In this release, we've focused on adding support for new environments and enhancing our security compliance solution.
Support for Environments
New IDEs
We've added support for:
- Visual Studio 20191
- QNX Software Development Platform 7.0
1C/C++test requires specific Visual Studio Workloads to be installed with Visual Studio 2019; see IDE Support for details.
Deprecated IDEs
Support for the following IDEs is deprecated and will be removed in future releases:
- Microsoft Visual Studio 2008
- Microsoft Visual Studio 2010
New Compilers
| Compiler Name | Compiler Acronym |
|---|---|
| GNU GCC 9.x | gcc_9 |
| GNU GCC 9.x (x86_64) | gcc_9-64 |
| IAR Compiler for ARM v. 8.22x | iccarm_8_22 |
| IAR Compiler for ARM v. 8.40x | iccarm_8_40 |
| Microsoft Visual C++ 14.2 | vc_14_2 |
| Microsoft Visual C++ 14.2 (x64) | vc_14_2-64 |
| Clang C/C++ Compiler v 8.0 (AARCH64) | clang_8_0 |
Support for QNX GCC 5.x (ARM) is now extended and approved for use in safety-critical software development.
The ARM NEON extensions are now supported for GCC- and ARM-based compilers.
Deprecated Compilers
Support for the following compilers is deprecated and will be removed in future releases:
ARM RealView 4.1
ARM RealView 4.1 for uVision
CodeSourcery Sourcery G++ Lite 2009q1-203
GNU GCC 4.0.x
GNU GCC 4.0.x (x86_64)
GNU GCC 4.1.x
GNU GCC 4.1.x (x86_64)
GNU GCC 4.2.x
GNU GCC 4.2.x (x86_64)
GNU GCC 4.3.x
GNU GCC 4.3.x (x86_64)
GNU GCC 4.4.x
GNU GCC 4.4.x (x86_64)
IAR Compiler for ARM v. 6.1x
IAR Compiler for ARM v. 6.3x
IAR Compiler for MSP430 v. 5.4x
- Microsoft Visual C++ 9.0
- Microsoft Visual C++ 10.0
TI TMS320C2000 C/C++ Compiler v6.2
TI TMS320C6x C/C++ Compiler v7.3
TI MSP430 C/C++ Compiler v4.0
Vx-toolset for TriCore C/C++ Compiler 4.0
Wind River GCC 3.4.x
Intel C++ Compiler v 18.0 is no longer supported on Windows.
Extended Security Compliance Pack
We've added new and extended existing rules to create test configurations that help you enforce compliance with the CWE Top 25 2019 and CWE Weaknesses on the Cusp security standard; see the New and Updated Test Configurations section below.
New and Updated Code Analysis Rules
We've added new static analysis rules to extend coverage of compliance standards, with a special focus on the AUTOSAR standard ; see New Rules and Updated Rules for the lists of new and updated rules.
Creating Stubs that Call the Original Function
The Stub Callbacks mechanism has been enhanced to call the original function when no other stub function is configured; see Creating Stubs that Call the Original Function.
OpenID Connect Support
You can now authenticate on DTP via OpenID Connect to add a layer of security to your interactions with your DTP server. See Configuring OpenID Connect in the UI and Configuring OpenID Connect the .properties File for details.
Standalone License Server
You can now obtain the Parasoft license from an additional instance of DTP or a standalone License Server. See Licensing.
New and Updated Test Configurations
We've added the following test configurations:
- CWE Top 25 2019
- CWE Top 25 + On the Cusp 2019
- OWASP Top 10 2017
- UL 2900
Deprecated Test Configurations
- CWE-SANS Top 25 Most Dangerous Programming Errors – deprecated and replaced with the CWE Top 25 2019 test configuration
- OWASP Top 10 2017 – deprecated and replaced with the new OWASP Top 10 2017 test configuration
- UL 2900 – deprecated and replaced with the new UL 2900 test configuration that includes CWE SANS Top 25 + On the Cusp 2019 and OWASP Top 10 2017 rules
The deprecated test configurations are not available by default and can only be applied as user-defined test configuration. They are now shipped with C/C++test in the following location: [INSTALL_DIR]\configs\Deprecated.
Other Changes
- The
@testissue tracking tag is now supported by default for associating test with development artifacts; see Indicating Code and Test Correlations. - Performance of flow analysis in the incremental analysis mode has improved. We've reduced analysis times in subsequent runs.
- Connecting to Project Center is no longer supported. The Project Center module shipped with DTP/Concerto has reached its end-of-life (EOL) phase and was removed in DTP 5.4.2.
- QNX Momentics IDEs older than version 7 are no longer supported.
- The
license.network.enabledoption has been renamed aslicense.network.use.specified.server; see Licensing.
New Rules
| Rule ID | Header |
|---|---|
| BD.RES.INSUFMEM | Allocate sufficient memory to hold an object of a given type |
| BD.SECURITY.XXEXRC | Disable resolving XML external entities (XXE) in libxerces-c |
In addition, we've added a NOMCIM metric to calculate the number of method calls in methods.
Updated Rules
- BD-PB-SIGHAN
- BD-PB-NOTINIT
- BD-PB-PTRARR
- BD-PB-CHECKRET
- BD-PB-SIGHAN
- BD-TRS-MLOCK
- BD-TRS-ORDER
Resolved Bugs and FRs
Bug/FR ID | Description |
|---|---|
CPP-39554 | Rule CODSTA-13 should be updated to follow MISRA2004-17_3 |
CPP-39913 | VS Cannot enable filtered rules in Visual Studio. |
CPP-42073 | Add support for ARM NEON extensions |
CPP-42495 | Rule COMMENT-04 should not report on a function declaration when function definition is not available (visible) |
CPP-42527 | Improve mapping for AUTOSAR-M2_13_2-a (C++14 semantics) |
CPP-42858 | Improve mapping for CERT-INT31 |
CPP-43140 | Improve mapping for MISRA2012-RULE-2_2 |
CPP-43141 | Rule CODSTA-163_b (MISRAC2012-RULE_10_3-b) reports false positive on ternary operator |
CPP-43142 | Rule CODSTA-CPP-59 reports false positive on #include directives excluded by __cplusplus macro |
CPP-43143 | Rule MISRA2004-9_2_c (AUTOSAR-M8_5_2-c) reports incorrectly on std::array and constexpr |
CPP-43150 | Rule GLOBAL-ONEUSEVAR (MISRA2008-0_1_4) reports false positive when static const variable is used as template argument |
CPP-43413 | Rule OPT-02 (OPT-03, OPT-31) reports false positive on parameters/variables captured by lambdas |
CPP-43414 | Parse failure reported for user-defined suffixes in templates (C++14) |
CPP-43465 | LSI cannot read object/library data for ARM OE toolchain |
CPP-43479 | Error reported when instrumenting code (Process exited with code: 137) |
CPP-43523 | Error reported when running unit tests: Invalid file format: Unable to read exports |
CPP-43549 | Custom source/header file extensions not propagated from IDE to Static Analysis engine |
CPP-43558 | VS Timeout is not deactivated when debugging test cases |
CPP-43567 | Symbols __once_call and __once_callable from libstdc++ are reported not found by LSI |
CPP-43568 | VS C/C++test cannot be installed if both VS2017 and VS 2019 are installed on a machine |
CPP-43602 | Configure gnu99 option for GHS/ARM compilers |
CPP-43603 | Rule FORMAT-43 reports false positive when unpaired braces are #ifdef'd/#ifndef'd |
CPP-43643 | Missing support for "--core" option in IAR-RL78 compiler configuration |
CPP-43667 | Rule OPT-05 reports false positive if const variable is used as template argument |
CPP-43675 | Rule PB-45 reports false positive when plain char is passed as '%c' specifier in printf/scanf function call |
CPP-43688 | Rules PB-45, PB-46, PB-47, PB-48, PB-49 work incorrectly for arguments of 'scanf' functions |
CPP-43689 | Rule PB-50 reports false positive when characters specifier is used in 'scanf' function |
CPP-43706 | Improve rule MISRA2004-20_5 (JSF-017): do not print line number in violation message |
CPP-43744 | Improve algorithm which filters duplicated violations. |
CPP-43748 | Rule MISRA2004-17_6_a reports false positive when address of dereferenced iterator is returned from function |
CPP-43831 | Compilation error on safe stubs with Microsoft Windows Kit SDK 10.0.18362.0 |
CPP-43837 | Parse failure reported when using -endian=big with Renesas RX C++ 2.5.X compiler |
CPP-43869 | Rule INIT-05 reports false positive on rvalue reference |
CPP-43889 | Parse failure reported: initial value of reference to non-const must be an lvalue |
CPP-43892 | Parse failure reported: parameter pack "Indexes" was referenced but not expanded |
CPP-43893 | Improve mapping for CERT EXP45-C (remove CERT_C-EXP45-a and CERT_C-EXP45-c) |
CPP-43896 | Improve unit testing execution for Renesas Rx |
CPP-43971 | Enable edg.implicit_noexcept_enabled configuration option for GCC and Clang compilers |
CPP-43972 | C/C++test fails to read "$NULL" value from a data source |
CPP-43975 | Rule CODSTA-149 (CERT_C-MSC17-a) reports false positive when fall through comment is preceded by preprocessor directive |
CPP-43992 | TempLic*txt files create and not cleaned up in temp folder |
CPP-44001 | VS IDE not responding when creating test case for CMFCSampleDlg::OnPaint() |
CPP-44025 | Rule CERT_C-INT36-a reports false positive when '0' is cast to void* type |
CPP-44045 | Rule OPT-06 reports false positive on local variable captured in lambda |
CPP-44046 | STATUS_ACCESS_VIOLATION: The thread attempts to read from or write to a virtual address for which it does not have access. |
CPP-44055 | VS Only first -localsettings parameter is handled by C/C++test (others are ignored) |
CPP-44059 | Report HTML - Tested functions in Test Cases have empty field |
CPP-44088 | Static Analysis (cwc) exits with code 3 on literal variadic templates |
CPP-44225 | Rule MISRA2004-12_8 (MISRAC2012-RULE_12_2-a) reports false positive when double cast of the operand is used in the shift expression |
CPP-44271 | Parse failure reported: expression must have a constant valuestatic constexpr bool value = has_named_enum_tag<T>(0); |
CPP-44273 | Renaming a test case actually renames the class name for that test |
CPP-44274 | Rule HICPP-17_2_1-a (AUTOSAR-A17_1_1-b) reports false positive on #include <string> |
CPP-44538 | Add support for missing IAR atomic builtins |
CPP-44576 | C++test 10.4.3 BETA - Command line analysis is not licensed |
FA-4617 | False positives from BD-PB-DEREF on checking array variable against being null |
FA-4651 | BD-RES-FREE False Positive on freeing memory that was already freed as a resource of another type (e.g. pthread mutex) |
FA-4998 | Bogus violation for BD-RES-FREE on arithmetic operations done on closed file descriptors. |
FA-7097 | BD-PB-PTRARR false positive on type mismatch |
FA-7105 | BD-PB-OVERFWR False Positive |
FA-7191 | BD-RES-INVFREE false positive when working with const expression |
FA-7195 | BD-CO-ITOUT - false positive for container cend() method |
FA-7266 | Incorrect Flow Analysis results: FA does not take into account values of the elements of the global array of consts. |
FA-7291 | False positives from BD-RES-INVFREE when closing resource referenced by the element of an array. |
FA-7398 | Flow Analysis Aggressive reports static analysis problems in C++test 10.4.2 |
FA-7410 | False positive for BD-SECURITY-OVERFFMT when typedefs used |
FA-7413 | False positive of MISRA2012-RULE-19-1_c (BD-PB-OVERLAP) |
FA-7441 | CERT_C-ARR38-c (BD-PB-OVERFFMT) reports FP violation when specifying %*s inside string format |
| XT-36609 | £ character in password prevents Parasoft tool from connecting to DTP |
| XT-36611 | Publishing sim-link source code using 'min' option failed |
| XT-36843 | Concurrent builds which use cpptestcli do not wait for timeout when trying to pull license |
| XT-36950 | Update vulnerable libraries from XML Graphics Project |
| XT-37358 | 100% not being displayed in reports when achieving 100% test success |
