Parasoft C/C++test, a unified development testing solution for C and C++ uses the most comprehensive set of static code analysis techniques (pattern-based analysis, dataflow analysis, abstract interpretation, metrics, and more), verifying code quality with the largest number of checkers in the industry, provides actionable workflows to help the team prioritize findings and fix defects in the code. Parasoft C/C++test’s static analyzer provides the most complete coverage for common security standards, functional safety standards, and other industry-specific coding standards.
Parasoft C/C++test uses a state-of-the-art C/C++ code parsing engine to analyze the code under test, build abstract interpretation, and apply a C/C++ checker to find problems and violations in the code. Over 2500 different rules are shipped with the C/C++test tool, covering general best practices (Effective C++, Modern C++), industry standards (AUTOSAR, MISRA, JSF, CERT, CWE), and specialized bug-finders (i.e. null pointer dereference, division by zero, memory leaks and more). The rules are grouped into predefined configurations, allowing a user to quickly configure the analysis.
Parasoft helps users manage results of testing, including prioritizing findings, suppressing unwanted findings, assigning findings to developers, and much more.
C and C++ static analysis can be performed either in the IDE (Eclipse, Visual Studio Code, Visual Studio, etc.) or in the command-line interface (for automation/continuous integration scenarios). The results of the analysis can be accessed immediately (in the IDE, or with HTML/PDF/XML reports) or aggregated for further post-processing, reporting, and analytics. Parasoft’s Process Intelligence Engine seamlessly integrates with other components of the development environment (i.e. source control management system or requirements management system) to help users effectively manage development efforts. Users can, for example, view complete static analysis results only from the code that has changed between two different builds, or view coverage results achieved on only modified code.
To make C/C++ static analysis and unit testing more maintainable, Parasoft helps users manage results of testing, including prioritizing findings, suppressing unwanted findings, assigning findings to developers, and much more. Customizing the views of these results help teams focus on the warnings with the highest potential risk.
Parasoft C/C++test’s static analysis for C/C++ shine in a functional-safety development process, certified by TÜV SÜD to comply with ISO 26262 and IEC 61508, IEC 62304 and EN 50128. Our Qualification Kit with extra automation helps in tool qualification for DO-178B/C (and other standards) and reduces the burden of compliance documentation.
Parasoft C/C++test detects complex runtime-like problems early in the development stage – without the need to execute costly runtime tests. C/C++test analyzes the execution paths through the code, and finds possible issues (i.e. null pointer dereferencing, division by zero, memory leaks) and security vulnerabilities (i.e. tainted data file, buffer overflows, command injection, SQL injection).
Parasoft C/C++test provides set of built-in C/C++ code checker (rules) for verifying compliance with standards like MISRA C 2012, MISRA C++ 2008, JSF AV C++, SEI CERT C/C++, AUTOSAR C++14, HIC++ and more. Such analysis is recommended/required for regulated industries (automotive, medical, aviation etc.), functional safety development (with standards like ISO 26262, IEC 61508 or DO-178C), and security (SEI CERT C/C++, CWE, OWASP). Parasoft Compliance Packs provide users with industry-specific configurations, along with dynamic compliance reporting dashboards, to help stakeholders easily understand progress.
C/C++test helps users verify company-specific or team-specific guidelines and coding standards with its specialized editor for creating custom rules (checkers), enabling users to extend (or replace) built-in rules provided with C/C++test, without writing any scripts.
Code metrics collected during C/C++ static analysis provide further insight into code quality and help you eliminate bugs. These metrics are collected and analyzed on a per-unit, per-build level of granularity. Teams can use this information to access high-risk code that is too complex, for example, as candidates for better testing or refactoring.
Results from C/C++test’s static code analysis tools can be viewed in Parasoft’s dynamic reporting dashboard, enabling automated post-processing and advanced reporting strategies using historical data. It’s easy to see static analyzer results across builds over time, even when working with large codebases and legacy code where visibility into the code is typically challenging, so you can quickly focus on the quality of the newly-added code.
With widgets that automatically track compliance with a given coding standard, users get a dynamic view into the compliance process, and can easily produce automatic reports for code audits.
Along with being independently certified for use in any safety-critical project by TÜV SÜD, entitling use of C/C++ static analysis tools without any further qualification/validation effort, Parasoft also provides Qualification Kits that go way beyond simple documentation to dramatically reduce the amount of time and effort required for achieving tool qualification for standards like ISO 26262, DO-178B/C, IEC 61508, IEC 62304, and EN 50128.
A unified testing solution means only one vendor to deal with. Parasoft’s qualification kits provide a certifiable and qualifiable test tool suite, taking the risk out of safety-critical testing and qualification, while saving time by only having to qualify a single solution for multiple testing practices.