Skip to content

Commit 7438031

Browse files
felipe-iarcfriedt
felipe-iar
authored and
cfriedt
committed
cmake: sca: iar: Add IAR C-STAT
This commit adds support for IAR C-STAT Static Analysis in the Zephyr's SCA Framework. By specifying -DZEPHYR_SCA_VARIANT=iar_c_stat in west, a SQLite database file will be generated under build/sca/iar_c_stat. Signed-off-by: Felipe Torrezan <[email protected]>
1 parent c02f904 commit 7438031

File tree

2 files changed

+131
-0
lines changed

2 files changed

+131
-0
lines changed

cmake/sca/iar_c_stat/sca.cmake

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
# SPDX-License-Identifier: Apache-2.0
2+
#
3+
# Copyright (c) 2025, IAR Systems AB.
4+
5+
cmake_minimum_required(VERSION 4.1.0)
6+
7+
include(extensions)
8+
include(west)
9+
10+
# Get IAR C-STAT
11+
cmake_path(GET CMAKE_C_COMPILER PARENT_PATH IAR_COMPILER_DIR)
12+
find_program(IAR_CSTAT icstat
13+
HINTS ${IAR_COMPILER_DIR}
14+
REQUIRED
15+
)
16+
message(STATUS "Found SCA: IAR C-STAT Static Analysis (${IAR_CSTAT})")
17+
find_program(IAR_CHECKS ichecks
18+
HINTS ${IAR_COMPILER_DIR}
19+
REQUIRED
20+
)
21+
22+
zephyr_get(CSTAT_RULESET)
23+
zephyr_get(CSTAT_ANALYZE_THREADS)
24+
zephyr_get(CSTAT_ANALYZE_OPTS)
25+
zephyr_get(CSTAT_DB)
26+
zephyr_get(CSTAT_CLEANUP)
27+
28+
# Create an output directory for IAR C-STAT
29+
set(output_dir ${CMAKE_BINARY_DIR}/sca/iar_c_stat)
30+
file(MAKE_DIRECTORY ${output_dir})
31+
32+
# Set the IAR C-STAT ruleset
33+
set(iar_checks_arg --output=${output_dir}/cstat_sel_checks.txt)
34+
if(CSTAT_RULESET MATCHES "^(cert|security|misrac2004|misrac\\+\\+2008|misrac2012)")
35+
set(iar_checks_arg ${iar_checks_arg} --default=${CSTAT_RULESET})
36+
elseif(CSTAT_RULESET MATCHES "^all")
37+
set(iar_checks_arg ${iar_checks_arg} --all)
38+
else()
39+
set(iar_checks_arg ${iar_checks_arg} --default=stdchecks)
40+
endif()
41+
execute_process(COMMAND ${IAR_CHECKS} ${iar_checks_arg})
42+
43+
# Forwards the ruleset manifest file to icstat
44+
set(output_arg --checks=${output_dir}/cstat_sel_checks.txt)
45+
46+
# Analsys parallelization
47+
if(CSTAT_ANALYZE_THREADS)
48+
set(output_arg ${output_arg};--parallel=${CSTAT_ANALYZE_THREADS})
49+
endif()
50+
51+
# Entrypoint for additional C-STAT options
52+
if(CSTAT_ANALYZE_OPTS)
53+
set(output_arg ${output_arg};${CSTAT_ANALYZE_OPTS})
54+
endif()
55+
56+
# Full path to the C-STAT SQLite database
57+
if(CSTAT_DB)
58+
set(CSTAT_DB_PATH ${CSTAT_DB})
59+
else()
60+
set(CSTAT_DB_PATH ${output_dir}/cstat.db)
61+
endif()
62+
set(output_arg ${output_arg};--db=${CSTAT_DB_PATH})
63+
64+
# Clean-up C-STAT SQLite database
65+
if(CSTAT_CLEANUP)
66+
execute_process(COMMAND ${IAR_CSTAT} clear --db=${CSTAT_DB_PATH})
67+
endif()
68+
69+
# Enable IAR C-STAT Static Analysis (requires CMake v4.1+)
70+
set(CMAKE_C_ICSTAT ${IAR_CSTAT};${output_arg} CACHE INTERNAL "")
71+
set(CMAKE_CXX_ICSTAT ${IAR_CSTAT};${output_arg} CACHE INTERNAL "")

doc/develop/sca/iar_c_stat.rst

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
.. _icstat:
2+
3+
IAR C-STAT support
4+
##################
5+
6+
`IAR C-STAT <https://iar.com/cstat>`__ is a comprehensive static analysis tool for
7+
C/C++ source code. It can find errors and vulnerabilities supporting a number of
8+
coding standards such as MISRA C, MISRA C++, CERT C/C++ and CWE.
9+
10+
Installing IAR C-STAT
11+
*********************
12+
13+
IAR C-STAT comes pre-installed with the IAR Build Tools and with the IAR Embedded
14+
Workbench. Refer to your respective product's documentation for details.
15+
16+
Building with IAR C-STAT
17+
************************
18+
19+
To run IAR C-STAT, you will need CMake 4.1.0 or later. When building with
20+
:ref:`west build <west-building>` append the additional parameter to select
21+
IAR C-STAT ``-DZEPHYR_SCA_VARIANT=iar_c_stat``, e.g.
22+
23+
.. zephyr-app-commands::
24+
:zephyr-app: samples/basic/blinky
25+
:board: stm32f429ii_aca
26+
:gen-args: -DZEPHYR_SCA_VARIANT=iar_c_stat
27+
:goals: build
28+
:compact:
29+
30+
Configuring IAR C-STAT
31+
***********************
32+
33+
The IAR C-STAT accepts parameters for customizing the analysis.
34+
The following table lists the supported options.
35+
36+
.. list-table::
37+
:header-rows: 1
38+
39+
* - Parameter
40+
- Description
41+
* - ``CSTAT_RULESET``
42+
- The pre-defined ruleset to be used. (default: ``stdchecks``, accepted values: ``all,cert,misrac2004,misrac2012,misrac++2008,stdchecks,security``)
43+
* - ``CSTAT_ANALYZE_THREADS``
44+
- The number of threads to use in analysis. (default: <CPU count>)
45+
* - ``CSTAT_ANALYZE_OPTS``
46+
- Arguments passed to the ``analyze`` command directly. (e.g. ``--timeout=900;--deterministic;--fpe``)
47+
* - ``CSTAT_DB``
48+
- Override the default location of the C-STAT SQLite database. (e.g. ``/home/user/cstat.db``)
49+
* - ``CSTAT_CLEANUP``
50+
- Perform a cleanup of the C-STAT SQLite database. (e.g. ``true``)
51+
52+
These parameters can be passed on the command line, or be set as environment
53+
variables. Below you will find an example of how to enable and combine
54+
non-standard rulesets at will:
55+
56+
.. zephyr-app-commands::
57+
:zephyr-app: samples/basic/blinky
58+
:board: stm32f429ii_aca
59+
:gen-args: -DZEPHYR_SCA_VARIANT=iar_c_stat -DCSTAT_RULESET=misrac2012,cert
60+
:goals: build

0 commit comments

Comments
 (0)