AbsInt Astrée
Astrée is a static code analyzer that proves the absence of runtime errors and invalid concurrent behavior in safety-critical software written or generated in C or C++.
License Options:
Base License
- Floating, permanent license
- 1 analyzer token, 2 client tokens
- Allows two simultaneously connected Astrée clients to configure analyses or inspect analysis results, and one analysis process
- Installation in virtual machines allowed (not for license server program “ALM”)
- Worldwide usage within one specific department
- Department definition: Name of department, location(s), project
- Includes 6 months technical support & maintenance
- Additional Token Package (1 analyzer token, 2 client tokens) includes 6 months technical support & maintenance
Cloud License
- Floating, permanent license
- 1 analyzer token, 2 client tokens
- Allows two simultaneously connected Astrée clients to configure analyses or inspect analysis results, and one analysis process. Usage in Cloud environments, like MS AZZURE, AWS, etc.
- Installation in virtual machines allowed, also for license server program “ALM”
- Worldwide usage within one specific department
- Department definition: Name of department, location(s), project
- Includes 6 months technical support & maintenance
- Additional Token Package (1 analyzer token, 2 client tokens) includes 6 months technical support & maintenance
For detailed options and pricing, please request a quote.
PURCHASE
Need a quote? Click here to access our
convenient online quotation form.
Fast and sound static analysis
Astrée primarily targets embedded applications as found in aeronautics, earth transportation, medical instrumentation, nuclear energy, and space flight. Nevertheless, it can just as well be used to analyze any structured C/C++ programs, handwritten or generated, with complex memory usages, dynamic memory allocation, and recursion.
Astrée is sound — that is, if no errors are signaled, the absence of errors has been proved.
Which runtime properties are analyzed by Astrée?
Astrée statically analyzes whether the programming language is used correctly and whether there can be any runtime errors during any execution in any environment. This covers any use of C or C++ that, according to the corresponding language standard, has undefined behavior or violates hardware-specific aspects.
Additionally, Astrée reports invalid concurrent behavior, violations of user-specified programming guidelines, and various program properties relevant for functional safety.
Astrée detects any:
- division by zero,
- out-of-bounds array indexing,
- erroneous pointer manipulation and dereferencing (NULL, uninitialized and dangling pointers),
- integer and floating-point arithmetic overflow,
- read access to uninitialized variables,
- data races (read/write or write/write concurrent accesses by two threads to the same memory location without proper mutex locking),
- inconsistent locking (lock/unlock problems),
- invalid calls to operating system services (e.g. OSEK calls to
TerminateTask
on a task with unreleased resources), - other critical data and control-flow errors,
- all violations of optional user-defined assertions to prove additional runtime properties (similar to assert diagnostics),
- code it can prove to be unreachable under any circumstances.
Astrée is also sound for floating-point computations and handles them precisely and safely. All possible rounding errors, and their cumulative effects, are taken into account. The same is true for −∞, +∞ and NaN
values and their effects through arithmetic calculations and comparisons.
In 2020, the US National Institute of Standards and Technology determined that Astrée satisfies their criteria for sound static code analysis.
Now with support for C++ and mixed code bases
Since 2020, runtime error analysis can also be applied to C++ and mixed C/C++ code bases. The new analysis mode supports all modern C++ versions up to C++17 and many of the features known from the classic C code analysis.
Astrée’s C++ analysis uses the same technology as its C code analysis. It is designed to meet the characteristics of safety-critical embedded software, and is subject to the same restrictions as Astrée for C.
The high-level abstraction features and template library of C++ facilitate the design of very complex and dynamic software. Extensive use of these features may violate the established principles of safety-critical embedded software development and lead to unsatisfactory analysis times and results. The Astrée manual gives recommendations on the use of C++ features to ensure that the code can be well analyzed. For less constrained (less critical) C++ code, we recommend using the standalone RuleChecker.
MISRA and more
The seamlessly integrated RuleChecker lets you check your code for compliance with various coding standards, including MISRA, CWE, ISO/IEC, SEI CERT, and AUTOSAR. You can easily toggle individual rules and even specific aspects of certain rules. The tool can also check for various code metrics such as comment density or cyclomatic complexity. Custom extensions for your own in-house coding guidelines are available on request.
RuleChecker can be envoked separately, to allow for even faster checks of your code, or in conjunction with the sound semantic analyses offered by Astrée, to additionally guarantee zero false negatives and minimize false positives on semantical rules. No competing standalone MISRA checker can offer this, and no testing environment can match the full data and path coverage provided by the static analysis.
Who uses Astrée?
Since 2003, Airbus France has been using Astrée in the development of safety-critical software for various aircraft series, including the A380.
In 2018, Bosch Automotive Steering replaced their legacy tools with Astrée and RuleChecker, resulting in significant savings thanks to faster analyses, higher accuracy, and optimized licensing and support costs.
Framatome employs Astrée for verification of their safety-critical TELEPERM XS platform that is used for engineering, testing, commissioning, operating and troubleshooting nuclear reactors.
The global automotive supplier Helbako in Germany is using Astrée to guarantee that no runtime errors can occur in their electronic control software and to demonstrate MISRA compliance of the code.
In 2008, Astrée proved the absence of any runtime errors in a C version of the automatic docking software of the Jules Verne Automated Transfer Vehicle, enabling ESA to transport payloads to the International Space Station.
A world leader in motors and ventilators for air-conditioning and refrigeration systems, ebm-papst is using Astrée for fully automatic continuous verification of safety-critical interrupt-driven control software for commutating high-efficiency EC motors for ventilator systems.
MTU Friedrichshafen uses Astrée to demonstrate the correctness of control software for emergency power generators in power plants. Together with its qualification package, Astrée is part of the IEC 60880 certification process.
Tailor it to your own requirements
Astrée offers powerful annotation mechanisms for supplying external knowledge and fine-tuning the analysis precision for individual loops or data structures. Detailed messages and an intuitive GUI guide you to the exact cause of each potential runtime error. Actual errors can then be fixed, and in case of a false alarm the analyzer can be tuned to avoid it. This allows for analyses with very few or even zero false alarms.
The analyzer can also run in batch mode for easy integration into established tool-chains.
Plugins for TargetLink, Jenkins, and Eclipse are available and actively supported.
Qualification support
Your usage of Astrée can be qualified according to DO-178B/C, ISO 26262, IEC 61508, EN-50128, the FDA Principles of Software Validation, and other safety standards. We offer special Qualification Support Kits that simplify and automate the qualification process.
Astrée PDF
Cancellation & No Refund Policy
Cancellation: You can cancel your subscription at any time. Please note that we do not provide credit, refunds or prorated billing for any licenses that are cancelled once purchased.
No Return/Refund: All sales are final, there are no refunds.