C/C++ Static Analysis, Code Review, Unit Testing, Runtime Error Detection
Current version: 220.127.116.11 (July 5, 2013)
is an integrated Development Testing solution for automating a broad range of best practices proven to
improve software development team productivity and software quality for C and C++. C/C++test facilitates:
Static analysis – static code analysis, data flow static analysis, and metrics analysis
Peer code review process automation–preparation, notification, and tracking
Unit testing – unit test creation, execution, optimization, and maintenance
Runtime error detection – memory access errors, leaks, corruptions, and more
This provides teams a practical way to prevent, expose, and correct errors in order to ensure that their C and C++ code works as expected. To promote rapid remediation, each problem detected is prioritized based on configurable severity assignments, automatically assigned to the developer who wrote the related code, and distributed to his or her IDE with direct links to the problematic code and a description of how to fix it.
Parasoft's customers, including 58% of the Fortune 500, rely on C/C++test for:
Preventing errors that compromise security, reliability, and performance
Complying with internal or regulatory quality initiatives
Ensuring consistency across large teams
Increasing productivity by automating tedious yet beneficial development practices
Successfully implementing popular development methods like TDD, Agile, and XP
For a Printable Version, Click Here(1,108 KB PDF).
C/C++test: C/C++ Static Analysis, Code Review, Unit Testing, Security
Comprehensive Code Quality Tools for C/C++ Development
Parasoft C/C++test enables teams to produce better code, test it more efficiently, and consistently
monitor progress towards their quality goals. With C/C++test, critical time-proven Development Testing best
practices—such as static analysis, comprehensive code review, unit and component testing with
integrated coverage analysis, and runtime error detection—are automated on the developer's desktop,
early in the development cycle. A command line interface enables fully automated execution within
regression and continuous integration environments, providing data for monitoring and analyzing
quality trends. Moreover, C/C++test integrates with Parasoft Concerto's reporting system, which
provides interactive Web-based dashboards with drill-down capability. This allows teams to track
project status and trends based on C/C++test results and other key process metrics.
For embedded and cross-platform development, C/C++test can be used in both host-based and
target-based code analysis and test flows.
Automate Code Analysis for Monitoring Compliance
A properly implemented coding policy can eliminate entire classes of programming errors by
establishing preventive coding conventions. C/C++test statically analyzes code to check compliance
with such a policy. To configure C/C++test to enforce a coding standards policy specific to their
group or organization, users can define their own rule sets with built-in and custom rules. Code
analysis reports can be generated in a variety of formats, including HTML and PDF.
Hundreds of built-in rules—including implementations of MISRA, MISRA 2004, and the new MISRA C++
standards, as well as guidelines from Meyers' Effective C++ and Effective STL books, and other
popular sources—help identify potential bugs from improper C/C++ language usage, enforce best
coding practices, and improve code maintainability and reusability. Custom rules, which are created
with a graphical RuleWizard editor, can enforce standard API usage and prevent the recurrence of
application-specific defects after a single instance has been found.
Identify Runtime Bugs without Executing Software
BugDetective, the advanced interprocedural static analysis module of C/C++test, simulates feasible
application execution paths—which may cross multiple functions and files—and determines whether
these paths could trigger specific categories of runtime bugs. Defects detected include using
uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division
by zero, memory and resource leaks, and various flavors of dead code. The ability to expose bugs
without executing code is especially valuable for embedded code, where detailed runtime analysis
for such errors is often not effective or possible.
C/C++test greatly simplifies defect analysis by providing a complete path trace for each potential
defect in the developer's IDE. Automatic cross-links to code help users quickly jump to any point
in the highlighted analysis path.
Streamline Code Review
Code review is known to be the most effective approach to uncover code defects. Unfortunately, many
organizations underutilize code review because of the extensive effort it is thought to require.
The C/C++test Code Review module automates preparation, notification, and tracking of peer code
reviews, enabling a very efficient team-oriented process. Status of all code reviews, including all
comments by reviewers, is maintained and automatically distributed by the C/C++test infrastructure.
C/C++test supports two typical code review flows:
Post-commit code review. This mode is based on automatic identification of code changes in a
source repository via custom source control interfaces, and creating code review tasks based on
pre-set mapping of changed code to reviewers.
Pre-commit code review. Users can initiate a code review from the desktop by selecting a set
of files to distribute for the review, or automatically identify all locally changed source code.
The effectiveness of team code reviews is further enhanced through C/C++test's static analysis
capability. The need for line-by-line inspections is virtually eliminated because the team's coding
policy is monitored automatically. By the time code is submitted for review, violations have
already been identified and cleaned. Reviews can then focus on examining algorithms, reviewing
design, and searching for subtle errors that automatic tools cannot detect.
Monitor the Application for Memory Problems
Runtime Error Detection is the best known approach to eliminating serious memory-related bugs with
zero false positives. The running application is constantly monitored for certain classes of
problems—like memory leaks, null pointers, uninitialized memory, and buffer overflows—and results
are visible immediately after the testing session is finished.
Without requiring advanced and time-consuming testing activities, the prepared application goes
through the standard functional testing and all existing problems are flagged. The application can
be executed on the target device, simulated target, or host machine. The collected problems are
presented directly in the developer's IDE with the details required to understand and fix the
problem (including memory block size, array index, allocation/deallocation stack trace etc.)
Coverage metrics are collected during application execution. These can be used to see what part of
the application was tested and to fine tune the set of regression unit tests (complementary to functional testing).
Unit and Integration Test with Coverage Analysis
C/C++test's automation greatly increases the efficiency of testing the correctness and reliability of
newly-developed or legacy code. C/C++test automatically generates complete tests, including test
drivers and test cases for individual functions, purely in C or C++ code in a format similar to
CppUnit. These tests, with or without modifications, are used for initial validation of the
functional behavior of the code. By using corner case conditions, these automatically-generated
test cases also check function responses to unexpected inputs, exposing potential reliability
Test creation and management is simplified via a set of specific GUI widgets. A graphical Test Case
Wizard enables developers to rapidly create black-box functional tests for selected functions
without having to worry about their inner workings or embedded data dependencies. A Data Source
Wizard helps parameterize test cases and stubs—enabling increased test scope and coverage with
minimal effort. Stub analysis and generation is facilitated by the Stub View, which presents all
functions used in the code and allows users to create stubs for any functions not available in the
test scope—or to alter existing functions for specific test purposes. Test execution and analysis
are centralized in the Test Case Explorer, which consolidates all existing project tests and
provides a clear pass/fail status. These capabilities are especially helpful for supporting
automated continuous integration and testing as well as "test as you go" development.
A multi-metric test coverage analyzer, including statement, branch, path, and MC/DC coverage, helps
users gauge the efficacy and completeness of the tests, as well as demonstrate compliance with test
and validation requirements, such as DO-178B. Test coverage is presented via code highlighting for
all supported coverage metrics—in the GUI or color-coded code listing reports. Summary coverage
reports including file, class, and function data can be produced in a variety of formats.
Automated Regression Testing
C/C++test facilitates the development of a robust regression test suite that detects if incremental
code changes break existing functionality. Whether teams have a large legacy code base, a small
piece of just-completed code, or something in between, C/C++test can generate tests that capture the
existing software behavior via test assertions produced by automatically recording the runtime test
results. As the code base evolves, C/C++test reruns these tests and compares the current results with
those from the originally captured "golden set." It can easily be configured to use different
execution settings, test cases, and stubs to support testing in different contexts (e.g., different
continuous integration phases, testing incomplete systems, or testing specific parts of complete
systems). This type of regression testing is especially critical for supporting agile development
and short release cycles, and ensures the continued functionality of constantly evolving and
Configurable Detailed Reporting
C/C++test's HTML, PDF, and custom format reports can be configured via GUI controls or an options
file. The standard reports include a pass/fail summary of code analysis and test results, a list of
analyzed files, and a code coverage summary. The reports can be customized to include a listing of
active static analysis checks, expanded test output with pass/fail status of individual tests,
parameters of trend graphs for key metrics, and full code listings with color-coding of all code
coverage results. Generated reports can be automatically sent via email, based on a variety of
role-based filters. In addition to providing data directly to the developers responsible for the
code flagged for defects, C/C++test sends summary reports to managers and team leads.
Efficient Team Deployment
C/C++test establishes an efficient process that ensures software verification tasks are ingrained
into the team's existing workflow and automated—enabling the team to focus on tasks that truly
require human intelligence. Defect review and correction are facilitated through automated task
assignment and distribution. Each defect detected is prioritized, assigned to the developer who
wrote the related code, and distributed to his or her IDE with full data and cross-links to code.
To help managers assess and document trends, centralized reporting ensures real-time visibility
into quality status and processes. This data also helps determine if additional actions are needed
to satisfy internal goals or demonstrate regulatory compliance.
Increase team development productivity — Apply a comprehensive set of best practices that
reduce testing time, testing effort, and the number of defects that reach QA.
Achieve more with existing development resources — Automatically vet known coding issues so
more time can be dedicated to tasks that require human intelligence.
Build on the code base with confidence — Efficiently construct, continuously execute, and
maintain a comprehensive regression test suite that detects whether updates break existing
Gain instant visibility into C and C++ code quality and readiness — Access on-demand
objective code assessments and track progress towards quality and schedule targets.
Reduce support costs — Automate negative testing on a broad range of potential user paths to
uncover problems that might otherwise surface only in "real-world" usage.
Static analysis of code for compliance with user-selected coding standards
Graphical RuleWizard editor for creating custom coding rules
Static code path simulation for identifying potential runtime errors
Automated code review with a graphical interface and progress tracking
Automated generation and execution of unit and component-level tests
Flexible stub framework
Full support for regression testing
Code coverage analysis with code highlighting
Runtime memory error checking during unit test execution and application-level testing
Full team deployment infrastructure for desktop and command line usage
Runtime Error Detection
Identify complex memory-related problems
through simple functional testing—for example:
Collect code coverage from application runs
Increase test result accuracy through execution of
the monitored application in a real target environment
Embedded and Cross-Platform Development
As the software components in embedded systems are becoming increasingly critical, the attention to
quality in embedded software increases across the board. Long-standing quality strategies such as
testing with a debugger are no longer efficient or sufficient. To further complicate matters, many
developers cannot readily run a test program in the actual deployment environment because they lack
access to the final system hardware. To address these challenges, code quality needs to be realized
throughout the development lifecycle—using a synergy of time-proven techniques for early defect
prevention, assisted by automation for implementation and monitoring.
C/C++test from Parasoft Embedded enables teams to produce better code for embedded systems, test it
more efficiently, and consistently monitor progress towards their quality goals. With C/C++test,
critical time-proven best practices—such as static analysis, comprehensive code review, and unit
and component testing with integrated coverage analysis—are enabled on the developer's desktop,
early in the development cycle. A command line interface enables fully automated execution within
regression and continuous integration environments, providing data for monitoring and analyzing
For highly quality-sensitive industries, such as avionics, medical, automobile, transportation, and
industrial automation, the addition of Parasoft's Web-based audit and reporting system, with
interactive Web-based dashboards and drill-down capability powered by a SQL database, enables an
efficient and auditable quality process with complete visibility into compliance efforts.
Test on the Host, Simulator, and Target
C/C++test automates the complete test execution flow, including test case generation,
cross-compilation, deployment, execution, and loading results (including coverage metrics) back
into the GUI. Testing can be driven interactively from the GUI or from the command line for
automated test execution, as well as batch regression testing. In the interactive mode, users can
run tests individually or in selected groups for easy debugging or validation. For batch execution,
tests can be grouped based either on the user code they are liked with, or their name or location
High Degree of Customization
C/C++test allows full customization of its test execution sequence. In addition to using the built-in
test automation, users can incorporate custom test scripts and shell commands to fit the tool into
their specific build and test environment. This unparalleled flexibility enables users to realize
their desired test flow without being constrained by the preset tool options.
C/C++test can be utilized with a wide variety of embedded OS and architectures, by cross-compiling
the provided runtime library for a desired target runtime environment. All test artifacts of
C/C++test are source code, and therefore completely portable.
Advanced Unit Test Features
Automatic generation of tests and stubs
Automatic generation of assertions based on observed test results
Graphical Test Case Wizard for interactive definition of tests
Complete visibility into test and stub source code
Intelligent, test-case-sensitive stubs
Parameterization of tests and stubs
Multi-metric coverage analysis for DO-178B (including MC/DC)
Flexible support for continuous regression testing
Annotation of tests against bug and requirement IDs
Execution of tests under debugger
Special mode for testing template code
"For our client, the RATP, we are working on the automation of line 13 of the Paris metro. This will allow an increase in train frequency on this saturated line. We produce software which, thanks to three systems of redundant sensors installed on the train, will enable real-time transmission of all train information to the line's central control station of the line.
Since it involves transport of persons, our software must comply with SIL level 4 - the highest level. This is the primary reason that we have chosen Parasoft C/C++test, which is also SIL level 4 certified, to test our software. Another key competitive differentiator is that C/C++test is extremely simple to use: setup is very fast, and it produces test reports of high quality.
Thanks to C/C++test, we have detected and corrected several defects. Within Thalès Communications, we have decided to use this tool in other projects where performance in the field of static code analysis is precious to us."
Parasoft C++test has become an integral part of our development process. It allows us to unit test our software in way that would otherwise be extremely difficult to do. It enables us to assure the accuracy and reliability of our applications.
Matt Klaustermeier, Director of Software Engineering
"Based on my experience with the Beta version, I am very impressed with the new capabilities and overall feel of the new C++test product. This new version offers a number of important additions and improvements.
Martin Brodeur, Senior Software Developer
"As part of our corporate quality initiative, we deployed Parasoft C++test to improve the readability, maintainability and reliability of our software. The full IDE integration makes all the features easy to access on the desktop."
Scott Lushbough, Software Engineer
By deploying C++test as the coding standard analysis tool, Mobile solution project in the SW Center of Samsung Electronics have decreased the amount of coding violations by 80%; a significant improvement on their development/testing process.
Samsung Electronics Mobile Project SW Center
Parasoft C++test has made it easy to transfer knowledge to new people, reducing the negative impact when experienced developers leave and new ones come in to replace them. Its easier to teach new people how to merely use the software rather than the concepts of QA and all the things that they need to know in order to adhere to those internal quality initiatives, such as code review, scope, and range of testing. Automation makes it a lot easier for us . Parasoft C++test enhances the quality of our products and the quality of our lives.
Joel Calderon, Software Design Supervisor
NEC Telecom Software Philippines
Parasoft provides a quality development solution that our entire team can grow with and experience continuous improvement. Parasoft's solution is teaching us all to be better programmers. It helps us find errors that we didn't even realize were errors. Parasoft's solution has saved the Global Modeling and Analysis team both time and resources that we would have otherwise spent finding and fixing defects. Instead, we get to spend that time adding new features and functionality.
Jim Spielbauer, Development Engineer
"We have automated and standardized our best practices for providing customers the highest quality code. We have dramatically improved the productivity of our testing efforts and this helps strengthen our position as a global provider of IT solutions."
Vidya Kabra, Software Engineering Tools Group Head
"[Parasoft C++test and .TEST] teach our development team better coding habits so that we can make our source code more fault-tolerant; more robust. I'm not talking about obvious bugs that software developers can find without automated testing tools; I'm talking about difficult-to-find logic issues that can take many hours of manual unit and integration testing to discover. We are able to get our product to market approximately 6 months sooner with Parasoft solutions than we could have if we had gone back to the testing vendor.
Gary Malfa, Software Engineer
"With minimal effort on my part I can come up to speed on C++test
very fast after a few months of not using it. All of Parasoft's C development
tools are extremely easy to use. The user manuals are quite informative, and
the graphical user interface provides an intuitive mechanism for retrieving
pertinent debugging information."
Robert Luppold, President
Luppold & Associates, Inc.
"Bad code costs money, and comes back to haunt support and development teams. Parasoft is an automated, non-invasive solution that scans under-development applications for syntax and coding errors before they become production problems. This alerts developers to coding problems and gives managers the reports they need to set strategic goals. Parasoft can provide significant value to software development organizations."
[Parasoft Jtest and C++test have] increased confidence in our software, decreased testing time and produced a more reliable product. We are able to double code coverage in our test cases.
Jeremy Kincaid, Senior Software Engineer
C/C++test is available in the following editions:
Desktop Edition: A completely integrated tool suite that enables developers/testers to perform automated code analysis (with built-in coding standards/rules and any custom rules developed in RuleWizard) and automated unit testing (with automatically-generated and user-defined test cases) from the desktop. Tests that scan multiple classes/files/directories can be performed directly from the development environment, with results immediately reported in the GUI for review/repair. Additionally, problems identified by Automation Edition tests can be imported into the GUI for review/repair. This edition also provides the RuleWizard module, which enables the creation of custom coding standards/rules using a graphical interface. The Desktop edition is intended to be installed and licensed on every developer, architect, and tester desktop.
Automation Edition: Includes the Desktop edition functionality, and adds support for performing test and analysis as batch or server processes. The provided command-line interface can test the complete project code base and be integrated into the automated build process. Results are written to customizable reports, which can be easily accessed by team members and automatically e-mailed to designated recipients. Additionally, team members can import Automation Edition test results into the desktop GUI for review/repair.
The Automation Edition also provides:
The Team Server module, which enables
centralized administration and sharing of coding standards/rule sets, test configurations, and test assets. Team Server is designed for development teams that want to ensure consistency in test practices across the team. When Team Server is implemented team-wide, the architect/lead developer can configure and upload standard team-wide test settings/configurations/files, then Team Server will automatically share them across all team
C/C++test installations. Team Server may be installed and run on any supported computer system (e.g., one of the developers' workstations, the server hosting a Parasoft
Automation Edition product, or an independent system).
The Code Review module, which automates preparation, notification, and tracking of peer code reviews, addresses the known shortcomings of this very powerful development practice. C/C++test automatically identifies updated code by scanning the source control system, matches the code with designated reviewers, and tracks the progress of each review item until closure. With the Code Review module, teams can establish a bulletproof review processwhere all new code gets reviewed and all identified issues are resolved.
BugDetective, advanced flow analysis technology that identifies paths which trigger runtime defects. Defects detected include using uninitialized memory, null pointer dereferencing, division by zero, and memory and resource leaks.
Eclipse IDE for Developers
Microsoft Visual Studio
Wind River Workbench
ARM Workbench IDE for RVDS
ARM Development Studio
QNX Momentics IDE (QNX Software Development Platform)