Static Code Analysis

Axivion Suite – Using the Next Generation of Static Code Analysis to assure the quality of your software

Axivion Suite brings to you the new generation of static code analysis. Our static code analysis checks your software projects for style violations according to MISRA, AUTOSAR C++14, CERT or C Secure Coding – many rules from CWE can also be checked. Metric violations are displayed and documented in the same way as violations of coding guidelines. Potential runtime errors are detected by our defect analysis. Redundant and duplicated code is detected and managed by the clone analysis.

Several thousand users worldwide already rely on Axivion Suite to check their code with our state-of-the-art tool for static code analysis for C and C++.

This image symbolizes the different coding guidelines that can be followed with Axivion Suite: MISRA, AUTOSAR C++14, CERT, C Secure Coding, ISO/IEC TS 17961, customer specifications.

Coding guidelines: MISRA, CERT C, CERT C++, AUTOSAR C++14, CWE, ISO/IEC TS 17961 (C Secure Coding), custom-specific guidelines

Axivion Suite guarantees 100% coverage of the automatically testable rules of MISRA C:2004, C:2012 (incl. Amendment 1 Security Rules and Amendment 2) and C++:2008 and of AUTOSAR C++14 (17.03, 17.10, 18.03, 18.10 and 19.03). In addition, it covers many of the decidable rules of CERT C and CERT C++ and ISO/IEC TS 17961 (C Secure Coding Checker). Many rules from CWE that relate directly to aspects of static analysis can be checked. For rules that require a more advanced security design as a basis for evaluation, custom checks can be created. Coding guidelines are checked with a very high performance in your environment, so you can immediately reap the benefits of continuous and automatic code reviews.

Even for embedded systems, not all included rules are decidable. Therefore, false positives are possible, causing you unnecessary workload. Axivion helps you to keep the number of these false positives as low as possible, for example through configuration options. Extending the guideline checks by your own specific coding guidelines is also possible.

Read more
Since the Axivion Suite contains rule sets for many well-known software metrics, the known cuboids for various high towers are shown in this subitem.

Metrics

The static code analysis of Axivion Suite forms the basis for many well-known software metrics. These include simple metrics based on lines (lines of code of a file or function). Other metrics are based on control flow properties such as the nesting depth of a function (nesting) or the cyclomatic complexity of a function according to McCabe. Token-based metrics such as the well-known Halstead metrics are also included in the standard set of code metrics. The Axivion Suite also includes the HIS metrics frequently used in the automotive industry.

The metrics supplied can be supplemented with your specific software metrics at any time via API.

With the help of the metrics, hotspots in the code can be identified for refactoring measures, for example over-complex or over-long functions. The threshold values can be specifically adjusted per metric.

Since in practice generated code often exceeds limits that make sense for handwritten code, you can specify which code should be considered generated.

Read more
The image for the defect analysis of Axivion Suite represents incorrectly parked, stylized cars in a parking lot which symbolize errors in the source code.

Defect analysis

Check your source code for possible runtime errors with the Static Code Analysis of Axivion Suite. Our analyses include scalable data and control flow checks that help to detect errors such as out-of-bounds accesses or division by zero at an early stage. Program errors that are detected before testing generate lower follow-up costs through early remediation. Defect analysis makes developers aware of corner cases in the program flow that are often not considered during development at an early stage. This makes the code more robust.

Read more

Good to know: The results of the static code analysis included in Axivion Suite support and relieve you in the continuous quality assurance accompanying the development of software created in the programming languages C and C++. By automating the quality checks, developers can focus on the tasks that require human intelligence and creativity. Repetitive tasks can thus be handed over to a machine performing them repeatable, completely, and without fatigue.

That’s why the use of static analysis with Axivion Suite complements the use of classic dynamic analyses. The easy-to-automate static code analysis is a cornerstone for your CI-based quality gate.