Parasoft provides centralized management of organization-level and team-level policies for ensuring
application security, reliability, performance, and maintainability—as well as complying with
FDA, DO-178, PCI, and other regulations. Policies are easily deployed and customized for specific
projects without compromising the integrity of the corporate objectives. Policy management is centralized
for simple access and policy application is automated for rapid scanning and reporting.
Organization/Team Policy Manager
Parasoft’s policy manager provides a fast and easy way to ensure that policy enforcement is
standardized both globally and locally. This can include a fixed set of organizational
policies, as well as subsets of policies customized to suit the needs of specific projects
and teams. Policy configurations for thousands of desktops can be implemented or updated once,
then distributed to thousands of machines with a single click.
Rule Library
Each language-specific rule library (Java, C/C++, .NET, XML, etc.) provides configurable sets of hundreds
of rules—including specific (contextual) security rules. Parasoft’s rule library is the most
comprehensive in the industry, and is constantly being extended. To help developers understand and achieve
the benefit that the rules deliver, we provide detailed documentation for each rule, including an explanation
of the rule requirements and customizable enforcement parameters, the rationale behind the rule, a sample
violation, and an explanation of how to bring code into compliance.
Rule Configuration/Parameterization
Since goals and technologies vary from project to project, Parasoft allows teams to customize the logic of
library rules to suit the unique demands of specific projects and priorities. Rules are customized using GUI
controls—no coding or scripting is required. Moreover, rule names, descriptions, and severities can be
matched to your organization’s policies, establishing a fully-customized policy management and reporting interface.
Graphical Rule Wizard
In the event that certain internal policies cannot be matched to library rules, Parasoft’s RuleWizard provides
fast and easy ways to extend the rule set. Custom rules can be built graphically or generated automatically by
providing code that demonstrates a sample rule violation. This flexible framework supports definition of even the most complex policy requirements.
Parasoft defines, automates, and monitors a workflow that improves development productivity and forms the
foundation for a sustainable quality process. As quality tasks are defined and automated, process control
guidelines are established to measure process progress as well as software quality. With monitorable quality
gates and thresholds throughout the SDLC, your organization and team can track progress and ultimately
improve the software development process.
Quality Process Definition
Quality processes and tasks are defined in the system and the workflow associated with the process is automated.
The organization’s expectations around quality tasks are visible and monitored. This significantly reduces
the resources required to establish and maintain the quality process, resulting in increased team productivity.
Quality Process Metrics
Process control guidelines are established to measure both process progress and software quality. By establishing quality gates
at specific points in the SDLC and establishing quality thresholds, organizations and teams gain the ability to track
progress and ultimately improve the software development process.
Workflow Optimization
Tasks to support quality policies must be optimized so they can become an integral part of the team's existing workflow.
The lack of automation, repeatability, or consistency will degrade any quality initiative that the organization intends to
deploy. Parasoft optimizes the workflow to ensure that the quality process is both sustainable and scalable. For example:
Routing each reported issue directly to the responsible developer and customizable issue prioritization both ensure that your most critical issues are addressed in a timely manner.
Centralized configuration management to ensure that test configurations are applied consistently and can be updated effortlessly as priorities and processes evolve.
Monitoring manual processes that require human intelligence, then converting them into automated processes relieves the team from having to repeat many manual efforts.
Issue Prioritization
Results are reported as a prioritized task list to help the team focus their attention and resources on the issues expected to
have the greatest impact on quality. To ensure that the most critical policy violations are identified immediately and promptly
resolved, Parasoft allows organizations to customize issue severities to match their unique project needs and priorities.
Context Suppression
Context-sensitive suppressions allow teams to prevent rules from firing under specific circumstances where they do not apply. This reduces
the level of noise, ensuring that every violation reported is a real problem that should be fixed. Suppressions can be defined in the
code to ensure they are always visible when code is reviewed and modified.
Regulatory Compliance
To help teams achieve and demonstrate regulatory compliance, we establish an in-line continuous quality process that ensures mandated
practices are not only deployed across every stage of the SDLC, but also ingrained into the team’s workflow.
Parasoft supports:
After each test, a list of tasks required for compliance is generated and prioritized. The responsible developers are notified immediately,
and their assigned tasks are distributed directly to their IDEs. Archived reports and trend graphs document validation efforts and quality improvements.
Parasoft's static analysis monitors whether code meets uniform expectations around security, reliability, performance, and maintainability—delivering real-time training based on corporate policy. By exposing structural errors and preventing entire classes of errors, this provides a foundation for producing solid code. Our static analysis includes static code analysis, data flow static analysis, and code metrics analysis. All are centrally managed and highly automated. Moreover, an automated framework is provided to ensure consistency across development languages, development teams, and third-party partners.
Parasoft's static code analysis monitors whether code follows industry-standard or customized rules for ensuring that code meets uniform expectations around security, reliability, performance, and maintainability. Over 15 years of research and development have gone into optimizing Parasoft's patented static code analysis engine and knowledge base. Our static code analysis solutions feature:
A centralized, integrated system for automated monitoring of code compliance across heterogeneous environments (Java, C/C++, C#, VB.NET, JavaScript, etc.), core industry standards (FDA, JSF, MISRA, Ellemtel, PCI, WS-*, Section 508, etc.), and organization-specific policies (security, branding, etc.).
Rule sets that are the most comprehensive in the industry—and are constantly being extended.
Fast, easy ways to define and check custom static analysis rules that prevent application-specific errors from reoccurring and monitor adherence to organization-specific policies.
Automated task assignment and customizable issue prioritization to ensure that the most critical issues are addressed in a timely manner.
Parasoft's static code analysis can easily be configured to automatically monitor adherence to organization, team, and project policies for security, compliance, etc. The rule library includes hundreds of rules that deliver "out-of-the-box" monitoring of many common policy requirements. These static analysis rules can be customized as needed to match specific policy requirements, and the rule set can be rapidly extended to address even the most complex and unique requirements. Moreover, rule names, descriptions, and severities can be mapped to the organization's policies, establishing a fully-customized policy management and reporting interface.
In addition to enforcing organizations' unique security policies, Parasoft automatically
identifies common security vulnerabilities with the most comprehensive rule set in the industry.
Our solutions are configured to deliver an instant assessment of compliance with PCI DSS section 6
security guidelines. This enables teams to rapidly assess the level of compliance–without
spending time reading the PCI DSS specification and determining how the requirements translate to
code. We also provide an automated assessment of your risks regarding the most critical application
security vulnerabilities (as listed in the OWASP Top 10).
Expert Best Practices
Industry leaders have built an extensive knowledge base of guidelines for preventing the most
serious and common software defects. Parasoft's code analysis provides expert code feedback in
seconds by automatically applying the wisdom of gurus such as Scott Meyers, Herb Sutter, Andrei
Alexandrescu. Identifying and fixing the reported violations improves code security, reliability,
performance, and maintainability.
Technology Guidelines and Standards
To help developers understand and negotiate the unique pitfalls involved in working with certain
technologies, Parasoft automatically monitors code compliance to technology-specific guidelines and
standards. We provide out-of-the-box support for preventing mistakes related to common
technologies/frameworks such as Standard Template Library and the Trolltech Qt framework.
Moreover, our flexible framework can easily be extended to support more specialized needs.
To help teams achieve and demonstrate regulatory compliance, we establish an in-line continuous quality process that ensures mandated practices are not only deployed across every stage of the SDLC, but also ingrained into the team’s workflow.
Our static code analysis enables teams to rapidly assess the level of compliance to various regulatory standards–without spending time reading the related specifications and determining how the requirements translate to code.
Moreover, our flexible static code analysis framework can easily be extended to support more specialized needs.
Each issue detected is prioritized, automatically correlated to the developer who introduced it, then distributed to his or her IDE with direct links to the problematic code. Eventually, developers start writing compliant code as a matter of habit. Moreover, through integration with the development infrastructure, results are correlated with requirements, bugs, and source code changes—converting data into actionable information.
Archived reports and trend graphs document validation efforts and quality improvements.
Application-Specific Errors
Parasoft provides fast and easy ways to define custom static code analysis rules that prevent the recurrence of application-specific defects after a single instance has been found. By ensuring that the team does not make the same mistake twice, this significantly improves team productivity and product quality.
Parasoft's data flow analysis provides automated detection of runtime errors without requiring the software to actually be executed. This enables early and effortless detection of critical runtime errors that might otherwise take weeks to find. We statically simulate application execution paths–which may cross multiple units, components, and files–to identify paths that could trigger runtime errors related to memory and resource management, buffer overflows, dead code, threads, and security vulnerabilities. To simply defect analysis, a complete analyzed path trace for each potential defect is reported in the IDE, and automatic cross–links to code help users quickly jump to any point in the highlighted analysis path.
This ability to expose these errors without executing code is especially valuable for teams with legacy code bases lacking robust test suites or embedded code, where runtime analysis and detection of such errors is not effective or possible.
Static Detection of Complex Runtime Errors
Parasoft's data flow analysis enables you to find complex runtime errors such as uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and various flavors of dead code–without having to create, execute, or maintain test cases.
Static Detection of Security Vulnerabilities
For security vulnerability detection, Parasoft’s data flow analysis detects whether actual application execution paths could lead to injection vulnerabilities, buffer overflows, and other vulnerabilities.
Legacy Code Audit
Parasoft’s data flow analysis can be applied to a large code base for fast, effortless detection of complex runtime problems. This provides a practical way to identify critical problems in a large code base when testing resources are limited. Moreover, data flow helps you audit the effectiveness of your quality policies. If proper quality policies are in place, no problems should be reported by data flow analysis. An issue detected by data flow analysis indicates that the quality policy was not comprehensive enough or was not applied properly.
Parasoft’s code metrics analysis calculates a customizable set of industry-standard metrics, as well as identifies specific pieces of code that exceed industry-standard or customized metrics thresholds. This helps organizations identify brittle or overly-complex code that could impede agility or reuse.
Calculation
Parasoft’s metrics calculation capability provides organizations visibility into code complexity and the potential impacts of an anticipated code change. This enables them to make more informed decisions as to how to modify, refactor, and test it. Metrics calculations provided include Cyclomatic Complexity, Inheritance Depth, Nested Block Depth, and more.
Limit-Based Analysis
Parasoft enables organizations to customize the boundaries and thresholds for available metrics so that team members are alerted when metrics are outside of the prescribed range. Leveraging this automation, the team is freed to focus on analyzing and improving the problematic code–tasks that truly require human intelligence.
Parasoft's automated code analysis checks code as it is written to prevent entire classes of errors and ensure that code meets uniform expectations
around security, reliability, performance, and maintainability. This typically relieves developers from having to perform line-by-line inspections
during peer code reviews, freeing them to focus on higher-level analyses that require human intelligence. With automated checking for
compliance to the team's and organization's development policies, the team can begin code reviews by discussing interesting findings from
the automated code analysis results, then move on to examining design, algorithmic, and implementation issues. This aspect of the peer
code review is supported by Parasoft's code review capability, which automatically identifies updated code, matches the code with
designated reviewers, and tracks the progress of each review item until closure. By automating critical workflow components, the
team gains more time to focus on inspecting and improving the code.
Peer Code Review
Parasoft automates and manages the peer code review workflow. Our code review capability-which
automates preparation, notification, and tracking of peer code reviews-addresses the known
shortcomings of this very powerful inspection method. It automatically identifies updated code by
scanning the source control system or the local file system, matches the code with designated
reviewers, and tracks the progress of each review item until closure. This allows teams to
establish a bulletproof review process where all new code gets reviewed and all identified issues
are resolved.
Teams who prefer to review only the the most dangerous segments of their code (for example, the
most security-sensitive or deadlock-prone areas of the code base) can easily set up such focused
reviews using the flexible configuration options.
Workflow
For a code review process to be sustainable and successful, it’s essential that the workflow be as natural and unobtrusive as possible. That’s why Parasoft engineered an automated peer code review workflow where developers simply check in code as normal, then review packages are prepared automatically and distributed to the appropriate reviewer’s IDE. The only added work is the actual peer review—a creative process that cannot, and should not, be automated.
Parasoft provides built-in support for the following typical code review flows:
Post-commit code review: This mode is based on automatic identification of code changes in a source repository via custom source control interfaces. Code review tasks are created based on a preconfigured mapping of changed code to reviewers.
Pre-commit code review: Users can initiate a code review from the desktop by selecting a set of files to distribute for the review, or automatically identify all locally changed source code.
Contextual Analysis
Although automated code analysis can identify many issues related to security, reliability, performance, and maintainability, it cannot detect functional defects: instances where the code is not doing what it’s supposed to do. This high-level error detection can only be achieved when the human brain analyzes code in the context of its requirements and available test cases. Parasoft aggregates these artifacts, reducing the barrier to entry for this irreplaceable analysis.
Monitoring
For a code review process to stay on track, it needs to be measured and actively monitored. That’s why Parasoft automates the process and connects
it to Parasoft's reporting system — providing objective answers to questions such as:
Are reviews being performed?
Are identified issues actually being resolved?
How is the code review impacting team productivity and application quality?
Parasoft delivers a complete framework to create, manage, and extract greater value from unit tests. We help you exercise and test an incomplete system—enabling you to identify problems when they are least difficult, costly, and time-consuming to fix. This reduces the length and cost of downstream processes such as debugging. Moreover, since all tests are written at the unit level, the test suite can be run independent of the complete system. This allows you to isolate code behavior changes, reduces setup complexities, and makes it practical to execute the test suite on a daily basis.
Test Creation
To facilitate standardized testing and quality processes, our patented technologies automatically generate extensible, reusable test cases. These test cases not only expose potential reliability problems, but also capture the code's current behavior to establish a baseline for regression testing. You can incrementally improve the test suite’s intelligence and value by extending the generated test cases. Collectively, these test cases establish a safety net that alerts you when modifications impact application behavior.
Regression Baseline
If your team has a large code base with minimal tests or no tests, the fastest route to regression testing is to automatically generate a regression test suite that captures the code's current behavior—and then run it daily to determine if code modifications break existing functionality. To help you achieve this, we scan the project code base, then automatically generate a baseline set of unit test cases that capture the code's current behavior. Then, we establish a continuous regression testing process which ensures that the impacts of code modifications are identified and addressed daily, and the test suite stays in synch with the evolving application. This provides a safety net that helps developers rapidly change code with confidence, which is especially critical for teams working on complex and constantly-evolving applications.
Exception Detection
By using corner case conditions, automatically-generated test cases check responses to unexpected inputs, exposing potential reliability problems.
Parasoft provides a variety of technologies to help you extend your manually-defined and automatically-generated test cases, enabling you to increase their value with minimal effort.
Easy Extension
Parasoft automatically generates complete tests, including test drivers and test cases for individual functions, in a format similar to CppUnit. Developers can rapidly add additional tests (for verifying specific functionality and/or increasing coverage) by extending the automatically-generated tests. This allows developers to extend the test suite while writing a minimal amount of code.
Stub Creation and Management
Parasoft can automatically stub out calls to external resources or problematic functions within the source code base. This relieves developers from having to write extensive stubs or mock objects from scratch. Using automatically-generated stub templates, you can define your own stubs for automatically-generated or user-defined test cases.
Test Case Parameterization
Test Case Parameterization automates the process of reusing a test with different sets of data. This allows teams to increase the amount of testing and coverage with very little effort.
Data-Driven Test Cases
Parasoft can use values from any of the following types of data sources for test case inputs as well as data validation:
CSV files
Databases
Excel spreadsheets
Tables created in (or copied into) the internal table editor.
File
Graphical Test Case Wizard
The Test Case Wizard provides a graphical interface enabling users to visualize all input and output parameters of a function, set input and expected values, and generate source code for individual tests based on set parameters. This enables developers to rapidly create functional tests for code components without having to worry about their inner workings or embedded data dependencies.
Parasoft’s extended execution environment centralizes execution and enhances reporting for your automatically-generated, extended, or legacy CppUnit test cases.
Error Assignment and Distribution
To promote fast remediation, each test failure or exception detected is prioritized, assigned to the developer who introduced the problem, and distributed to his or her IDE with direct links to the problematic code.
Coverage Analysis
A multi-metric test coverage analyzer, including statement, branch, path, and MC/DC coverage, helps users gauge test suite efficacy and completeness, as well as demonstrate compliance with test and validation requirements such as DO-178B, FDA, etc. Coverage is reported in percentages as well as graphically displayed via source code that is annotated with line-by-line coverage details. Back tracing from coverage elements to the corresponding test cases enables users to analyze test results and extend the test cases for better coverage, with higher efficiency.
Moreover, data from unit, component, and manual testing can be combined for cumulative coverage reporting. This includes interactive visualization and analysis in the code browser, as well as automatic generation of comprehensive coverage reports.
Memory Analysis
Runtime memory analysis can be performed during the unit and component test process (as well as during application-level testing). This allows early detection of a variety of difficult-to-track programming and memory-access errors, along with potential defects and inefficiencies in memory usage.
Debugger Integration
Developers can step through test cases with a debugger to better examine the code's internal state during a given test. For example, they might want to debug test cases to learn more about why an unexpected outcome was reported, or to determine why a test case failed.
Parasoft enables teams to produce better code for embedded systems, test it more efficiently, and consistently monitor
progress towards their quality goals. Critical time-proven best practices—such as static analysis, comprehensive
code review, runtime memory analysis, and unit and component testing with integrated coverage analysis—are
enabled on the developer's desktop, early in the development cycle. A command line interface enables fully automated
execution within regression and continuous integration environments, providing data for monitoring and analyzing quality trends.
For highly quality-sensitive industries, such as avionics, medical, automobile, transportation, and industrial automation,
the addition of Parasoft's Web-based audit and reporting system enables an efficient and auditable quality process with
complete visibility into compliance efforts.
Test on the Host, Simulator, and Target
Parasoft removes the barrier to effective, comprehensive embedded testing by automatically generating extensible test
cases that can be executed on the host, simulator, and in the actual target environments in order to verify code robustness,
verify functional results, and obtain code coverage metrics. We can also monitor running application to detect memory problems
and to track code coverage.
On the host environment, developers can automatically generate a core set of unit and API test cases designed to identify
unexpected function responses to corner case conditions. With a different configuration, the generated tests will capture
current software behavior at the method/function level. This test suite can then be extended as needed for functional
testing, automatically configured for regression testing, and executed on the host if desired (with the target
dependencies automatically replaced by configurable stubs).
The same test suite can then be cross-compiled for execution in a target environment. Target test results are saved to a file
that can be loaded into the GUI for evaluation/analysis. Test results can be automatically sent to the GUI. Coverage metrics,
including branch, simple condition, and MC/DC coverage, are collected for all tests. The GUI provides extensive facilities
for debugging test cases, including support for many host debuggers, stack trace reporting, reporting of call sequences,
and detailed display of test case results.
The original application can be also instrumented for detection of memory related problems, cross-compiled and started
on the target to pinpoint existing memory bugs and to collect code coverage. This coverage data can be combined with the
coverage data from unit testing.
Parasoft automates the complete test execution flow, including test case generation, cross-compilation, deployment, execution,
and loading results (including coverage metrics) back into the GUI. Testing can be driven interactively from the GUI or
launched from the command line for automated test execution as well as batch regression testing. In the interactive mode,
users can run tests individually or in selected groups for easy debugging or validation. For batch execution, tests can be
grouped based either on the user code they are linked with, or their name or location on disk.
Parasoft allows full customization of its test execution sequence. In addition to using the built-in test automation,
users can incorporate custom test scripts and shell commands to fit the tool into their specific build and test environment.
Our solutions can be utilized with a wide variety of embedded OS and architectures by cross-compiling the provided runtime
library for a desired target runtime environment. Since all test artifacts are source code, they are completely portable.
ARM RVDS and ADS Support
The Parasoft plugin for ARM RealView Development Suite provides RVDS users easy access to Parasoft C++test's static analysis, code review, runtime memory analysis, and unit testing capabilities directly within their IDE. This seamless integration enables testing and verification to become a natural and continuous part of the development process. The complete target-based test execution flow, including test case generation, cross-compilation, deployment, execution and loading results back to the GUI, can be automated.
Parasoft C++test is available as a plugin to ARM Workbench IDE for RVDS, as well as an Eclipse-based standalone version that supports development with ARM compilers used in standard command line build systems. ADS projects can be imported into Parasoft C++test standalone.
Green Hills Software MULTI Support
Green Hills Software projects can be imported into Parasoft C++test for static analysis, code review, runtime memory analysis,
and unit testing. The complete target-based test execution flow, with test case generation, cross compilation, deployment,
execution and loading results back into GUI, can be automated with Parasoft C++test. A command line interface can be used to
include code analysis and regression testing in scheduled batch runs.
IAR Embedded Workbench Support
IAR Embedded Workbench projects can be imported into Parasoft C++test for static analysis, code review, runtime memory analysis,
and unit testing. The complete target-based test execution flow, with test case generation, cross compilation, deployment,
execution and loading results back into GUI, can be automated. A command line interface can be used to include code analysis and
regression testing in scheduled batch runs.
Keil µVision Support
Keil µVision projects can be imported into Parasoft C++test for static analysis, code review, runtime memory analysis,
and unit testing. The complete target-based test execution flow, with test case generation, cross compilation, deployment,
execution and loading results back into GUI, can be automated. A command line interface can be used to include code analysis
and regression testing in scheduled batch runs.
Microsoft eMbedded Visual C++ projects can be imported into Parasoft C++test for static analysis, code review, runtime
memory analysis, and unit testing. The complete target-based test execution flow, with test case generation, cross compilation,
deployment, execution and loading results back into GUI, can be automated. A command line interface can be used to include code
analysis and regression testing in scheduled batch runs.
Microsoft Windows Mobile Support
The Parasoft C++test Visual Studio plugin directly supports Mobile SDKs for Window Mobile. This provides Windows Mobile
developers easy access to Parasoft C++test's static code analysis, code review, runtime memory analysis and unit testing
capabilities directly within their IDE. This seamless integration enables testing and verification to become a natural
and continuous part of the development process. The complete target-based test execution flow, including test case generation,
cross-compilation, deployment, execution and loading results back to the GUI, can be automated within Parasoft C++test.
QNX Momentics Support
The Parasoft C++test plugin for QNX Momentics provides Momentics users easy access to Parasoft C++test's static code analysis,
code review, runtime memory analysis and unit testing capabilities directly within their IDE. This seamless integration
enables testing and verification to become a natural and continuous part of the development process. The complete target-based
test execution flow, including test case generation, cross-compilation, deployment, execution and loading results back to
the GUI, can be automated.
Texas Instruments Code Composer Studio Support
Texas Instruments Code Composer Studio projects can be imported into Parasoft C++test for static analysis, code review, runtime
memory analysis, and unit testing. The complete target-based test execution flow, with test case generation, cross compilation,
deployment, execution and loading results back into GUI, can be automated with Parasoft C++test. A command line interface can
be used to include code analysis and regression testing in scheduled batch runs.
Wind River Workbench and Tornado Support
The Parasoft C++test plugin for Wind River® Workbench provides Workbench users easy access to Parasoft C++test's code
analysis, code review, and unit testing capabilities directly within their IDE. This seamless integration enables testing
and verification to become a natural and continuous part of the development process. The complete target-based test execution
flow, including test case generation, cross-compilation, deployment, execution, and loading results back into the GUI, can be automated.
Parasoft C++test is available as a plug in for Wind River Workbench IDEs and supports both VxWorks® and Wind River Linux RTOS. In addition, a standalone Parasoft C++test installation provides built-in support for import and analysis of Tornado® projects.
Parasoft's memory error detection automatically identifies a variety of difficult-to-track programming and memory-access errors, along with potential defects and inefficiencies in memory usage. Errors such as memory corruption, memory leaks, access outside of array bounds, invalid pointers, and the like often go undetected during normal testing, only to result in application crashes in the field. We help you find and eliminate such defects in your applications to ensure the integrity of their memory usage.
Our highly detailed memory analysis capabilities are based on patented source instrumentation algorithms. Source code instrumentation enables us to detect more error types than other memory error detection technologies, and also provides complete information indicating the root causes of the errors found using a full database of program elements and memory structures.
Compile-Time Memory Error Detection
Parasoft can detect errors at compile-time as well as runtime. Compile-time errors detected include:
Cast of pointer loses precision
Mismatch in format specification
Mismatch in argument type
Code is not evaluated, has no effect, or is unreachable
Undefined identifier
Variable declared, but never used
Returning pointer to local variable
Function returns inconsistent value
Unused variables
Runtime Memory Error Detection
During testing, we check all types of memory references, including those to static (global), stack, and shared memory—both in user’s code and in third party libraries. Errors detected include:
Corrupted heap and stack memory
Use of uninitialized variables and objects
Array and string bounds errors on heap and stack
Use of dangling, NULL, and uninitialized pointers
All types of memory allocation and free errors or mismatches
All types of memory leaks
Type mismatches in global declarations, pointers, and function calls
A multi-metric test coverage analyzer, including statement, branch, path, and MC/DC coverage, helps users gauge test suite efficacy and completeness, and demonstrate compliance with test and validation requirements such as DO-178B, FDA, etc. Coverage is reported in percentages as well as graphically displayed via source code that is annotated with line-by-line coverage details.
Moreover, data from unit, component, and manual testing can be combined for cumulative coverage reporting. This includes interactive visualization and analysis in the code browser, as well as automatic generation of comprehensive coverage reports.
Multiple Instrumentation Modes
There are three ways to use Parasoft solutions for memory analysis and error detection. The first and most detailed analysis is achieved with full source code instrumentation. This requires that application sources be compiled and linked with Parasoft, which generates its own instrumented files that are passed to the actual compiler.
The second option is linking with Parasoft, which provides a trade-off between the extent of error reporting and the actual time to build and run an instrumented application. In this mode, we can detect and report most of the error types, including leaks, bad memory references, standard API usage errors, and so on.
Additionally, Chaperon is exclusive to dynamically linked executables on Linux/x86. Chaperon does not require recompilation or re-linking, and checks all the data memory references a process makes, reporting reads of uninitialized memory, bounds errors, and memory leaks.
Error Detection in Threads
Parasoft instruments all threads, tracks all processes in the application, and quickly pinpoints algorithmic anomalies, bugs, and deficiencies. This allows developers of multithreaded applications to rapidly find and fix the bugs that would otherwise remain hidden in threads and cause the application to perform incorrectly, or to fail to perform at all.
Lightweight Runtime Error Detection for C
Parasoft can perform memory error detection at the application level or during unit test execution. We detect C-related memory errors such as memory leaks, null pointers, uninitialized memory, buffer overflows, and more. The instrumentation used to perform this runtime error detection is lightweight and suitable for running on the target board, simulator, or host for embedded testing.
The collected problems are presented directly in the developer's IDE with the details required to understand and fix the problem (including memory block size, array index, allocation/deallocation stack trace etc.) Coverage metrics are tracked to help the team measure and increase the scope of their testing efforts.
Parasoft's robust reporting capabilities not only promote rapid defect resolution, but also support an auditable quality process by providing complete visibility into the team's efforts.
Reports
After each test/analysis run, Parasoft can automatically generate and e-mail role-based reports to managers, team leads, and developers. Reports are available in HTML, PDF, and custom format, and can be easily configured via GUI controls or an options file. Reports can include the high level of detail required for a truly auditable process; for example:
Pass/fail summary of code analysis and test results
Expanded test output with pass/fail status of individual tests
A list of analyzed files
A list of policies checked
A code coverage summary
Full code listings with color-coding of all code coverage results
Trend graphs for key metrics
Task Distribution
If any developer action is required (fix static analysis violations, address test failures, respond to code review suggestions, etc.), a task is generated, prioritized, and assigned to the developer who wrote the related code. The task is then distributed to the assigned developer's IDE with full data, cross-links to the related code, and a description explaining how to approach the assigned task. An e-mail notification alerts the developer to the assigned tasks.
Dashboards
Interactive Web-based dashboards with drill-down capability allow teams to track project status and trends based on results from Parasoft technologies as well as key process metrics (e.g., from source control, bug tracking, build, and requirements management systems). It correlates data from these sources to provide comprehensive and objective insight into application quality, team productivity, and project risk factors.
Linux kernel 2.4 or higher with glibc 2.3 or higher and an x86-compatible processor
Linux kernel 2.6 or higher with glibc 2.3 or higher and an x86_64-compatible processor (32-bit compatibility package is required)
Solaris 7, 8, 9, 10 and an UltraSPARC processor
IBM AIX 5.3 and a PowerPC processor
IDEs
Eclipse for C/C++ Developers 3.2, 3.3, 3.4, 3.5 (32-bit)
Microsoft Visual Studio .NET 2003, 2005, 2008 with Microsoft Visual C++
Wind River Workbench 2.6 and 3.0
ARM Workbench IDE for RVDS 3.0, 3.1, 4.0
QNX Momentics IDE 4.5 (QNX Software Development Platform 6.4)
Texas Instruments Code Composer Studio 4
Host Compilers
Windows
Microsoft Visual C++ 6.0, .NET (7.0), .NET 2003 (7.1), 2005 (8.0), 2008 (9.0)
GNU and MingW gcc/g++ 2.95.x, 3.2.x, 3.3.x, 3.4.x
GNU gcc/g++ 4.0.x, 4.1.x, 4.2.x, 4.3.x
Green Hills MULTI for Windows x86 Native v4.0.x
Linux (x86 target platform)
GNU gcc/g++ 2.95.x, 3.2.x, 3.3.x, 3.4.x, 4.0.x, 4.1.x, 4.2.x, 4.3.x
Linux (x86_64 target platform)
GNU gcc/g++ 3.4.x, 4.0.x, 4.1.x, 4.2.x, 4.3.x
Solaris
Sun C++ 5.3 (Sun Forte C++ 6 Update 2), Sun C++ 5.5 (Sun ONE Studio 8), Sun C++ 5.6 (Sun ONE Studio 9), Sun C++ 5.7 (Sun ONE Studio 10), Sun C++ 5.8 (Sun ONE Studio 11), Sun C++ 5.9 (Sun ONE Studio 12)
GNU gcc/g++ 2.95.x, 3.2.x, 3.3.x, 3.4.x, 4.0.x, 4.1.x, 4.2.x, 4.3.x
Keil RealView MDK 3.40/µVision3 and MDK-ARM 4.01/µVision4
Microsoft eMbedded Visual C++ 4.0
Microsoft Visual Studio 6
Texas Instruments Code Composer 3.1 and 3.3
Wind River Tornado 2.0, 2.2
Build Management
GNU make
Sun make
Microsoft nmake
JAM
Other build scripts that can provide an option of overriding a compiler via an environment variable
Source Control
AccuRev SCM
Borland StarTeam
CVS
IBM/Rational ClearCase
Microsoft Team Foundation Server
Microsoft Visual SourceSafe
Perforce SCM
Serena Dimensions
Subversion (SVN)
Telelogic Synergy
CORBA
Parasoft's native support for CORBA assists you to construct, continuously execute, and maintain
test suites that directly exercise components via the CORBA protocol. This provides visibility into
how functional test transactions pass through the components—helping you to truly understand
what functionality you have covered and diagnose the cause of any test failures that occur.
[ back to top ]
