What is the name of the tool?
Perforce QAC
Add a concise description of the tool. Please refrain from marketing claims and stick to what the tool is, does, and how it would be used?
QAC is a static analysis tool for C, C++, and as of the 2026.1 release, Rust as well.
QAC performs interprocedural, inter-TU (and now crate) and inter-thread flow analysis, as well as offering a huge collection of lints, static checks, and metrics. The Rust offering is fairly new but incorporates checks and metrics that are able to be share their concepts or applicability with C and C++; dataflow analysis is able to link seamlessly between all three languages and track pointer, bounds, etc. values across the FFI.
The Rust component also directly integrates Clippy support (clearly marked out as not QAC native analysis) so that existing well-understood Rust lints can easily be integrated into a safety-critical workflow by taking advantage of the existing QAC reporting structure (the overarching UI, reporting, project management tool we call "Framework"), neatly fitting Clippy's existing capabilities straight into pipelines designed for ISO 26262.
(we didn't think of this on our own, this was in response to a direct customer request to do that!)
w.r.t tool maturity: QAC has an extremely long history in safety-critical and the C frontend was one of the first commercially-available tools, dating all the way back to 1987. QAC's team members have been deeply involved with safety-critical standards development since 1994, when Olwen Morgan from the QAC team wrote the very first draft of what would become MISRA C.
The Rust integration story is very new but QAC has approached it with the philosophy of adding it as a feature to a complete tool, and it has already been picked up by C users who want to start mimicking their reporting pipeline for Rust work.
Link to the tool repo or homepage
https://www.perforce.com/products/helix-qac
License of the tool
Proprietary
What is your role/connection to this tool?
Product Manager/Owner (commercial)
Optional name of the tool vendor
Perforce
Optional liability provided by the tool vendor
No response
List any standards the tool is qualified for
ISO 26262 to ASIL D (for C and C++, not Rust), IEC 61508 to SIL4, EN 50716 to SW-SIL4, IEC 62304 class C, IEC 60880 ; with certified modules enforcing every variant of MISRA, Autosar, JSF, etc.
Tool category
static-analysis
What is the name of the tool?
Perforce QAC
Add a concise description of the tool. Please refrain from marketing claims and stick to what the tool is, does, and how it would be used?
QAC is a static analysis tool for C, C++, and as of the 2026.1 release, Rust as well.
QAC performs interprocedural, inter-TU (and now crate) and inter-thread flow analysis, as well as offering a huge collection of lints, static checks, and metrics. The Rust offering is fairly new but incorporates checks and metrics that are able to be share their concepts or applicability with C and C++; dataflow analysis is able to link seamlessly between all three languages and track pointer, bounds, etc. values across the FFI.
The Rust component also directly integrates Clippy support (clearly marked out as not QAC native analysis) so that existing well-understood Rust lints can easily be integrated into a safety-critical workflow by taking advantage of the existing QAC reporting structure (the overarching UI, reporting, project management tool we call "Framework"), neatly fitting Clippy's existing capabilities straight into pipelines designed for ISO 26262.
(we didn't think of this on our own, this was in response to a direct customer request to do that!)
w.r.t tool maturity: QAC has an extremely long history in safety-critical and the C frontend was one of the first commercially-available tools, dating all the way back to 1987. QAC's team members have been deeply involved with safety-critical standards development since 1994, when Olwen Morgan from the QAC team wrote the very first draft of what would become MISRA C.
The Rust integration story is very new but QAC has approached it with the philosophy of adding it as a feature to a complete tool, and it has already been picked up by C users who want to start mimicking their reporting pipeline for Rust work.
Link to the tool repo or homepage
https://www.perforce.com/products/helix-qac
License of the tool
Proprietary
What is your role/connection to this tool?
Product Manager/Owner (commercial)
Optional name of the tool vendor
Perforce
Optional liability provided by the tool vendor
No response
List any standards the tool is qualified for
ISO 26262 to ASIL D (for C and C++, not Rust), IEC 61508 to SIL4, EN 50716 to SW-SIL4, IEC 62304 class C, IEC 60880 ; with certified modules enforcing every variant of MISRA, Autosar, JSF, etc.
Tool category
static-analysis