Language

.NET testing tools: Static code analysis, code review, unit testing

.NET Static Analysis, Code Review, Unit Testing

Current version: 5.0.4.9 (July 12, 2009)

Parasoft^® .TEST^™: .NET Testing, Static Analysis, Code Review

Parasoft^® .TEST^™ is an integrated solution for automating a broad range of best practices proven to improve software development team productivity and software quality. .TEST facilitates:

Static analysis–static code analysis, data flow static analysis, and metrics analysis
Peer code review process automation–preparation, notification, and tracking
Unit testing–unit test creation, execution, optimization, and maintenance
Plugin testing–sets up the actual application execution environment and launches tests from it

This provides teams a practical way to prevent, expose, and correct errors in order to ensure that their .NET code (including C#, VB.NET, ASP.NET and Managed C++ ) works as expected. To promote rapid remediation, each problem detected is prioritized based on configurable severity assignments, automatically assigned to the developer who wrote the related code, and distributed to his or her IDE with direct links to the problematic code and a description of how to fix it.

Parasoft's customers, including 58% of the Fortune 500, rely on .TEST for:

Preventing errors that compromise security, reliability, and performance
Complying with internal or regulatory quality initiatives
Ensuring consistency across large teams
Increasing productivity by automating tedious yet beneficial development practices
Successfully implementing popular development methods like TDD, Agile, and XP

Governance and Compliance

Parasoft .NET Quality Solution provides a fully-integrated suite for automating a broad range of best practices proven to improve software development team productivity and software quality.
Static code analysis	Facilitates regulatory compliance (FDA, PCI, etc.). Ensures that the code meets uniform expectations around security, reliability, performance, and maintainability. Eliminates entire classes of programming errors by establishing preventive coding conventions.
Data flow static analysis	Detects complex runtime errors related to resource leaks, NullReferenceExceptions, SQL injections, and other security vulnerabilities without requiring test cases or application execution.
Metrics analysis	Identifies complex code, which is historically more error-prone and difficult to maintain.
Peer code review process automation	Automates and manages the peer code review workflow- including preparation, notification, and tracking- and reduces overhead by enabling remote code review on the desktop.
Unit test generation and execution	Enables the team to start verifying reliability and functionality before the complete system is ready, reducing the length and cost of downstream processes such as debugging.
Automated regression testing	Generates and executes regression test cases to detect if incremental code changes break existing functionality or impact application behavior.
Coverage analysis	Assesses test suite efficacy and completeness using a multi-metric test coverage analyzer. This helps demonstrate compliance with test and validation requirements such as FDA.
Team deployment and workflow	Establishes a sustainable process that ensures software verification tasks are ingrained into the team's existing workflow and automated so team members can focus on tasks that truly require human intelligence.
Error assignment and distribution	Facilitates error review and correction. Each issue detected is prioritized, assigned to the developer who wrote the related code, and distributed to his or her IDE with direct links to the problematic code.
Centralized reporting	Ensures real-time visibility into quality status and processes. This helps managers assess and document trends, as well as determine if additional actions are needed for regulatory compliance.

Evaluation downloads are available upon request.

Governance and Compliance

SOA / Web services

Java

C/C++

.NET languages (C#, VB.NET, ASP.NET, Managed C++)

XML

WSDL

SOAP

PoX (Plain XML)

REST

JSON

BPEL

Web Applications

RIA

AJAX

JSP

JavaScript

VBScript/ASP

HTML

CSS

Multiple Message Protocols

WS-* Standards

UDDI

WSIL

MTOM(XOP) / MIME / DIME Attachments

HTTP 1.0, 1.1

HTTPS

TCP/IP

SMTP

.NET WCF (TCP, HTTP, WS Transaction Flow)

JMS

IBM MQ

Sonic MQ

TIBCO Rendezvous

EJB

RMI

CORBA

[+] Governance and Compliance

Workflow Optimization
Regulatory Compliance

Policy Management
Workflow Management

Policy Management

Parasoft provides centralized management of organization-level and team-level policies for ensuring application security, reliability, performance, and maintainability as well as complying with FDA, DO-178, PCI, and other regulations. Policies are easily deployed and customized for specific projects without compromising the integrity of the corporate objectives. Policy management is centralized for simple access and policy application is automated for rapid scanning and reporting.

Organization/Team Policy Manager
Parasoft's policy manager provides a fast and easy way to ensure that policy enforcement is standardized both globally and locally. This can include a fixed set of organizational policies, as well as subsets of policies customized to suit the needs of specific projects and teams. Policy configurations for thousands of desktops can be implemented or updated once, then distributed to thousands of machines with a single click.

Rule Library
Each language-specific rule library (Java, C/C++, .NET, XML, etc.) provides configurable sets of hundreds of rules including specific (contextual) security rules. Parasoft's rule library is the most comprehensive in the industry, and is constantly being extended. To help developers understand and achieve the benefit that the rules deliver, we provide detailed documentation for each rule, including an explanation of the rule requirements and customizable enforcement parameters, the rationale behind the rule, a sample violation, and an explanation of how to bring code into compliance.

Rule Configuration/Parameterization
Since goals and technologies vary from project to project, Parasoft allows teams to customize the logic of library rules to suit the unique demands of specific projects and priorities. Rules are customized using GUI controls no coding or scripting is required. Moreover, rule names, descriptions, and severities can be matched to your organization's policies, establishing a fully-customized policy management and reporting interface.

Graphical Rule Wizard
In the event that certain internal policies cannot be matched to library rules, Parasoft's RuleWizard provides fast and easy ways to extend the rule set. Custom IL-level and C# rules can be built graphically or generated automatically by providing code that demonstrates a sample rule violation. This flexible framework supports definition of even the most complex policy requirements.

[ back to top ]

Workflow Management

Parasoft defines, automates, and monitors a workflow that improves development productivity and forms the foundation for a sustainable quality process. As quality tasks are defined and automated, process control guidelines are established to measure process progress as well as software quality. With monitorable quality gates and thresholds throughout the SDLC, your organization and team can track progress and ultimately improve the software development process.

Quality Process Definition
Quality processes and tasks are defined in the system and the workflow associated with the process is automated. The organization's expectations around quality tasks are visible and monitored. This significantly reduces the resources required to establish and maintain the quality process, resulting in increased team productivity.

Quality Process Metrics
Process control guidelines are established to measure both process progress and software quality. By establishing quality gates at specific points in the SDLC and establishing quality thresholds, organizations and teams gain the ability to track progress and ultimately improve the software development process.

Workflow Optimization

Tasks to support quality policies must be optimized so they can become an integral part of the team's existing workflow. The lack of automation, repeatability, or consistency will degrade any quality initiative that the organization intends to deploy. Parasoft optimizes the workflow to ensure that the quality process is both sustainable and scalable. For example:

Routing each reported issue directly to the responsible developer and customizable issue prioritization both ensure that your most critical issues are addressed in a timely manner.
Centralized configuration management to ensure that test configurations are applied consistently and can be updated effortlessly as priorities and processes evolve.
Monitoring manual processes that require human intelligence, then converting them into automated processes relieves the team from having to repeat many manual efforts.

[ back to top ]

Issue Prioritization
Results are reported as a prioritized task list to help the team focus their attention and resources on the issues expected to have the greatest impact on quality. To ensure that the most critical policy violations are identified immediately and promptly resolved, Parasoft allows organizations to customize issue severities to match their unique project needs and priorities.

Context Suppression
Context-sensitive suppressions allow teams to prevent rules from firing under specific circumstances where they do not apply. This reduces the level of noise, ensuring that every violation reported is a real problem that should be fixed. Suppressions can be defined in the code to ensure they are always visible when code is reviewed and modified.

Regulatory Compliance

To help teams achieve and demonstrate regulatory compliance, we establish an in-line continuous quality process that ensures mandated practices are not only deployed across every stage of the SDLC, but also ingrained into the team's workflow.
Parasoft supports:

After each test, a list of tasks required for compliance is generated and prioritized. The responsible developers are notified immediately, and their assigned tasks are distributed directly to their IDEs. Archived reports and trend graphs document validation efforts and quality improvements.

[ back to top ]

[+] Static Code Analysis

Technology Guidelines and Standards
Regulatory Compliance Standards
Application-Specific Errors

Policy Enforcement
Security
Expert Best Practices

Parasoft's static analysis monitors whether code meets uniform expectations around security, reliability, performance, and maintainability—delivering real-time training based on corporate policy. By exposing structural errors and preventing entire classes of errors, this provides a foundation for producing solid code. Our static analysis includes static code analysis, data flow static analysis, and code metrics analysis. All are centrally managed and highly automated. Moreover, an automated framework is provided to ensure consistency across development languages, development teams, and third-party partners.

Parasoft's static code analysis monitors whether code follows industry-standard or customized rules for ensuring that code meets uniform expectations around security, reliability, performance, and maintainability. Over 15 years of research and development have gone into optimizing Parasoft's patented static code analysis engine and knowledge base. Our static code analysis solutions feature:

A centralized, integrated system for automated monitoring of code compliance across heterogeneous environments (Java, C/C++, C#, VB.NET, JavaScript, etc.), core industry standards (WS-*, Section 508, FDA, PCI, MISRA, etc.), and organization-specific policies (security, branding, etc.).
Rule sets that are the most comprehensive in the industry and are constantly being extended.
Fast, easy ways to define and check custom rules that prevent application-specific errors from reoccurring and monitor adherence to organization-specific policies.
Automated task assignment and customizable issue prioritization to ensure that the most critical issues are addressed in a timely manner.
Extensive support for policy management, workflow management, and workflow optimization to facilitate code improvement without impeding project progress or team productivity.

The .NET quality solution includes 200+ rules that check compliance with Microsoft's ".NET Framework Design Guidelines." Additional sets of rules cover CLS Compliance, Object Oriented Metrics, and Security. In addition to rules that examine the IL code, We also provides rules that examine the C# source code; this enables us to check for many code issues that cannot be identified by IL-level analysis (for example, formatting issues, empty blocks, misuse of operators, etc.).

[ back to top ] Policy Enforcement
Parasoft's static code analysis can easily be configured to automatically monitor adherence to organization, team, and project policies for security, compliance, etc. The rule library includes hundreds of rules that deliver "out-of-the-box" monitoring of many common policy requirements. These static analysis rules can be customized as needed to match specific policy requirements, and the rule set can be rapidly extended to address even the most complex and unique requirements. Moreover, rule names, descriptions, and severities can be mapped to the organization's policies, establishing a fully-customized policy management and reporting interface.

Security
In addition to enforcing organizations' unique security policies, Parasoft automatically identifies common security vulnerabilities with the most comprehensive rule set in the industry. Our solutions are configured to deliver an instant assessment of compliance with PCI DSS section 6 security guidelines. This enables teams to rapidly assess the level of compliance–without spending time reading the PCI DSS specification and determining how the requirements translate to code. We also provide an automated assessment of your risks regarding the most critical application security vulnerabilities (as listed in the OWASP Top 10).

Expert Best Practices
Industry leaders have built an extensive knowledge base of guidelines for preventing the most serious and common software defects. Parasoft's static code analysis provides expert code feedback in seconds by automatically applying the wisdom of Microsoft experts and others. Identifying and fixing the reported violations improves code security, reliability, performance, and maintainability.

Technology Guidelines and Standards
To help developers understand and negotiate the unique pitfalls involved in working with certain technologies, Parasoft's static code analysis automatically monitors code compliance to technology-specific guidelines and standards. Parasoft's static code analysis provides out-of-the-box support for preventing mistakes related to common technologies/frameworks such as Microsoft's ".NET Framework Design Guidelines," CLS Compliance, and more. Moreover, our flexible static code analysis framework can easily be extended to support more specialized needs.

[ back to top ]

Regulatory Compliance Standards

Our static code analysis enables teams to rapidly assess the level of compliance to various regulatory standards–without spending time reading the related specifications and determining how the requirements translate to code.

Parasoft supports:

Moreover, our flexible static code analysis framework can easily be extended to support more specialized needs.

Each issue detected is prioritized, automatically correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code. Eventually, developers start writing compliant code as a matter of habit. Moreover, through integration with the development infrastructure, results are correlated with requirements, bugs, and source code changes converting data into actionable information.

Archived reports and trend graphs document validation efforts and quality improvements.

Application-Specific Errors

Parasoft provides fast and easy ways to define custom static code analysis rules that prevent the recurrence of application-specific defects after a single instance has been found. By ensuring that the team does not make the same mistake twice, this significantly improves team productivity and product quality.

[ back to top ]

[+] Data Flow Static Analysis

Legacy Code Audit

Static Detection of Complex Runtime Errors
Static Detection of Security Vulnerabilities

Parasoft's data flow analysis provides automated detection of runtime errors without requiring the software to actually be executed. This enables early and effortless detection of critical runtime errors that might otherwise take weeks to find. We statically simulate application execution paths which may cross multiple units, components, and files to identify paths that could trigger runtime errors such as resource leaks, SQL injections, and other security vulnerabilities. To simply defect analysis, a complete analyzed path trace for each potential defect is reported in the IDE, and automatic cross-links to code help users quickly jump to any point in the highlighted analysis path.

This ability to expose these errors without executing code is especially valuable for teams with legacy code bases lacking robust test suites or embedded code, where runtime analysis and detection of such errors is not effective or possible.

Static Detection of Complex Runtime Errors

Parasoft data flow analysis enables you to find potentially crash-causing defects such as NullReferenceExceptions and resource leaks without having to create, execute, or maintain test cases. This provides a fast and easy way to identify reliability and performance problems without having to actually execute the application.

Static Detection of Security Vulnerabilities

For security vulnerability detection, Parasoft's data flow analysis detects whether actual application execution paths could lead to injection vulnerabilities, XSS, exposure of sensitive data, and other vulnerabilities.

Legacy Code Audit

Parasoft's data flow analysis can be applied to a large code base for fast, effortless detection of complex runtime problems. This provides a practical way to identify critical problems in a large code base when testing resources are limited. Moreover, data flow helps you audit the effectiveness of your quality policies. If proper quality policies are in place, no problems should be reported by data flow analysis. An issue detected by data flow analysis indicates that the quality policy was not comprehensive enough or was not applied properly.

[ back to top ]

[+] Metrics Code Analysis

Limit-Based Analysis

Calculation

Parasoft's code metrics analysis calculates a customizable set of industry-standard metrics, as well as identifies specific pieces of code that exceed industry-standard or customized metrics thresholds. This helps organizations identify brittle or overly-complex code that could impede agility or reuse.

Calculation

Parasoft's metrics calculation capability provides organizations visibility into code complexity and the potential impacts of an anticipated code change. This enables them to make more informed decisions as to how to modify, refactor, and test it. Metrics calculations provided include Cyclomatic Complexity, Inheritance Depth, Nested Block Depth, and more.

Limit-Based Analysis

Parasoft enables organizations to customize the boundaries and thresholds for available metrics so that team members are alerted when metrics are outside of the prescribed range. Leveraging this automation, the team is freed to focus on analyzing and improving the problematic code-tasks that truly require human intelligence.

[ back to top ]

[+] Code Review

Peer Code Review

Automated Code Review

Automated Code Review

Parasoft's automated code analysis checks code as it is written to prevent entire classes of errors and ensure that code meets uniform expectations around security, reliability, performance, and maintainability. This typically relieves developers from having to perform line-by-line inspections during peer code reviews, freeing them to focus on higher-level analyses that require human intelligence. With automated checking for compliance to the team's and organization's development policies, the team can begin code reviews by discussing interesting findings from the automated code analysis results, then move on to examining design, algorithmic, and implementation issues. This aspect of the peer code review is supported by Parasoft's code review capability, which automatically identifies updated code, matches the code with designated reviewers, and tracks the progress of each review item until closure. By automating critical workflow components, the team gains more time to focus on inspecting and improving the code.

Peer Code Review

Parasoft automates and manages the peer code review workflow. Our code review capability-which automates preparation, notification, and tracking of peer code reviews-addresses the known shortcomings of this very powerful inspection method. It automatically identifies updated code by scanning the source control system or the local file system, matches the code with designated reviewers, and tracks the progress of each review item until closure. This allows teams to establish a bulletproof review process where all new code gets reviewed and all identified issues are resolved.

Teams who prefer to review only the the most dangerous segments of their code (for example, the most security-sensitive or deadlock-prone areas of the code base) can easily set up such focused reviews using the flexible configuration options.

[ back to top ]

Workflow
For a code review process to be sustainable and successful, it’s essential that the workflow be as natural and unobtrusive as possible. That’s why Parasoft engineered an automated peer code review workflow where developers simply check in code as normal, then review packages are prepared automatically and distributed to the appropriate reviewer’s IDE. The only added work is the actual peer review—a creative process that cannot, and should not, be automated.

Parasoft provides built-in support for the following typical code review flows:

Post-commit code review: This mode is based on automatic identification of code changes in a source repository via custom source control interfaces. Code review tasks are created based on a preconfigured mapping of changed code to reviewers.
Pre-commit code review: Users can initiate a code review from the desktop by selecting a set of files to distribute for the review, or automatically identify all locally changed source code.

Contextual Analysis
Although automated code analysis can identify many issues related to security, reliability, performance, and maintainability, it cannot detect functional defects: instances where the code is not doing what it’s supposed to do. This high-level error detection can only be achieved when the human brain analyzes code in the context of its requirements and available test cases. Parasoft aggregates these artifacts, reducing the barrier to entry for this irreplaceable analysis.

Monitoring
For a code review process to stay on track, it needs to be measured and actively monitored. That’s why Parasoft automates the process and connects it to Parasoft's reporting system — providing objective answers to questions such as:

Are reviews being performed?
Are identified issues actually being resolved?
How is the code review impacting team productivity and application quality?

[ back to top ]

[+] Unit Test Framework

.NET Compact Framework Testing
Test Driven Development (TDD)

Test Creation
Test Optimization
Extended Execution Environment

Parasoft delivers a complete framework to create, manage, and extract greater value from unit tests. We help you exercise and test an incomplete system enabling you to identify problems when they are least difficult, costly, and time-consuming to fix. This reduces the length and cost of downstream processes such as debugging. Moreover, since all tests are written at the unit level, the test suite can be run independent of the complete system. This allows you to isolate code behavior changes, reduces setup complexities, and makes it practical.

Test Creation

To facilitate standardized testing and quality processes, our patented technologies automatically generate extensible, reusable test cases. These test cases not only expose potential reliability problems, but also capture the code's current behavior to establish a baseline for regression testing. You can incrementally improve the test suite's intelligence and value by extending the generated test cases. Collectively, these test cases establish a safety net that alerts you when modifications impact application behavior.

Regression Baseline
If your team has a large code base with minimal tests or no tests, the fastest route to regression testing is to automatically generate a regression test suite that captures the code's current behavior and then run it daily to determine if code modifications break existing functionality. To help you achieve this, we scan the project code base, then automatically generate a baseline set of unit test cases that capture the code's current behavior. Then, we establish a continuous regression testing process which ensures that the impacts of code modifications are identified and addressed daily, and the test suite stays in synch with the evolving application. This provides a safety net that helps developers rapidly change code with confidence, which is especially critical for teams working on complex and constantly-evolving applications.

Exception Detection
By using corner case conditions, automatically-generated test cases check responses to unexpected inputs, exposing potential reliability problems.

The generated unit tests directly correlate tests to source code, which improves error identification and diagnosis, and allows developers to run these test cases without having to depend on access to the production environment or set up a complex staging environment. This facilitates collaboration between QA and Development: QA can provide developers traced test sessions with code-level test results, and these tests help developers identify, understand, and resolve the problematic code.

Functional (Tracer)
With Parasoft Tracer, you can create rich unit tests via the application's user interface. This significantly reduces the time and effort required to develop realistic functional tests.

Tracer tracks and visualizes how designated classes are used as a running application is exercised. Developers can select which calls they want included in test cases (and in what order), then click a button to generate flexible NUnit tests that capture the precise functionality they want to validate. If the functionality associated with the "traced" use cases later breaks, the team will be alerted by the failure of the related test cases.

Each test case generated in this way can run in the traditional unit testing framework that tests code in isolation, or in the context of an application (see below).

[ back to top ]

Test Optimization

Parasoft provides a variety of technologies to help you extend your manually-defined and automatically-generated test cases, enabling you to increase their value with minimal effort.

Easy Extension
Parasoft automatically generates complete tests, including test drivers and test cases for individual methods/functions, in industry-standard xUnit formats. Developers can rapidly add additional tests (for verifying specific functionality and/or increasing coverage) by extending the automatically-generated tests. This allows developers to extend the test suite while writing a minimal amount of code.

Stub Creation and Management
Parasoft can automatically stub out calls to external resources or problematic methods/functions within the source code base. This relieves developers from having to write extensive stubs or mock objects from scratch. Using automatically-generated stub templates, you can define your own stubs for automatically-generated or user-defined test cases.

Test Case Parameterization
Test Case Parameterization automates the process of reusing a test with different sets of data. This allows teams to increase the amount of testing and coverage with very little effort.

Data-Driven Test Cases
Parasoft can use values from any of the following types of data sources for test case inputs as well as data validation:

CSV files
Databases
Excel spreadsheets
Tables created in (or copied into) the internal table editor.
File

[ back to top ]

Extended Execution Environment

Extended Execution Environment
Parasoft's extended execution environment centralizes execution and enhances reporting for all of your automatically-generated and manually-written xUnit-format unit test cases.

Error Assignment and Distribution
To promote fast remediation, each test failure or exception detected is prioritized, assigned to the developer who introduced the problem, and distributed to his or her IDE with direct links to the problematic code.

Debugger Integration
Developers can step through test cases with a debugger to better examine the code's internal state during a given test. For example, they might want to debug test cases to learn more about why an unexpected outcome was reported, or to determine why a test case failed.

Coverage Analysis
Parasoft's centralized reporting of coverage metrics helps teams gauge test suite efficacy and completeness, as well as demonstrate compliance with test and validation requirements. Coverage is reported in percentages as well as graphically displayed via source code that is annotated with line-by-line coverage details.

Execution in the Context of the Application
One of the biggest problems in writing unit tests is that many many tests require complex objects that need the application environment for proper functioning. For example, this is common with application plugins (such as plugins for IDEs or Microsoft applications) that need to call an API from the original application and get initialized by the application.

Parasoft addresses this problem by automatically setting up the actual application execution environment and launching tests from it. In most cases, no application changes are needed, and not a single line of code needs to be written.

.NET Compact Framework Testing

Developers of .NET Compact Framework applications are often forced to run their tests against the .NET Framework (non-compact version) on their PC machines. As a result, their tests are not realistic and test maintenance is difficult. This is because many parts of the API are different than their counterparts in the standard framework. Moreover, the .NET Compact Framework has different functionality for various devices—complicating the developing of portable applications and requiring much manual testing.

Addressing these challenges, Parasoft allows you to run unit and application tests for the .NET Compact Framework directly on target decides or emulators. This enables you to:

Write very realistic unit tests since code runs against the .NET CF, which accurately represents realistic application behavior.
Automatically check your code against any device or emulator that supports Active Sync communication.
Track the line coverage of the code under test.
More easily test code that interacts with system elements which are difficult to drive during automated testing.
Access an API, such as native API, which is available for a particular device only.

Support is available for NET Compact Framework 2.0, NET Compact Framework 3.5, Windows Mobile 5, Windows Mobile 6, and Windows CE.

Test Driven Development (TDD)

Parasoft supports Test Driven Development with many different capabilities: both automated and assistive. In general, an organization can specify any sequence of development tasks–including writing a test for each requirement–within Parasoft Concerto. The preferred sequences of tasks are defined as "policy" and Parasoft Concerto enforces the desired behavior via a process (or exception-based task notification system). In other words, if developers perform the expected actions (as defined by the policy), then the system remains passive and does not bother them. Notifications are generated only when actions don't align with policy expectations.

For details, see the white paper Test Driven Development with Parasoft Concerto.

[ back to top ]

[+] Reporting

Dashboards

Reports
Task Distribution

Parasoft's robust reporting capabilities not only promote rapid defect resolution, but also support an auditable quality process by providing complete visibility into the team's efforts.

Reports

After each test/analysis run, Parasoft can automatically generate and e-mail role-based reports to managers, team leads, and developers. Reports are available in HTML, PDF, and custom format, and can be easily configured via GUI controls or an options file. Reports can include the high level of detail required for a truly auditable process; for example:

Pass/fail summary of code analysis and test results
Expanded test output with pass/fail status of individual tests
A list of analyzed files
A list of policies checked
A code coverage summary
Full code listings with color-coding of all code coverage results
Trend graphs for key metrics

Task Distribution

If any developer action is required (fix static analysis violations, address test failures, respond to code review suggestions, etc.), a task is generated, prioritized, and assigned to the developer who wrote the related code. The task is then distributed to the assigned developer's IDE with full data, cross-links to the related code, and a description explaining how to approach the assigned task. An e-mail notification alerts the developer to the assigned tasks.

Dashboards

Interactive Web-based dashboards with drill-down capability allow teams to track project status and trends based on results from Parasoft technologies as well as key process metrics (e.g., from source control, bug tracking, build, and requirements management systems). It correlates data from these sources to provide comprehensive and objective insight into application quality, team productivity, and project risk factors.

[ back to top ]

[+] Supported Environments

Source Control

OS
IDEs

OS

Windows 7, Vista, Windows XP or Windows 2003 Server

IDEs

Visual Studio 2008, Visual Studio 2005, or Visual Studio .NET 2003

Source Control

[ back to top ]

For a Printable Version, Click Here (542 KB PDF).

.TEST Data Sheet: .NET Static Analysis, Code Review, Unit Testing, Security

Comprehensive Code Quality Tools for .NET Development

Parasoft® .TEST™ is an integrated solution for automating a broad range of best practices proven to increase software development team productivity and software quality. Parasoft .TEST ensures developers that their .NET code works as expected by enabling coding policy enforcement, static analysis, and unit testing. Parasoft .TEST also saves development teams time by providing a streamlined manual code review process. Parasoft .TEST can be used both on the desktop as a Microsoft Visual Studio plugin and in batch processes via command line interface for regression testing.

Parasoft .TEST works with programming languages that target the Microsoft .NET Framework, including C#, VB.NET, ASP.NET and MC++ (Managed C++). It can test any file or assembly that has been built to take advantage of the .NET CLR. Moreover, it can test Web Site projects that are hosted in the file system or at an HTTP server.

Identify Runtime Bugs without Executing Software

BugDetective uses data flow analysis to detect runtime errors without requiring the software to actually be executed. This enables early and effortless detection of critical runtime errors that might otherwise take weeks to find. Defects detected include NullReferenceExceptions, ArgumentNullExceptions, resource leaks, division by zero, dereferencing before checking for null, SQL injections, XSS, and other security vulnerabilities.

Such defects may also point to loopholes in the design of the code for the specific use cases corresponding to highlighted execution paths. Reviewing the violations reported by BugDetective often leads to good coding conventions that can prevent defects from recurring.

Automate Code Analysis for Compliance

A properly-implemented coding policy can eliminate entire classes of programming errors by establishing preventive coding conventions. .TEST statically analyzes code to check compliance with such a policy. To configure .TEST to enforce a coding standards policy specific to their group or organization, teams can define their own rule sets with built-in and custom rules. .TEST includes 400+ rules that cover Microsoft's .NET Framework Design Guidelines, CLS Compliance, Object Oriented Metrics, Security, and more.

In addition to rules that examine the IL code, .TEST also provides rules that examine the C# source code; this enables .TEST to check for many code issues that cannot be identified by IL-level analysis (for example, formatting issues, empty blocks, misuse of operators, etc.). Custom IL-level and C# rules, which are created with a graphical RuleWizard editor, can also enforce specific project and organizational requirements and prevent the recurrence of application-specific defects after a single instance has been found.

Enable Effective and Comprehensive Team Code Review

The innovative Code Review module, which automates preparation, notification, and tracking of peer code reviews, addresses the known shortcomings of this very powerful development practice. .TEST automatically identifies updated code, matches the code with designated reviewers, and tracks the progress of each review item until closure. With the Code Review module, teams can establish a bulletproof review process—where all new code gets reviewed and all identified issues are resolved.

Automate Unit and Component Testing for Instant Verification and Regression Testing

.TEST’s automated testing capabilities significantly reduce the work required to develop and maintain an effective test suite. .TEST’s automated testing capabilities are especially helpful for supporting continuous integration and agile/iterative development.

.TEST automatically generates complete NUnit tests for any .NET language file or assembly. By using corner case conditions, these automatically-generated test cases check function responses to unexpected inputs, exposing potential reliability problems. Moreover, the generated test suite instantly establishes a baseline for regression testing, and can easily be extended to verify specific functionality that you want to verify. Collectively, these test cases establish a safety net that alerts you when modifications impact application behavior.

.TEST provides numerous ground-breaking technologies to facilitate unit testing, including:

Test Case Tracer: Tracks and visualizes how designated classes/methods are used as a running application is exercised. You can select which calls you want included in test cases (and in what order), then click a button to generate flexible NUnit tests that capture the precise functionality you want to validate. This significantly reduces the time and effort required to develop realistic functional tests.
Application hosted testing: Allows you to launch unit tests from virtually any point within your application—without changing your application or writing additional code. This lets you create complex objects in their natural environment and facilitates test development/maintenance.
Extensive coverage analysis: Tracks coverage information for all tests—from .TEST-based unit testing to manual application testing—and can combine the coverage information from multiple test runs. This helps you accurately gauge test suite efficacy and completeness, as well as demonstrate compliance with test and validation requirements.
Flexible stub support: Allows classes to be tested in isolation. This addresses one of the greatest challenges in writing unit tests: getting complex objects in different states.

Automate .NET Compact Framework Testing

Addressing these challenges, Parasoft allows you to run unit and application tests for the .NET Compact Framework directly on target decides or emulators. This enables you to:

Write very realistic unit tests since code runs against the .NET CF, which accurately represents realistic application behavior.
Automatically check your code against any device or emulator that supports Active Sync communication.
Track the line coverage of the code under test.
More easily test code that interacts with system elements which are difficult to drive during automated testing.
Access an API, such as native API, which is available for a particular device only.

Support is available for NET Compact Framework 2.0, NET Compact Framework 3.5, Windows Mobile 5, Windows Mobile 6, and Windows CE.

Establish a Uniform Process Across the Team with a User-Friendly Workflow

An easy-to-use workflow and a good deployment strategy are both essential for making the above features work in real world development processes. .TEST’s support for team deployment standardizes testing team-wide and provides a sustainable workflow for integrating best practices into the team's existing processes—with minimal disruption.

The architect defines the team's designated test configurations, then Parasoft Team Server automatically shares them across all team .TEST installations. Developers can test code directly from Visual Studio to find and fix problems before adding it to source control. Additionally, .TEST Server can test the entire project code base each evening, then email reports to the manager and responsible developers if any problems are detected. Developers can then import results into Visual Studio to review and repair the errors reported for code they authored.

.TEST also sends information from these tests to Parasoft Report Center, which provides interactive Web-based dashboards with drill-down capability, allowing teams to track project status and trends based on .TEST results and other key process metrics.

Benefits

Increase team development productivity — Apply a comprehensive set of best practices that reduce testing time, testing effort, and the number of defects that reach QA.
Achieve more with existing development resources — Automatically vet known coding issues so more time can be dedicated to tasks that require human intelligence.
Build on the code base with confidence — Efficiently construct, continuously execute, and maintain a comprehensive regression test suite that detects whether updates break existing functionality.
Gain instant visibility into code quality and readiness — Access on-demand objective code assessments and track progress towards quality and schedule targets.
Reduce support costs — Automate negative testing on a broad range of potential user paths to uncover problems that might otherwise surface only in “real-world” usage.

Features

Static analysis of code for compliance with user-selected coding standards
Graphical RuleWizard editor for creating custom coding rules
Static code path simulation for identifying potential runtime errors
Streamlined code review process with a graphical interface and progress tracking
Automated generation and execution of unit tests
Generates functional unit test cases that capture actual code behavior as the application is exercised
Launches tests from the actual execution environment
Flexible stub framework for use in unit tests
Full support for regression testing
Code coverage analysis for unit testing and beyond
Full team deployment infrastructure for desktop and command line usage
Seamless integration with Microsoft Visual Studio

System Requirements

Windows 7, Vista, Windows XP or Windows 2003 Server
1GB memory minimum, 2GB recommended
1GHz or faster processor
Visual Studio 2008, Visual Studio 2005, or Visual Studio .NET 2003

".TEST is a great product! It snaps right into VS 2005 as though it were part of the product and it greatly reduces errors by enforcing all your favorite rules. We have stuck to the MS Guidelines and we had to do almost no work at all to have .TEST automate our code analysis and generate the grunt work part of the unit tests so that we could focus ur attention on real test-driven development."

Bruce Gruenbaum, Principal Software Engineer
Progress Software

"Parasoft’s .TEST is one such product with which developers can automatically test their applications during the development phase with a single click. As opposed to the Visual Studio debugger, Parasoft .TEST is a tool that enforces coding standards rules and helps in generating and executing unit tests."

Anand Narayanaswamy, Editor
asp.netPRO Magazine

“Parasoft provides a quality development solution that our entire team can grow with and experience continuous improvement. Parasoft's solution is teaching us all to be better programmers. It helps us find errors that we didn't even realize were errors. Parasoft's solution has saved the Global Modeling and Analysis team both time and resources that we would have otherwise spent finding and fixing defects. Instead, we get to spend that time adding new features and functionality.”

Jim Spielbauer, Development Engineer
Trane

"We have automated and standardized our best practices for providing customers the highest quality code. We have dramatically improved the productivity of our testing efforts and this helps strengthen our position as a global provider of IT solutions."

Vidya Kabra, Software Engineering Tools Group Head
Wipro

"[Parasoft C++test and .TEST] teach our development team better coding habits so that we can make our source code more fault-tolerant; more robust. I'm not talking about obvious bugs that software developers can find without automated testing tools; I'm talking about difficult-to-find logic issues that can take many hours of manual unit and integration testing to discover.… We are able to get our product to market approximately 6 months sooner with Parasoft solutions than we could have if we had gone back to the testing vendor.”

Gary Malfa, Software Engineer
Bovie Medical

.TEST is available in the following editions:

Professional Edition: A completely integrated tool suite that enables developers/testers to perform automated code analysis (with built-in coding standards/rules and any custom rules developed in the Architect Edition) and automated unit testing (with automatically-generated and user-defined test cases) from the desktop. Tests that scan multiple classes/files/directories can be performed directly from the development environment, with results immediately reported in the GUI for review/repair. Additionally, problems identified by Server Edition tests can be imported into the GUI for review/repair. The Professional edition is intended to be installed and licensed on every developer and tester desktop.
Architect Edition: Includes the Professional Edition functionality, and adds the RuleWizard module, which enables the creation of custom coding standards/rules using a graphical interface. The Architect Edition is intended for use by an architect or the individual responsible for establishing coding standards for the organization.
Server Edition: Includes the Architect Edition functionality, and adds support for performing automated code analysis and unit testing as batch or “server” processes. The provided command-line interface can test the complete project code base and be integrated into the automated build process. Results are written to customizable reports, which can be easily accessed by team members and automatically e-mailed to designated recipients. Additionally, developers and QA can import Server Edition test results into the desktop GUI for review/repair.
The Server Edition also provides:
- The Team Server module, which enables centralized administration and sharing of coding standards/rule sets, unit testing configurations, and test assets. Team Server is designed for development teams that want to ensure consistency in test practices across the team. When Team Server is implemented team-wide, the architect/lead developer can configure and upload standard team-wide test settings/configurations/files, then Team Server will automatically share them across all team .TEST installations. Team Server may be installed and run on any supported computer system (e.g., one of the developers' workstations, the server hosting a Parasoft Server Edition product, or an independent system).
- The Code Review module, which automates preparation, notification, and tracking of peer code reviews, addresses the known shortcomings of this very powerful development practice. .TEST automatically identifies updated code by scanning the source control system, matches the code with designated reviewers, and tracks the progress of each review item until closure. With the Code Review module, teams can establish a bulletproof review process—where all new code gets reviewed and all identified issues are resolved.
- BugDetective, a new type of static analysis technology that uses several analysis techniques, including simulation of application execution paths, to identify paths that could trigger runtime defects. Defects detected include NullReferenceExceptions, resource leaks, SQL injections, and other security vulnerabilities.

The following optional license is available:

Security: Adds a comprehensive knowledgebase of security issues and guidelines that .TEST can apply when scanning and analyzing source code. When applied, this module will search and identify a broad range of security vulnerabilities, including such issues as improper input handing, malicious code, concurrency issues, improper logging, command injections, improper error handling, string formatting issue, denial of service, authentication, and many more. This module provides the ability to define a security policy that will guide, direct, and enforce secure coding practices in application development.

OS

Windows 7, Vista, Windows XP or Windows 2003 Server

IDEs

Visual Studio 2008, Visual Studio 2005, or Visual Studio .NET 2003

Source Control

AccuRev SCM
Borland StarTeam
CVS
IBM/Rational ClearCase
Microsoft Visual SourceSafe
Perforce SCM
Serena Dimensions
Subversion (SVN)
Telelogic Synergy

.NET Static Analysis, Code Review, Unit Testing

Parasoft® .TEST™: .NET Testing, Static Analysis, Code Review

Policy Management

Workflow Management

Workflow Optimization

Regulatory Compliance

Regulatory Compliance Standards

Application-Specific Errors

Static Detection of Complex Runtime Errors

Static Detection of Security Vulnerabilities

Legacy Code Audit

Calculation

Limit-Based Analysis

Automated Code Review

Peer Code Review

Test Creation

Test Optimization

Extended Execution Environment

.NET Compact Framework Testing

Test Driven Development (TDD)

Reports

Task Distribution

Dashboards

OS

IDEs

Source Control

Comprehensive Code Quality Tools for .NET Development

Identify Runtime Bugs without Executing Software

Automate Code Analysis for Compliance

Enable Effective and Comprehensive Team Code Review

Automate Unit and Component Testing for Instant Verification and Regression Testing

Automate .NET Compact Framework Testing

Establish a Uniform Process Across the Team with a User-Friendly Workflow

Benefits

Features

System Requirements

OS

IDEs

Source Control

Parasoft^® .TEST^™: .NET Testing, Static Analysis, Code Review