Parasoft C/C++test

Parasoft C/C++test is an integrated set of tools for testing C and C++ source code that software developers use to analyze, test, find defects, and measure the quality and security of their applications. It supports software development practices that are part of development testing, including static code analysis, dynamic code analysis, unit test case generation and execution, code coverage analysis, regression testing, runtime error detection, requirements traceability, and code review. It's a commercial tool that supports operation on Linux, Windows, and Solaris platforms as well as support for on-target embedded testing and cross compilers.

Overview
Parasoft C/C++test is a combined set of tools that helps developers test their software. It's delivered as a standalone application that runs from the command line, or as a plug-in to Eclipse or Microsoft Visual studio. Various modules in the set assist software developers in performing static and dynamic analysis, creating, executing and maintaining unit tests, measuring code coverage and other software metrics, and executing regression tests.

The errors that C/C++test discovers include uninitialized or invalid memory, null pointer dereferencing, array and buffer overflow, division by zero, memory and resource leaks, duplicate code, and various types of dead or unreachable code.

C/C++test customers include Samsung Electronics, Wipro, NEC, and SELEX Sistemi Integrati. It is also used by Lockheed Martin for the F-35 Joint Strike Fighter program (JSF) Inomed uses it to achieve IEC 62304 certification for their medical device software.

Code coverage
When testing software code coverage is a measure of which parts of the code have been executed during a test, and which have not. There are many different methods for measuring coverage that have different criteria on how it's calculated. Depending on your needs you can choose which is the best fit for your application.

C/C++test includes options for line coverage, meaning has the line been executed, block coverage, statement coverage, path coverage, decision coverage, branch coverage, and simple condition coverage. It also supports modified condition/decision coverage or MCDC because projects that require safe reliable software such as aircraft and cars, tend to required this form of coverage as it's believed to be a better measure of whether or not the code has been thoroughly exercised.

Regression testing
Regression testing verifies that software continues to operate correctly, even as changes are made and new versions are released. C/C++test automatically generates tests that capture the current state of an applications behavior by recording what happens while the application is running. Later test runs are compared against stored results from earlier runs that help determine what problems changes in the code may have introduced. Having a robust regression test suite is especially critical in areas where there are short release cycles and high degrees of test automation such as agile software development or extreme programming, to help insure that changes aren't introducing bugs into the software.

Runtime error detection
C/C++test includes a lightweight form of runtime error detection that is suitable for use in embedded systems, including running on a target board or host. It helps find serious runtime defects such as memory leaks, null pointers, uninitialized memory, and buffer overflows.

Software metrics
Software metrics are used to help assess and improve software quality. Some metrics are used to help determine where bug-prone code might be, while others help understand maintainability and proper construction. C/C++test provides a variety of software metrics including traditional counting metrics of lines, files, comments, methods, etc. as well as industry standards like fan out, cyclomatic complexity, cohesion, and various Halstead metrics.

Users can configure which metrics they want to run and where applicable can set thresholds for what's an acceptable value for a particular metric. This allows users to flag code that is outside the expected range as an error to be reviewed or fixed. Graphic reports are provided to show values and trends in the metrics.

Static analysis
Static code analysis is the process of analyzing source code without executing the software. It helps developers to find bugs early, as well as code according to best practices. This helps create code that is less susceptible to bugs by avoiding potentially dangerous code styles and constructs. In industries where software performance is critical there are often requirements to run static analysis tools or even particular static analysis rules.

Static analysis in C/C++test includes different types of analysis including pattern-based, abstract interpretation, flow analysis, and metrics. This helps detect code responsible for memory leaks, erratic behavior, crashes, deadlocks, and security vulnerabilities.

C/C++test comes with pre-configured templates to assist enforcing static analysis rules for a variety of industry standards such as:
 * ANSI IEC 62304 for medical devices
 * DO-178B for airborne systems
 * IEC 61508 & Safety Integrity Level for functional safety of electronic systems
 * U.S. FDA general principles of software validation for medical software
 * ISO 26262 & ASIL for automotive software
 * Joint Strike Fighter Program for fighter aircraft
 * Safety-critical software development
 * Motor Industry Software Reliability Association (MISRA) for automotive software
 * PCI DSS Payment Card Industry data security standard
 * DISA STIG for defense industry systems and software

Traceability
When working in industries where there are strict coding requirements or regulatory standards, it is necessary to be able to prove that an application was developed according to the required steps. traceability is having all the information necessary to prove in a software audit that you've done the proper process. Commonly this means being able to prove what code belongs to a particular requirement as well as who reviewed it and what the outcome of such a review was. It also encompasses any tests and analysis performed on the code and what was done for any tests that failed. C/C++test keeps track of your testing and links it back to the requirement system, source control system, and bug tracking systems. This provides full traceability into each step of the software development process.

Unit testing
The purpose of unit testing is to make sure that all of the individual pieces of a software application work properly by themselves before integration. In programming languages like C and C++ this usually consists of a single file, or a small number of files that all perform a related function. Unit testing encompasses the creation of tests, execution of tests to see the results, and maintenance of tests for long term use. Because unit testing is often associated with code coverage which shows exactly what lines of code were executed by a test, both functionalities are included in C/C++test.

C++test helps you create unit tests that are compatible with xUnit testing frameworks. It also provides tracing functionality that lets you monitor a system under test and generate test cases based on actual paths and data used during the execution. It also provides functionality to handle isolating the code necessary to allow it to function without the rest of the application, also called stubbing, as well as an object repository to store, share, and reuse software objects initialized with the necessary test data. Stubs allow you to remove dependent parts of the full application such as a database or API but still run the application as if the component were still there. C/C++test allows you to create the necessary stubs to run your code in isolation.

The capability to alter and extend test data is provided through a variety of means such as a data source interface that allows you to read test inputs from files, spreadsheets, and databases. Tests can also be run simultaneous with runtime error detection turned on so as to find serious programming flaw that won't necessarily cause assertion failures during testing but are likely to cause software instability when deployed. Execution on embedded systems is support, whether it's a host, target, or simulator, including cross-compilation, loading tests to the target, and loading results from a remote execution back in the GUI.

History
Parasoft C/C++test was originally introduced in 1995 as a static analysis tool based on guidelines found in the book Effective C++ by Scott Meyers. Later when unit test creation and execution was added the product was renamed to C++test. Eventually the product name was modified to include both C and C++ to reflect what languages are actually covered.

Parasoft C/C++test won Software Test and Performances’ 2008 Testers Choice Award in the best embedded/mobile test/performance category. It was selected as VDC's Software Embeddy "Best in Show" award winner in 2012.

Parasoft received TUV certification as an automotive functional safety tool in 2011 according to IEC 61508 and ISO 26262 standards.

Supported IDEs

 * ARM Development Studio
 * ARM Workbench IDE for RVDS
 * Eclipse IDE for Developers
 * Green Hills MULTI
 * IAR Embedded Workbench
 * Keil μVision IDE
 * Keil RealView
 * Microsoft eMbedded Visual C++
 * Microsoft Visual Studio
 * Microsoft Visual Studio Code
 * QNX Momentics IDE
 * Texas Instruments Code Composer Studio
 * Wind River Tornado
 * Wind River Workbench