--foo != 0) does not count as a comparison of foo against 0.
-
[CSTAT-362]
The range of the right-hand side argument of shift operations can in some cases get calculated incorrectly, which in turn might generate false positives for ATH-shift-bounds.
-
[CSTAT-360]
MISRAC2012-Rule-8.3_b generates a message for inconsistent types between global variables with the same name even if the variables are declared as static.
-
[CSTAT-359]
There are no link analysis messages when the paths to the source files contain white spaces. This occurs both when running icstat with the commands command and when performing an analysis in IAR Embedded Workbench.
-
[CSTAT-357]
Access ranges of arrays inside structs are not calculated correctly. This can for example generate false positives for the check ARR-inv-index-ptr-pos.
-
[CSTAT-355]
MISRAC2012-Rule-16.1 and MISRAC2012-Rule-16.3 can generate false positives if object declarations exist inside case expressions.
-
[CSTAT-353]
Function parameters for non-static functions are given an estimated value range based on an analysis of all function calls inside the module where the function is defined. This might introduce false positives when the function is called from another module.
-
[CSTAT-350]
MISRAC2012-Rule-13.8 does not issue a message when a non-const pointer is assigned or copied to another non-const pointer that in turn is never modified or copied. In this case, both pointers can be declared with the const attribute.
-
[CSTAT-349]
MISRAC2012-Rule-10.3 can trigger an internal error when a string is assigned to an array of characters.
-
[CSTAT-347]
MISRAC2012-Dir-4.7_c issues a message when a function writes to errno even if there is a following test for errno.
-
[CSTAT-346]
MISRAC2012-Rule-16.1: A case clause is not allowed to have multiple break, goto, or return statements.
-
[CSTAT-345]
Exception 1 of MISRA C 2012 Rule 10.3 is not applied to array types.
-
[CSTAT-344]
Using structs can in rare cases trigger an internal error.
-
[CSTAT-343]
ARR-inv-index does not check for buffer overflows when the operator & is used, e.g., &arr[i].
-
[CSTAT-340]
Returning an object that is neither signed nor unsigned can produce an internal error.
-
[CSTAT-339]
MISRAC++2008-7-1-2: Calling a non-const member function of a function parameter is not considered as a potential write operation of that parameter.
-
[CSTAT-337]
Link messages from different checks referring to the same symbol can erroneously get filtered.
-
[CSTAT-336]
Macros that include a cast to pointer type of a parameter, for example #define CAST(p) (p *)0, will produce a false positive for MISRAC2012-Rule-20.7.
-
[CSTAT-334]
Calculating & on large numbers can cause C-STAT to produce an internal error.
-
[CSTAT-333]
MISRAC2012-Rule-8.4 requires the function main to have a separate declaration.
-
[CSTAT-331]
The underlying type of expressions containing an enum or boolean type is evaluated erroneously.
-
[CSTAT-330]
The decision regarding whether a check suffixed with _c89 or _c99 is part of an analysis is not described in the manual.
-
[CSTAT-329]
In some rare cases C-STAT might fail to display messages caused by problems in a header file, because of issues with case-sensitivity.
See also CSTAT-382
-
[CSTAT-328]
It is not possible to use the option --exclude with a path that contains directory separators.
-
[CSTAT-327]
If the option --exclude is used more than once, only the last option has any effect.
-
[CSTAT-326]
The fact that C-STAT does not analyze header files included with angular brackets, #include <...>, is not mentioned in the C-STAT manual.
-
[CSTAT-324, EW26733]
MISRAC2012-Rule-10.1_R3 triggers on array access' when the array has elements of type boolean.
-
[CSTAT-323, EW26731]
The check MISRAC2012-Rule-10.3 disregards array and pointer assignments.
-
[CSTAT-322, EW26708]
The size of return values are not taken into consideration when calculating their lower and upper bounds.
-
[CSTAT-321, EW26706]
C-STAT does not identify overflows on memset and related functions when the destination is something other than just an identifier.
-
[CSTAT-318, EW26688]
These checks might produce false positives when the switch statement is inside a loop: MISRAC2012-Rule-16.3, MISRAC++2008-6-4-5, and MISRAC2004-15.2.
-
[CSTAT-316, EW26686]
ATH-overflow may falsely trigger when the left operand of the bit-wise AND operation is of the same size as the result.
-
[CSTAT-315, EW26637]
C-STAT considers accessing a volatile object through the -> (arrow) or . (dot) operators as a volatile write operation.
-
[CSTAT-314, EW26632]
Link messages are not part of the output of icstat when executing the 'load' command via the command line.
-
[CSTAT-313, EW26563]
MISRAC2012-Rule-2.2_b: Sending a struct object through an aliased pointer is not considered as a potential write operation on its fields.
-
[CSTAT-312, EW26561]
MISRAC2012-Rule-8.13: C-STAT does not consider sending a variable as a function parameter via operators such as & (address-of) and [] (subscript) as a potential use.
-
[CSTAT-311, EW26462]
A global array declared with the keyword 'static' are incorrectly assumed to have constant values.
New features
-
The MISRA C 2004 package in C-STAT has been updated with about 20 new checks, some of which are enabled
by default.
-
When generating a full report, C-STAT now divides the report into multiple html files instead of one single html file. With this solution, the risk of slowing down the IDE and/or external web-browser by the report has been reduced.
-
A new option --deterministic has been added. Use this option to ensure a deterministic amount of messages when running icstat with multiple threads, so that the amount of messages stays approximately the same from one analysis run to another. This option puts a limit on the option --parallel, which makes the analysis process slower.
3.10.1 2017-09-15
2.21.1 2016-05-31
New features
New checks have been added.
Improved analysis engine which increases the analysis precision.
The time-consuming false-positive analysis is now disabled by default but can be enabled by an option in
the IAR Embedded Workbench IDE or on the command line.
A new option in the IAR Embedded Workbench IDE makes it possible to limit the number of
messages generated per check and per file.
C-STAT message suppression can now be controlled by directives placed in comments in the source files.
2.20.1 2015-12-17
New features
C-STAT
The add-on product C-STAT for static analysis is now supported. C-STAT
features innovative static analysis that can detect defects, bugs, and
security vulnerabilities as defined by CERT and the Common Weakness
Enumeration, as well as help keeping code compliant to coding standards
like MISRA C:2012/2004 or MISRA C++:2008. For more information, see
C-STAT Static Analysis Guide.
4.21.1 2021-04-29
Program corrections
-
[CSTAT-482] The check MISRAC2012-Rule-1.3_u calculates the underlying type's size of an array of pointers incorrectly.
-
[CSTAT-465] The check MISRAC++2008-2-10-6 incorrectly reports conflicting names for the same template if it is instantiated more than once.
-
[CSTAT-454]
The checks MISRAC++2008-0-2-1, MISRAC2004-18.2, MISRAC2012-Rule-19.1, and UNION-overlap-assign can produce a false positive regarding overlapping assignments if a union access is inside a subscript operator.
For example:
void fn() { union { int a; int b; } U; int arr[5]; arr[U.a] = U.b; /* False positive here */ }
-
[CSTAT-453] The check MISRAC++2008-0-1-7 incorrectly gives a warning when the return value of an overloaded operator is discarded.
-
[CSTAT-451] The check SEC-BUFFER-tainted-index can fail to identify a possible violation when a tainted value is sent as a function parameter and the function uses the tainted value as an array index.
-
[CSTAT-450] The checks MISRAC++2008-5-0-15_a and MISRAC2004-17.4_a incorrectly allow pointer arithmetic to be used on structure members declared as pointers.
-
[CSTAT-449] For the checks MISRAC++2008-5-0-13_c, MISRAC2004-13.2_c, and MISRAC2012-Rule-14.4_c, using a function pointer as a controlling expression generates a message even if the return type of the function is essentially Boolean.
-
[CSTAT-440] Re-analyzing an unchanged source file in C-STAT can result in a lower number of messages reported compared to the previous analysis.
-
[CSTAT-439] The checks CONST-member-ret and MISRAC++2008-9-3-1 generate a message when a const member function returns a pointer-to-const to class-data, even if the member variable is declared as a pointer-to-const.
-
[CSTAT-434] C-STAT can calculate the size for function parameters of type void * incorrectly, which leads to misleading results of the analysis.
-
[CSTAT-433] The check MISRAC2012-Dir-4.6_a triggers erroneously if expr in int8_t arr[expr]; is a composite expression and consists of implicit or explicit casts.
-
[CSTAT-432] The check MISRAC2012-Rule-18.8 erroneously reports a problem with the declaration of a variable length array if expr in int arr[expr] is something other than a constant integer.
-
[CSTAT-430] In the report of the analysis results, the table "Project wide enabled checks" incorrectly lists the enabled checks and all of their identical equivalents from other packages. Only the enabled checks should be listed.
New features
Extended coverage of CERT C
The static analysis tool C-STAT has extended its coverage of the SEI CERT C Coding Standard. The SEI CERT C Coding Standard's goal is to provide rules for developing safe, reliable, and secure systems in the C programming language, with support for C11 constructs. C-STAT covers all rules in the different CERT C sections listed on the CERT C wiki as of January 2020, with the exception of the API, CON, POS, and WIN sections, which are not applicable to IAR Systems products, yielding a total of 90 covered rules.Link analysis trace information
The link analysis messages now display trace information when relevant. For checks looking for conflicting symbol names, all conflicting declarations are now listed in the trace information instead of each pair of conflicts being described in a separate message. This might lead to fewer reported messages for the same number of found issues.
4.20.1 2019-12-04
Program corrections
-
[CSTAT-427] Performing a re-analysis on a project that has messages in a header file, which in turn is included by more than one source file, can cause C-STAT to crash.
-
[CSTAT-426] The check PTR-null-cmp-bef will only give one warning, regardless of how many violations against the rule it finds.
-
[CSTAT-425] If C-STAT analyzes the same code a second time, and the only change in the code is an added comment directive, the directive does not have any effect.
-
[CSTAT-424] C-STAT estimates the size of an array of pointers incorrectly.
-
[CSTAT-421] The check for MISRAC++2008-6-5-4 incorrectly produces a message if the loop counter in a function is an iterator.
-
[CSTAT-420] Checks for the rules MISRAC++2008-6-2-1 and MISRAC2012-Rule-13.4_b incorrectly generate a message for compiler-generated code with assignments in sub-expressions. (Such code patterns can be introduced by, for instance, range-based for loops.)
-
[CSTAT-419] The directive in a comment for disabling a check for the immediately following function (//cstat #tag) can sometimes fail to disable the specified check.
-
[CSTAT-418] The --exclude option does not work when the path is absolute.
-
[CSTAT-417] In some cases, C-STAT interprets the result of the addition operators + or += as to be of unsigned type, even if none of the operands are of unsigned type.
-
[CSTAT-415] The check MISRAC2012-Dir-4.8 incorrectly warns when there is no pointer to a visible struct or union that can be dereferenced.
-
[CSTAT-413] MISRAC2012-Rule-1.3_t: The message incorrectly says "copying x bytes to..." instead of "copying x bytes to/from..." while the size of both the source and the destination of the memcpy function call are checked.
-
[CSTAT-412] Using the wildcardcharacter (*) in C-STAT comment directives has no effect.
-
[CSTAT-411] When using comment characters and operators to disable or enable C-STAT messages for specific checks, /*cstat op [op op...]*/, the last op and */ must be separated with a whitespace.
-
[CSTAT-409] C-STAT can in some cases report an incorrect size for objects that are accessed via either the . (dot) or -> (arrow) operator.
-
[CSTAT-408] For MISRAC2012-Rule-8.7, a function definition is incorrectly not considered as a reference of a function.
-
[CSTAT-407] MISRAC2012-Rule-14.1_a and MISRAC++2008-6-5-1_a incorrectly warn when any object in the controlling expression is of type float. These checks should only warn if the loop counter is of type float.
-
[CSTAT-406] C-STAT can generate messages that incorrectly refer to line '0' (MISRAC2004-1.1 is an exception to this).
-
[CSTAT-404] A typedef in a header file can incorrectly be seen as non-unique when the header file is included from multiple source files. This can make MISRAC2012-Rule-5.6 report a false positive.
-
[CSTAT-403] Declarations in a header file can incorrectly be seen as multiple declarations, when the header file is included from multiple source files, and make MISRAC2012-Rule-8.5_b generate a false positive.
-
[CSTAT-402] Certain declarations, break and continue statements inside if, for and while statements, can make rule CERT-EXP19-C produce false positives.
-
[CSTAT-401] MISRAC2012-Rule-13.1 yields a false positive. Taking the address of a volatile object is considered as an operation with a side-effect.
-
[CSTAT-400] Using NULL in assert macros triggers false positives for MISRAC2012-Rule-11.9.
-
[CSTAT-399] C-STAT considers accessing a volatile object through the -> (arrow) or . (dot) operators as a volatile write operation.
-
[CSTAT-398] It is not possible to suppress link analysis messages in C-STAT.
-
[CSTAT-396] Using a section operator, for example __segment_begin, as a function parameter causes an internal error in C-STAT.
-
[CSTAT-393] Running an analysis on an unchanged file with the check MISRAC2012-Dir-4.6_a enabled can in rare cases cause C-STAT to report an internal error.
-
[CSTAT-392] The check MISRAC2012-Rule-13.1 reports a false positive when the right-hand side of an assignment is cast from a non-volatile value to a pointer-to-volatile value.
-
[CSTAT-391] In some rare cases, C-STAT can misidentify how function parameters are used.
-
[CSTAT-389] Arrays with more than 100 elements can cause C-STAT to crash if the check MISRAC2012-Rule-10.3 is enabled.
-
[CSTAT-387] C-STAT does incorrectly not consider returning a struct from a function to be a use of the struct.
-
[CSTAT-386] Source files larger than 16 MBytes can cause C-STAT to crash.
-
[CSTAT-382] Specifying the C-STAT option --exclude with the parameter dir, only works when all letters in dir are lower case.
-
[CSTAT-377] Saving a function address is considered as a function call. This can lead to false positives for checks which look for recursion, such as MISRAC2012-Rule-17.2_b.
-
[CSTAT-375] If an analysis of a source file only consists of suppressed messages, IAR Embedded Workbench will not output "Analyzing xxxx" in the Build window.
-
[CSTAT-372] Array indices are calculated incorrectly when the array is a field (but not the first field) of a struct.
-
[CSTAT-364] The severity level for the checks MISRAC2012-Rule-8.9_a and MISRAC2012-Rule-8.9_b is incorrect. It should be Low, not Medium.
New features
To achieve better correlation between the number of C-STAT messages and the number of potential problems, checks that identify identical problems are now consolidated in the analysis report. For example, if both MISRAC++2008-6-2-1 and MISRAC2012-Rule-13.4_b are enabled and a potential problem is detected, only one message will be produced, mentioning both checks. This might lead to a decrease in the number of messages (but not in reported potential problems).
It is now possible to suppress link analysis messages.
4.10.1 2018-12-18
Program corrections
-
[CSTAT-382] Specifying the C-STAT option --exclude with the parameter dir, only works when all letters in dir are lower case.
See also CSTAT-329 -
[CSTAT-377] Saving a function address is considered as a function call. This can lead to false positives for checks which look for recursion, such as MISRAC2012-Rule-17.2_b.
-
[CSTAT-375] If an analysis of a source file only consists of suppressed messages, IAR Embedded Workbench will not output "Analyzing xxxx" in the Build window.
-
[CSTAT-372] Array indices are calculated incorrectly when the array is a field (but not the first field) of a struct.
-
[CSTAT-368] MISRAC2012-Rule-17.5 might report false positives if the parameter is a global array.
-
[CSTAT-364] The severity level for the checks MISRAC2012-Rule-8.9_a and MISRAC2012-Rule-8.9_b is incorrect. It should be Low, not Medium.
-
[CSTAT-363] if (++foo != 0) or if (--foo != 0) does not count as a comparison of foo against 0.
-
[CSTAT-362] The range of the right-hand side argument of shift operations can in some cases get calculated incorrectly, which in turn might generate false positives for ATH-shift-bounds.
-
[CSTAT-360] MISRAC2012-Rule-8.3_b generates a message for inconsistent types between global variables with the same name even if the variables are declared as static.
-
[CSTAT-359] There are no link analysis messages when the paths to the source files contain white spaces. This occurs both when running icstat with the commands command and when performing an analysis in IAR Embedded Workbench.
-
[CSTAT-357] Access ranges of arrays inside structs are not calculated correctly. This can for example generate false positives for the check ARR-inv-index-ptr-pos.
-
[CSTAT-355] MISRAC2012-Rule-16.1 and MISRAC2012-Rule-16.3 can generate false positives if object declarations exist inside case expressions.
-
[CSTAT-353] Function parameters for non-static functions are given an estimated value range based on an analysis of all function calls inside the module where the function is defined. This might introduce false positives when the function is called from another module.
-
[CSTAT-350] MISRAC2012-Rule-13.8 does not issue a message when a non-const pointer is assigned or copied to another non-const pointer that in turn is never modified or copied. In this case, both pointers can be declared with the const attribute.
-
[CSTAT-349] MISRAC2012-Rule-10.3 can trigger an internal error when a string is assigned to an array of characters.
-
[CSTAT-347] MISRAC2012-Dir-4.7_c issues a message when a function writes to errno even if there is a following test for errno.
-
[CSTAT-346] MISRAC2012-Rule-16.1: A case clause is not allowed to have multiple break, goto, or return statements.
-
[CSTAT-345] Exception 1 of MISRA C 2012 Rule 10.3 is not applied to array types.
-
[CSTAT-344] Using structs can in rare cases trigger an internal error.
-
[CSTAT-343] ARR-inv-index does not check for buffer overflows when the operator & is used, e.g., &arr[i].
-
[CSTAT-340] Returning an object that is neither signed nor unsigned can produce an internal error.
-
[CSTAT-339] MISRAC++2008-7-1-2: Calling a non-const member function of a function parameter is not considered as a potential write operation of that parameter.
-
[CSTAT-337] Link messages from different checks referring to the same symbol can erroneously get filtered.
-
[CSTAT-336] Macros that include a cast to pointer type of a parameter, for example #define CAST(p) (p *)0, will produce a false positive for MISRAC2012-Rule-20.7.
-
[CSTAT-334] Calculating & on large numbers can cause C-STAT to produce an internal error.
-
[CSTAT-333] MISRAC2012-Rule-8.4 requires the function main to have a separate declaration.
-
[CSTAT-331] The underlying type of expressions containing an enum or boolean type is evaluated erroneously.
-
[CSTAT-330] The decision regarding whether a check suffixed with _c89 or _c99 is part of an analysis is not described in the manual.
-
[CSTAT-329] In some rare cases C-STAT might fail to display messages caused by problems in a header file, because of issues with case-sensitivity.
See also CSTAT-382 -
[CSTAT-328] It is not possible to use the option --exclude with a path that contains directory separators.
-
[CSTAT-327] If the option --exclude is used more than once, only the last option has any effect.
-
[CSTAT-326] The fact that C-STAT does not analyze header files included with angular brackets, #include <...>, is not mentioned in the C-STAT manual.
-
[CSTAT-324, EW26733] MISRAC2012-Rule-10.1_R3 triggers on array access' when the array has elements of type boolean.
-
[CSTAT-323, EW26731] The check MISRAC2012-Rule-10.3 disregards array and pointer assignments.
-
[CSTAT-322, EW26708] The size of return values are not taken into consideration when calculating their lower and upper bounds.
-
[CSTAT-321, EW26706] C-STAT does not identify overflows on memset and related functions when the destination is something other than just an identifier.
-
[CSTAT-318, EW26688] These checks might produce false positives when the switch statement is inside a loop: MISRAC2012-Rule-16.3, MISRAC++2008-6-4-5, and MISRAC2004-15.2.
-
[CSTAT-316, EW26686] ATH-overflow may falsely trigger when the left operand of the bit-wise AND operation is of the same size as the result.
-
[CSTAT-315, EW26637] C-STAT considers accessing a volatile object through the -> (arrow) or . (dot) operators as a volatile write operation.
-
[CSTAT-314, EW26632] Link messages are not part of the output of icstat when executing the 'load' command via the command line.
-
[CSTAT-313, EW26563] MISRAC2012-Rule-2.2_b: Sending a struct object through an aliased pointer is not considered as a potential write operation on its fields.
-
[CSTAT-312, EW26561] MISRAC2012-Rule-8.13: C-STAT does not consider sending a variable as a function parameter via operators such as & (address-of) and [] (subscript) as a potential use.
-
[CSTAT-311, EW26462] A global array declared with the keyword 'static' are incorrectly assumed to have constant values.
New features
-
The MISRA C 2004 package in C-STAT has been updated with about 20 new checks, some of which are enabled by default.
-
When generating a full report, C-STAT now divides the report into multiple html files instead of one single html file. With this solution, the risk of slowing down the IDE and/or external web-browser by the report has been reduced.
-
A new option --deterministic has been added. Use this option to ensure a deterministic amount of messages when running icstat with multiple threads, so that the amount of messages stays approximately the same from one analysis run to another. This option puts a limit on the option --parallel, which makes the analysis process slower.
3.10.1 2017-09-15
2.21.1 2016-05-31
New features
New checks have been added.
Improved analysis engine which increases the analysis precision.
The time-consuming false-positive analysis is now disabled by default but can be enabled by an option in the IAR Embedded Workbench IDE or on the command line.
A new option in the IAR Embedded Workbench IDE makes it possible to limit the number of messages generated per check and per file.
C-STAT message suppression can now be controlled by directives placed in comments in the source files.
2.20.1 2015-12-17
New features
C-STAT
The add-on product C-STAT for static analysis is now supported. C-STAT features innovative static analysis that can detect defects, bugs, and security vulnerabilities as defined by CERT and the Common Weakness Enumeration, as well as help keeping code compliant to coding standards like MISRA C:2012/2004 or MISRA C++:2008. For more information, see C-STAT Static Analysis Guide.