We have spent a lot of time and effort to provide the best support for AUTOSAR C++ compliance on the market, but Parasoft C/C++test 10.4.3 is not only about AUTOSAR C++. We also beefed up the security compliance pack by adding new, enhanced rule sets for the latest editions of CWE Top 25/On The Cusp lists (released in September), as well as OWASP Top 10. We enhanced our unit testing framework by adding new options for stubs, we added more integration support, and more. Read on to get more details!
In the last months, I had many customer visits in Silicon Valley, Europe (Germany mainly), and Japan. In almost all of these places, customers and prospects emphasized the importance of continuous static analysis support for the AUTOSAR C++ 14 standard, in the long term relationship with Parasoft as the static analysis technology vendor. Especially as this standard continues to evolve under MISRA wings to support C++ 17 and C++ 20.
Parasoft has been the fastest to react to the AUTOSAR C++ 14 evolution, and provides the most comprehensive support for the guidelines from the standard. The 10.4.3 release of Parasoft C/C++test brings a new batch of checkers, which offers complete support for required/automated guidelines from the standard.
Parasoft C/C++test, along with its Automotive Compliance Pack, is now the only solution on the market offering 100% coverage for required/automated guidelines, which are the core guidelines in the standard meant for enforcement with static analysis technology. Teams usually start deploying the AUTOSAR C++ 14 compliance process using a subset of required/automated guidelines, which makes support for those guidelines critical. Below you can see a table showing some statistics of Parasoft coverage for the standard:
In addition to the critical required/automated guidelines, AUTOSAR C++ contains a subset of rules for which enforcement can be only partially-automated or cannot be automated (non-automated). In many situations, static analysis can provide a reasonable level of support, even for those guidelines that cannot be fully automated – to reduce the burden of manual code reviews. We decided to take this pragmatic approach, and our AUTOSAR C++ compliance solution includes support for selected partially or non-automated guidelines.
If you are interested in getting more details regarding Parasoft’s support for the AUTOSAR C++ 14 standard, you can view the full mapping here.
With the 10.4.3 release, Parasoft C/C++test is the first tool on the market that supports the latest edition (version 3.4) of CWE Top 25 and On The Cusp, that were released by MITRE on September 18, 2019. In the security world, the short turnaround time is critical to react to the always-changing landscape of threats. Parasoft C/C++test implemented static analysis checkers that cover the CWE top 25 and On The Cusp and enabled organization with a solution to find and eliminate the most frequent and severe security weaknesses.
What makes Parasoft unique is that our support for security is comprehensive. We support security testing not only for C/C++ development but also for other technologies. In the latest Jtest and dotTEST release, you can find some more interesting information about CWE support for Java and C#.
In addition to the popular CWE Top 25 and On The Cusp, the latest release of Parasoft C/C++test provides a new rule set and test configuration for OWASP Top 10, which replaces the legacy test configuration and brings enhanced accuracy of the checkers.
The UL 2900 cybersecurity standard is recognized by the FDA, making it a good choice if you’re working on medical devices. To achieve the required level of cybersecurity for the system, the standard requires you to run static analysis for OWASP Top 10, CWE Top 25, and CWE On The Cusp. With the 10.4.3 release, Parasoft C/C++test supports now a combination of the static analysis checkers that can automate the source code scans against the weaknesses included in the latest editions of those lists, making it an excellent choice for any organization trying to achieve FDA approval and protect their product from cybersecurity threats.
Stubbing is one of the most valuable features of our unit testing framework. In every release we are adding something new to make better and even easier to use. The 10.4.3 release provides an additional option for user stubs that configure them by default to work in so-called “proxy mode.”
The new option is provided to minimize the interference between different developers adding stubs for their test cases in uncoordinated way, which can cause unintentional changes in the test cases results . With the new option selected, user-stubs stubs will automatically detect if original function is present, and invoke it by default. The stub will activate alternative behavior only if a test case specific behavior will be intentionally provided. With this option developer can safely add a stub for an existing symbol without breaking her college test cases that rely on original definition. And the beauty of this feature is that new stubs are smart to detect if original definition is present in the test binary or not. If original definition of the stubbed function will be excluded from the test binary, stub will reconfigure itself and return the default value instead of performing the proxy call.
You can learn more about this new feature here.
Last but not least, we worked very hard to provide support for new development environments. Let me mention some of the most important environments that we now support in the 10.4.3 release:
The 10.4.3 release was initially planned to be focused on the enhancements for the unit testing framework. Reacting to the pressure from the market, we decided to change our plans. We were getting a number of requests from our automotive customers (autonomous driving guys mainly to be honest…) to finalize our support for required/automated guidelines from the AUTOSAR C++ standard. The pressure for compliance is growing as the autonomous driving systems are becoming more mature and closer to the release. And for a long time, there was no static analysis tool on the market that supports 100% of the critical guidelines. Now that C/C++test provides this missing functionality to the market, we can switch our focus back to unit testing and start working on some exciting enhancements. We plan to release the next version of the C/C++test, with some of these new features, at the end of Q1 2020, or the beginning of Q2.
Product Manager for Parasoft's embedded testing solutions, Miroslaw's specialties include C/C++, RTOSes, static code analysis, unit testing, managing software quality for safety critical applications, and software compliance to safety standards.