C/C++ Static Code Analysis Tool

Powered by Parasoft C/C++test, the most complete development testing solution for C and C++

Try Parasoft C/C++test

Parasoft C/C++test

The Most Comprehensive Static Code Analysis Tool for Developing C and C++ Software

Parasoft C/C++test uses the most comprehensive set of static analysis techniques (pattern-based analysis, dataflow analysis, metrics, and more), verifying code quality with the largest number of checkers in the industry, and providing actionable workflows to help the team prioritize findings. Parasoft C/C++test's static code analyzer provides the most complete coverage for security standards, functional safety standards, and other industry-specific coding standards.

Static Analysis

How does it work?

Parasoft C/C++test uses a state-of-the-art C/C++ code parsing engine to analyze and understand the code under test, then applies checkers to find problems and violations in the code. Over 2500 different rules are shipped with the C/C++test tool, covering general best practices (Effective C++, Modern C++), industry standards (AUTOSAR, MISRA, JSF, CERT, CWE), and specialized bug-finders (i.e. null pointer dereference, division by zero, memory leaks and more). The rules are grouped into predefined configurations, allowing users to quickly configure the analysis.

Static analysis can be performed either in the IDE (Eclipse, Visual Studio) or in the command-line interface (for automation/continuous integration scenarios). The results of the analysis can be accessed immediately (in the IDE, or with HTML/PDF/XML reports) or aggregated for further post-processing, reporting, and analytics. Parasoft’s Process Intelligence Engine seamlessly integrates with other components of the development environment (i.e. source control management system or requirements management system) to help users effectively manage development efforts. Users can, for example, view static analysis results only from the code that has changed between two different builds, or view coverage results achieved on only modified code.

To make static analysis and unit testing more maintainable, Parasoft helps users manage results of testing, including prioritizing findings, suppressing unwanted findings, assigning findings to developers, and much more. Customizing the views of these results help teams focus on the warnings with the highest risk.

Parasoft C/C++test’s static code analyzer shines in a functional-safety development process, certified by TÜV SÜD to comply with ISO 26262 and IEC 61508, and providing a multi-standard Qualification Kit (ISO 26262, IEC 61508, DO 178B/C) with extra automation to help users manage the burden of compliance documentation.

Features

Parasoft C/C++test detects complex runtime-like problems early in the development stage – without the need to execute costly runtime tests. C/C++test analyzes the execution paths through the code, and finds possible issues (i.e. null pointer dereferencing, division by zero, memory leaks) and security vulnerabilities (i.e. tainted data, buffer overflows, command injection, SQL injection).

C/C++test provides set of built-in checkers (rules) for verifying compliance with standards like MISRA C 2012, MISRA C++ 2008, JSF AV C++, SEI CERT C/C++, AUTOSAR C++14, HIC++ and more. Such analysis is recommended/required for regulated industries (automotive, medical, aviation etc.), functional safety development (with standards like ISO 26262, IEC 61508 or DO-178C), and security (SEI CERT C/C++, CWE, OWASP). Parasoft Compliance Packs provide users with industry-specific configurations, along with dynamic compliance reporting dashboards, to help stakeholders easily understand progress.

C/C++test helps users verify company-specific or team-specific guidelines and coding standards with its specialized editor for creating custom rules (checkers), enabling users to extend (or replace) built-in rules provided with C/C++test, without writing any scripts.
 

Code metrics, collected during static analysis, provide further insight into code quality. These metrics are collected and analyzed on a per-unit, per-build level of granularity. Teams can use this information to access high risk code that is too complex, for example, as candidates for better testing or refactoring.

Results from C/C++test’s analyses can be viewed in Parasoft’s dynamic reporting dashboard, enabling automated post-processing and advanced reporting using historical data. It’s easy to see static analysis results across builds over time, even when working with large codebases and legacy code where visibility into the code is typically challenging, so you can quickly focus on the quality of the newly-added code.

With widgets that automatically track compliance with a given coding standard, users get a dynamic view into the compliance process, and can easily produce automatic reports for code audits.

Along with being independently certified for use in safety-critical projects by TÜV SÜD, Parasoft also provides Qualification Kits that go way beyond simple documentation to dramatically reduce the amount of time and effort required for achieving tool qualification for standards like ISO 26262, DO 178 B/C, IEC 61508, and EN 50128.

A unified testing solution means only one vendor to deal with. Parasoft’s qualification kits provide a certifiable and qualifiable test tool suite, taking the risk out of safety-critical testing and qualification, while saving time by only having to qualify a single solution for multiple testing practices.

Benefit from the Parasoft Approach

Want to learn more?

Parasoft C/C++test integrates with a wide variety of software, tools and frameworks,
so you can easily adopt and scale within your existing development environment.