What Static Analyzers Do

Helix QAC Prevents, Detects, and Eliminates Defects

See how Helix QAC will help you code with confidence. Sign up for a demo >>

 

The Best Static Code Analysis Tools for C/C++ Compliance

Need to comply with a coding standard? Helix QAC makes it easy.

You can use the following compliance modules to apply coding standards across your codebase. And you’ll get fewer false positives and false negatives in your diagnostics.

Compliance Modules for C and C++

Check your code against the MISRA C and C++ coding standards — automatically.

The MISRA coding rules identify potential issues in safety-critical systems. The MISRA C and C++ compliance modules flag sections of your code that violate these rules.

The MISRA C compliance module enforces MISRA C:1998, MISRA C:2004, and MISRA C:2012 rules.

The MISRA C++ compliance module enforces MISRA C++:2008 rules.

Helix QAC identifies MISRA violations with greater accuracy than other tools. And it prioritizes violations based on severity, so you fix the most important issues first.

So, you’ll be able to improve code quality. Plus, you’ll be able to track and report on MISRA (and ISO) compliance.

An example of a MISRA C rule for typedef in Helix QAC.
An example of a MISRA C++ rule violation for null pointers in Helix QAC.

Compliance Module for C++

Check your code against the AUTOSAR C++ coding standard — automatically.

The AUTOSAR coding rules identify safety issues in C++14.

The AUTOSAR C++ compliance module flags any code that violates these rules.

So, you’ll be able to ensure compliance — and fulfill ISO standards. Plus, you’ll be able to track and report on compliance.

An example of an AUTOSAR C++ rule violation for non-interface base class in Helix QAC.

Compliance Modules for C and C++

Check your code against the CERT C and C++ coding standards — automatically.

The CERT coding rules identify security vulnerabilities in your code. The CERT C and C++ compliance modules flag code that violates these rules. This helps you eliminate undefined behaviors and apply best practices for secure code.

Plus, Helix QAC helps you prioritize and fix the most critical violations first. You’ll even get detailed guidance and examples to help you fix these errors.

So, you’ll develop quality systems that are safe, secure, and reliable. Plus, you’ll be able to track and report on CERT compliance.

An example of a CERT C rule violation for object pointer type in the Helix QAC dashboard
An example of a CERT C++ rule violation for invalid pointer values in Helix QAC.

Compatibility Module for C and C++

Check your code against the CWE list of security weaknesses — automatically.  

CWE identifies common security weaknesses in C and C++.

The CWE compatibility module identifies code with those security weaknesses. And Helix QAC prioritizes these CWE violations.

This makes it easy for you to fix the most critical errors first. And by using Helix QAC, you’ll improve overall code security.

This module is registered as CWE compatible.

A heat map of C security weaknesses in the Helix QAC dashboard.
Helix QAC CWE C++

Compliance Module for C++

Check your code against the High Integrity C++ (HIC++) coding standard — automatically.

HIC++ coding rules ensure high-quality code in C++11 and C++14.

The HIC++ compliance module enforces compliance to these coding rules. And Helix QAC includes examples of compliant and non-compliant code with each diagnostic.

So, you’ll ensure high-integrity code. Plus, you’ll be able to monitor and report on overall code quality.

HIC++ was developed by Perforce (formerly PRQA) experts.

An example of an HIC++ rule violation for invalid pointer values in Helix QAC.

Compliance Module for C++

Check your code against the Joint Strike Fighter Air Vehicle (JSF AV) C++ coding standard — automatically.

JSF AV C++ coding rules are used for safety-critical development. The JSF AV C++ compliance module identifies violations of these rules.

Helix QAC provides the most comprehensive diagnostics for JSF AV C++ rules. Plus, you’ll be able to track and report on safety metrics.

An example of a JSF++ rule violation for a class publicly derived from a concrete (non-abstract) base class in Helix QAC.

In-House C/C++ Coding Standards

Check your code against your in-house (or custom) coding standard — automatically.

Customize a Compliance Module for C/C++

You can customize a compliance module for your C/C++ coding rules. Helix QAC will automatically enforce these rules. And you’ll be able to report on compliance to these rules.

An example of custom coding rules you can use in Helix QAC — e.g., tab found in source.

Advantages of Static Analysis Tools

Helix QAC ensures quality code in C and C++. Here’s how.

Detect Coding Issues Early

Find coding issues in new code and your legacy codebase. Helix QAC finds more coding errors — including undefined or unspecified use of C/C++ — than other static code analyzers. And it scales to large projects with millions of lines of code.

Prioritize Based on Risk

Prioritize coding issues based on the severity of risk. Helix QAC helps you target the most critical defects using filters, suppressions, and baselines. It delivers accurate diagnostics and actionable results. So, you’ll be able to fix the most important issues first.

Eliminate Security Vulnerabilities

Eliminate security vulnerabilities at the source — your code. Coding errors allow criminals to exploit vulnerabilities in your software and steal information. But Helix QAC gives you visibility and control over coding errors. So, you can stop vulnerabilities at the source.

icon-benefits-collaboration

Collaborate on Code Inspections

Collaborate on code inspections — including manual code reviews and automated static analysis. You’ll be able to assign tasks to team members. And you’ll be able to apply different analysis profiles to different code categories (e.g., legacy vs. new).

Monitor Code Quality

Monitor your overall code quality. Helix QAC ensures that all team members apply consistent coding rules. You can control rule deviations and suppress diagnostics. And you’ll be able to measure, track, and report on quality metrics and trends over time.

solutions-integration

Integrate Your Toolset

Integrate static code analysis with the rest of your development toolset. Helix QAC supports most compilers. And you can integrate it with many development tools — including IDEs (e.g., Microsoft Visual Studio), version control systems (e.g., Helix Core), and continuous integration build servers (e.g., Jenkins).

Certified for ISO, IEC, and EN Compliance

Helix QAC is independently certified for compliance. Helix QAC was developed by Programming Research/PRQA, which is now part of Perforce.

SGS-TÜV Saar Certified

Helix QAC is SGS-TÜV Saar certified for compliance with key functional safety standards:

  • ISO 26262 (automotive) up to ASIL level D.
  • IEC 61508 (general industrial) up to SIL 4.
  • EN 50128 (railways) up to SW-SIL 4.
  • IEC 62304 (medical devices) up to Software Safety Class C.
  • IEC 60880 (nuclear power).

ISO 9001 | TickIT plus Foundation Level Certified

Helix QAC is also certified in ISO 9001 | TickIT plus Foundation Level.

ISO 9001 is one of the most widely adopted standards. It ensures that organizations are striving to meet and exceed customers’ requirements and satisfaction through continuous improvement. 

ISO and SGS TUV Certifications for Programming Research/PRQA (now part of Perforce).

Try Static Code Analyzers

Request your free trial of Helix QAC for C/C++.

See a Demo

See Helix QAC in action. Sign up for our next live demo.

Get In Touch

Have questions? We’re here to help!