With the intelligent development of modern vehicles (ADAS, Telematics, Infotainment, Cloud Services), the amount of in-vehicle code is growing exponentially. Requirements for software functional safety compliance are continuously increasing, and cybersecurity standards are also being prioritized. Therefore, performing automated static analysis during the code development phase has become critically important. Compliance with industry coding standards is also a fundamental requirement for automotive software.

Perforce (formerly PRQA), a U.S.-based company, is a recognized industry leader and pioneer in embedded static analysis, with over 30 years of experience in software development and testing. Perforce is a founding member and the most influential participant in the MISRA coding standards committee. It is also the only member from the static analysis domain in the AUTOSAR organization, responsible for defining standards related to functional safety software architecture and contributing to the C++14 coding guidelines and AUTOSAR test specifications.

Perforce QAC (formerly Helix QAC), a recognized industry pioneer in static analysis, supports coding standard packages such as MISRA C/C++, AUTOSAR C++, CERT C/C++, CWE C/C++, HICPP, and JSF AV C++. It is designed to help developers and testers perform efficient automated static testing during the coding phase, identify potential code defects, assess code quality, reduce development time, and lower development costs.

As Perforce’s partner, Beijing Puhui Information Technology Co., Ltd. provides professional static code testing solutions to customers in China.

Perforce QAC Features

Perforce QAC Software Components:

Ø  QAC/C++ Static Analyzer: Capable of handling millions of lines of code with high-speed static analysis;

Ø  Coding Standard Packs: Optional modules that work with the static analyzer to perform compliance checks;

Ø  Project Management Platform: Dashboard/Validate for full lifecycle software development management；

New License Model: The new version offers Build licenses, specifically designed for CI/CT workflows.

1、  Static Code Analysis

QAC supports usage on Windows/Linux platforms and allows users to create static analysis projects via GUI, command line, or IDE plugins. It supports loading source files either through Sync-based synchronized compilation or manual non-compilation methods, and can automatically generate CCT configuration files for over 400 compilers, including Visual Studio, Eclipse, VS Code IDE, CodeWarrior, GNU, IAR, GreenHills, HighTec TriCore, and QNX environments. Through fast and accurate source code analysis, QAC produces corresponding static analysis diagnostic messages and features capabilities such as multi-file parallel analysis and cross-module analysis—analyzing tens of thousands of lines of code in under 30 seconds.

QAC supports filtering and grouping diagnostic messages by multiple categories, and each diagnostic message is accompanied by a dedicated help page to assist with remediation.

Figure 1: QAC Code Review

2、  Coding Standard Compliance Checking

QAC supports coding standard compliance checks for C and C++, including MISRA C 2004, MISRA C 2012, MISRA C++ 2008, MISRA C/C++ 2023, MISRA C 2025, AUTOSAR C++, CERT C/C++, and CWE C/C++. It automatically checks source code against these standards and also supports custom enterprise-defined coding rules.

Figure 2: Coding Standard Coverage

3、  Metric Analysis

QAC provides a comprehensive set of 68 software metrics, enabling code quality measurement at the function, file, and project levels. It supports custom metric thresholds and user-defined composite metrics.

Figure 3: Metric Indicators

4、  DataFlow Analysis

QAC employs a proprietary deep dataflow analysis engine that simulates runtime behavior to detect runtime errors such as undefined behavior, control flow issues, initialization problems, and pointer-related defects. QAC offers five levels of dataflow analysis, allowing organizations to select the appropriate depth based on project requirements.

5、  Testing Report

QAC supports generating various reports, including Code Review Report, MISRA Compliance Report, HIS Metrics Report, Metrics Data Report, and Suppressions Report and so on. Reports can be customized through Validate/Dashboard platform.

Figure 4: QAC Generated Reports

6、  Web-Based Project Management Platform

QAC provides two web-based project management platforms—Dashboard and Validate—to enhance team collaboration. The platforms also support source code version management, file comparison analysis, metric trend visualization, and customizable reporting. LDAP integration enables quick user account import, and access permissions can be configured by project group.

Figure 5: Dashboard

Figure 6: Validate

7、  CI/CT Integration

QAC offers a rich set of command-line tools that support end-to-end workflows—from license configuration, project creation and analysis, report generation, to uploading results to the web platform—making it easy to integrate into continuous integration/continuous testing (CI/CT) pipelines. Additionally, the latest QAC version includes dedicated Build licenses optimized for CI/CT environments.

8、  Suppression Rules

QAC allows users to define custom rules based on project or organizational needs. Rules and diagnostic messages can be individually enabled or disabled. Users can establish baselines based on project experience and apply suppression syntax to suppress diagnostics on specific lines of code.

Quality Certification

Perforce QAC is certified by SGS-TÜV SAAR for use in safety-related software development and complies with standards including ISO 26262 (ASIL D, TCL2), IEC 61508, EN 50128, IEC 60880, IEC 62304, DO-330 (DO-178B/C), and ISO/SAE 21434, helping customers accelerate product certification.

Figure 6: Certification Certificate

Some of QAC's customers: