C/C++ Static Analysis, Code Review, Unit Testing, Runtime Error Detection

Policy Management

Parasoft provides centralized management of organization-level and team-level policies for ensuring application security, reliability, performance, and maintainability—as well as complying with FDA, DO-178, PCI, and other regulations. Policies are easily deployed and customized for specific projects without compromising the integrity of the corporate objectives. Policy management is centralized for simple access and policy application is automated for rapid scanning and reporting.

Organization/Team Policy Manager
Parasoft’s policy manager provides a fast and easy way to ensure that policy enforcement is standardized both globally and locally. This can include a fixed set of organizational policies, as well as subsets of policies customized to suit the needs of specific projects and teams. Policy configurations for thousands of desktops can be implemented or updated once, then distributed to thousands of machines with a single click.

Rule Library
Each language-specific rule library (Java, C/C++, .NET, XML, etc.) provides configurable sets of hundreds of rules—including specific (contextual) security rules. Parasoft’s rule library is the most comprehensive in the industry, and is constantly being extended. To help developers understand and achieve the benefit that the rules deliver, we provide detailed documentation for each rule, including an explanation of the rule requirements and customizable enforcement parameters, the rationale behind the rule, a sample violation, and an explanation of how to bring code into compliance.

Rule Configuration/Parameterization
Since goals and technologies vary from project to project, Parasoft allows teams to customize the logic of library rules to suit the unique demands of specific projects and priorities. Rules are customized using GUI controls—no coding or scripting is required. Moreover, rule names, descriptions, and severities can be matched to your organization’s policies, establishing a fully-customized policy management and reporting interface.

Graphical Rule Wizard
In the event that certain internal policies cannot be matched to library rules, Parasoft’s RuleWizard provides fast and easy ways to extend the rule set. Custom rules can be built graphically or generated automatically by providing code that demonstrates a sample rule violation. This flexible framework supports definition of even the most complex policy requirements.

[ back to top ]

Workflow Management

Parasoft defines, automates, and monitors a workflow that improves development productivity and forms the foundation for a sustainable quality process. As quality tasks are defined and automated, process control guidelines are established to measure process progress as well as software quality. With monitorable quality gates and thresholds throughout the SDLC, your organization and team can track progress and ultimately improve the software development process.

Quality Process Definition
Quality processes and tasks are defined in the system and the workflow associated with the process is automated. The organization’s expectations around quality tasks are visible and monitored. This significantly reduces the resources required to establish and maintain the quality process, resulting in increased team productivity.

Quality Process Metrics
Process control guidelines are established to measure both process progress and software quality. By establishing quality gates at specific points in the SDLC and establishing quality thresholds, organizations and teams gain the ability to track progress and ultimately improve the software development process.

Workflow Optimization

Tasks to support quality policies must be optimized so they can become an integral part of the team's existing workflow. The lack of automation, repeatability, or consistency will degrade any quality initiative that the organization intends to deploy. Parasoft optimizes the workflow to ensure that the quality process is both sustainable and scalable. For example:

• Routing each reported issue directly to the responsible developer and customizable issue prioritization both ensure that your most critical issues are addressed in a timely manner.
• Centralized configuration management to ensure that test configurations are applied consistently and can be updated effortlessly as priorities and processes evolve.
• Monitoring manual processes that require human intelligence, then converting them into automated processes relieves the team from having to repeat many manual efforts.

[ back to top ]

Issue Prioritization
Results are reported as a prioritized task list to help the team focus their attention and resources on the issues expected to have the greatest impact on quality. To ensure that the most critical policy violations are identified immediately and promptly resolved, Parasoft allows organizations to customize issue severities to match their unique project needs and priorities.

Context Suppression
Context-sensitive suppressions allow teams to prevent rules from firing under specific circumstances where they do not apply. This reduces the level of noise, ensuring that every violation reported is a real problem that should be fixed. Suppressions can be defined in the code to ensure they are always visible when code is reviewed and modified.

Regulatory Compliance

To help teams achieve and demonstrate regulatory compliance, we establish an in-line continuous quality process that ensures mandated practices are not only deployed across every stage of the SDLC, but also ingrained into the team’s workflow.
Parasoft supports:

• FDA
• DO-178B
• MISRA
• Joint Strike Fighter
• Ellemtel
• PCI DSS
• OWASP
• CWE/SANS
• SAMATE

After each test, a list of tasks required for compliance is generated and prioritized. The responsible developers are notified immediately, and their assigned tasks are distributed directly to their IDEs. Archived reports and trend graphs document validation efforts and quality improvements.

[ back to top ]

Coding Standards Analysis

Parasoft's static analysis monitors whether code meets uniform expectations around security, reliability, performance, and maintainability—delivering real-time training based on corporate policy. By exposing structural errors and preventing entire classes of errors, this provides a foundation for producing solid code. Our static analysis includes static code analysis, data flow static analysis, and code metrics analysis. All are centrally managed and highly automated. Moreover, an automated framework is provided to ensure consistency across development languages, development teams, and third-party partners.

Parasoft's static code analysis monitors whether code follows industry-standard or customized rules for ensuring that code meets uniform expectations around security, reliability, performance, and maintainability. Over 15 years of research and development have gone into optimizing Parasoft's patented static code analysis engine and knowledge base. Our static code analysis solutions feature:

• A centralized, integrated system for automated monitoring of code compliance across heterogeneous environments (Java, C/C++, C#, VB.NET, JavaScript, etc.), core industry standards (FDA, JSF, MISRA, Ellemtel, PCI, WS-*, Section 508, etc.), and organization-specific policies (security, branding, etc.).
• Rule sets that are the most comprehensive in the industry—and are constantly being extended.
• Fast, easy ways to define and check custom static analysis rules that prevent application-specific errors from reoccurring and monitor adherence to organization-specific policies.
• Automated task assignment and customizable issue prioritization to ensure that the most critical issues are addressed in a timely manner.
• Extensive support for policy management, workflow management, and workflow optimization to facilitate code improvement without impeding project progress or team productivity.

Policy Enforcement

Parasoft's static code analysis can easily be configured to automatically monitor adherence to organization, team, and project policies for security, compliance, etc. The rule library includes hundreds of rules that deliver "out-of-the-box" monitoring of many common policy requirements. These static analysis rules can be customized as needed to match specific policy requirements, and the rule set can be rapidly extended to address even the most complex and unique requirements. Moreover, rule names, descriptions, and severities can be mapped to the organization's policies, establishing a fully-customized policy management and reporting interface.

[ back to top ]

Security

In addition to enforcing organizations' unique security policies, Parasoft automatically identifies common security vulnerabilities with the most comprehensive rule set in the industry. Our solutions are configured to deliver an instant assessment of compliance with PCI DSS section 6 security guidelines. This enables teams to rapidly assess the level of compliance–without spending time reading the PCI DSS specification and determining how the requirements translate to code. We also provide an automated assessment of your risks regarding the most critical application security vulnerabilities (as listed in the OWASP Top 10).

Expert Best Practices

Industry leaders have built an extensive knowledge base of guidelines for preventing the most serious and common software defects. Parasoft's code analysis provides expert code feedback in seconds by automatically applying the wisdom of gurus such as Scott Meyers, Herb Sutter, Andrei Alexandrescu. Identifying and fixing the reported violations improves code security, reliability, performance, and maintainability.

Technology Guidelines and Standards

To help developers understand and negotiate the unique pitfalls involved in working with certain technologies, Parasoft automatically monitors code compliance to technology-specific guidelines and standards. We provide out-of-the-box support for preventing mistakes related to common technologies/frameworks such as Standard Template Library and the Trolltech Qt framework. Moreover, our flexible framework can easily be extended to support more specialized needs.

[ back to top ]

Regulatory Compliance Standards

To help teams achieve and demonstrate regulatory compliance, we establish an in-line continuous quality process that ensures mandated practices are not only deployed across every stage of the SDLC, but also ingrained into the team’s workflow.

Our static code analysis enables teams to rapidly assess the level of compliance to various regulatory standards–without spending time reading the related specifications and determining how the requirements translate to code.

Parasoft supports:

• FDA
• MISRA
• Joint Strike Fighter
• Ellemtel
• PCI DSS
• OWASP
• CWE/SANS
• SAMATE

Moreover, our flexible static code analysis framework can easily be extended to support more specialized needs. Each issue detected is prioritized, automatically correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code. Eventually, developers start writing compliant code as a matter of habit. Moreover, through integration with the development infrastructure, results are correlated with requirements, bugs, and source code changes—converting data into actionable information. Archived reports and trend graphs document validation efforts and quality improvements.

Application-Specific Errors

Parasoft provides fast and easy ways to define custom static code analysis rules that prevent the recurrence of application-specific defects after a single instance has been found. By ensuring that the team does not make the same mistake twice, this significantly improves team productivity and product quality.

[ back to top ]

Data Flow Analysis

Parasoft's data flow analysis provides automated detection of runtime errors without requiring the software to actually be executed. This enables early and effortless detection of critical runtime errors that might otherwise take weeks to find. We statically simulate application execution paths–which may cross multiple units, components, and files–to identify paths that could trigger runtime errors related to memory and resource management, buffer overflows, dead code, threads, and security vulnerabilities. To simply defect analysis, a complete analyzed path trace for each potential defect is reported in the IDE, and automatic cross–links to code help users quickly jump to any point in the highlighted analysis path.

This ability to expose these errors without executing code is especially valuable for teams with legacy code bases lacking robust test suites or embedded code, where runtime analysis and detection of such errors is not effective or possible.

Static Detection of Complex Runtime Errors

Parasoft's data flow analysis enables you to find complex runtime errors such as uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and various flavors of dead code–without having to create, execute, or maintain test cases.

Static Detection of Security Vulnerabilities

For security vulnerability detection, Parasoft’s data flow analysis detects whether actual application execution paths could lead to injection vulnerabilities, buffer overflows, and other vulnerabilities.

Legacy Code Audit

Parasoft’s data flow analysis can be applied to a large code base for fast, effortless detection of complex runtime problems. This provides a practical way to identify critical problems in a large code base when testing resources are limited. Moreover, data flow helps you audit the effectiveness of your quality policies. If proper quality policies are in place, no problems should be reported by data flow analysis. An issue detected by data flow analysis indicates that the quality policy was not comprehensive enough or was not applied properly.

[ back to top ]

Metrics Analysis

Parasoft’s code metrics analysis calculates a customizable set of industry-standard metrics, as well as identifies specific pieces of code that exceed industry-standard or customized metrics thresholds. This helps organizations identify brittle or overly-complex code that could impede agility or reuse.

Calculation

Parasoft’s metrics calculation capability provides organizations visibility into code complexity and the potential impacts of an anticipated code change. This enables them to make more informed decisions as to how to modify, refactor, and test it. Metrics calculations provided include Cyclomatic Complexity, Inheritance Depth, Nested Block Depth, and more.

Limit-Based Analysis

Parasoft enables organizations to customize the boundaries and thresholds for available metrics so that team members are alerted when metrics are outside of the prescribed range. Leveraging this automation, the team is freed to focus on analyzing and improving the problematic code–tasks that truly require human intelligence.

[ back to top ]

Automated Code Review

Parasoft's automated code analysis checks code as it is written to prevent entire classes of errors and ensure that code meets uniform expectations around security, reliability, performance, and maintainability. This typically relieves developers from having to perform line-by-line inspections during peer code reviews, freeing them to focus on higher-level analyses that require human intelligence. With automated checking for compliance to the team's and organization's development policies, the team can begin code reviews by discussing interesting findings from the automated code analysis results, then move on to examining design, algorithmic, and implementation issues. This aspect of the peer code review is supported by Parasoft's code review capability, which automatically identifies updated code, matches the code with designated reviewers, and tracks the progress of each review item until closure. By automating critical workflow components, the team gains more time to focus on inspecting and improving the code.

Peer Code Review

Parasoft automates and manages the peer code review workflow. Our code review capability-which automates preparation, notification, and tracking of peer code reviews-addresses the known shortcomings of this very powerful inspection method. It automatically identifies updated code by scanning the source control system or the local file system, matches the code with designated reviewers, and tracks the progress of each review item until closure. This allows teams to establish a bulletproof review process where all new code gets reviewed and all identified issues are resolved.

Teams who prefer to review only the the most dangerous segments of their code (for example, the most security-sensitive or deadlock-prone areas of the code base) can easily set up such focused reviews using the flexible configuration options.

[ back to top ]

Workflow
For a code review process to be sustainable and successful, it’s essential that the workflow be as natural and unobtrusive as possible. That’s why Parasoft engineered an automated peer code review workflow where developers simply check in code as normal, then review packages are prepared automatically and distributed to the appropriate reviewer’s IDE. The only added work is the actual peer review—a creative process that cannot, and should not, be automated.

Parasoft provides built-in support for the following typical code review flows:

• Post-commit code review: This mode is based on automatic identification of code changes in a source repository via custom source control interfaces. Code review tasks are created based on a preconfigured mapping of changed code to reviewers.
• Pre-commit code review: Users can initiate a code review from the desktop by selecting a set of files to distribute for the review, or automatically identify all locally changed source code.

Contextual Analysis
Although automated code analysis can identify many issues related to security, reliability, performance, and maintainability, it cannot detect functional defects: instances where the code is not doing what it’s supposed to do. This high-level error detection can only be achieved when the human brain analyzes code in the context of its requirements and available test cases. Parasoft aggregates these artifacts, reducing the barrier to entry for this irreplaceable analysis.

Monitoring
For a code review process to stay on track, it needs to be measured and actively monitored. That’s why Parasoft automates the process and connects it to Parasoft's reporting system — providing objective answers to questions such as:

• Are reviews being performed?
• Are identified issues actually being resolved?
• How is the code review impacting team productivity and application quality?

[ back to top ]

Unit Test Framework

Parasoft delivers a complete framework to create, manage, and extract greater value from unit tests. We help you exercise and test an incomplete system—enabling you to identify problems when they are least difficult, costly, and time-consuming to fix. This reduces the length and cost of downstream processes such as debugging. Moreover, since all tests are written at the unit level, the test suite can be run independent of the complete system. This allows you to isolate code behavior changes, reduces setup complexities, and makes it practical to execute the test suite on a daily basis.

Test Creation

To facilitate standardized testing and quality processes, our patented technologies automatically generate extensible, reusable test cases. These test cases not only expose potential reliability problems, but also capture the code's current behavior to establish a baseline for regression testing. You can incrementally improve the test suite’s intelligence and value by extending the generated test cases. Collectively, these test cases establish a safety net that alerts you when modifications impact application behavior.

Regression Baseline
If your team has a large code base with minimal tests or no tests, the fastest route to regression testing is to automatically generate a regression test suite that captures the code's current behavior—and then run it daily to determine if code modifications break existing functionality. To help you achieve this, we scan the project code base, then automatically generate a baseline set of unit test cases that capture the code's current behavior. Then, we establish a continuous regression testing process which ensures that the impacts of code modifications are identified and addressed daily, and the test suite stays in synch with the evolving application. This provides a safety net that helps developers rapidly change code with confidence, which is especially critical for teams working on complex and constantly-evolving applications.

Exception Detection
By using corner case conditions, automatically-generated test cases check responses to unexpected inputs, exposing potential reliability problems.

[ back to top ]

Test Optimization

Parasoft provides a variety of technologies to help you extend your manually-defined and automatically-generated test cases, enabling you to increase their value with minimal effort.

Easy Extension
Parasoft automatically generates complete tests, including test drivers and test cases for individual functions, in a format similar to CppUnit. Developers can rapidly add additional tests (for verifying specific functionality and/or increasing coverage) by extending the automatically-generated tests. This allows developers to extend the test suite while writing a minimal amount of code.

Stub Creation and Management
Parasoft can automatically stub out calls to external resources or problematic functions within the source code base. This relieves developers from having to write extensive stubs or mock objects from scratch. Using automatically-generated stub templates, you can define your own stubs for automatically-generated or user-defined test cases.

Test Case Parameterization
Test Case Parameterization automates the process of reusing a test with different sets of data. This allows teams to increase the amount of testing and coverage with very little effort.

Data-Driven Test Cases
Parasoft can use values from any of the following types of data sources for test case inputs as well as data validation:

• CSV files
• Databases
• Excel spreadsheets
• Tables created in (or copied into) the internal table editor.
• File

Graphical Test Case Wizard
The Test Case Wizard provides a graphical interface enabling users to visualize all input and output parameters of a function, set input and expected values, and generate source code for individual tests based on set parameters. This enables developers to rapidly create functional tests for code components without having to worry about their inner workings or embedded data dependencies.

[ back to top ]

Extended Execution Environment

Parasoft’s extended execution environment centralizes execution and enhances reporting for your automatically-generated, extended, or legacy CppUnit test cases.

Error Assignment and Distribution
To promote fast remediation, each test failure or exception detected is prioritized, assigned to the developer who introduced the problem, and distributed to his or her IDE with direct links to the problematic code.

Coverage Analysis
A multi-metric test coverage analyzer, including statement, branch, path, and MC/DC coverage, helps users gauge test suite efficacy and completeness, as well as demonstrate compliance with test and validation requirements such as DO-178B, FDA, etc. Coverage is reported in percentages as well as graphically displayed via source code that is annotated with line-by-line coverage details. Back tracing from coverage elements to the corresponding test cases enables users to analyze test results and extend the test cases for better coverage, with higher efficiency.

Moreover, data from unit, component, and manual testing can be combined for cumulative coverage reporting. This includes interactive visualization and analysis in the code browser, as well as automatic generation of comprehensive coverage reports.

Memory Analysis
Runtime memory analysis can be performed during the unit and component test process (as well as during application-level testing). This allows early detection of a variety of difficult-to-track programming and memory-access errors, along with potential defects and inefficiencies in memory usage.

Debugger Integration
Developers can step through test cases with a debugger to better examine the code's internal state during a given test. For example, they might want to debug test cases to learn more about why an unexpected outcome was reported, or to determine why a test case failed.

[ back to top ]

Overview

Parasoft enables teams to produce better code for embedded systems, test it more efficiently, and consistently monitor progress towards their quality goals. Critical time-proven best practices—such as static analysis, comprehensive code review, runtime memory analysis, and unit and component testing with integrated coverage analysis—are enabled on the developer's desktop, early in the development cycle. A command line interface enables fully automated execution within regression and continuous integration environments, providing data for monitoring and analyzing quality trends.

For highly quality-sensitive industries, such as avionics, medical, automobile, transportation, and industrial automation, the addition of Parasoft's Web-based audit and reporting system enables an efficient and auditable quality process with complete visibility into compliance efforts.

Test on the Host, Simulator, and Target

Parasoft removes the barrier to effective, comprehensive embedded testing by automatically generating extensible test cases that can be executed on the host, simulator, and in the actual target environments in order to verify code robustness, verify functional results, and obtain code coverage metrics. We can also monitor running application to detect memory problems and to track code coverage.

On the host environment, developers can automatically generate a core set of unit and API test cases designed to identify unexpected function responses to corner case conditions. With a different configuration, the generated tests will capture current software behavior at the method/function level. This test suite can then be extended as needed for functional testing, automatically configured for regression testing, and executed on the host if desired (with the target dependencies automatically replaced by configurable stubs).

The same test suite can then be cross-compiled for execution in a target environment. Target test results are saved to a file that can be loaded into the GUI for evaluation/analysis. Test results can be automatically sent to the GUI. Coverage metrics, including branch, simple condition, and MC/DC coverage, are collected for all tests. The GUI provides extensive facilities for debugging test cases, including support for many host debuggers, stack trace reporting, reporting of call sequences, and detailed display of test case results.

The original application can be also instrumented for detection of memory related problems, cross-compiled and started on the target to pinpoint existing memory bugs and to collect code coverage. This coverage data can be combined with the coverage data from unit testing.

[ back to top ]

Flexibility and Customization

Parasoft automates the complete test execution flow, including test case generation, cross-compilation, deployment, execution, and loading results (including coverage metrics) back into the GUI. Testing can be driven interactively from the GUI or launched from the command line for automated test execution as well as batch regression testing. In the interactive mode, users can run tests individually or in selected groups for easy debugging or validation. For batch execution, tests can be grouped based either on the user code they are linked with, or their name or location on disk.

Parasoft allows full customization of its test execution sequence. In addition to using the built-in test automation, users can incorporate custom test scripts and shell commands to fit the tool into their specific build and test environment. Our solutions can be utilized with a wide variety of embedded OS and architectures by cross-compiling the provided runtime library for a desired target runtime environment. Since all test artifacts are source code, they are completely portable.

ARM RVDS and ADS Support

The Parasoft plugin for ARM RealView Development Suite provides RVDS users easy access to Parasoft C++test's static analysis, code review, runtime memory analysis, and unit testing capabilities directly within their IDE. This seamless integration enables testing and verification to become a natural and continuous part of the development process. The complete target-based test execution flow, including test case generation, cross-compilation, deployment, execution and loading results back to the GUI, can be automated.

Parasoft C++test is available as a plugin to ARM Workbench IDE for RVDS, as well as an Eclipse-based standalone version that supports development with ARM compilers used in standard command line build systems. ADS projects can be imported into Parasoft C++test standalone.

Green Hills Software MULTI Support

Green Hills Software projects can be imported into Parasoft C++test for static analysis, code review, runtime memory analysis, and unit testing. The complete target-based test execution flow, with test case generation, cross compilation, deployment, execution and loading results back into GUI, can be automated with Parasoft C++test. A command line interface can be used to include code analysis and regression testing in scheduled batch runs.

IAR Embedded Workbench Support

IAR Embedded Workbench projects can be imported into Parasoft C++test for static analysis, code review, runtime memory analysis, and unit testing. The complete target-based test execution flow, with test case generation, cross compilation, deployment, execution and loading results back into GUI, can be automated. A command line interface can be used to include code analysis and regression testing in scheduled batch runs.

Keil µVision Support

Keil µVision projects can be imported into Parasoft C++test for static analysis, code review, runtime memory analysis, and unit testing. The complete target-based test execution flow, with test case generation, cross compilation, deployment, execution and loading results back into GUI, can be automated. A command line interface can be used to include code analysis and regression testing in scheduled batch runs.

[ back to top ]

Microsoft eMbedded Visual C++ Support

Microsoft eMbedded Visual C++ projects can be imported into Parasoft C++test for static analysis, code review, runtime memory analysis, and unit testing. The complete target-based test execution flow, with test case generation, cross compilation, deployment, execution and loading results back into GUI, can be automated. A command line interface can be used to include code analysis and regression testing in scheduled batch runs.

Microsoft Windows Mobile Support

The Parasoft C++test Visual Studio plugin directly supports Mobile SDKs for Window Mobile. This provides Windows Mobile developers easy access to Parasoft C++test's static code analysis, code review, runtime memory analysis and unit testing capabilities directly within their IDE. This seamless integration enables testing and verification to become a natural and continuous part of the development process. The complete target-based test execution flow, including test case generation, cross-compilation, deployment, execution and loading results back to the GUI, can be automated within Parasoft C++test.

QNX Momentics Support

The Parasoft C++test plugin for QNX Momentics provides Momentics users easy access to Parasoft C++test's static code analysis, code review, runtime memory analysis and unit testing capabilities directly within their IDE. This seamless integration enables testing and verification to become a natural and continuous part of the development process. The complete target-based test execution flow, including test case generation, cross-compilation, deployment, execution and loading results back to the GUI, can be automated.

Texas Instruments Code Composer Studio Support

Texas Instruments Code Composer Studio projects can be imported into Parasoft C++test for static analysis, code review, runtime memory analysis, and unit testing. The complete target-based test execution flow, with test case generation, cross compilation, deployment, execution and loading results back into GUI, can be automated with Parasoft C++test. A command line interface can be used to include code analysis and regression testing in scheduled batch runs.

Wind River Workbench and Tornado Support

The Parasoft C++test plugin for Wind River® Workbench provides Workbench users easy access to Parasoft C++test's code analysis, code review, and unit testing capabilities directly within their IDE. This seamless integration enables testing and verification to become a natural and continuous part of the development process. The complete target-based test execution flow, including test case generation, cross-compilation, deployment, execution, and loading results back into the GUI, can be automated.

Parasoft C++test is available as a plug in for Wind River Workbench IDEs and supports both VxWorks® and Wind River Linux RTOS. In addition, a standalone Parasoft C++test installation provides built-in support for import and analysis of Tornado® projects.

[ back to top ]

Memory Error Detection

Parasoft's memory error detection automatically identifies a variety of difficult-to-track programming and memory-access errors, along with potential defects and inefficiencies in memory usage. Errors such as memory corruption, memory leaks, access outside of array bounds, invalid pointers, and the like often go undetected during normal testing, only to result in application crashes in the field. We help you find and eliminate such defects in your applications to ensure the integrity of their memory usage.

Our highly detailed memory analysis capabilities are based on patented source instrumentation algorithms. Source code instrumentation enables us to detect more error types than other memory error detection technologies, and also provides complete information indicating the root causes of the errors found using a full database of program elements and memory structures.

Compile-Time Memory Error Detection

Parasoft can detect errors at compile-time as well as runtime. Compile-time errors detected include:

• Cast of pointer loses precision
• Mismatch in format specification
• Mismatch in argument type
• Code is not evaluated, has no effect, or is unreachable
• Undefined identifier
• Variable declared, but never used
• Returning pointer to local variable
• Function returns inconsistent value
• Unused variables

Runtime Memory Error Detection

During testing, we check all types of memory references, including those to static (global), stack, and shared memory—both in user’s code and in third party libraries. Errors detected include:

• Corrupted heap and stack memory
• Use of uninitialized variables and objects
• Array and string bounds errors on heap and stack
• Use of dangling, NULL, and uninitialized pointers
• All types of memory allocation and free errors or mismatches
• All types of memory leaks
• Type mismatches in global declarations, pointers, and function calls

[ back to top ]

Coverage Analysis

A multi-metric test coverage analyzer, including statement, branch, path, and MC/DC coverage, helps users gauge test suite efficacy and completeness, and demonstrate compliance with test and validation requirements such as DO-178B, FDA, etc. Coverage is reported in percentages as well as graphically displayed via source code that is annotated with line-by-line coverage details.

Moreover, data from unit, component, and manual testing can be combined for cumulative coverage reporting. This includes interactive visualization and analysis in the code browser, as well as automatic generation of comprehensive coverage reports.

Multiple Instrumentation Modes

There are three ways to use Parasoft solutions for memory analysis and error detection. The first and most detailed analysis is achieved with full source code instrumentation. This requires that application sources be compiled and linked with Parasoft, which generates its own instrumented files that are passed to the actual compiler.

The second option is linking with Parasoft, which provides a trade-off between the extent of error reporting and the actual time to build and run an instrumented application. In this mode, we can detect and report most of the error types, including leaks, bad memory references, standard API usage errors, and so on.

Additionally, Chaperon is exclusive to dynamically linked executables on Linux/x86. Chaperon does not require recompilation or re-linking, and checks all the data memory references a process makes, reporting reads of uninitialized memory, bounds errors, and memory leaks.

Error Detection in Threads

Parasoft instruments all threads, tracks all processes in the application, and quickly pinpoints algorithmic anomalies, bugs, and deficiencies. This allows developers of multithreaded applications to rapidly find and fix the bugs that would otherwise remain hidden in threads and cause the application to perform incorrectly, or to fail to perform at all.

Lightweight Runtime Error Detection for C

Parasoft can perform memory error detection at the application level or during unit test execution. We detect C-related memory errors such as memory leaks, null pointers, uninitialized memory, buffer overflows, and more. The instrumentation used to perform this runtime error detection is lightweight and suitable for running on the target board, simulator, or host for embedded testing.

The collected problems are presented directly in the developer's IDE with the details required to understand and fix the problem (including memory block size, array index, allocation/deallocation stack trace etc.) Coverage metrics are tracked to help the team measure and increase the scope of their testing efforts.

[ back to top ]

Parasoft's robust reporting capabilities not only promote rapid defect resolution, but also support an auditable quality process by providing complete visibility into the team's efforts.

Reports

After each test/analysis run, Parasoft can automatically generate and e-mail role-based reports to managers, team leads, and developers. Reports are available in HTML, PDF, and custom format, and can be easily configured via GUI controls or an options file. Reports can include the high level of detail required for a truly auditable process; for example:

• Pass/fail summary of code analysis and test results
• Expanded test output with pass/fail status of individual tests
• A list of analyzed files
• A list of policies checked
• A code coverage summary
• Full code listings with color-coding of all code coverage results
• Trend graphs for key metrics

Task Distribution

If any developer action is required (fix static analysis violations, address test failures, respond to code review suggestions, etc.), a task is generated, prioritized, and assigned to the developer who wrote the related code. The task is then distributed to the assigned developer's IDE with full data, cross-links to the related code, and a description explaining how to approach the assigned task. An e-mail notification alerts the developer to the assigned tasks.

Dashboards

Interactive Web-based dashboards with drill-down capability allow teams to track project status and trends based on results from Parasoft technologies as well as key process metrics (e.g., from source control, bug tracking, build, and requirements management systems). It correlates data from these sources to provide comprehensive and objective insight into application quality, team productivity, and project risk factors.

[ back to top ]

Host Platforms

• Windows NT/2000/XP/2003/Vista
• Linux kernel 2.4 or higher with glibc 2.3 or higher and an x86-compatible processor
• Linux kernel 2.6 or higher with glibc 2.3 or higher and an x86_64-compatible processor (32-bit compatibility package is required)
• Solaris 7, 8, 9, 10 and an UltraSPARC processor
• IBM AIX 5.3 and a PowerPC processor

IDEs

• Eclipse for C/C++ Developers 3.2, 3.3, 3.4, 3.5 (32-bit)
• Microsoft Visual Studio .NET 2003, 2005, 2008 with Microsoft Visual C++
• Wind River Workbench 2.6 and 3.0
• ARM Workbench IDE for RVDS 3.0, 3.1, 4.0
• QNX Momentics IDE 4.5 (QNX Software Development Platform 6.4)
• Texas Instruments Code Composer Studio 4

IDEs with Project Import Support

• ARM ADS 1.2
• Green Hills MULTI 4.0.x
• IAR Embedded Workbench 5.3/5.4
• Keil RealView MDK 3.40/µVision3 and MDK-ARM 4.01/µVision4
• Microsoft eMbedded Visual C++ 4.0
• Microsoft Visual Studio 6
• Texas Instruments Code Composer 3.1 and 3.3
• Wind River Tornado 2.0, 2.2

Host Compilers

• Windows
  • Microsoft Visual C++ 6.0, .NET (7.0), .NET 2003 (7.1), 2005 (8.0), 2008 (9.0)
  • GNU and MingW gcc/g++ 2.95.x, 3.2.x, 3.3.x, 3.4.x
  • GNU gcc/g++ 4.0.x, 4.1.x, 4.2.x, 4.3.x
  • Green Hills MULTI for Windows x86 Native v4.0.x
• Linux (x86 target platform)
  • GNU gcc/g++ 2.95.x, 3.2.x, 3.3.x, 3.4.x, 4.0.x, 4.1.x, 4.2.x, 4.3.x
• Linux (x86_64 target platform)
  • GNU gcc/g++ 3.4.x, 4.0.x, 4.1.x, 4.2.x, 4.3.x
• Solaris
  • Sun C++ 5.3 (Sun Forte C++ 6 Update 2), Sun C++ 5.5 (Sun ONE Studio 8), Sun C++ 5.6 (Sun ONE Studio 9), Sun C++ 5.7 (Sun ONE Studio 10), Sun C++ 5.8 (Sun ONE Studio 11), Sun C++ 5.9 (Sun ONE Studio 12)
  • GNU gcc/g++ 2.95.x, 3.2.x, 3.3.x, 3.4.x, 4.0.x, 4.1.x, 4.2.x, 4.3.x
  • Green Hills MULTI for SPARC Solaris Native v4.0.x
• AIX
  • IBM XL C/C++ compiler 8.0
  • GNU gcc/g++ 4.1.x

[ back to top ]

Target/Cross Compilers

• ARM (Windows hosted)
  • ARM RVCT 2.2, 3.x, 4.x
  • ARM ADS 1.2
• Embedded Linux (Windows, Linux, Solaris hosted)
  • GNU gcc/g++ 2.95.x, 3.2.x, 3.3.x, 3.4.x, 4.0.x, 4.1.x, 4.2.x, 4.3.x
• Green Hills (Windows, Solaris hosted)
  • Green Hills optimized compilers line 4.0.x
• IAR (Windows hosted)
  • IAR ANSI C/C++ Compiler V5.30 for ARM (C only)
• Keil (Windows hosted)
  • ARM/Thumb C/C++ Compiler, RVCT3.1 for uVision
  • C51 Compiler V8.18 (static analysis only)
• Microsoft (Windows hosted)
  • Microsoft Visual C++ for Windows Mobile 8.0, 9.0
  • Microsoft Embedded Visual C++ 4.0
• QNX (Windows hosted)
  • GCC 2.9.x, 3.3.x, 4.2.x
• STMicroelectronics (Windows hosted)
  • ST20 (static analysis only)
  • ST40 (static analysis only)
• Texas Instruments (Windows hosted)
  • TMS320C6x C/C++ Compiler v5.1
  • TMS320C6x C/C++ Compiler v6.0
  • TMS320C2000 C/C++ Compiler v4.1 (static analysis only)
• Wind River
  • Windows, Solaris, Linux hosted
    • GCC 2.96, 3.4.x, 4.1.x
    • DIAB 5.0, 5.5, 5.6
  • Windows hosted
    • EGCS 2.90
    • GCC 3.3.x for VxWorks 653 (static analysis only)

Build Management

• GNU make
• Sun make
• Microsoft nmake
• JAM
• Other build scripts that can provide an option of overriding a compiler via an environment variable

Source Control

• AccuRev SCM
• Borland StarTeam
• CVS
• IBM/Rational ClearCase
• Microsoft Team Foundation Server
• Microsoft Visual SourceSafe
• Perforce SCM
• Serena Dimensions
• Subversion (SVN)
• Telelogic Synergy

CORBA

Parasoft's native support for CORBA assists you to construct, continuously execute, and maintain test suites that directly exercise components via the CORBA protocol. This provides visibility into how functional test transactions pass through the components—helping you to truly understand what functionality you have covered and diagnose the cause of any test failures that occur. [ back to top ]