With this week’s release of Parasoft C/C++test, Jtest, dotTEST 10.3.2, and Parasoft DTP 5.3.2, we are providing numerous enhancements to improve the efficiency of the SDLC along the following themes:
- Building a solid testing pyramid
- Managing the risk of change
- Reducing the burden of compliance
In this post, I will expand on what that means on a more actionable level. Rather watch than read? Here I've explained it in a short video:
Thanks for reporting a problem. We'll attach technical data about this session to help us figure out the issue. Which of these best describes the problem?
Any other details or context?
1. Building a Solid Testing Pyramid
As you assess the best way to validate and test requirements within your application, you are going to typically use one or more testing technique, ranging from unit tests to manual or exploratory testing. Agile and continuous testing best practices recommend applying these techniques in a pyramid, focusing on a solid set of unit tests at the foundation and a minimal set of manual testing at the peak. The reasoning for this is simple: unit tests can be easily automated, quick to execute, and the environmental requirements are straightforward, vs. functional tests, in which environmental requirements make them hard to setup and run continuously.
However, the challenge is that unit tests are notoriously hard to create vs. manual tests that are easy to define and execute (even though you have to wait until the application is fully assembled before you can do manual testing). The reality is that organizations end-up with an ice-cream cone not a pyramid and delay doing complete testing until the end of a sprint or even the end of a release cycle.
The key to a successful testing practice is to strive for the pyramid while blending these techniques together to provide the best ROI for the team – where Investment is time and Return is quality – this is where Parasoft’s suite of development testing tools can help.
Parasoft’s approach is to take what you have ‘today’ and give you visibility up and down the pyramid. By aggregating granular coverage data per-test case for not only unit tests but also the automated and manual functional testing using our coverage engines, DTP is able to merge all the coverage information together into one view for a complete understanding of the test coverage up and down the pyramid – enabling teams to choose the best testing technique or to maximize their ROI.
In this release, we focused on enabling the unit testing foundation of the pyramid.
- For C/C++ developers, this release introduces the C/C++test 10.3 Desktop. It takes all the power from C/C++test 9.6’s unit testing capabilities, including a UI-driven approach to test creation, code isolation framework, advanced code coverage techniques, and streamlined workflow for embedded devices, and combines it with the upgraded static analysis engine and enhanced coverage traceability of the 10.x architecture.
- For Java developers, this release introduces significant enhancements to the Jtest Unit Test Assistant including the ability to bulk create test cases at the package/project level for scalable test creation, applying data mutation when creating parameterize tests for expanded coverage and test boundary conditions, and the simplification of test creation for complex Spring WebMVC controllers.
2. Managing the risk of change
Changes to existing/legacy code is the number one reason for the introduction of new defects into the code base; fixing one problem often has unintended consequences and introduces several more defects. Understanding the scope of the change and the impact on overall quality is key to determining the actions that need to be done to mitigate this risk.
Parasoft helps answer the question “what is the impact of the change?” By analyzing changes across builds, DTP is able to not only determine changes in resources (i.e. ‘files’) but also changes in the quality data (e.g. static analysis findings) and correlate these together to provide visibility of the impact. In the new release, the Change Explorer enables users to understand changes in static analysis results mapped to changes in the resources. Any issues identified during the review can be logged, assigned for remediation, and tracked directly from within DTP’s web interface.
Another key question we help address is, “What should I do to mitigate the risk?” This is where the intelligent analytics provided by the Process Intelligence Engine (PIE) in DTP provides valuable insight. In this release, there are several enhancements to the following analytics within PIE:
- Change Based Testing - Why retest everything in every sprint? Change-based testing enables you to accelerate agile by identifying the subset of tests that need to be re-executed to validate the code changes.
- Modified Code Coverage - Imagine you have a million lines of legacy code with only 20% code coverage. You now change 100 lines of code -- how do you know if your coverage is sufficient? This helps you save time and focus new test creation to ensure you are testing the right part of the code base.
- Risky Code Changes - How much risk is there in the code that you just changed? How well were the changes tested? How well are they constructed? What is the amount of existing quality debt associated with the changed code? This helps answer such questions so the development team can make informed decisions on the best way to mitigate the risk.
- Test Stability Scoring - Did that test failure mean anything or is it always doing that? Where are the real regressions? Test stability scoring helps you understand (1) which failures are important and (2) what tests you need to stabilize so they can provide valuable information.
3. Reducing the burden of compliance
Originally developed for the automotive industry, MISRA has become the de-facto standard across industries (e.g. Medical, Industrial Automation) for embedded software engineering teams focused on developing reliable, predictable, and secure devices. In 2016, MISRA introduced the publication MISRA Compliance:2016 - Achieving compliance with MISRA Coding Guidelines, a set of procedures and reporting requirements for demonstrating compliance with the MISRA standards.
Parasoft C/C++test has complete support for MISRA C:2012, including the additional security guidelines in Amendment 1. In this release, we introduce a new MISRA Compliance Pack for Parasoft DTP that streamlines the creation of all the required artifacts to demonstrate compliance.
As we have seen with the extensions to MISRA (i.e. MISRA C:2012 Amendment 1), there is a cross-industry focus on the application of security best practices to embedded software, driven in part by the explosion of delivery of IoT centric systems. In this release, we have also expanded the security analysis performed by Parasoft C/C++test to include several new rules for the CERT C security standard.
There are a lot of details behind these enhancements to the Parasoft suite of development testing tools that you can read about in the full release notes.
If you are an existing customer, you can check out the Parasoft Customer Portal to get access to the release notes and download the latest installers for the latest features. If you’re new to Parasoft, please request a demo and one of our solution experts will be happy to answer questions and give you a more detailed presentation.