cmake: sca: iar: Add IAR C-STAT

felipe-iar · felipe-iar · commit 46331323bf78 · 2025-09-03T11:49:05.000+02:00
This commit adds support for IAR C-STAT Static Analysis
in the Zephyr's SCA Framework.

By specifying -DZEPHYR_SCA_VARIANT=iar in west, a SQLite
database file will be generated under build/sca/iar.

Signed-off-by: Felipe Torrezan &lt;felipe.torrezan@iar.com&gt;
diff --git a/cmake/sca/iar/sca.cmake b/cmake/sca/iar/sca.cmake
@@ -0,0 +1,69 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# Copyright (c) 2025, IAR Systems AB.
+
+include(extensions)
+include(west)
+
+# Get IAR C-STAT
+cmake_path(GET CMAKE_C_COMPILER PARENT_PATH IAR_COMPILER_DIR)
+find_program(IAR_CSTAT icstat
+  HINTS ${IAR_COMPILER_DIR}
+  REQUIRED
+)
+message(STATUS "Found SCA: IAR C-STAT Static Analysis (${IAR_CSTAT})")
+find_program(IAR_CHECKS ichecks
+  HINTS ${IAR_COMPILER_DIR}
+  REQUIRED
+)
+
+zephyr_get(CSTAT_RULESET)
+zephyr_get(CSTAT_ANALYZE_THREADS)
+zephyr_get(CSTAT_ANALYZE_OPTS)
+zephyr_get(CSTAT_DB)
+zephyr_get(CSTAT_CLEANUP)
+
+# Create an output directory for IAR C-STAT
+set(output_dir ${CMAKE_BINARY_DIR}/sca/iar)
+file(MAKE_DIRECTORY ${output_dir})
+
+# Set the IAR C-STAT ruleset
+set(iar_checks_arg --output=${output_dir}/cstat_sel_checks.txt)
+if(CSTAT_RULESET MATCHES "^(cert|security|misrac2004|misrac\\+\\+2008|misrac2012)")
+  set(iar_checks_arg ${iar_checks_arg} --default=${CSTAT_RULESET})
+elseif(CSTAT_RULESET MATCHES "^all")
+  set(iar_checks_arg ${iar_checks_arg} --all)
+else()
+  set(iar_checks_arg ${iar_checks_arg} --default=stdchecks)
+endif()
+execute_process(COMMAND ${IAR_CHECKS} ${iar_checks_arg})
+
+# Forwards the ruleset manifest file to icstat
+set(output_arg --checks=${output_dir}/cstat_sel_checks.txt)
+
+# Analsys parallelization
+if(CSTAT_ANALYZE_THREADS)
+  set(output_arg ${output_arg};--parallel=${CSTAT_ANALYZE_THREADS})
+endif()
+
+# Entrypoint for additional C-STAT options
+if(CSTAT_ANALYZE_OPTS)
+  set(output_arg ${output_arg};${CSTAT_ANALYZE_OPTS})
+endif()
+
+# Full path to the C-STAT SQLite database
+if(CSTAT_DB)
+  set(CSTAT_DB_PATH ${CSTAT_DB})
+else()
+  set(CSTAT_DB_PATH ${output_dir}/cstat.db)
+endif()
+set(output_arg ${output_arg};--db=${CSTAT_DB_PATH})
+
+# Clean-up C-STAT SQLite database
+if(CSTAT_CLEANUP)
+  execute_process(COMMAND ${IAR_CSTAT} clear --db=${CSTAT_DB_PATH})
+endif()
+
+# Enable IAR C-STAT Static Analysis (requires CMake v4.1+)
+set(CMAKE_C_ICSTAT ${IAR_CSTAT};${output_arg} CACHE INTERNAL "")
+set(CMAKE_CXX_ICSTAT ${IAR_CSTAT};${output_arg} CACHE INTERNAL "")
diff --git a/doc/develop/sca/iar.rst b/doc/develop/sca/iar.rst
@@ -0,0 +1,48 @@
+.. _icstat:
+
+IAR C-STAT support
+##################
+
+`IAR C-STAT <https://iar.com/cstat>`__ is a comprehensive static analysis tool for
+C/C++ source code. It can find errors and vulnerabilities supporting a number of
+coding standards such as MISRA C, MISRA C++, CERT C/C++ and CWE.
+
+Installing IAR C-STAT
+*********************
+
+IAR C-STAT comes pre-installed with the IAR Build Tools and with the IAR Embedded
+Workbench. Refer to your respective product's documentation for details.
+
+Building with IAR C-STAT
+************************
+
+To run IAR C-STAT, :ref:`west build <west-building>` should be called with
+a ``-DZEPHYR_SCA_VARIANT=iar`` parameter, e.g.
+
+.. code-block:: shell
+
+    west build -b stm32f429ii_aca samples/basic/blinky -- -DZEPHYR_SCA_VARIANT=iar
+
+Configuring IAR C-STAT
+***********************
+
+The IAR C-STAT accepts parameters for customizing the analysis.
+The following table lists the supported options.
+
+.. list-table::
+   :header-rows: 1
+
+   * - Parameter
+     - Description
+   * - ``CSTAT_RULESET``
+     - The pre-defined ruleset to be used. (default: ``stdchecks``, accepted values: ``all,cert,misrac2004,misrac2012,misrac++2008,stdchecks,security``)
+   * - ``CSTAT_ANALYZE_THREADS``
+     - The number of threads to use in analysis. (default: <CPU count>)
+   * - ``CSTAT_ANALYZE_OPTS``
+     - Arguments passed to the ``analyze`` command directly. (e.g. ``--timeout=900;--deterministic;--fpe``)
+   * - ``CSTAT_DB``
+     - Override the default location of the C-STAT SQLite database. (e.g. ``/home/user/cstat.db``)
+   * - ``CSTAT_CLEANUP``
+     - Perform a cleanup of the C-STAT SQLite database. (e.g. ``true``)
+
+These parameters can be passed on the command line, or be set as environment variables.
diff --git a/doc/develop/sca/index.rst b/doc/develop/sca/index.rst
@@ -69,3 +69,4 @@ The following is a list of SCA tools natively supported by Zephyr build system.
    eclair
    polyspace
    coverity
+   iar
