X
C/C++ Static Analysis

C/C++ Static Code Analysis

Powered by Parasoft C/C++test, the most complete development testing
solution for C and C++

The Most Comprehensive Static Code Analysis Solution for C and C++ Software

Parasoft C/C++test, a unified development testing solution for C and C++ uses the most comprehensive set of static code analysis techniques (pattern-based analysis, dataflow analysis, abstract interpretation, metrics, and more), verifying code quality with the largest number of checkers in the industry, provides actionable workflows to help the team prioritize findings and fix defects in the code. Parasoft C/C++test’s static analyzer provides the most complete coverage for common security standards, functional safety standards, and other industry-specific coding standards.

How Does It Work?

Parasoft C/C++test uses a state-of-the-art C/C++ code parsing engine to analyze the code under test, build abstract interpretation, and apply a C/C++ checker to find problems and violations in the code. Over 2500 different rules are shipped with the C/C++test tool, covering general best practices (Effective C++, Modern C++), industry standards (AUTOSAR, MISRA, JSF, CERT, CWE), and specialized bug-finders (i.e. null pointer dereference, division by zero, memory leaks and more). The rules are grouped into predefined configurations, allowing a user to quickly configure the analysis.

Parasoft helps users manage results of testing, including prioritizing findings, suppressing unwanted findings, assigning findings to developers, and much more.

C and C++ static analysis can be performed either in the IDE (Eclipse, Visual Studio Code, Visual Studio, etc.) or in the command-line interface (for automation/continuous integration scenarios). The results of the analysis can be accessed immediately (in the IDE, or with HTML/PDF/XML reports) or aggregated for further post-processing, reporting, and analytics. Parasoft’s Process Intelligence Engine seamlessly integrates with other components of the development environment (i.e. source control management system or requirements management system) to help users effectively manage development efforts. Users can, for example, view complete static analysis results only from the code that has changed between two different builds, or view coverage results achieved on only modified code.

To make C/C++ static analysis and unit testing more maintainable, Parasoft helps users manage results of testing, including prioritizing findings, suppressing unwanted findings, assigning findings to developers, and much more. Customizing the views of these results help teams focus on the warnings with the highest potential risk.

Parasoft C/C++test’s static analysis for C/C++ shine in a functional-safety development process, certified by TÜV SÜD to comply with ISO 26262 and IEC 61508, IEC 62304 and EN 50128. Our Qualification Kit with extra automation helps in tool qualification for DO-178B/C (and other standards) and reduces the burden of compliance documentation.

Features

Parasoft C/C++test detects complex runtime-like problems early in the development stage – without the need to execute costly runtime tests. C/C++test analyzes the execution paths through the code, and finds possible issues (i.e. null pointer dereferencing, division by zero, memory leaks) and security vulnerabilities (i.e. tainted data file, buffer overflows, command injection, SQL injection).

Parasoft C/C++test provides set of built-in C/C++ code checker (rules) for verifying compliance with standards like MISRA C 2012, MISRA C++ 2008, JSF AV C++, SEI CERT C/C++, AUTOSAR C++14, HIC++ and more. Such analysis is recommended/required for regulated industries (automotive, medical, aviation etc.), functional safety development (with standards like ISO 26262, IEC 61508 or DO-178C), and security (SEI CERT C/C++, CWE, OWASP). Parasoft Compliance Packs provide users with industry-specific configurations, along with dynamic compliance reporting dashboards, to help stakeholders easily understand progress.

C/C++test helps users verify company-specific or team-specific guidelines and coding standards with its specialized editor for creating custom rules (checkers), enabling users to extend (or replace) built-in rules provided with C/C++test, without writing any scripts.

Code metrics collected during C/C++ static analysis provide further insight into code quality and help you eliminate bugs. These metrics are collected and analyzed on a per-unit, per-build level of granularity. Teams can use this information to access high-risk code that is too complex, for example, as candidates for better testing or refactoring.

Results from C/C++test’s static code analysis tools can be viewed in Parasoft’s dynamic reporting dashboard, enabling automated post-processing and advanced reporting strategies using historical data. It’s easy to see static analyzer results across builds over time, even when working with large codebases and legacy code where visibility into the code is typically challenging, so you can quickly focus on the quality of the newly-added code.

With widgets that automatically track compliance with a given coding standard, users get a dynamic view into the compliance process, and can easily produce automatic reports for code audits.

Along with being independently certified for use in any safety-critical project by TÜV SÜD, entitling use of C/C++ static analysis tools without any further qualification/validation effort, Parasoft also provides Qualification Kits that go way beyond simple documentation to dramatically reduce the amount of time and effort required for achieving tool qualification for standards like ISO 26262, DO-178B/C, IEC 61508, IEC 62304, and EN 50128.

A unified testing solution means only one vendor to deal with. Parasoft’s qualification kits provide a certifiable and qualifiable test tool suite, taking the risk out of safety-critical testing and qualification, while saving time by only having to qualify a single solution for multiple testing practices.

Benefit From the Parasoft Approach

Unified C/C++ Tooling

Parasoft C/C++test users benefit from an integrated approach to software development, with a combination of testing techniques (i.e. runtime analysis, unit testing, code coverage). Users don’t have to combine tools and vendors to gain a complete code quality solution, and for compliance efforts, tool qualification is simplified by only having to qualify one tool.

Smart Analytics

Parasoft C/C++test’s reporting and analytics dashboard enables users to benefit from Parasoft’s award-winning Process Intelligence Engine, which provides business intelligence about the current state of of the product, indicators about areas of risk in the code, and the ability to pinpoint and focus on key files and areas in the product.

Support for Functional Safety

In addition to 2500+ C/C++ static analysis rules that include better coverage for coding standards than any other vendor, Parasoft provides Qualification Kits and functional safety certifications, making Parasoft C/C++test the perfect fit for functional-safety development. Static analysis rule configurations are available out-of-the-box for safety and security standards.

Try Parasoft