Static analysis tool extends coverage of C++’11 code; eases adoption of best practices

August 15, 2014 // By Graham Prophet
PRQA | Programming Research, a global leader in static analysis, announces a major upgrade to QA·C++. Version 3.2 is the most recent release of this static analysis tool for C++ environments and incorporates extensive new functionality.

QA·C++ 3.2 delivers extended C++'11 coverage, improved enforcement of secure coding best practices, increased range of metrics and easier integration with auto-code generators. The tool is aimed directly at development teams that have transitioned to C++’11. The tool already provides coverage of key C++’11 constructs such as rvalue references and variadic templates. Version 3.2 further extends this coverage, adding user defined literals, the noexcept operator, alias templates, the constexpr keyword, aliginof and alignas, inheriting and delegating constructors.

To support the increasing requirement for the detection of security issues, QA·C++ now includes a pre-configured grouping which comprises security related rules, providing an easier mechanism to assess a source code’s adherence to security related guidelines and best practices. A full mapping of PRQA’s CERT C++ (and CERT C) coverage is also now provided on the CERT website at www.securecoding.cert.org

The number of metrics produced by QA·C++ has effectively doubled from 26 to 53, and Version 3.2 provides 29 function-, 16 file- and 8 class-related metrics. Many of these are specified by Hersteller Initiative Software (HIS), used by the automotive industry as a basis for measuring software quality. These enhancements extend the capabilities of QA·C++ to deliver metrics-based code quality measurement, as well as coding standard enforcement.

QA·C++’s integration with auto-code generators, including Rhapsody, has been further improved, making it easier to differentiate between issues detected in machine-generated code and messages related to hand-written code, helping developers to focus on inspecting and fixing the latter.

Version 3.2 also includes a number of other significant refinements, such as data initialisation in constructors, implicit signed/unsigned conversions and overloaded stream operators, which further reduce noise and improve the overall accuracy of the tool.

A series of short videos is available, providing more information on the new QA·C++ functionality: http://www.programmingresearch.com/resources/video-demos/

PRQA | Programming Research; www.programmingresearch.com