Join us on December 12! MISRA C++ 2023: Everything You Need to Know Register Now >>
Parasoft C/C++test finds runtime defects, stability issues, and security vulnerabilities, such as memory leaks, null pointers, uninitialized memory, and buffer overflows, by monitoring the runtime when running a host-based or embedded application, or executing unit tests written in C. The runtime component is extremely lightweight, requiring only small amounts of extra code and data space. This is ideal for use cases in the automotive industry to address ISO 21434 cybersecurity requirements that expose blind spots in road vehicle software.
Parasoft C/C++test automatically instruments an application’s codebase to activate monitoring when the application is running, identifying serious defects, stability issues, and security vulnerabilities, such as:
Parasoft C/C++test’s runtime analysis provides predefined test configurations to support both native and embedded applications with C-style memory allocations (malloc / free). Runtime analysis can be performed during both unit testing, to validate specific scenarios and execution paths, and functional testing, to monitor the fully integrated application.
Defects that have been found during runtime testing can be presented directly in the developer’s IDE, and correlated with other test results and quality metrics, such as code coverage or static analysis findings from Parasoft C/C++test, so the user can get a complete picture of the tested application, making it easier to understand the root-cause of runtime defects.
Parasoft C/C++test monitors a running application, detecting runtime-related problems (i.e. memory leaks, memory corruption, reading uninitialized memory, buffer overflows) that could lead to stability issues, functional misbehaviors, or security vulnerabilities. Unlike static analysis, where warnings may not necessarily result in bugs in the running code (a.k.a. false positives), bugs found by dynamic analysis are always true positives.
Parasoft C/C++test monitors test binaries when running unit tests, providing insight into the code under test to help users understand unit testing failures or instabilities. Runtime analysis can detect errors that aren’t easily determined from unit test results. For example, memory leaks might be overlooked during unit testing since memory problems aren’t checked or the impact on memory isn’t significant. By detecting runtime defects for execution paths enforced by unit test cases, C/C++test can exercise paths not easily reached when running the original application.
Runtime analysis can be performed for not only native applications, but also for cross-platform/embedded environments, so the analysis is performed in the original production environment. Bugs may not manifest themselves with host-based development and the target code may have a different processor architecture, operating system and device constraints, so without this, users would need to perform complicated on-target debugging (assuming the defects could be detected by having some visible side effects during regular functional testing).
Runtime defects are presented in the IDE in a unified way with other test data, such as code coverage, unit testing failures, or static analysis findings, so it’s easier to analyze and understanding the root cause of the runtime defects.