...
For details on entering suppressions, see Suppressing the Reporting of Acceptable Violations.
RuleWizard Graphical Rule Editor
...
With RuleWizard, rules can be created graphically (by creating a flow-chart-like representation of the rule) or automatically (by providing code that demonstrates a sample rule violation). No coding or knowledge of the parser is required to write or modify a rule.
There are two ways to open RuleWizard:
...
For details on creating and using custom rules, see Customizing Existing Rules and Creating New Rules.
Anchor | ||||
---|---|---|---|---|
|
...
Flow
...
Analysis
Note | ||
---|---|---|
| ||
An additional license is required to use this functionality. Contact your Parasoft representative. |
BugDetective Flow is a new type of static analysis technology that uses several analysis techniques, including simulation of application execution paths, to identify paths that could trigger runtime defects. Defects detected include use of uninitialized memory, null pointer dereferencing, division by zero, memory and resource leaks.
Since this analysis involves identifying and tracing complex paths, it exposes bugs that typically evade static code analysis and unit testing, and would be difficult to find through manual testing or inspection. BugDetective’s Flow Analysis’ ability to expose bugs without executing code is especially valuable for users with legacy code bases and embedded code (where runtime detection of such errors is not effective or possible).
BugDetective's This unique breed of static analysis starts analyzing the source code under test by searching for "suspicious points" in the code. A suspicious point is a point where there is potential for a bug. These suspicious points are defined in BugDetective Flow Analysis rules. Whenever a suspicious point is identified, BugDetective Flow Analysis investigates possible execution paths which lead to that point and checks if any of those paths actually violates the BugDetective ruleFlow Analysis rule. If such a path is found, a violation is reported.
...
To make the analysis process more flexible and tailored to your unique project needs, some rules can be parameterized. As a result, BugDetective can Flow Analysis can even be used to detect violations bound to usage of very specific APIs.
Using BugDetectiveFlow Analysis, development teams gain the following key benefits:
- Perform more comprehensive testing with existing resources: BugDetective, Flow Analysis complements other testing techniques by allowing you to find problems that would otherwise require the development, execution, and maintenance of complex test cases. BugDetective investigates Flow Analysis investigates various branching possibilities in a program, providing a level of path coverage that is difficult to accomplish with traditional testing. As a result, BugDetective often Flow Analysis often identifies problems that occur while handling rare situations that are typically not covered during testing. Moreover, if the code functionality changes, you can search for bugs in the modified version without updating or regenerating test cases.
- Automatically identify bugs that pass through multiple units: Traditional automated unit test generation helps you identify the bugs within a single compilation unit. This is critical. Yet, most developers have performed thorough unit-level testing, corrected all apparent problems, integrated the code, then later encountered problems, such as null pointer dereferencing, that took days to diagnose because they resulted from an obscure or complex execution path that passed through multiple functions or even multiple compilation units Using BugDetectiveFlow Analysis, the same problem could be identified automatically
Focus on actual bugs and design flaws: BugDetective automatically Flow Analysis automatically identifies data-dependent or flow-dependent bugs with reasonable certainty. When BugDetective reports Flow Analysis reports a violation, it is often the case that there was a design flaw and this manifested itself as simple violation such as a division by zero or a resource leak.
For example, BugDetective would Flow Analysis would not report a violation for the following code unless there was a method calling calculateBufferLength and passing it a null pointer:
Code Block int calculateBufferLength(char* str) { return strlen(str) + 1; }
- Find API misuses: Many of the bugs in practice are due to calling some API with wrong arguments or not properly handling the values returned by the API. For example, an API may be expecting a non-null argument for parameter 2, when parameter 1 is true, or the API may potentially set some field in an object to null. By performing interprocedural analysis, BugDetective can Flow Analysis can point out inconsistencies in the usage of such API.
For details details on using BugDetective, see Using BugDetective Static Flow Analysis.
Unit Testing
"Unit testing" refers to testing software code at the simplest functional point, which is typically a single class or a function. Unit testing is typically performed by developers inside a development cycle, rather than in the QA phase. Using unit testing, you can ensure that the application building blocks are solid before they are integrated, thus improving the quality of the entire application. When you test early, it is typically less difficult and time-consuming to identify and fix defects at this point.
...
Stubs that have been automatically generated or created using the Stub wizard can be dynamically configured from test cases without requiring modifications to the stubs' bodies. You can dynamically configure stubs in the Test Case Editor (see Adding Test Suites and Test Cases with the Test Case Editor Stubs step ) or directly from the test case source code using the Dynamic Stubs Configuration API (see Dynamic Stubs Configuration 1).
When using the Dynamic Stubs Configuration API is insufficient, you can replace the bodies of generated stubs with a custom logic implementation and utilize C++test API functions for user-defined stubs (see C++test API Functions for User-Defined Stubs).
...
Code Block |
---|
std::vector<std::string> CppTest_Factory_vector_of_strings(unsigned int size, const std::string&value) { std::vector<std::string> vec; for (int i = 0; i < size; i++) { vec.push_back(value); } return vec; } |
For details, see see Using Factory Functions.
Runtime Error Detection
...
If C++test is connected to Development Testing PlatformDTP, you can run analysis with test configurations that are stored in DTP.
...
C++test’s command line interface (cpptestcli
) allows you to perform static analysis and unit testing from command line shells and to run C++test from automated build utilities such as batch files, scripts, make, and Ant. Command line mode is available for the Server Automation Edition of C++test.
cpptestcli
can send results to the Parasoft DTP, send comprehensive reports to the team manager and to the Parasoft Team Server, and send focused reports to each team developer. Reports can be generated in HTML, PDF, and custom XSL format. Details such as reporting preferences (who should reports be sent to, how should those reports be labelled, what mail server and domain should be used, etc.) Team Server settings, Parasoft by optionss, and email settings, license settings, etc. can be controlled by options files.
The optimal team configuration is to have one C++test (Server Automation Edition) on the team build machine, C++test on every developer workstation, one C++test on the architect’s machine, and one installation of Team Server on the team build machine or another team machine.
...
For details on how to connect to Team Server, see Connecting to Parasoft Team Server.
Parasoft
...
DTP
Parasoft Development Testing Platform ( DTP ) is a decision support system that provides development teams the on-going visibility and measurement of the software development process necessary to help keep software projects on track. Collecting and consolidating metrics generated during the development process, DTP turns these data points into meaningful statistics and dashboards that provide development managers and team members with the ability to continuously and objectively assess the quality and readiness of the code base, status of the coding process, and the effectiveness of the development team. With Parasoft DTP, development teams can more readily identify, respond to and manage risks in the code or coding process that threaten project schedules and quality. Parasoft DTP provides the metrics by which management can more effectively assess and direct resources, set and monitor development targets, communicate, guide and measure conformance to development policies, and ensure successful project outcomes.
Once C++test is configured to send information to Parasoft DTP, developers, architects, and managers can use the Parasoft DTP dashboard to access role-based reports on quality, progress, and productivity.
For details on how to connect to Parasoft DTP, see see Connecting to Development Testing PlatformDTP.