beyond static analysis: integrating c and c++ static analysis with unit testing and more
DESCRIPTION
Learn the strengths and weaknesses of C/C++ static analysis—and how a comprehensive development testing strategy that also includes unit testing, code review, and runtime error detection can pick up where development testing leaves off.TRANSCRIPT
Multiple Error Detection Techniques in C/C++ Software Development
September 2009Wiktor Grodowski
Parasoft Proprietary and Confidential
Introduction
There is no silver bullet for software quality improvement
Multiple error detection techniques exist—each with their own strengths and weaknesses
Parasoft C++test provides a comprehensive solution to make software quality assurance effective and accurate
Parasoft Proprietary and Confidential
Code Structure Analysis
StrengthsFacilitates coding standard compliance (MISRA C, MISRA C 2004, MISRA C++ 2008, JSF, HIS, and others)Exposes typical errorsPrevents error-prone or dangerous constructsLow introduction cost
WeaknessesNo recognition of actual versus potential errors
Parasoft Proprietary and Confidential
Runtime Memory Monitoring
StrengthsDetects actual severe errors with high accuracyEasy-to-use and natural way of software testingMakes a noticeable impact in a short time
WeaknessesCovers only execution paths forced by the provided input and conditions to the application
Parasoft Proprietary and Confidential
Unit Testing
StrengthsProvides means of extending coverage—especially for error/interrupt handlersGood for regression tests
WeaknessesRelatively high creation and maintenance costProblem with reproducing proper application state
Parasoft Proprietary and Confidential
Flow-Based Static Analysis
StrengthsExamines code without actually executing itUncovers real bugs Tests execution paths that are difficult to reachwith traditional testing
WeaknessesRequires additional human verification
Parasoft Proprietary and Confidential
Summary
C++test can apply various techniques for comprehensive error detection
Code structure analysisRuntime memory monitoringUnit testingFlow-based static analysis
C+test runs tests on the host and targetWith these complementary error detection methods well-integrated into a single tool, C++test is most comprehensive embedded C/C++ quality solution