Acelerando a Conformidade com MISRA e a CERT Através Fluxos de Trabalho e Relatórios Dedicados

A introdução de um padrão de codificação, como MISRA ou CERT, no fluxo de trabalho diário do desenvolvedor pode ser demorada e intrusiva. Neste post, veremos como acelerar a conformidade com a ferramentas de automação, relatórios dedicados e gerenciamento de fluxo de trabalho.

Durante o desenvolvimento ativo de software, o fluxo de trabalho típico do desenvolvedor consiste em codificação (novo código, redesenvolvimento ou correção de código existente), testes unitários locais, envio de código ao controle de fontes, inicialização de integração contínua (CI) e recebimento de feedback de tal build, corrigir erros e continuar para a próxima função a ser implementada.

Nesta postagem, descreverei como introduzir com sucesso um padrão de codificação nesse processo diário, aproveitando a análise estática automatizada com relatórios dedicados e gerenciamento de fluxo de trabalho. Isso ajudará você a apresentar o processo de conformidade padrão de codificação e todos os benefícios que ele traz, sem sacrificar sua produtividade e frustrar os desenvolvedores.

Com conformidade e relatórios dedicados para os padrões de codificação, você também poderá garantir:

  • A eficácia do processo (reduzindo a carga sobre os desenvolvedores)
  • Consistência na política (e monitoramento do progresso da equipe)
  • Aspectos formais de conformidade (incluindo gerar automaticamente a documentação de conformidade que pode ser exigida por seu contratado ou pelo organismo de certificação)

Se quiser ver esse artigo original em inglês clique aqui ou solicite mais informações abaixo.


    Informe seus dados e deixe uma mensagem para que possamos direciona-lo(a) para um de nossos consultores.

    Primeiro Nome:




    Descreva um resumo da sua dúvida ou sugestão:

    New 9.10.7 releases of Parasoft SOAtest and Parasoft Virtualize!

    9.10-02.7 SOAtest Release Blog-04Parasoft released the latest version of its industry-leading functional testing tools today, and they are jam packed full of exiting new features to enable comprehensive API test automation!

    It is my great pleasure to tell you about these releases, in which we focused on 3 critical areas of software testing:

    • Removing the biggest bottleneck in testing — test data — with a radical new approach to test data management
    • Service virtualization in support of state transition testing, with something we call “stateful virtualization”
    • Aggregating functional test results across your entire SDLC for a personalized and total view of quality, through Parasoft’s reporting and analytics dashboard

    More on each of these areas below.

    A radical new approach to test data management

    Test data has become one of the most significant bottlenecks preventing organizations from achieving high levels of test automation. A recent Sogeti report indicated that the majority of organizations spend between 30% and 60% of their total testing time on activities related to test data management — a significant challenge our industry will need to overcome in order to achieve continuous testing. Existing solutions for TDM require specialized skills and specialized knowledge of the organization’s entire data inventory, as well as a large upfront cost spent building the initial data models. This is all very complicated and time-consuming, and often fails to deliver the value that the organization was looking for in the first place.

    Today, Parasoft introduced a new approach to get access to realistic and safe test data, using an intuitive, browser-based data modeling technology that helps you create even the most complex data objects without having to understand how your database works. It does this by combining service virtualization with traditional test data management to create a practical approach called data simulation.

    Leveraging our experience with service virtualization, we created a new technique where users can simply record their interactions with their dependent databases or APIs, and generate both virtual services as well as simulated test data. There’s no upfront work required to build a data model because the data model is built automatically by processing the traffic. In the web browser, users can take a self-service approach to building the data required to satisfy their use cases, through simple and intuitive visual diagramming that enables them to mask, reshape, subset, and generate vast amounts of data.

    Want to generate 100 new customers in your application? No problem! Simply record the API interactions between your application and the database while interacting with one customer, and use that to automatically create test cases and virtual services that understand and display the test data in an easy-to-manipulate format. You can then go right into your browser and get access to the underlying test data so that you can manipulate the data structure, if desired, and use that to generate tons of new data that is all semantically correct!

    This brand new approach to test data means you don’t have to understand the entirety of your database. You can simply grab the conversations that are important to you and use them to generate all sorts of additional data. The approach reduces the total time spent waiting for test data because you can quickly build exactly what you need, use it, and then destroy it.

    You know this data will be safe for use in your test environments because Parasoft enables you to mask that data upfront, enabling you to record it from private environments. Additionally, our partnership with Datprof means that you can integrate this approach with traditional test data by copying, masking, and sub- setting actual databases. Through these workflows, you can truly take control of your data and test unconstrained.

    Service virtualization in support of state transition testing (“stateful virtualization”)

    Another application of this approach to test data management is within service virtualization. A powerful application of service virtualization is in simulating services that undergo various transitions of state, for instance, a shopping cart or a banking app. Users can manage the most complicated transactions, and successfully undergo state transition testing, without having to write a single line of code, by leveraging Parasoft’s new test data management infrastructure, creating virtual services that update themselves based on usage (we call this “stateful virtualization”).

    Parasoft Virtualize has always had the ability to create stateful virtual services, but in the latest release we have simplified the workflows significantly, making it approachable for everyone, even if you don’t have intimate knowledge of the back-end data. With one simple tool, you can write persistent data into your data model as your virtual services are being used, enabling you to create more real-world simulations. For example, you could simulate a shopping cart application that allows you to add items to cart, update their price, reorder them, and delete them. This state modeling makes creating flexible and reusable virtual services much easier because of a highly intuitive and interactive UI that pulls in a model of the data you want to update into your virtual service, so you can apply the logic appropriately. This makes it simple to handle even the most complex stateful operations.

    stateful virtualization

    This approach enables teams to simulate more complex and real-world workflows, critical for today’s initiatives like Open Banking. One of the key drivers in Open Banking is creating API sandboxes. Parasoft’s approach enables you to build your Open Banking virtual services via service definitions and then build in the necessary logic so that they will behave like their real counterparts, and you’ll be able to create realistic API sandboxes that have all of the underlying business rules built in from the beginning, so they can be highly reusable and distributable. Combining this with Parasoft’s data masking will allow you to also generate safe reusable test data for your API sandboxes.

    Aggregating functional test results into a personal view of quality across your SDLC

    There has been an explosion of services in our application environments. This is a result of the breaking down of legacy systems into reusable APIs, and the proliferation of microservices. These services make up the backbone of our critical applications, and testing these interfaces is a critical component of our DevOps ecosystems.

    But this exponential service growth comes with a challenge of quality visibility. Multiple services integrate with our applications. We want to get visibility into the functional quality of those applications, but compounding that challenge is the multiple test environments in which these tests execute. These come together to form a three-dimensional matrix of quality that can be difficult to unravel. Different personas will want to slice and dice the quality data in different ways, for instance:

    • If you’re a development lead, you may only be interested in service health and visibility into individual component metrics, so you can understand whether the development team is creating these services in the most optimal way.
    • If you’re a product manager, you may be interested in certain key applications and the services they depend on.
    • If you’re in operations, you may be interested in execution environment health and the versions of applications currently hosted in those environments.
    • If you’re the CIO, you need higher-level portfolio visibility and you may only care about specific applications.

    Parasoft SOAtest cuts through the reporting complexity and provides you functional test results in a personalized way through its interactive reporting and analytics hub. As functional tests execute, our enhanced Jenkins plug-in will provide multi-layered information to Parasoft’s Quality Dashboard, with information such as test type, execution environment, build ID, and so on. This information can be aggregated and combined into many different widgets, all with unique views into software quality, and different personas can combine these widgets into a customized dashboard that tells them exactly the information that is relevant to them.

    In the thin client interface, Parasoft SOAtest’s continuous testing platform enables you to configure your test executions in the context of an environment so you can create a finite number of tests and then reuse them in the most optimal way possible by swapping out data sources, environment variables, endpoints, and so on. This is available as the “Jobs” UI that’s available right in your browser, that has been enhanced in the latest release to allow users to define environment variable sets individually or in bulk so that individual tests can be rapidly reused by swapping out dynamic information on the fly.

    Once a job is defined, you can then execute it automatically from your build system through the Jenkins plug-in, which has been enhanced to allow you to not only define additional environment context information, but also publish those results into the reporting & analytics system, which will allow you to do all sorts of neat things.

    Additional core product enhancements

    As with every release, we have added many additional customer enhancements, and you can read all about them in the release notes! In addition to our customer-focused enhancements, we’ve added two new native tools to our expansive visual tooling system:

    The JSON Validator: This new tool allows you to validate the schema of your JSON requests and responses. It will automatically infer the resource type from the service definition and can be added to Parasoft Virtualize to validate incoming requests, prior to responding.

    The Data Repository CRUD Tool: In support of stateful virtualization, we have added a new tool that can now be attached to your existing virtual services to help you manage even the most complicated stateful transactions without having to write a single line of code.  The tool communicates through our test data ecosystem, so you don’t need to set up an external database. The tool also makes complicated workflows easier, such as creating a new row if you are unable to update a record and managing the updating of hierarchical lists.

    So go get it!

    The latest releases of Parasoft SOAtest and Parasoft Virtualize continue to push the limits of what’s possible with test automation. By enabling users to overcome the traditional bottlenecks associated with managing test data, users can relax and enjoy the process of testing. Creating virtual services to support state transition testing will enable users to enjoy service virtualization in areas that require data manipulation, and by aggregating functional testing results across your SDLC into a personalized quality dashboard, users will be able to design focused quality dashboards with results that are important to them, at a glance.

    New call-to-action


      Informe seus dados e deixe uma mensagem para que possamos direciona-lo(a) para um de nossos consultores.

      Primeiro Nome:




      Descreva um resumo da sua dúvida ou sugestão:

      We released Parasoft C/C++test 10.4.2!

      Posted on April 16, 2019 in Static Analysis, in Safety Critical, in Embedded, in Code Coverage, in C/C++ Testing

      AUTOSAR dashboard 2
      The new release of Parasoft C/C++test includes enhancements to static analysis, support for AUTOSAR C++ 14 version 18.10, and an enhanced code coverage module. What does this all mean? Read more below.

      On January 29th, the MISRA and AUTOSAR consortiums announced a merger of the two most popular coding standards for safety-critical C++ development, clarifying two critical things:

      • AUTOSAR C++ 14 will be updated to reflect changes in the C++ language, introduced in C++17
      • There won’t be two competitive coding standards on the market for safety-oriented development in C++

      This is excellent news for the growing number of organizations developing safety-critical systems in C++, who can now confidently invest in their compliance processes for AUTOSAR C++ 14 because the future of the standard is well defined.  

      Expecting this merger to happen, Parasoft heavily invested in enhancing the support for the AUTOSAR C++ 14 coding guidelines. The latest release of Parasoft C/C++test brings an updated automotive compliance pack, and enhancements to static analysis performance. Teams working with large codebases can now improve their productivity by shorter feedback cycles and the ability to review results freshly after source code was changed.

      On the runtime testing side of things, we were working to support our customers collecting code coverage metrics from application/system level testing. An enhanced code coverage module simplifies the setup process, enables users to collect all type of coverage metrics from system/integration/unit testing and supports merging them to generate unified reports.

      Read more below!

      Automotive compliance pack now supports AUTOSAR C++14 version 18.10

      Parasoft C/C++test’s Automotive Compliance Pack now supports the latest version of AUTOSAR C++ 14 Coding Standard. The newest version, 18.10, was released in October 2018, and introduces significant improvements over the previous editions of the coding guidelines. There are new guidelines added to the standard, and some guidelines have new IDs. Teams planning the migration to the latest edition of the coding guidelines should put aside some time budget to analyze the enhancements in the standard to avoid surprises when reviewing compliance reports.   

      The new C/C++test release brings the best coverage for the AUTOSAR coding standard available on the market, combined with dedicated compliance reporting. This powerful solution helps organizations in creating AUTOSAR C++14 compliant code accelerate the process of achieving compliance. The reporting framework helps in managing the compliance process and automatically generates the compliance documentation conforming to the “MISRA 2016” standard, significantly reducing the manual overhead on the compliance activities. 

      Enhanced performance of static analysis

      With the C/C++test 10.4.2 release, the static analysis engine responsible for monitoring compliance with pattern-based rules is now optimized to reduce the analysis time in incremental builds and shorten the feedback cycles between modifying the code and reviewing static analysis results.

      The enhancement responds to the growing size of code bases and increasing use of advanced build systems like Bazel, which heavily utilize team-wide caching and incremental approach to building the source code. It is expected that shorter feedback loops should improve developer productivity, since they can sooner react to reported problems while the modified code is still fresh in their mind. These optimizations were designed for CI/CD deployment, but users working in the IDE can also benefit from them and experience shortened analysis. 

      Enhancements for collecting code coverage from application testing

      To help our users effectively monitor the thoroughness of their system/integration level testing, we’ve enhanced the Parasoft C/C++test code coverage module to better support complex build systems. Users can now select the simplified setup path without creating a dedicated project in the IDE to prepare the instrumented binary. C/C++test now provides a lightweight code coverage utility which can be easily integrated into any build system and used for preparing test binaries. The generated coverage build can be exercised with a user’s set of test scenarios, and collected coverage logs can be merged to get the full image of the code coverage results. In addition, users can combine code coverage results from system, integration, and unit level testing to get the full picture of their testing efforts.  

      Reports can be generated automatically using the command line interface or loaded to IDE for developers analysis and closing the gaps with point-unit tests. The enhanced solution utilizes previously-existing C/C++test components to provide the most effective way for achieving 100% of code coverage for industry popular metrics, starting from statement coverage, going through the block, call, and condition coverage, ending on MC/DC coverage metric.

      Looking into the future 

      Our last three releases were strongly focused on enhancing static analysis. We worked to make our static analysis checkers more precise, time-efficient, and to provide our users with the best coverage for important safety and security coding standards on the market. We are getting very good feedback! Especially customers appreciate the broad coverage of CERTMISRA, and AUTOSAR — a critical factor when selecting a new static analysis tool on the very competitive market.  

      Looking into the near future, we will be investing some more time in C/C++test’s dynamic testing capabilities, especially the unit testing framework. We have a collection of innovations queued up in our backlog which are crying to be implemented. We can’t leave them waiting too long … expect some interesting unit testing goodies in the autumn this year!

      Get a unified C and C++ development testing solution for embedded and safety critical software projects


        Informe seus dados e deixe uma mensagem para que possamos direciona-lo(a) para um de nossos consultores.

        Primeiro Nome:




        Descreva um resumo da sua dúvida ou sugestão: