We released Parasoft C/C++test 10.4.1 focusing on security and functional safety
By Miroslaw Zielinski
December 6, 2018
5 min read
Jump to Section
The new release of Parasoft C/C++test focused on the C++ language, including full support for CERT C++ and a dedicated compliance reporting module for AUTOSAR. Read on for more details!
Autumn this year was an inspiring time for us! We had many great opportunities for interesting conversations with our existing and potential customers, including several automotive companies working on automated driving systems (i.e. autonomous driving). What we have learned, among many other things, is that modern C++ is becoming more and more important. C++ enables the full power of CPUs and GPUs to be readily available to run complex AI algorithms, while still allowing software engineers to create and enforce a proper architecture of the systems through object-oriented design patterns.
But C++ is also an advanced and complex language that needs to be used with care to eliminate language constructs that may lead to undefined behavior. This is why high code quality, functional safety, and security remain the primary concerns for teams developing AI-based automotive systems with C++.
To better support teams that are leading industry innovators, we are happy to release the latest Parasoft C/C++ 10.4.1, which focused heavily on testing C++ code. The product now has complete support for the SEI CERT C++ security coding standard, which no other product has, along with dedicated compliance reporting and the parser update for C++17 support. In addition, we enhanced the presentation of static analysis violations, making it even easier to understand the root cause of reported problems. For unit testers, we’ve added improvements for creating and editing parametrized test cases. And of course, as usual, we have a collection of new compilers and IDEs that are now supported. A busy time it was!
Complete Support for CERT C++
The Parasoft C/C++test Compliance Pack now has full support for the SEI CERT C++ security coding standard. Parasoft C/C++test 10.4.1 supports all of the 83 rules defined by the SEI CERT C++ standard. Unlike CERT C, the C++ edition of the standard does not currently contain any official recommendations. But you can be sure once they are added we will support them!
If you purchase a Compliance Pack for security, you’ll also get the CERT C++ dedicated reporting module, which saves you lots of time when managing the compliance process. One of the most exciting functionalities of the reporting framework is an automatic risk assessment framework that allows you to easily focus efforts on the problems that are most relevant.
With a complete set of static analysis checkers for SEI CERT C++ and compliance reporting, teams developing with C++ are now armed with an excellent tool to eliminate vulnerable code and achieve compliance with the most recognized security standard for C++.
Compliance Reporting for AUTOSAR C++14
The 10.4.1 release also brings dedicated compliance reporting for AUTOSAR C++14. With a Compliance Pack, users can now get a dynamic view into their compliance processes to better understanding how far they are form being compliant. A specialized reporting module shows static analysis violations grouped according to all categorizations defined in the standard. A quick glance at the compliance widgets is now enough to make informed decisions about where to allocate development resources. See example below:
Compliance reporting also includes another important capability: automatic generation of compliance documentation. If your team needs to follow more formalized compliance process, you will be happy to hear that Parasoft’s compliance reporting module can generate documentation that conforms to the MISRA 2016 standard. The Guidelines Enforcement Plan (GEP), Guidelines Compliance Summary (GEP), and Deviations Reports can now be automatically prepared and printed out for the code audits. Automatically generating this compliance documentation will save you a lot of time!
Enhanced Presentation of Static Analysis Violations
Static analysis can find complex bugs in your source code, but sometimes these problems are so intricate that it’s very hard to understand why the problem appears and what is the root cause of it. To help you save more time in the results review process, we’ve improved the presentation of the static analysis findings. Problem reports are now annotated with additional information, such as values of conditional statements or tainted data carriers, and different colors are used to increase readability. The new presentation is available in IDE, HTML, PDF reports, and in the centralized reporting dashboard. See below screen shot of an exemplary HTML report which shows the new violations presentation.
Enhancements in Unit Testing
Creating unit tests is not always an exciting activity, especially when you need to add multiple test cases (possibly hundreds or thousands) to test many equivalence classes or corner cases. With the new 10.4.1 release, you can easily and automatically create parameterized test cases that are connected to a data source in the form of a table or CSV file. Once the parametrized test case is created, you can jump to the data source for a specific test case, and start adding test parameters, which is as easy as editing an excel spreadsheet or CSV file. This functionality reduces the effort required to create larger batches of tests, to eliminate user frustration.
New Environments and Compilers
Users developing their systems with Wind River Workbench 4.x and VxWorks 7.x can now install the Parasoft C/C++test plugin directly into their IDE and get the full power of multiple testing techniques in their development environment. Dedicated support for the latest toolchain from Wind River Workbench includes project integration (no need for any additional setup steps) and dedicated test configurations for building and running unit tests or application monitoring for DKM and RTP projects. And of course, the full power of more than 2000 static analysis checkers is available to the Workbench users at any time.
In addition to the Wind River development environment, the 10.4.1 release adds support for another architecture from IAR tools suite, RL78, the latest version of Keil MDK-ARM, and the GCC 8 compiler.
This was a busy time for us; now we need to catch a few breaths, groom our backlog and get back to the drawing boards to start working on the next release! If you’re an existing customer, head over to the Customer Portal to upgrade your software. If you’re new to Parasoft and would like a free trial of Parasoft C/C++test, head on over here to grab it.
“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.