Release date: May 12, 2021

This release includes the following enhancements:

Lattix Architect Integration

We've added integration with Lattix Architect to help you analyze and improve your software architecture. C/C++test can now collect code dependency data for your projects and export the data as files that can later be imported to Lattix Architect. See Integrating with Lattix Architect for details.

Enhanced GitHub Integration

This release includes the following enhancements that help streamline your GitHub workflow:

  • Support for generating reports in GitHub's SARIF format, which enables GitHub to present C/C++test static analysis findings as GitHub code scanning alerts.
  • New C/C++test action for running analysis in C/C++test and reviewing results in GitHub as part of your project. 

Refer to the C/C++test action documentation on GitHub for additional information: https://github.com/marketplace/actions/run-parasoft-c-c-test.

Extended Security Compliance Pack

We've extended the Security Pack by adding support for the following standards:

  • DISA-ASD-STIG
  • OWASP API Security Top 10-2019

The new test configurations will help you detect weaknesses identified by the above standards. See New and Updated Test Configurations.

New and Updated Test Configurations

We've added the following test configurations:

  • DISA-ASD-STIG
  • Export Code Dependency Data
  • OWASP API Security Top 10 2019

New and Updated Code Analysis Rules

We've added new static analysis rules to extend coverage of compliance standards. See New Rules and Updated Rules for the lists of new and updated rules.

Other Changes

  • You can migrate deprecated suppressions stored on Team Server to the new format using C/C++test's capabilities See Handling Deprecated Suppressions.
  • We've improved C/C++test's performance when running Flow Analysis and collecting code coverage.

  • You can now help us improve C/C++test by sending anonymous usage data to Parasoft. By default, reporting usage data is disabled – you can opt in anytime using your IDE or the C/C++test configuration setting.
  • Addressed log4j vulnerability CVE-2021-44228 in version 2021.2.1.

Deprecated and Removed Support for Environments

Removed Support for Platforms

Support for the following environments is now removed:

  • 32-bit platforms
  • Windows 7
  • Windows Server 2008
  • Windows Server 2012

Deprecated Support for IDEs

Support for the following IDEs is now deprecated and will be removed in future releases:

  • Visual Studio 2012
  • Visual Studio 2013

Resolved Bugs and FRs

Bug/FR ID

Description

CPP-46176

 reconstruction accesses protected members

CPP-46192

Improve mapping for AUTOSAR-A3_9_1

CPP-47046

MISRA2004-13_7_aj (MISRAC2012-RULE_14_3-aa) should check the real size of 'char' types

CPP-47074

OPT-05 reports false positive violations on variables used in lambdas

CPP-47619

Remove use of __strtok_r from release version of libcpptesttrace64.so

CPP-47708

Compilation error with std::unordered_map

CPP-47423

MISRA2008-5_0_6_a false negative: implicit conversions to narrower type not detected IAR_ARM_7.80.4

CPP-46938

AUTOSAR-M4_10_2-a and CODSTA-131 false positive - array index confused with pointer initialization

CPP-47426

CODSTA-CPP-53 (AUTOSAR-A7_1_1-a) reports false positive violation when an object is captured in lambda by reference

CPP-47124

METRIC.DIF should not count else-if statements without explicit block

CPP-47454

CODSTA-161_a reports false positive when a parameter of essentially boolean type is used as argument in &&,

CPP-47795

Inconsistency in metrics checking Cyclomatic Complexity (CC, SCC, MCC)

CPP-47623

Parser crash when pragma follows asm declaration

CPP-47151

Improve mapping for JSF-164 (use BD-PB-BADSHIFT)

CPP-47196

MISRA2008-3_2_2 (global rule) should not report violations on constexpr variables without definition

CPP-47118

PREPROC-01, PREPROC-10: documentation is misleading

CPP-46917

Adapt C/C++test UT CMake extension for Windows

CPP-46555

Incorrect definition of __atomic_compare_exchange_8 for GCC/Clang windows

CPP-47437

Incorrect setting for class injection for vc_14_2 with /permissive-

CPP-46560

Reconstruction accesses private members

CPP-47595

Deprecated attribute accepts second argument.

CPP-47669

NAMING-32 (AUTOSAR-A2_8_1-a) reports false positive when a header contains template class and its specializations

CPP-47205

MISRA2004-12_13 does not trigger on increment operation in initializer

CPP-47013

more than one instance of overloaded function

CPP-47467

Missing code highlights for FlowAnalysis violation paths

CPP-46918

Support for IAR BXARM compiler

CPP-46987

MISRA2004-16_9 does not report on function identifiers used in global initializers

CPP-46988

MISRA2004-10_1_* rules do not report violation on implicit cast of constant function argument to narrower type

CPP-46990

MISRA2004-14_3 does not report violations when an empty statement is used after closing brace

CPP-47045

MISRA2004-17_4 does not report violations when expression of pointer type is used in pointer arithmetic

CPP-46772

Error: expression must have a constant value - problem with constexpr

CPP-46983

Error: expression must have a constant value constexpr auto memberFunctionConst = ConstGetMember( &ClassWithMember::GetInt);

CPP-47340

Stack exhaustion when traversing very long name-reference list

CPP-47376

error: more than one operator "==" matches these operands: built-in operator "arithmetic == arithmetic"

CPP-47393

no instance of function template "std::distance" matches the argument list

CPP-47466

Error: excessive recursion at instantiation of class

CPP-46964

error: a value of type "EdidImageAspectRatio" cannot be used to initialize an entity of type "unsigned char"

CPP-47367

Error: "= default" cannot be specified on a friend declaration

CPP-46340

Allow reconfiguring location of project-specific temporary data via advanced settings

CPP-47319

EXCEPT-08 (AUTOSAR-M15_3_1-a) reports false positive violation when constructor throwing exception is not used

CPP-47320

CODSTA-198 (AUTOSAR-M5_0_7-a) reports false positive violation when expression of floating point type is used as argument in constructor call

CPP-47330

GLOBAL-UNUSEDTYPE (AUTOSAR-A0_1_6-a) reports false positive violation when a type is used as template argument

CPP-47341

GLOBAL-ONEEXTERNDEF (AUTOSAR-M3_2_4-a) reports false positive violation when the function is defined with =default outside class

CPP-47468

Enable METRICS-40 for C++

CPP-47469

CODSTA-CPP-32 (AUTOSAR-A3_1_5-a, JSF-109) should not report violations on functions intended to be inlined

CPP-47548

Improve mapping for AUTOSAR A16-0-1

CPP-47612

AUTOSAR-A2_7_2 false negative

CPP-47661

AUTOSAR-A5_2_2-a false positive

CPP-47662

AUTOSAR-A7_1_5-a: fix typo in rule message

CPP-47673

CODSTA-MCPP-38 (AUTOSAR-A8_5_2-a) reports false positive for loop variable

CPP-47675

INIT-06 (AUTOSAR-A12_1_1-b) reports false positive when delegating constructor is used

CPP-47783

CODSTA-CPP-105 (AUTOSAR-A12_7_1-a) reports false positive when delegating constructor is used

CPP-47533

Default template parameter conversion causes SFINAE failure.

CPP-45988

Error: no instance of overloaded function "ac::com::cpp_binding::deserialize_args_from_someip" matches the argument list

CPP-48192

cpptestcc: internal error: assertion failed at: "parasoft.c", line 1335 in p_create_token

CPP-47620

MISRA2004-16_7 (MISRA2008-7_1_2_a) reports inconsistently when more than one dereference is used in expression

FA-4940

BD-PB-CC-2 false positive

FA-8083

False positive for BD-PB-VALRANGE

FA-8102

BD-PB-OVERFNZT false positive array being zero-terminated on unknown position in the sub-function.

FA-8107

BD-PB-VALRANGE reports false positive violation in for loop

FA-8314

BD-PB-CC false positive

FA-8322

Incorrect CFG created when passing const structure as an argument in C++11 mode

FA-8337

False positive on rule MISRAC2012-DIR_4_1-a(BD-PB-ARRAY)

FA-8339

BD-PB-VOVR false positive

FA-8347

BD-PB-ARRAY false positive when loop variable is casted

PT-641Quotation marks needed for SVN authentication
PT-735 Unable to browse nested report HTML files in Firefox browser
PT-866Cleared file content patterns in 10.4.3 are automatically restored when importing test config into 2020.2 




New Rules

Rule ID

Description

AUTOSAR-A16_0_1-e

#undef shall not be used

AUTOSAR-M0_1_3-c

Avoid unused private member variables

AUTOSAR-M5_0_8-b

The value of a complex expression of floating type should not be cast to a wider floating type

BD-PB-NORETDECL

Declare non-returning functions with the attribute that specifies that they do not return

CERT_C-FLP34-b

Avoid implicit conversions of floating point numbers from wider to narrower floating type

CODSTA-198_b

The value of a complex expression of floating type should not be cast to an integer type

CODSTA-220

Arguments of integer-constant macros should be decimal, octal, or hexadecimal constants with appropriate values

CODSTA-221

Do not include any type qualifiers in the specification of a function type

CODSTA-222

Avoid implicit integral conversions from a wider to a narrower type

CODSTA-223

Fixed width integer types fromcstdint, indicating the size and signedness, shall be used in place of the basic numerical types

CODSTA-CPP-106

Use delegating constructors to reduce code duplication

CODSTA-MCPP-53

Do not use std::move on objects declared with the const or consttype

CODSTA-MCPP-54

Do not create an rvalue reference of std::array

HICPP-16_1_1-e

The #endif pre-processor directives will only be used to prevent multiple inclusions of the same header file

HICPP-16_1_1-f

The #if pre-processor directive will only be used to prevent multiple inclusions of the same header file

HICPP-16_1_1-g

#error directive shall not be used

HICPP-16_1_1-h

The #pragma directive shall not be used

HICPP-16_1_1-i

#undef shall not be used

JSF-026_b

The #if preprocessor directive should not be used

JSF-026_c

#error directive shall not be used

JSF-026_d

The #pragma directive shall not be used

JSF-026_e

#undef shall not be used

JSF-028_b

The #endif pre-processor directives will only be used to prevent multiple inclusions of the same header file

MISRA2004-10_4_b

The value of a complex expression of floating type should not be cast to an integer type

MISRA2008-0_1_3_c

Eliminate unused private member variables

MISRA2008-16_2_1_d

The #endif pre-processor directives will only be used to prevent multiple inclusions of the same header file

MISRA2008-16_2_1_e

The #if pre-processor directive will only be used to prevent multiple inclusions of the same header file

MISRA2008-16_2_1_f

#error directive shall not be used

MISRA2008-16_2_1_g

The #pragma directive shall not be used

MISRA2008-16_2_1_h

#undef shall not be used

MISRA2008-5_0_8_b

An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression

OWASP2019-API10-a

All exceptions should be rethrown or logged with standard logger

OWASP2019-API10-b

Do not use 'syslog' function for logging purposes

OWASP2019-API2-a

Do not use weak encryption functions

OWASP2019-API3-a

Do not pass empty container iterators to std algorithms as destinations

OWASP2019-API3-b

Avoid accessing arrays out of bounds

OWASP2019-API3-c

Avoid accessing arrays and pointers out of bounds

OWASP2019-API3-d

Avoid buffer overflow due to defining incorrect format limits

OWASP2019-API3-e

Avoid overflow due to reading a not zero terminated string

OWASP2019-API3-f

Avoid overflow when reading from a buffer

OWASP2019-API3-g

Avoid overflow when writing to a buffer

OWASP2019-API3-h

Avoid buffer overflow from tainted data due to defining incorrect format limits

OWASP2019-API3-i

Avoid buffer read overflow from tainted data

OWASP2019-API3-j

Avoid buffer write overflow from tainted data

OWASP2019-API3-k

Properly seed pseudorandom number generators

OWASP2019-API3-l

Avoid passing sensitive data to functions that write to log files

OWASP2019-API3-m

Avoid race conditions while checking for the existence of a symbolic link

OWASP2019-API3-n

Usage of system properties (environment variables) should be restricted

OWASP2019-API3-o

Avoid functions which use time from MFC library

OWASP2019-API3-p

Do not print potentially sensitive information, resulting from an application error into exception messages

OWASP2019-API3-q

A pointer to a structure should not be passed to a function that can copy data to the user space

OWASP2019-API4-a

Validate potentially tainted data before it is used to determine the size of memory allocation

OWASP2019-API4-b

Ensure resources are freed

OWASP2019-API7-a

Properly use errno value

OWASP2019-API7-b

Where multiple handlers are provided in a single try-catch statement or function-try-block for a derived class and some or all of its bases, the handlers shall be ordered most-derived to base class

OWASP2019-API7-c

Do not leave 'catch' blocks empty

OWASP2019-API8-a

Protect against command injection

OWASP2019-API8-b

Avoid printing tainted data on the output console

OWASP2019-API8-c

Protect against environment injection

OWASP2019-API8-d

Protect against file name injection

OWASP2019-API8-e

Exclude unsanitized user input from format strings

OWASP2019-API8-f

Protect against SQL injection

OWASP2019-API8-g

Disable resolving XML external entities (XXE) in libxerces-c

OWASP2019-API8-h

Use care to ensure that LoadLibrary() will load the correct library

OWASP2019-API8-i

Avoid passing dynamically created strings into exec

OWASP2019-API8-j

Avoid passing user input into methods as parameters

OWASP2019-API9-a

Assert liberally to document internal assumptions and invariants

OWASP2019-API9-b

When using enum, the values of each member should be explicitly declared

OWASP2019-API9-c

All usage of assembler shall be documented

OWASP2019-API9-d

Use of floating-point arithmetic shall be documented

OWASP2019-API9-e

Objects or functions with external linkage shall be declared in a header file

OWASP2019-API9-f

Document integer division

OWASP2019-API9-g

All uses of the #pragma directive shall be documented and explained

PFO-10

Do not define more than on class in a header file

PREPROC-10_b

The #endif pre-processor directives will only be used to prevent multiple inclusions of the same header file

PREPROC-10_c

The #if pre-processor directive will only be used to prevent multiple inclusions of the same header file

PREPROC-11_b

The #if preprocessor directive should not be used

PREPROC-25

#undef shall not be used

PREPROC-26

The #ifndef, #ifdef, #if, #elif, #else, and #endif pre-processor directives shall only be used for conditional file inclusion and include guards

Updated Rules

The output messages of the following rules have been updated, and as a result, suppressions associated with these rules on DTP may no longer be available:

  • PREPROC-01

We've improved the following rules to better support non-type template parameters, which may affect the rule output messages. As a result, suppressions associated with these rules on DTP may no longer be available.

  • GLOBAL-TEMPLNOINST
  • GLOBAL-UNUSEDFUNC
  • GLOBAL-VIRTBASECLASS
  • GLOBAL-VIRTINDIAMOND

Other updated rules:

Category ID

Rule IDs

AUTOSAR C++14 Coding Guidelines

AUTOSAR-A0_1_1-a, AUTOSAR-A0_1_6-a, AUTOSAR-A12_1_1-b, AUTOSAR-A12_1_5-a, AUTOSAR-A12_7_1-a, AUTOSAR-A13_2_3-a, AUTOSAR-A15_5_3-f, AUTOSAR-A16_0_1-a, AUTOSAR-A16_0_1-b, AUTOSAR-A16_0_1-c, AUTOSAR-A18_9_3-a, AUTOSAR-A1_1_1-i, AUTOSAR-A23_0_1-a, AUTOSAR-A27_0_2-a, AUTOSAR-A2_10_1-c, AUTOSAR-A2_10_1-e, AUTOSAR-A2_8_1-a, AUTOSAR-A3_1_5-a, AUTOSAR-A3_9_1-b, AUTOSAR-A5_10_1-a, AUTOSAR-A5_2_2-a, AUTOSAR-A5_2_5-a, AUTOSAR-A5_2_5-c, AUTOSAR-A7_1_1-a, AUTOSAR-A8_4_3-b, AUTOSAR-A8_4_9-a, AUTOSAR-A8_5_2-a, AUTOSAR-M0_1_2-aa, AUTOSAR-M0_1_2-ac, AUTOSAR-M0_1_2-t, AUTOSAR-M0_1_9-a, AUTOSAR-M0_3_1-d, AUTOSAR-M0_3_1-g, AUTOSAR-M15_3_1-a, AUTOSAR-M3_2_2-a, AUTOSAR-M3_2_4-a, AUTOSAR-M4_10_2-a, AUTOSAR-M5_0_15-a, AUTOSAR-M5_0_16-a, AUTOSAR-M5_0_16-b, AUTOSAR-M5_0_2-a, AUTOSAR-M5_0_4-a, AUTOSAR-M5_0_6-a, AUTOSAR-M5_0_7-a, AUTOSAR-M5_2_10-a, AUTOSAR-M6_2_3-a, AUTOSAR-M7_1_2-b, AUTOSAR-M7_1_2-c, AUTOSAR-M8_4_4-a, AUTOSAR-M8_5_2-a

Flow Analysis

BD-PB-ARRAY, BD-PB-CC, BD-PB-ERRNO, BD-PB-OVERFNZT, BD-PB-PTRARR, BD-PB-VALRANGE, BD-PB-VOVR, BD-RES-INVFREE, BD-TRS-DIFCS, BD-TRS-DLOCK

SEI CERT C

CERT_C-ARR30-a, CERT_C-ARR38-d, CERT_C-ARR39-a, CERT_C-CON31-c, CERT_C-CON35-a, CERT_C-DCL00-a, CERT_C-DCL13-a, CERT_C-DCL22-a, CERT_C-ERR30-a, CERT_C-ERR32-a, CERT_C-EXP08-b, CERT_C-EXP35-a, CERT_C-FIO37-a, CERT_C-FIO38-a, CERT_C-FLP34-a, CERT_C-INT10-a, CERT_C-INT31-a, CERT_C-MEM34-a, CERT_C-MSC19-a, CERT_C-POS30-a, CERT_C-POS47-a, CERT_C-STR03-a, CERT_C-STR31-a, CERT_C-STR32-a

SEI CERT C++

CERT_CPP-CON56-a, CERT_CPP-CTR50-a, CERT_CPP-ERR50-f, CERT_CPP-ERR58-a, CERT_CPP-STR50-b, CERT_CPP-STR53-a

Coding Conventions

CODSTA-131, CODSTA-161_a, CODSTA-166_a, CODSTA-166_b, CODSTA-181, CODSTA-196, CODSTA-198

Coding Conventions for C++

CODSTA-CPP-101, CODSTA-CPP-105, CODSTA-CPP-32, CODSTA-CPP-43, CODSTA-CPP-53, CODSTA-CPP-63, CODSTA-CPP-66, CODSTA-CPP-83, CODSTA-CPP-85

Coding Conventions for Modern C++

CODSTA-MCPP-06_b, CODSTA-MCPP-26, CODSTA-MCPP-38, CODSTA-MCPP-42, CODSTA-MCPP-51

Common Weakness Enumeration

CWE-119-a, CWE-125-a, CWE-787-a

Exceptions

EXCEPT-08

Formatting

FORMAT-16

Global Analysis

GLOBAL-ONEDEFINLINE, GLOBAL-ONEDEFRULE, GLOBAL-ONEEXTERNDEF, GLOBAL-UNUSEDTYPE

High Integrity C++

HICPP-12_4_2-a, HICPP-12_5_2-a, HICPP-13_2_2-a, HICPP-16_1_1-b, HICPP-16_1_1-c, HICPP-17_4_1-a, HICPP-18_3_1-a, HICPP-1_2_1-i, HICPP-1_2_2-a, HICPP-1_3_1-a, HICPP-3_1_1-c, HICPP-3_1_1-e, HICPP-5_1_2-h, HICPP-5_2_1-a, HICPP-5_7_2-a, HICPP-7_1_2-a, HICPP-7_4_2-a, HICPP-8_4_2-a

Initialization

INIT-06, INIT-16

Joint Strike Fighter

JSF-026, JSF-028, JSF-071_b, JSF-109, JSF-117.1, JSF-118, JSF-121, JSF-135_c, JSF-135_e, JSF-144, JSF-164, JSF-185, JSF-187

Metric Analysis

METRIC.CC, METRIC.DIF

Metrics

METRICS-40

MISRA C 1998

MISRA-054

MISRA C 2004

MISRA2004-10_1_a, MISRA2004-10_1_d, MISRA2004-10_4, MISRA2004-12_13, MISRA2004-12_1_a, MISRA2004-13_7_aj, MISRA2004-13_7_ak, MISRA2004-14_2, MISRA2004-14_3, MISRA2004-16_7, MISRA2004-16_9, MISRA2004-17_4, MISRA2004-9_2

MISRA C++ 2008

MISRA2008-0_1_2_aa, MISRA2008-0_1_2_k, MISRA2008-0_1_2_l, MISRA2008-0_1_5, MISRA2008-0_1_6, MISRA2008-0_1_9, MISRA2008-0_3_1_a, MISRA2008-0_3_1_e, MISRA2008-15_3_1, MISRA2008-15_5_3_f, MISRA2008-16_0_3, MISRA2008-16_2_1_b, MISRA2008-16_2_1_c, MISRA2008-3_2_2, MISRA2008-3_2_4, MISRA2008-4_10_2, MISRA2008-5_0_15, MISRA2008-5_0_16_a, MISRA2008-5_0_16_b, MISRA2008-5_0_2_a, MISRA2008-5_0_4_a, MISRA2008-5_0_6_a, MISRA2008-5_0_7_b, MISRA2008-5_2_10, MISRA2008-5_2_4, MISRA2008-6_2_3, MISRA2008-7_1_1, MISRA2008-7_1_2_a, MISRA2008-7_1_2_b, MISRA2008-8_4_4, MISRA2008-8_5_2

MISRA C 2012 (Legacy)

MISRA2012-DIR-4_13_c, MISRA2012-DIR-4_13_e, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_1_e, MISRA2012-RULE-10_1_a, MISRA2012-RULE-11_9_a, MISRA2012-RULE-11_9_b, MISRA2012-RULE-14_3_za, MISRA2012-RULE-14_3_zb, MISRA2012-RULE-14_3_zc, MISRA2012-RULE-18_1_a, MISRA2012-RULE-18_1_c, MISRA2012-RULE-18_4, MISRA2012-RULE-20_5, MISRA2012-RULE-21_17_a, MISRA2012-RULE-22_10, MISRA2012-RULE-22_2_b, MISRA2012-RULE-22_5_a, MISRA2012-RULE-22_5_b, MISRA2012-RULE-22_8, MISRA2012-RULE-22_9, MISRA2012-RULE-2_2_a, MISRA2012-RULE-2_2_b, MISRA2012-RULE-8_13_a, MISRA2012-RULE-8_6, MISRA2012-RULE-9_2

MISRA C 2012

MISRAC2012-DIR_4_1-a, MISRAC2012-DIR_4_1-e, MISRAC2012-DIR_4_13-c, MISRAC2012-DIR_4_13-e, MISRAC2012-RULE_10_1-a, MISRAC2012-RULE_11_9-a, MISRAC2012-RULE_11_9-b, MISRAC2012-RULE_14_3-aa, MISRAC2012-RULE_14_3-ab, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_18_1-a, MISRAC2012-RULE_18_1-c, MISRAC2012-RULE_18_4-a, MISRAC2012-RULE_20_5-a, MISRAC2012-RULE_21_17-a, MISRAC2012-RULE_22_10-a, MISRAC2012-RULE_22_2-b, MISRAC2012-RULE_22_5-a, MISRAC2012-RULE_22_5-b, MISRAC2012-RULE_22_8-a, MISRAC2012-RULE_22_9-a, MISRAC2012-RULE_2_2-a, MISRAC2012-RULE_2_2-b, MISRAC2012-RULE_8_13-a, MISRAC2012-RULE_8_6-a, MISRAC2012-RULE_9_2-a

Naming Conventions

NAMING-32

Optimizations

OPT-05, OPT-25

OWASP Top 10 Most Critical Web Application Security Risks (2017)

OWASP2017-A6-c

Preprocessor

PREPROC-10, PREPROC-11

Security

SECURITY-43

Removed Rules

The following rules have been removed to enhance the accuracy of results:

Category ID

Rule IDs

AUTOSAR C++14 Coding Guidelines

AUTOSAR-A3_9_1-a, AUTOSAR-M5_0_4-b

High Integrity C++

HICPP-17_3_5-b

MISRA C 2004

MISRA2004-10_1_h

MISRA C++ 2008

MISRA2008-5_0_4_b

  • No labels