A major contributor to this article appears to have a close connection with its subject.(April 2013) |
Developer(s) | Parasoft |
---|---|
Initial release | 1996 |
Stable release | 2023.2 / December 13, 2023 |
Operating system | Cross-platform, Linux, Solaris, Windows |
Platform | Windows, Linux, Solaris, Embedded, Cross-platform |
Available in | English, Chinese, Japanese |
Type | Testing |
License | Proprietary commercial software |
Website | www |
Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development practices that are part of development testing, including static code analysis, dynamic code analysis, unit test case generation and execution, code coverage analysis, regression testing, runtime error detection, requirements traceability, and code review. [1] It's a commercial tool that supports operation on Linux, Windows, and Solaris platforms as well as support for on-target embedded testing and cross compilers.
Parasoft C/C++test is a combined set of tools that helps developers test their software. It's delivered as a standalone application that runs from the command line, or as a plug-in to Eclipse or Microsoft Visual studio. Various modules in the set assist software developers in performing static and dynamic analysis, creating, executing and maintaining unit tests, measuring code coverage and other software metrics, and executing regression tests.
The errors that C/C++test discovers include uninitialized or invalid memory, null pointer dereferencing, array and buffer overflow, division by zero, memory and resource leaks, duplicate code, and various types of dead or unreachable code.
C/C++test customers include Samsung Electronics, [1] Wipro, [2] NEC, [3] and SELEX Sistemi Integrati. [4] It is also used by Lockheed Martin for the F-35 Joint Strike Fighter program (JSF) [5] Inomed uses it to achieve IEC 62304 certification for their medical device software. [6]
When testing software code coverage is a measure of which parts of the code have been executed during a test, and which have not. There are many different methods for measuring coverage that have different criteria on how it's calculated. Depending on your needs you can choose which is the best fit for your application.
C/C++test includes options for line coverage, meaning has the line been executed, block coverage, statement coverage, path coverage, decision coverage, branch coverage, and simple condition coverage. It also supports modified condition/decision coverage or MCDC because projects that require safe reliable software such as aircraft and cars, tend to required this form of coverage as it's believed to be a better measure of whether or not the code has been thoroughly exercised.
Regression testing verifies that software continues to operate correctly, even as changes are made and new versions are released. C/C++test automatically generates tests that capture the current state of an applications behavior by recording what happens while the application is running. Later test runs are compared against stored results from earlier runs that help determine what problems changes in the code may have introduced. Having a robust regression test suite is especially critical in areas where there are short release cycles and high degrees of test automation such as agile software development or extreme programming, to help insure that changes aren't introducing bugs into the software.[ citation needed ]
C/C++test includes a lightweight form of runtime error detection that is suitable for use in embedded systems, including running on a target board or host. It helps find serious runtime defects such as memory leaks, null pointers, uninitialized memory, and buffer overflows.
Software metrics are used to help assess and improve software quality. Some metrics are used to help determine where bug-prone code might be, while others help understand maintainability and proper construction. C/C++test provides a variety of software metrics including traditional counting metrics of lines, files, comments, methods, etc. as well as industry standards like fan out, cyclomatic complexity, cohesion, and various Halstead metrics.
Users can configure which metrics they want to run and where applicable can set thresholds for what's an acceptable value for a particular metric. This allows users to flag code that is outside the expected range as an error to be reviewed or fixed. Graphic reports are provided to show values and trends in the metrics.
Static code analysis is the process of analyzing source code without executing the software. It helps developers to find bugs early, as well as code according to best practices. [7] This helps create code that is less susceptible to bugs by avoiding potentially dangerous code styles and constructs. [8] In industries where software performance is critical there are often requirements to run static analysis tools or even particular static analysis rules.
Static analysis in C/C++test includes different types of analysis including pattern-based, abstract interpretation, flow analysis, and metrics. This helps detect code responsible for memory leaks, erratic behavior, crashes, deadlocks, and security vulnerabilities.
C/C++test comes with pre-configured templates to assist enforcing static analysis rules for a variety of industry standards such as: [9]
When working in industries where there are strict coding requirements or regulatory standards, it is necessary to be able to prove that an application was developed according to the required steps. traceability is having all the information necessary to prove in a software audit that you've done the proper process. Commonly this means being able to prove what code belongs to a particular requirement as well as who reviewed it and what the outcome of such a review was. It also encompasses any tests and analysis performed on the code and what was done for any tests that failed. C/C++test keeps track of your testing and links it back to the requirement system, source control system, and bug tracking systems. This provides full traceability into each step of the software development process.
The purpose of unit testing is to make sure that all of the individual pieces of a software application work properly by themselves before integration. In programming languages like C and C++ this usually consists of a single file, or a small number of files that all perform a related function. Unit testing encompasses the creation of tests, execution of tests to see the results, and maintenance of tests for long term use. Because unit testing is often associated with code coverage which shows exactly what lines of code were executed by a test, both functionalities are included in C/C++test.
C++test helps you create unit tests that are compatible with xUnit testing frameworks. It also provides tracing functionality that lets you monitor a system under test and generate test cases based on actual paths and data used during the execution. It also provides functionality to handle isolating the code necessary to allow it to function without the rest of the application, also called stubbing, as well as an object repository to store, share, and reuse software objects initialized with the necessary test data. Stubs allow you to remove dependent parts of the full application such as a database or API but still run the application as if the component were still there. C/C++test allows you to create the necessary stubs to run your code in isolation.
The capability to alter and extend test data is provided through a variety of means such as a data source interface that allows you to read test inputs from files, spreadsheets, and databases. Tests can also be run simultaneous with runtime error detection turned on so as to find serious programming flaw that won't necessarily cause assertion failures during testing but are likely to cause software instability when deployed. Execution on embedded systems is support, whether it's a host, target, or simulator, including cross-compilation, loading tests to the target, and loading results from a remote execution back in the GUI.
Parasoft C/C++test was originally introduced in 1995 as a static analysis tool based on guidelines found in the book Effective C++ by Scott Meyers. [10] Later when unit test creation and execution was added the product was renamed to C++test. [11] Eventually the product name was modified to include both C and C++ to reflect what languages are actually covered. [12]
Parasoft C/C++test won Software Test and Performances’ 2008 Testers Choice Award in the best embedded/mobile test/performance category. [13] It was selected as VDC's Software Embeddy "Best in Show" award winner in 2012. [14]
Parasoft received TUV certification as an automotive functional safety tool in 2011 according to IEC 61508 and ISO 26262 standards. [15]
Compiler type (OS) | Compiler name / target |
---|---|
Windows | Microsoft Visual C++ |
Windows | GNU and MingW gcc/g++ |
Windows | GNU gcc/g++ |
Windows | Green Hills MULTI for Windows |
Linux | GNU gcc/g++ |
Linux | Green Hills MULTI for Linux |
Solaris | Sun ONE Studio |
Solaris | GNU gcc/g++ |
Solaris | Green Hills MULTI for SPARC Solaris |
Target/Cross | Altera NIOS GCC |
Target/Cross | ADS (ARM Development Suite) |
Target/Cross | ARM for Keil μVision |
Target/Cross | ARM RVCT |
Target/Cross | ARM DS-5 GNU Compilation Tools |
Target/Cross | Cosmic Software 68HC08 |
Target/Cross | eCosCentric GCC |
Target/Cross | Freescale CodeWarrior C/C++ for HC12 |
Target/Cross | Fujitsu FR Family SOFTUNE |
Target/Cross | GCC (GNU Compiler Collection) |
Target/Cross | Green Hills MULTI for V800 |
Target/Cross | IAR C/C++ for ARM |
Target/Cross | IAR C/C++ for MSP430 |
Target/Cross | Keil C51 |
Target/Cross | Microsoft Visual C++ for Windows Mobile |
Target/Cross | Microsoft Embedded Visual C++ |
Target/Cross | National Instruments LavWindows/CVI 2015 Clang C/C++ Compiler |
Target/Cross | QCC (QNX GCC) |
Target/Cross | Renesas RX C/C++ |
Target/Cross | Renesas SH SERIES C/C++ |
Target/Cross | STMicroelectronics ST20 |
Target/Cross | STMicroelectronics ST40 |
Target/Cross | TASKING 80C196 C |
Target/Cross | TASKING TriCore VX-toolset C/C++ |
Target/Cross | TI TMS320C2x/C2xx/C5x |
Target/Cross | TI TMS320C2000 C/C++ |
Target/Cross | TI TMS320C54x C/C++ |
Target/Cross | TI TMS320C55x C/C++ |
Target/Cross | TI TMS320C6x C/C++ |
Target/Cross | TI MSP430 C/C++ |
Target/Cross | Wind River GCC |
Target/Cross | Wind River DIAB |
In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment.
IEC 61508 is an international standard published by the International Electrotechnical Commission (IEC) consisting of methods on how to apply, design, deploy and maintain automatic protection systems called safety-related systems. It is titled Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems.
Software safety is an engineering discipline that aims to ensure that software, which is used in safety-related systems, does not contribute to any hazards such a system might pose. There are numerous standards that govern the way how safety-related software should be developed and assured in various domains. Most of them classify software according to their criticality and propose techniques and measures that should be employed during the development and assurance:
Dynamic program analysis is the act of analyzing software that involves executing a program – as opposed to static program analysis, which does not execute it.
PikeOS is a commercial hard real-time operating system (RTOS) which features a separation kernel-based hypervisor. This hypervisor supports multiple logical partition types for various operating systems (OS) and applications, each referred to as a GuestOS. PikeOS is engineered to support the creation of certifiable smart devices for the Internet of Things (IoT), ensuring compliance with industry standards for quality, safety, and security across various sectors. In instances where memory management units (MMU) are not present but memory protection units (MPU) are available on controller-based systems, PikeOS for MPU is designed for critical real-time applications and provides up-to-standard safety and security.
MISRA C is a set of software development guidelines for the C programming language developed by The MISRA Consortium. Its aims are to facilitate code safety, security, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C / C90 / C99.
Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.
Parasoft DTP is a development testing and software testing analytics solution from Parasoft that acts as a centralized hub for managing software quality and application security. DTP gives standard software reports from routine software development tasks and has the ability to compile information from different software testing procedures to give a summary of the codebase.
LDRA, previously known as the Liverpool Data Research Associates, is a privately held company producing software analysis, testing, and requirements traceability tools for the public and private sectors. It is involved static and dynamic software analysis.
ISO 26262, titled "Road vehicles – Functional safety", is an international standard for functional safety of electrical and/or electronic systems that are installed in serial production road vehicles, defined by the International Organization for Standardization (ISO) in 2011, and revised in 2018.
TargetLink is a software for automatic code generation, based on a subset of Simulink/Stateflow models, produced by dSPACE GmbH. TargetLink requires an existing MATLAB/Simulink model to work on. TargetLink generates both ANSI-C and production code optimized for specific processors. It also supports the generation of AUTOSAR-compliant code for software components for the automotive sector. The management of all relevant information for code generation takes place in a central data container, called the Data Dictionary.
ETAS GmbH is a German company which designs tools for the development of embedded systems for the automotive industry and other sectors of the embedded industry. ETAS is 100% owned by Robert Bosch GmbH.
Development testing is a software development process that involves synchronized application of a broad spectrum of defect prevention and detection strategies in order to reduce software development risks, time, and costs.
AbsInt is a software-development tools vendor based in Saarbrücken, Germany. The company was founded in 1998 as a technology spin-off from the Department of Programming Languages and Compiler Construction of Prof. Reinhard Wilhelm at Saarland University. AbsInt specializes in software-verification tools based on abstract interpretation. Its tools are used worldwide by Fortune 500 companies, educational institutions, government agencies and startups.
Automotive Safety Integrity Level (ASIL) is a risk classification scheme defined by the ISO 26262 - Functional Safety for Road Vehicles standard. This is an adaptation of the Safety Integrity Level (SIL) used in IEC 61508 for the automotive industry. This classification helps defining the safety requirements necessary to be in line with the ISO 26262 standard. The ASIL is established by performing a risk analysis of a potential hazard by looking at the Severity, Exposure and Controllability of the vehicle operating scenario. The safety goal for that hazard in turn carries the ASIL requirements.
Cantata++, commonly referred to as Cantata in newer versions, is a commercial computer program designed for dynamic testing, with a focus on unit testing and integration testing, as well as run time code coverage analysis for C and C++ programs. It is developed and marketed by QA Systems, a multinational company with headquarters in Waiblingen, Germany.
Time-triggered architecture, also known as a time-triggered system, is a computer system that executes one or more sets of tasks according to a predetermined and set task schedule. Implementation of a TT system will typically involve use of a single interrupt that is linked to the periodic overflow of a timer. This interrupt may drive a task scheduler. The scheduler will—in turn—release the system tasks at predetermined points in time.
CodeSonar is a static code analysis tool from CodeSecure, Inc. CodeSonar is used to find and fix bugs and security vulnerabilities in source and binary code. It performs whole-program, inter-procedural analysis with abstract interpretation on C, C++, C#, Java, as well as x86 and ARM binary executables and libraries. CodeSonar is typically used by teams developing or assessing software to track their quality or security weaknesses. CodeSonar supports Linux, BSD, FreeBSD, NetBSD, MacOS and Windows hosts and embedded operating systems and compilers.
employ good programming style and proven programming practices leading to safe, reliable, testable, and maintainable code
The MISRA C Guidelines define a subset of the C language in which the opportunity to make mistakes is either removed or reduced. Many standards for the development of safety-related software require, or recommend, the use of a language subset
CodeWizard is essentially a software rendition of this book that enforces Meyers' list of ways to achieve effective C++ programming
TÜV SÜD certified the latest version of Parasoft C/C++test to be qualified for safety-related software development according to IEC 61508 and ISO 26262 standards.