Parasoft C/C++test

Parasoft C/C++test
	code coverage annotation in Parasoft C/C++test
Developer(s)	Parasoft
Initial release	1996;28 years ago
Stable release	2023.2 / December 13, 2023
Operating system	Cross-platform, Linux, Solaris, Windows
Platform	Windows, Linux, Solaris, Embedded, Cross-platform
Available in	English, Chinese, Japanese
Type	Testing
License	Proprietary commercial software
Website	www.parasoft.com/products/parasoft-c-ctest/

Last updated April 12, 2024

Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development practices that are part of development testing, including static code analysis, dynamic code analysis, unit test case generation and execution, code coverage analysis, regression testing, runtime error detection, requirements traceability, and code review.^[1] It's a commercial tool that supports operation on Linux, Windows, and Solaris platforms as well as support for on-target embedded testing and cross compilers.

Overview

Parasoft C/C++test is a combined set of tools that helps developers test their software. It's delivered as a standalone application that runs from the command line, or as a plug-in to Eclipse or Microsoft Visual studio. Various modules in the set assist software developers in performing static and dynamic analysis, creating, executing and maintaining unit tests, measuring code coverage and other software metrics, and executing regression tests.

The errors that C/C++test discovers include uninitialized or invalid memory, null pointer dereferencing, array and buffer overflow, division by zero, memory and resource leaks, duplicate code, and various types of dead or unreachable code.

C/C++test customers include Samsung Electronics,^[1] Wipro,^[2] NEC,^[3] and SELEX Sistemi Integrati.^[4] It is also used by Lockheed Martin for the F-35 Joint Strike Fighter program (JSF) ^[5] Inomed uses it to achieve IEC 62304 certification for their medical device software.^[6]

Basic functionality

Code coverage

When testing software code coverage is a measure of which parts of the code have been executed during a test, and which have not. There are many different methods for measuring coverage that have different criteria on how it's calculated. Depending on your needs you can choose which is the best fit for your application.

C/C++test includes options for line coverage, meaning has the line been executed, block coverage, statement coverage, path coverage, decision coverage, branch coverage, and simple condition coverage. It also supports modified condition/decision coverage or MCDC because projects that require safe reliable software such as aircraft and cars, tend to required this form of coverage as it's believed to be a better measure of whether or not the code has been thoroughly exercised.

Regression testing

Regression testing verifies that software continues to operate correctly, even as changes are made and new versions are released. C/C++test automatically generates tests that capture the current state of an applications behavior by recording what happens while the application is running. Later test runs are compared against stored results from earlier runs that help determine what problems changes in the code may have introduced. Having a robust regression test suite is especially critical in areas where there are short release cycles and high degrees of test automation such as agile software development or extreme programming, to help insure that changes aren't introducing bugs into the software.

Runtime error detection

C/C++test includes a lightweight form of runtime error detection that is suitable for use in embedded systems, including running on a target board or host. It helps find serious runtime defects such as memory leaks, null pointers, uninitialized memory, and buffer overflows.

Software metrics

Software metrics are used to help assess and improve software quality. Some metrics are used to help determine where bug-prone code might be, while others help understand maintainability and proper construction. C/C++test provides a variety of software metrics including traditional counting metrics of lines, files, comments, methods, etc. as well as industry standards like fan out, cyclomatic complexity, cohesion, and various Halstead metrics.

Users can configure which metrics they want to run and where applicable can set thresholds for what's an acceptable value for a particular metric. This allows users to flag code that is outside the expected range as an error to be reviewed or fixed. Graphic reports are provided to show values and trends in the metrics.

Static analysis

Static code analysis is the process of analyzing source code without executing the software. It helps developers to find bugs early, as well as code according to best practices.^[7] This helps create code that is less susceptible to bugs by avoiding potentially dangerous code styles and constructs.^[8] In industries where software performance is critical there are often requirements to run static analysis tools or even particular static analysis rules.

Static analysis in C/C++test includes different types of analysis including pattern-based, abstract interpretation, flow analysis, and metrics. This helps detect code responsible for memory leaks, erratic behavior, crashes, deadlocks, and security vulnerabilities.

C/C++test comes with pre-configured templates to assist enforcing static analysis rules for a variety of industry standards such as:^[9]

ANSI IEC 62304 for medical devices
DO-178B for airborne systems
IEC 61508 & Safety Integrity Level for functional safety of electronic systems
U.S. FDA general principles of software validation for medical software
ISO 26262 & ASIL for automotive software
Joint Strike Fighter Program for fighter aircraft
Safety-critical software development
Motor Industry Software Reliability Association (MISRA) for automotive software
PCI DSS Payment Card Industry data security standard
DISA STIG for defense industry systems and software

Traceability

When working in industries where there are strict coding requirements or regulatory standards, it is necessary to be able to prove that an application was developed according to the required steps. traceability is having all the information necessary to prove in a software audit that you've done the proper process. Commonly this means being able to prove what code belongs to a particular requirement as well as who reviewed it and what the outcome of such a review was. It also encompasses any tests and analysis performed on the code and what was done for any tests that failed. C/C++test keeps track of your testing and links it back to the requirement system, source control system, and bug tracking systems. This provides full traceability into each step of the software development process.

Unit testing

The purpose of unit testing is to make sure that all of the individual pieces of a software application work properly by themselves before integration. In programming languages like C and C++ this usually consists of a single file, or a small number of files that all perform a related function. Unit testing encompasses the creation of tests, execution of tests to see the results, and maintenance of tests for long term use. Because unit testing is often associated with code coverage which shows exactly what lines of code were executed by a test, both functionalities are included in C/C++test.

C++test helps you create unit tests that are compatible with xUnit testing frameworks. It also provides tracing functionality that lets you monitor a system under test and generate test cases based on actual paths and data used during the execution. It also provides functionality to handle isolating the code necessary to allow it to function without the rest of the application, also called stubbing, as well as an object repository to store, share, and reuse software objects initialized with the necessary test data. Stubs allow you to remove dependent parts of the full application such as a database or API but still run the application as if the component were still there. C/C++test allows you to create the necessary stubs to run your code in isolation.

The capability to alter and extend test data is provided through a variety of means such as a data source interface that allows you to read test inputs from files, spreadsheets, and databases. Tests can also be run simultaneous with runtime error detection turned on so as to find serious programming flaw that won't necessarily cause assertion failures during testing but are likely to cause software instability when deployed. Execution on embedded systems is support, whether it's a host, target, or simulator, including cross-compilation, loading tests to the target, and loading results from a remote execution back in the GUI.

History

Parasoft C/C++test was originally introduced in 1995 as a static analysis tool based on guidelines found in the book Effective C++ by Scott Meyers.^[10] Later when unit test creation and execution was added the product was renamed to C++test.^[11] Eventually the product name was modified to include both C and C++ to reflect what languages are actually covered.^[12]

Parasoft C/C++test won Software Test and Performances’ 2008 Testers Choice Award in the best embedded/mobile test/performance category.^[13] It was selected as VDC's Software Embeddy "Best in Show" award winner in 2012.^[14]

Parasoft received TUV certification as an automotive functional safety tool in 2011 according to IEC 61508 and ISO 26262 standards.^[15]

Supported systems

Supported compilers

Compiler type (OS)	Compiler name / target
Windows	Microsoft Visual C++
Windows	GNU and MingW gcc/g++
Windows	GNU gcc/g++
Windows	Green Hills MULTI for Windows
Linux	GNU gcc/g++
Linux	Green Hills MULTI for Linux
Solaris	Sun ONE Studio
Solaris	GNU gcc/g++
Solaris	Green Hills MULTI for SPARC Solaris
Target/Cross	Altera NIOS GCC
Target/Cross	ADS (ARM Development Suite)
Target/Cross	ARM for Keil µVision
Target/Cross	ARM RVCT
Target/Cross	ARM DS-5 GNU Compilation Tools
Target/Cross	Cosmic Software 68HC08
Target/Cross	eCosCentric GCC
Target/Cross	Freescale CodeWarrior C/C++ for HC12
Target/Cross	Fujitsu FR Family SOFTUNE
Target/Cross	GCC (GNU Compiler Collection)
Target/Cross	Green Hills MULTI for V800
Target/Cross	IAR C/C++ for ARM
Target/Cross	IAR C/C++ for MSP430
Target/Cross	Keil C51
Target/Cross	Microsoft Visual C++ for Windows Mobile
Target/Cross	Microsoft Embedded Visual C++
Target/Cross	National Instruments LavWindows/CVI 2015 Clang C/C++ Compiler
Target/Cross	QCC (QNX GCC)
Target/Cross	Renesas RX C/C++
Target/Cross	Renesas SH SERIES C/C++
Target/Cross	STMicroelectronics ST20
Target/Cross	STMicroelectronics ST40
Target/Cross	TASKING 80C196 C
Target/Cross	TASKING TriCore VX-toolset C/C++
Target/Cross	TI TMS320C2x/C2xx/C5x
Target/Cross	TI TMS320C2000 C/C++
Target/Cross	TI TMS320C54x C/C++
Target/Cross	TI TMS320C55x C/C++
Target/Cross	TI TMS320C6x C/C++
Target/Cross	TI MSP430 C/C++
Target/Cross	Wind River GCC
Target/Cross	Wind River DIAB

Supported IDEs

Related Research Articles

In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.

IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.

Dynamic program analysis is analysis of computer software that involves executing the program in question. Dynamic program analysis includes familiar techniques from software engineering such as unit testing, debugging, and measuring code coverage, but also includes lesser-known techniques like program slicing and invariant inference. Dynamic program analysis is widely applied in security in the form of runtime memory error detection, fuzzing, dynamic symbolic execution, and taint tracking.

PikeOS is a commercial hard real-time operating system (RTOS) which features a separation kernel-based hypervisor. This hypervisor supports multiple logical partition types for various operating systems (OS) and applications, each referred to as a GuestOS. PikeOS is designed to facilitate the development of certifiable smart devices for the Internet of Things (IoT) by adhering to standards of quality, safety, and security across different industries. In instances where memory management units (MMU) are not present but memory protection units (MPU) are available on controller-based systems, PikeOS for MPU is designed for critical real-time applications and provides up-to-standard safety and security.

MISRA C is a set of software development guidelines for the C programming language developed by The MISRA Consortium. Its aims are to facilitate code safety, security, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C / C90 / C99.

LDRA Testbed is a set of core static and dynamic analysis engines for both host and embedded software. LDRA Testbed is made by Liverpool Data Research Associates (LDRA). LDRA Testbed provides the means to enforce compliance with coding standards such as MISRA, JSF++ AV, CERT C, CWE and provides visibility of software flaws that might typically pass through the standard build and test process to become latent problems. In addition, test effectiveness feedback is provided through structural coverage analysis reporting facilities, which support the requirements of the DO-178B standard up to and including Level A.

Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.

Parasoft DTP is a development testing and software testing analytics solution from Parasoft that acts as a centralized hub for managing software quality and application security. DTP provides traditional software reports from normal software development activities and is also able to aggregate data from various software testing practices to present an overview of the state of the codebase.

LDRA is a provider of software analysis, test, and requirements traceability tools for the Public and Private sectors. It is a pioneer in static and dynamic software analysis.

ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles, defined by the International Organization for Standardization (ISO) in 2011, and revised in 2018.

TargetLink is a software for automatic code generation, based on a subset of Simulink/Stateflow models, produced by dSPACE GmbH. TargetLink requires an existing MATLAB/Simulink model to work on. TargetLink generates both ANSI-C and production code optimized for specific processors. It also supports the generation of AUTOSAR-compliant code for software components for the automotive sector. The management of all relevant information for code generation takes place in a central data container, called the Data Dictionary.

The ETAS Group is a German company which designs tools for the development of embedded systems for the automotive industry and other sectors of the embedded industry. ETAS is 100-percent subsidiary of Robert Bosch GmbH.

Development testing is a software development process that involves synchronized application of a broad spectrum of defect prevention and detection strategies in order to reduce software development risks, time, and costs.

AbsInt is a software-development tools vendor based in Saarbrücken, Germany. The company was founded in 1998 as a technology spin-off from the Department of Programming Languages and Compiler Construction of Prof. Reinhard Wilhelm at Saarland University. AbsInt specializes in software-verification tools based on abstract interpretation. Its tools are used worldwide by Fortune 500 companies, educational institutions, government agencies and startups.

Automotive Safety Integrity Level (ASIL) is a risk classification scheme defined by the ISO 26262 - Functional Safety for Road Vehicles standard. This is an adaptation of the Safety Integrity Level (SIL) used in IEC 61508 for the automotive industry. This classification helps defining the safety requirements necessary to be in line with the ISO 26262 standard. The ASIL is established by performing a risk analysis of a potential hazard by looking at the Severity, Exposure and Controllability of the vehicle operating scenario. The safety goal for that hazard in turn carries the ASIL requirements.

Cantata++, or simply Cantata in newer versions, is a commercial computer program for dynamic testing, specifically unit testing and integration testing, and code coverage at run time of C and C++ programs. It is developed and sold by QA Systems, and was formerly a product of IPL Information Processing Ltd.

Time-triggered architecture, also known as a time-triggered system, is a computer system that executes one or more sets of tasks according to a pre-determined and set task schedule. Implementation of a TT system will typically involve use of a single interrupt that is linked to the periodic overflow of a timer. This interrupt may drive a task scheduler. The scheduler will‍—‌in turn‍—‌release the system tasks at predetermined points in time.

CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.

References

1 2 Yoon, JunHo (2006-06-16). "Code Quality Improvement". Dr. Dobb's Journal. Retrieved 16 June 2006.
↑ "Wipro Meets Exacting Software Quality Standards and Fuels Global Growth through Parasoft's Development Testing Platform" (PDF). Retrieved 2017-04-25.
↑ "NEC Telecom Software Philippines Streamlines Internal Quality Initiatives with Parasoft C++test" (PDF). Retrieved 2017-04-25.
↑ "SELEX Increases Efficiency with Automated Defect Prevention" (PDF). Retrieved 2017-04-25.
↑ F-35 Joint Strike Fighter benefits from modern software testing, quality assurance
↑ "Inomed Streamlines IEC 62304 Medical Device Software Certification" (PDF). Retrieved 2017-04-25.
↑ "JOINT STRIKE FIGHTER AIR VEHICLE C++ CODING STANDARDS FOR THE SYSTEM DEVELOPMENT AND DEMONSTRATION PROGRAM" (PDF). 2005-12-01. Retrieved 2017-04-25. employ good programming style and proven programming practices leading to safe, reliable, testable, and maintainable code
↑ MISRA C:2012 - Guidelines for the use of C language in critical systems. MIRA Limited on behalf of the MISRA consortium. 2013-03-01. ISBN 978-1-906400-10-1. The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset
↑ Ramel, David (2010-05-28). "New Agile Project Management Tools Announced". Application Development Trends. Retrieved 7 September 2010.
↑ "New Static Code Analysis tool by Parasoft". Parasoft. 1996-05-05. Retrieved 2017-04-25. CodeWizard is essentially a software rendition of this book that enforces Meyers' list of ways to achieve effective C++ programming
↑ "Parasoft Releases New Upgrade of C++test". Parasoft. 2001-04-30. Retrieved 2017-04-25.
↑ "Parasoft C/C++test Wins Testers Choice Award 2008". 2008-11-04. Retrieved 2017-04-25.
↑ Parasoft Embedded Wins 2008 Testers Choice Award
↑ Announcing the winner of VDC’s Software Embeddy for the 2012 DESIGN East show!
↑ "Parasoft TUV SUD Certified". 2011-02-24. Retrieved 2017-04-25. TÜV SÜD certified the latest version of Parasoft C/C++test to be qualified for safety-related software development according to IEC 61508 and ISO 26262 standards.

External links

Parasoft C/C++test page

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[drdobbs201606-1] 1 2 Yoon, JunHo (2006-06-16). "Code Quality Improvement". Dr. Dobb's Journal. Retrieved 16 June 2006.

[2] "Wipro Meets Exacting Software Quality Standards and Fuels Global Growth through Parasoft's Development Testing Platform" (PDF). Retrieved 2017-04-25.

[3] "NEC Telecom Software Philippines Streamlines Internal Quality Initiatives with Parasoft C++test" (PDF). Retrieved 2017-04-25.

[4] "SELEX Increases Efficiency with Automated Defect Prevention" (PDF). Retrieved 2017-04-25.

[5] F-35 Joint Strike Fighter benefits from modern software testing, quality assurance

[6] "Inomed Streamlines IEC 62304 Medical Device Software Certification" (PDF). Retrieved 2017-04-25.

[7] "JOINT STRIKE FIGHTER AIR VEHICLE C++ CODING STANDARDS FOR THE SYSTEM DEVELOPMENT AND DEMONSTRATION PROGRAM" (PDF). 2005-12-01. Retrieved 2017-04-25. employ good programming style and proven programming practices leading to safe, reliable, testable, and maintainable code

[8] MISRA C:2012 - Guidelines for the use of C language in critical systems. MIRA Limited on behalf of the MISRA consortium. 2013-03-01. ISBN 978-1-906400-10-1. The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset

[adt_newagile-9] Ramel, David (2010-05-28). "New Agile Project Management Tools Announced". Application Development Trends. Retrieved 7 September 2010.

[10] "New Static Code Analysis tool by Parasoft". Parasoft. 1996-05-05. Retrieved 2017-04-25. CodeWizard is essentially a software rendition of this book that enforces Meyers' list of ways to achieve effective C++ programming

[11] "Parasoft Releases New Upgrade of C++test". Parasoft. 2001-04-30. Retrieved 2017-04-25.

[12] "Parasoft C/C++test Wins Testers Choice Award 2008". 2008-11-04. Retrieved 2017-04-25.

[13] Parasoft Embedded Wins 2008 Testers Choice Award

[14] Announcing the winner of VDC’s Software Embeddy for the 2012 DESIGN East show!

[15] "Parasoft TUV SUD Certified". 2011-02-24. Retrieved 2017-04-25. TÜV SÜD certified the latest version of Parasoft C/C++test to be qualified for safety-related software development according to IEC 61508 and ISO 26262 standards.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]