--- template7.2p0.conf 2023-03-07 12:52:41.223333900 -0500 +++ template7.3p0.conf 2023-03-07 12:52:52.086468500 -0500 @@ -1,7 +1,7 @@ # For emacs: -*- Shell-script -*- # ###################################################################### -# CodeSonar 7.2p0 Configuration File +# CodeSonar 7.3p0 Configuration File ###################################################################### # # CodeSonar will use preferences defined in this file when running @@ -269,6 +269,7 @@ # COMPILER_MODELS += i686-pc-mingw32-g++.exe -> gpp # COMPILER_MODELS += i686-pc-mingw32-gcc.exe -> gcc # COMPILER_MODELS += icc430.exe -> icc430 +# COMPILER_MODELS += icc78k.exe -> icc78k # COMPILER_MODELS += iccarm.exe -> iccarm # COMPILER_MODELS += iccavr.exe -> iccavr # COMPILER_MODELS += iccm32c.exe -> iccm32c @@ -450,6 +451,30 @@ # DISABLED_COMPILERS += gcc.exe +# Parameter OVERRIDE_COMPILER_CONF +# +# Purpose +# Specifies whether or not compiler models will override type kinds +# specified in the compiler-specific configuration file with +# information obtained by invoking the native compiler. It is up to +# the compiler model implementation to respect this parameter. +# Currently only the gcc model uses this parameter. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# { Yes, No } +# +# Notes +# It is up to the compiler model implementation to respect this +# parameter. When authoring a compiler model, you should check this +# parameter before passing any EDG front-end options that modify +# type kinds. +# +OVERRIDE_COMPILER_CONF = Yes + + # Parameter DISABLED_COMPILERS # # Tags @@ -536,6 +561,7 @@ # DISABLED_COMPILERS += i686-pc-mingw32-g++.exe # DISABLED_COMPILERS += i686-pc-mingw32-gcc.exe # DISABLED_COMPILERS += icc430.exe +# DISABLED_COMPILERS += icc78k.exe # DISABLED_COMPILERS += iccarm.exe # DISABLED_COMPILERS += iccavr.exe # DISABLED_COMPILERS += iccm32c.exe @@ -732,10 +758,8 @@ # { Yes, No } # # Notes -# This parameter is ignored on non-Windows systems. Its only known -# use is to make sure the parser has access to output files -# produced by the compiler when using Microsoft's #import -# directive. +# Its use is to make sure the parser has access to output files +# produced by the compiler, for example, precompiled headers # ## INVOKE_COMPILER_FIRST = Yes @@ -966,6 +990,10 @@ # /usr/local/testdir/foo.c and /usr/local/testdir/foo.cpp but not # /usr/local/testdir/test1/foo.c. # IGNORED_COMPILATIONS += ^/usr/local/testdir/[^/]+$ +# +# Example 4: Ignore compilations of files located in or under +# Windows directory C:\Program Files\IAR Systems\ +# IGNORED_COMPILATIONS += C:\\Program\ Files\\IAR\ Systems\\.* # Parameter IGNORED_COMPILATION_COMMANDS @@ -2619,6 +2647,177 @@ # Analysis [doc/html/Workings/DistributedAnalysis.html]. +# Parameter REMOTE_ANALYSIS_LAUNCHD +# +# Purpose +# Specifies that the CodeSonar analysis phase should be remote- +# managed, using the specified launch daemon. +# +# Type +# string or integer +# +# Behavior +# If no value is specified for this parameter, the analysis phase +# will be local-managed +# [doc/html/Elements/PROPERTIES_Analysis.html#local_managed_def]. +# +# If a value is specified, the analysis phase +# will be remote-managed +# [doc/html/Elements/PROPERTIES_Analysis.html#remote_analysis] by +# an analysis launch daemon +# [doc/html/Elements/PROPERTIES_Analysis.html#analysis_launchd] +# matching , which can take any of the following +# forms. At least one launch daemon matching +# must already be running. If there are multiple matching launch +# daemons, the hub will select one. +# +# - Positive Integer N : Matches all launch daemons that are +# transitive descendants of the launchd group whose LDGroup ID +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_id] is +# N. +# - Negative Integer -M : Matches the single launch daemon whose +# Launch Daemon ID +# [doc/html/Workings/LaunchDaemon.html#launchd_id] is M. +# - (Integer 0 is not a valid setting.) +# - /Foo/Bar/* : Matches all launch daemons that are transitive +# descendants of the launch daemon group(s) whose LDGroup Path +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_path] +# is /Foo/Bar. Case sensitive. +# - /Foo/Bar/user@machine : Matches all launch laemon(s) whose +# Parent LDGroup +# [doc/html/Workings/LaunchDaemon.html#parent_ldgroup] is +# /Foo/Bar, System User +# [doc/html/Workings/LaunchDaemon.html#pretty_username] is user, +# and Machine [doc/html/Workings/LaunchDaemon.html#machine] is +# machine. Case sensitive. +# +# When the analysis transitions to daemon mode, behavior depends on +# whether or not a separate launch daemon has +# been specified with REMOTE_DAEMON_LAUNCHD= or +# -remote-archive +# [doc/html/Building/BuildingCommandLine.html#remote-archive]. +# - If so, data and control are transferred to , +# which will then service requests from the hub for information +# about the analysis. +# - Otherwise, remains the analysis launch +# daemon after transition to daemon mode. +# +# Notes +# For more information about remote-managed analysis, see Analysis: +# Local and Remote Analysis Management +# [doc/html/Elements/PROPERTIES_Analysis.html#local-remote]. +# +# If security is a concern: +# - Use only trusted launch daemons. +# - Specify a positive or negative integer value for +# REMOTE_DAEMON_LAUNCHD rather than a path: IDs are never reused, +# whereas multiple launch daemon groups can have the same path, +# and the truthfulness of human-readable launch daemon names +# (user@machine) cannot be verified by the hub. +# +# The CodeSonar build phase always takes place locally, regardless +# of this setting. +# +# The -remote [doc/html/Building/BuildingCommandLine.html#remote] +# command line flag takes precedence over this setting. +# +# Examples: +# REMOTE_ANALYSIS_LAUNCHD += /siteA/* +# REMOTE_ANALYSIS_LAUNCHD += /siteA/alex@sparky +# REMOTE_ANALYSIS_LAUNCHD += 123 +# REMOTE_ANALYSIS_LAUNCHD += -123 + + +# Parameter REMOTE_DAEMON_LAUNCHD +# +# Purpose +# Specifies that the CodeSonar analysis should be remote-managed +# after it transitions to daemon mode, using the specified launch +# daemon. +# +# Type +# string or integer +# +# Behavior +# If a value is specified, the analysis phase +# will be remote-managed +# [doc/html/Elements/PROPERTIES_Analysis.html#remote_analysis] by +# an analysis launch daemon +# [doc/html/Elements/PROPERTIES_Analysis.html#analysis_launchd] +# matching , which can take any of the following +# forms. If there are multiple matching launch daemons, the hub +# will select one. +# +# - Positive Integer N : Matches all launch daemons that are +# transitive descendants of the launchd group whose LDGroup ID +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_id] is +# N. +# - Negative Integer -M : Matches the single launch daemon whose +# Launch Daemon ID +# [doc/html/Workings/LaunchDaemon.html#launchd_id] is M. +# - (Integer 0 is not a valid setting.) +# - /Foo/Bar/* : Matches all launch daemons that are transitive +# descendants of the launch daemon group(s) whose LDGroup Path +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_path] +# is /Foo/Bar. Case sensitive. +# - /Foo/Bar/user@machine : Matches all launch laemon(s) whose +# Parent LDGroup +# [doc/html/Workings/LaunchDaemon.html#parent_ldgroup] is +# /Foo/Bar, System User +# [doc/html/Workings/LaunchDaemon.html#pretty_username] is user, +# and Machine [doc/html/Workings/LaunchDaemon.html#machine] is +# machine. Case sensitive. +# +# In the following cases, the analysis launch daemon will not +# change when the analysis transitions into daemon mode. +# - No value specified for this parameter (or -remote-archive +# [doc/html/Building/BuildingCommandLine.html#remote-archive]). +# - REMOTE_DAEMON_LAUNCHD= specified, but no launch daemon +# matching is running. +# - REMOTE_ANALYSIS_LAUNCHD= and REMOTE_DAEMON_LAUNCHD= +# specified with identical values . (If the two are specified +# with different but overlapping values +# REMOTE_ANALYSIS_LAUNCHD= REMOTE_DAEMON_LAUNCHD= CodeSonar +# will select the launch daemons for the analysis phase and +# daemon mode independently. If there is overlap between and +# then the same launch daemon may be selected for both, but +# this is not guaranteed.) +# +# The -remote-archive +# [doc/html/Building/BuildingCommandLine.html#remote-archive] +# command line flag takes precedence over this setting. +# +# Notes +# For more information about remote-managed analysis, see Analysis: +# Local and Remote Analysis Management +# [doc/html/Elements/PROPERTIES_Analysis.html#local-remote]. +# +# If security is a concern: +# - Use only trusted launch daemons. +# - Specify a positive or negative integer value for +# REMOTE_DAEMON_LAUNCHD rather than a path: IDs are never reused, +# whereas multiple launch daemon groups can have the same path, +# and the truthfulness of human-readable launch daemon names +# (user@machine) cannot be verified by the hub. +# +# You can specify REMOTE_DAEMON_LAUNCHD= without +# specifying a value for REMOTE_ANALYSIS_LAUNCHD (or -remote- +# archive [doc/html/Building/BuildingCommandLine.html#remote- +# archive]). When you do this, the analysis phase will run locally, +# then data and control will be transferred to +# for remote management in daemon mode. +# +# The -remote-archive +# [doc/html/Building/BuildingCommandLine.html#remote-archive] +# command line flag takes precedence over this setting. +# +# Examples: +# REMOTE_DAEMON_LAUNCHD += /siteA/* +# REMOTE_DAEMON_LAUNCHD += /siteA/alex@sparky +# REMOTE_DAEMON_LAUNCHD += 123 +# REMOTE_DAEMON_LAUNCHD += -123 + + # Parameter LAUNCHD_GROUP # # Purpose @@ -3606,6 +3805,7 @@ # WARNING_FILTER += discard class="Pool Mismatch" # WARNING_FILTER += discard class="Predictable Seed in PRNG" # WARNING_FILTER += discard class="Raises FE_INVALID" +# WARNING_FILTER += discard class="Read Past Null Terminator" # WARNING_FILTER += discard class="Redundant Condition" # WARNING_FILTER += discard class="Return Pointer to Freed" # WARNING_FILTER += discard class="Return Pointer to Local" @@ -3837,6 +4037,7 @@ # # (C# warning classes) # WARNING_FILTER += discard class="'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument (C#)" +# WARNING_FILTER += discard class="'ThreadStatic' only affects static fields (C#)" # WARNING_FILTER += discard class="== Always Fails Because Types Always Different (C#)" # WARNING_FILTER += discard class="Abs on random (C#)" # WARNING_FILTER += discard class="All members declared in parent interfaces must have an implementation in a DynamicInterfaceCastableImplementation-attributed interface (C#)" @@ -3947,6 +4148,7 @@ # WARNING_FILTER += discard class="Implement serialization constructors (C#)" # WARNING_FILTER += discard class="Impossible Client Side Locking (C#)" # WARNING_FILTER += discard class="Impossible reference comparison (C#)" +# WARNING_FILTER += discard class="Improper 'ThreadStatic' field initialization (C#)" # WARNING_FILTER += discard class="Inappropriate Exception Handler (C#)" # WARNING_FILTER += discard class="Inappropriate Instanceof (C#)" # WARNING_FILTER += discard class="Inefficient Bitwise AND (C#)" @@ -3957,7 +4159,7 @@ # WARNING_FILTER += discard class="Insecure Processing in API Design, XmlDocument and XmlTextReader (C#)" # WARNING_FILTER += discard class="Insecure Random Number Generator (C#)" # WARNING_FILTER += discard class="Insecure XSLT Execution (C#)" -# WARNING_FILTER += discard class="Insecure XSLT script processing. (C#)" +# WARNING_FILTER += discard class="Insecure XSLT script processing (C#)" # WARNING_FILTER += discard class="Instanceof Always False (C#)" # WARNING_FILTER += discard class="Instanceof Always True (C#)" # WARNING_FILTER += discard class="Instantiate argument exceptions correctly (C#)" @@ -3994,10 +4196,15 @@ # WARNING_FILTER += discard class="Possible XML External Entity Reference (C#)" # WARNING_FILTER += discard class="Potential Infinite Recursion (C#)" # WARNING_FILTER += discard class="Prefer 'AsSpan' over 'Substring' (C#)" +# WARNING_FILTER += discard class="Prefer 'Clear' over 'Fill' (C#)" # WARNING_FILTER += discard class="Prefer Dictionary.Contains methods (C#)" # WARNING_FILTER += discard class="Prefer IsEmpty over Count (C#)" +# WARNING_FILTER += discard class="Prefer static 'HashData' method over 'ComputeHash' (C#)" # WARNING_FILTER += discard class="Prefer strongly-typed Append and Insert method overloads on StringBuilder (C#)" +# WARNING_FILTER += discard class="Prefer the 'IDictionary.TryGetValue(TKey, out TValue)' method (C#)" # WARNING_FILTER += discard class="Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' (C#)" +# WARNING_FILTER += discard class="Prevent from behavioral change (C#)" +# WARNING_FILTER += discard class="Property, type, or attribute requires runtime marshalling (C#)" # WARNING_FILTER += discard class="Provide ObsoleteAttribute message (C#)" # WARNING_FILTER += discard class="Provide a parameterless constructor that is as visible as the containing type for concrete types derived from 'System.Runtime.InteropServices.SafeHandle' (C#)" # WARNING_FILTER += discard class="Provide correct 'enum' argument to 'Enum.HasFlag' (C#)" @@ -4020,6 +4227,7 @@ # WARNING_FILTER += discard class="Risky Cryptographic Field (C#)" # WARNING_FILTER += discard class="Risky array store (C#)" # WARNING_FILTER += discard class="SQL Injection (C#)" +# WARNING_FILTER += discard class="Seal internal types (C#)" # WARNING_FILTER += discard class="Set ViewStateUserKey For Classes Derived From Page (C#)" # WARNING_FILTER += discard class="Shadowed Identifier (C#)" # WARNING_FILTER += discard class="Should Use == Instead of equals() (C#)" @@ -4028,6 +4236,7 @@ # WARNING_FILTER += discard class="Specify CultureInfo (C#)" # WARNING_FILTER += discard class="Specify IFormatProvider (C#)" # WARNING_FILTER += discard class="Specify StringComparison for correctness (C#)" +# WARNING_FILTER += discard class="Specify a culture or use an invariant version (C#)" # WARNING_FILTER += discard class="Specify marshaling for P/Invoke string arguments (C#)" # WARNING_FILTER += discard class="Static Field Assigned Non-Static (C#)" # WARNING_FILTER += discard class="Synchronization on Interned String (C#)" @@ -4056,9 +4265,11 @@ # WARNING_FILTER += discard class="Test for NaN correctly (C#)" # WARNING_FILTER += discard class="The 'ModuleInitializer' attribute should not be used in libraries (C#)" # WARNING_FILTER += discard class="This API requires opting into preview features (C#)" +# WARNING_FILTER += discard class="This method uses runtime marshalling even when the 'DisableRuntimeMarshallingAttribute' is applied (C#)" # WARNING_FILTER += discard class="Types that own disposable fields should be disposable (C#)" # WARNING_FILTER += discard class="Unchecked Parameter Dereference (C#)" # WARNING_FILTER += discard class="Unnecessary Field (C#)" +# WARNING_FILTER += discard class="Unnecessary call to 'Dictionary.ContainsKey(key)' (C#)" # WARNING_FILTER += discard class="Unreachable Instruction (C#)" # WARNING_FILTER += discard class="Unused Class (C#)" # WARNING_FILTER += discard class="Unused Field (C#)" @@ -4085,6 +4296,7 @@ # WARNING_FILTER += discard class="Use XmlReader for XPathDocument constructor (C#)" # WARNING_FILTER += discard class="Use XmlReader for XmlValidatingReader constructor (C#)" # WARNING_FILTER += discard class="Use char literal for a single character lookup (C#)" +# WARNING_FILTER += discard class="Use correct type parameter (C#)" # WARNING_FILTER += discard class="Use nameof to express symbol names (C#)" # WARNING_FILTER += discard class="Use ordinal string comparison (C#)" # WARNING_FILTER += discard class="Use span-based 'string.Concat' (C#)" @@ -4096,6 +4308,7 @@ # WARNING_FILTER += discard class="Useless Synchronization (C#)" # WARNING_FILTER += discard class="Useless volatile Modifier (C#)" # WARNING_FILTER += discard class="Validate platform compatibility (C#)" +# WARNING_FILTER += discard class="Validate platform compatibility - obsoleted APIs (C#)" # WARNING_FILTER += discard class="Weak Cryptographic Value (C#)" # WARNING_FILTER += discard class="Weak Hash Algorithm (C#)" # WARNING_FILTER += discard class="Weak Hash Algorithm Field (C#)" @@ -4189,6 +4402,7 @@ # WARNING_FILTER += allow class="Implicit Address of Function" # WARNING_FILTER += allow class="Implicit Function Declaration" # WARNING_FILTER += allow class="Implicit Lambda Capture" +# WARNING_FILTER += allow class="Inappropriate Argument Type" # WARNING_FILTER += allow class="Inappropriate Assignment Type" # WARNING_FILTER += allow class="Inappropriate Bit-field Type" # WARNING_FILTER += allow class="Inappropriate Cast Type" @@ -4201,6 +4415,7 @@ # WARNING_FILTER += allow class="Inconsistent Enumerator Initialization" # WARNING_FILTER += allow class="Inconsistent Function Declarations" # WARNING_FILTER += allow class="Inconsistent Object Declarations" +# WARNING_FILTER += allow class="Indeterminate Order of Evaluation" # WARNING_FILTER += allow class="Initialization Cycle" # WARNING_FILTER += allow class="Inline Assembly Code" # WARNING_FILTER += allow class="Inline Function Not static" @@ -4236,6 +4451,7 @@ # WARNING_FILTER += allow class="Memory Protection Removal" # WARNING_FILTER += allow class="Method Default Value Mismatch" # WARNING_FILTER += allow class="Microsoft Extension" +# WARNING_FILTER += allow class="Mismatched Argument Types" # WARNING_FILTER += allow class="Mismatched Operand Types" # WARNING_FILTER += allow class="Misplaced Return Statement" # WARNING_FILTER += allow class="Misplaced Using Declaration" @@ -4250,6 +4466,7 @@ # WARNING_FILTER += allow class="Missing Lock Release" # WARNING_FILTER += allow class="Missing Parentheses" # WARNING_FILTER += allow class="Missing Test of Error Code" +# WARNING_FILTER += allow class="Missing Type Specifier" # WARNING_FILTER += allow class="Missing break" # WARNING_FILTER += allow class="Missing default" # WARNING_FILTER += allow class="Missing for-loop Step" @@ -4273,6 +4490,7 @@ # WARNING_FILTER += allow class="Nested Locks" # WARNING_FILTER += allow class="No Matching #endif" # WARNING_FILTER += allow class="No Matching #if" +# WARNING_FILTER += allow class="No Previous Declaration" # WARNING_FILTER += allow class="Non-Boolean Preprocessor Expression" # WARNING_FILTER += allow class="Non-const String Literal" # WARNING_FILTER += allow class="Non-distinct Identifiers: External Names" @@ -4306,6 +4524,7 @@ # WARNING_FILTER += allow class="Recursive Macro" # WARNING_FILTER += allow class="Restrict Qualifier Used" # WARNING_FILTER += allow class="Return from Computational Exception Signal Handler" +# WARNING_FILTER += allow class="Returned Pointer Not Treated as const" # WARNING_FILTER += allow class="Risky Integer Promotion" # WARNING_FILTER += allow class="Scope Could Be File Static" # WARNING_FILTER += allow class="Scope Could Be Local Static" @@ -4376,6 +4595,10 @@ # WARNING_FILTER += allow class="Use of AddAccessDeniedAce" # WARNING_FILTER += allow class="Use of AfxLoadLibrary" # WARNING_FILTER += allow class="Use of AfxParseURL" +# WARNING_FILTER += allow class="Use of Alignas" +# WARNING_FILTER += allow class="Use of Alignof" +# WARNING_FILTER += allow class="Use of C Atomic" +# WARNING_FILTER += allow class="Use of C Generic" # WARNING_FILTER += allow class="Use of CoLoadLibrary" # WARNING_FILTER += allow class="Use of Comma Operator" # WARNING_FILTER += allow class="Use of Condition Variable Signal" @@ -4384,74 +4607,147 @@ # WARNING_FILTER += allow class="Use of CreateProcess" # WARNING_FILTER += allow class="Use of CreateThread" # WARNING_FILTER += allow class="Use of FormatMessage" +# WARNING_FILTER += allow class="Use of L_tmpnam_s" # WARNING_FILTER += allow class="Use of LoadLibrary" # WARNING_FILTER += allow class="Use of LoadModule" # WARNING_FILTER += allow class="Use of MoveFile" +# WARNING_FILTER += allow class="Use of Noreturn" # WARNING_FILTER += allow class="Use of OemToAnsi" # WARNING_FILTER += allow class="Use of OemToChar" # WARNING_FILTER += allow class="Use of SHCreateProcessAsUserW" # WARNING_FILTER += allow class="Use of ShellExecute" # WARNING_FILTER += allow class="Use of StrCatChainW" +# WARNING_FILTER += allow class="Use of TMP_MAX_S" +# WARNING_FILTER += allow class="Use of Thread Local" # WARNING_FILTER += allow class="Use of WinExec" # WARNING_FILTER += allow class="Use of XML_ExternalEntityParserCreate" # WARNING_FILTER += allow class="Use of _exec" # WARNING_FILTER += allow class="Use of _spawn" # WARNING_FILTER += allow class="Use of abort" +# WARNING_FILTER += allow class="Use of abort_handler_s" +# WARNING_FILTER += allow class="Use of asctime_s" # WARNING_FILTER += allow class="Use of atof" # WARNING_FILTER += allow class="Use of atoi" # WARNING_FILTER += allow class="Use of atol" # WARNING_FILTER += allow class="Use of atoll" # WARNING_FILTER += allow class="Use of bsearch" +# WARNING_FILTER += allow class="Use of bsearch_s" # WARNING_FILTER += allow class="Use of catch" # WARNING_FILTER += allow class="Use of catopen" # WARNING_FILTER += allow class="Use of chroot" +# WARNING_FILTER += allow class="Use of constraint_handler_t" +# WARNING_FILTER += allow class="Use of ctime_s" # WARNING_FILTER += allow class="Use of cuserid" # WARNING_FILTER += allow class="Use of execlp" # WARNING_FILTER += allow class="Use of execvp" # WARNING_FILTER += allow class="Use of exit" +# WARNING_FILTER += allow class="Use of fopen_s" # WARNING_FILTER += allow class="Use of fork" +# WARNING_FILTER += allow class="Use of fprintf_s" +# WARNING_FILTER += allow class="Use of freopen_s" +# WARNING_FILTER += allow class="Use of fscanf_s" +# WARNING_FILTER += allow class="Use of fwprintf_s" +# WARNING_FILTER += allow class="Use of fwscanf_s" # WARNING_FILTER += allow class="Use of getenv" +# WARNING_FILTER += allow class="Use of getenv_s" # WARNING_FILTER += allow class="Use of getlogin" # WARNING_FILTER += allow class="Use of getopt" # WARNING_FILTER += allow class="Use of getpass" +# WARNING_FILTER += allow class="Use of gets_s" # WARNING_FILTER += allow class="Use of getwd" +# WARNING_FILTER += allow class="Use of gmtime_s" +# WARNING_FILTER += allow class="Use of ignore_handler_s" +# WARNING_FILTER += allow class="Use of localtime_s" # WARNING_FILTER += allow class="Use of longjmp" +# WARNING_FILTER += allow class="Use of mbsrtowcs_s" +# WARNING_FILTER += allow class="Use of mbstowcs_s" # WARNING_FILTER += allow class="Use of memcmp" +# WARNING_FILTER += allow class="Use of memcpy_s" +# WARNING_FILTER += allow class="Use of memmove_s" # WARNING_FILTER += allow class="Use of memset" +# WARNING_FILTER += allow class="Use of memset_s" # WARNING_FILTER += allow class="Use of mkstemp" # WARNING_FILTER += allow class="Use of offsetof" # WARNING_FILTER += allow class="Use of popen" +# WARNING_FILTER += allow class="Use of printf_s" # WARNING_FILTER += allow class="Use of pthread_kill" # WARNING_FILTER += allow class="Use of putenv" # WARNING_FILTER += allow class="Use of qsort" +# WARNING_FILTER += allow class="Use of qsort_s" # WARNING_FILTER += allow class="Use of rand" # WARNING_FILTER += allow class="Use of rand48 Function" # WARNING_FILTER += allow class="Use of random" # WARNING_FILTER += allow class="Use of realloc" # WARNING_FILTER += allow class="Use of realpath" # WARNING_FILTER += allow class="Use of recvmsg" +# WARNING_FILTER += allow class="Use of scanf_s" +# WARNING_FILTER += allow class="Use of set_constraint_handler_s" # WARNING_FILTER += allow class="Use of setjmp" # WARNING_FILTER += allow class="Use of setuid" # WARNING_FILTER += allow class="Use of signal" +# WARNING_FILTER += allow class="Use of snprintf_s" +# WARNING_FILTER += allow class="Use of snwprintf_s" +# WARNING_FILTER += allow class="Use of sprintf_s" +# WARNING_FILTER += allow class="Use of sscanf_s" # WARNING_FILTER += allow class="Use of strcat" +# WARNING_FILTER += allow class="Use of strcat_s" # WARNING_FILTER += allow class="Use of strchr" # WARNING_FILTER += allow class="Use of strcmp" # WARNING_FILTER += allow class="Use of strcoll" # WARNING_FILTER += allow class="Use of strcpy" +# WARNING_FILTER += allow class="Use of strcpy_s" # WARNING_FILTER += allow class="Use of strcspn" +# WARNING_FILTER += allow class="Use of strerror_s" +# WARNING_FILTER += allow class="Use of strerrorlen_s" # WARNING_FILTER += allow class="Use of strlen" +# WARNING_FILTER += allow class="Use of strncat_s" +# WARNING_FILTER += allow class="Use of strncpy_s" +# WARNING_FILTER += allow class="Use of strnlen_s" # WARNING_FILTER += allow class="Use of strpbrk" # WARNING_FILTER += allow class="Use of strrchr" # WARNING_FILTER += allow class="Use of strspn" # WARNING_FILTER += allow class="Use of strstr" # WARNING_FILTER += allow class="Use of strtok" +# WARNING_FILTER += allow class="Use of strtok_s" # WARNING_FILTER += allow class="Use of strtrns" +# WARNING_FILTER += allow class="Use of swprintf_s" +# WARNING_FILTER += allow class="Use of swscanf_s" # WARNING_FILTER += allow class="Use of syslog" # WARNING_FILTER += allow class="Use of system" # WARNING_FILTER += allow class="Use of t_open" # WARNING_FILTER += allow class="Use of throw" +# WARNING_FILTER += allow class="Use of tmpfile_s" +# WARNING_FILTER += allow class="Use of tmpnam_s" # WARNING_FILTER += allow class="Use of ttyname" # WARNING_FILTER += allow class="Use of vfork" +# WARNING_FILTER += allow class="Use of vfprintf_s" +# WARNING_FILTER += allow class="Use of vfscanf_s" +# WARNING_FILTER += allow class="Use of vfwprintf_s" +# WARNING_FILTER += allow class="Use of vfwscanf_s" +# WARNING_FILTER += allow class="Use of vprintf_s" +# WARNING_FILTER += allow class="Use of vscanf_s" +# WARNING_FILTER += allow class="Use of vsnprintf_s" +# WARNING_FILTER += allow class="Use of vsnwprintf_s" +# WARNING_FILTER += allow class="Use of vsprintf_s" +# WARNING_FILTER += allow class="Use of vsscanf_s" +# WARNING_FILTER += allow class="Use of vswprintf_s" +# WARNING_FILTER += allow class="Use of vswscanf_s" +# WARNING_FILTER += allow class="Use of vwprintf_s" +# WARNING_FILTER += allow class="Use of vwscanf_s" +# WARNING_FILTER += allow class="Use of wcrtomb_s" +# WARNING_FILTER += allow class="Use of wcscat_s" +# WARNING_FILTER += allow class="Use of wcscpy_s" +# WARNING_FILTER += allow class="Use of wcsncat_s" +# WARNING_FILTER += allow class="Use of wcsncpy_s" +# WARNING_FILTER += allow class="Use of wcsnlen_s" +# WARNING_FILTER += allow class="Use of wcsrtombs_s" +# WARNING_FILTER += allow class="Use of wcstok_s" +# WARNING_FILTER += allow class="Use of wcstombs_s" +# WARNING_FILTER += allow class="Use of wctomb_s" +# WARNING_FILTER += allow class="Use of wmemcpy_s" +# WARNING_FILTER += allow class="Use of wmemmove_s" +# WARNING_FILTER += allow class="Use of wprintf_s" +# WARNING_FILTER += allow class="Use of wscanf_s" # WARNING_FILTER += allow class="Using Declaration in Header File" # WARNING_FILTER += allow class="Using Directive in Header File" # WARNING_FILTER += allow class="Using Directive" @@ -4465,6 +4761,7 @@ # WARNING_FILTER += allow class="Write to Read Only File" # WARNING_FILTER += allow class="chroot without chdir" # WARNING_FILTER += allow class="delete with Non-Virtual Destructor" +# WARNING_FILTER += allow class="sizeof Array Parameter" # # (Java warning classes) # WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" @@ -4622,6 +4919,7 @@ # WARNING_FILTER += allow class="Operators should have symmetrical overloads (C#)" # WARNING_FILTER += allow class="Override equals and operator equals on value types (C#)" # WARNING_FILTER += allow class="Pass system uri objects instead of strings (C#)" +# WARNING_FILTER += allow class="Possible multiple enumerations of 'IEnumerable' collection (C#)" # WARNING_FILTER += allow class="Potential reference cycle in deserialized object graph (C#)" # WARNING_FILTER += allow class="Prefer jagged arrays over multidimensional (C#)" # WARNING_FILTER += allow class="Properties should not be write only (C#)" @@ -4699,6 +4997,7 @@ WARNING_FILTER += discard language="C++" is_sysinclude WARNING_FILTER += discard class="Cast Alters Value" is_sysinclude WARNING_FILTER += discard class="Undefined Macro in #if" is_sysinclude +WARNING_FILTER += discard class="Read Past Null Terminator" procedure:"::char_traits::compare" # Parameter SKIP_ANALYSIS_OF # @@ -5726,6 +6025,228 @@ BAD_FUNCTION_BASE_RANK = 1.0 BAD_FUNCTION_SIGNIFICANCE = SECURITY +## #### The following functions and macros are forbidden by Misra C 2012 1.4. +## The Misra specification refers to Annex K. I gleaned the list of functions, +## types and macros from https://open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf. +## Note that the categories, rank, and significance are all specified in the +## manifest. + +BAD_FUNCTION_REGEX = ^tmpfile_s$ +BAD_FUNCTION_MESSAGE = Use of tmpfile_s + +BAD_FUNCTION_REGEX = ^tmpnam_s$ +BAD_FUNCTION_MESSAGE = Use of tmpnam_s + +BAD_FUNCTION_REGEX = ^fopen_s$ +BAD_FUNCTION_MESSAGE = Use of fopen_s + +BAD_FUNCTION_REGEX = ^freopen_s$ +BAD_FUNCTION_MESSAGE = Use of freopen_s + +BAD_FUNCTION_REGEX = ^snprintf_s$ +BAD_FUNCTION_MESSAGE = Use of snprintf_s + +BAD_FUNCTION_REGEX = ^sprintf_s$ +BAD_FUNCTION_MESSAGE = Use of sprintf_s + +BAD_FUNCTION_REGEX = ^printf_s$ +BAD_FUNCTION_MESSAGE = Use of printf_s + +BAD_FUNCTION_REGEX = ^fprintf_s$ +BAD_FUNCTION_MESSAGE = Use of fprintf_s + +BAD_FUNCTION_REGEX = ^vprintf_s$ +BAD_FUNCTION_MESSAGE = Use of vprintf_s + +BAD_FUNCTION_REGEX = ^vfprintf_s$ +BAD_FUNCTION_MESSAGE = Use of vfprintf_s + +BAD_FUNCTION_REGEX = ^vsprintf_s$ +BAD_FUNCTION_MESSAGE = Use of vsprintf_s + +BAD_FUNCTION_REGEX = ^vsnprintf_s$ +BAD_FUNCTION_MESSAGE = Use of vsnprintf_s + +BAD_FUNCTION_REGEX = ^scanf_s$ +BAD_FUNCTION_MESSAGE = Use of scanf_s + +BAD_FUNCTION_REGEX = ^vscanf_s$ +BAD_FUNCTION_MESSAGE = Use of vscanf_s + +BAD_FUNCTION_REGEX = ^vsscanf_s$ +BAD_FUNCTION_MESSAGE = Use of vsscanf_s + +BAD_FUNCTION_REGEX = ^sscanf_s$ +BAD_FUNCTION_MESSAGE = Use of sscanf_s + +BAD_FUNCTION_REGEX = ^fscanf_s$ +BAD_FUNCTION_MESSAGE = Use of fscanf_s + +BAD_FUNCTION_REGEX = ^vfscanf_s$ +BAD_FUNCTION_MESSAGE = Use of vfscanf_s + +BAD_FUNCTION_REGEX = ^gets_s$ +BAD_FUNCTION_MESSAGE = Use of gets_s + +BAD_FUNCTION_REGEX = ^constraint_handler_t$ +BAD_FUNCTION_MESSAGE = Use of constraint_handler_t + +BAD_FUNCTION_REGEX = ^set_constraint_handler_s$ +BAD_FUNCTION_MESSAGE = Use of set_constraint_handler_s + +BAD_FUNCTION_REGEX = ^abort_handler_s$ +BAD_FUNCTION_MESSAGE = Use of abort_handler_s + +BAD_FUNCTION_REGEX = ^ignore_handler_s$ +BAD_FUNCTION_MESSAGE = Use of ignore_handler_s + +BAD_FUNCTION_REGEX = ^getenv_s$ +BAD_FUNCTION_MESSAGE = Use of getenv_s + +BAD_FUNCTION_REGEX = ^bsearch_s$ +BAD_FUNCTION_MESSAGE = Use of bsearch_s + +BAD_FUNCTION_REGEX = ^qsort_s$ +BAD_FUNCTION_MESSAGE = Use of qsort_s + +BAD_FUNCTION_REGEX = ^wctomb_s$ +BAD_FUNCTION_MESSAGE = Use of wctomb_s + +BAD_FUNCTION_REGEX = ^mbstowcs_s$ +BAD_FUNCTION_MESSAGE = Use of mbstowcs_s + +BAD_FUNCTION_REGEX = ^wcstombs_s$ +BAD_FUNCTION_MESSAGE = Use of wcstombs_s + +BAD_FUNCTION_REGEX = ^memcpy_s$ +BAD_FUNCTION_MESSAGE = Use of memcpy_s + +BAD_FUNCTION_REGEX = ^memset_s$ +BAD_FUNCTION_MESSAGE = Use of memset_s + +BAD_FUNCTION_REGEX = ^memmove_s$ +BAD_FUNCTION_MESSAGE = Use of memmove_s + +BAD_FUNCTION_REGEX = ^strcpy_s$ +BAD_FUNCTION_MESSAGE = Use of strcpy_s + +BAD_FUNCTION_REGEX = ^strncpy_s$ +BAD_FUNCTION_MESSAGE = Use of strncpy_s + +BAD_FUNCTION_REGEX = ^strnlen_s$ +BAD_FUNCTION_MESSAGE = Use of strnlen_s + +BAD_FUNCTION_REGEX = ^strcat_s$ +BAD_FUNCTION_MESSAGE = Use of strcat_s + +BAD_FUNCTION_REGEX = ^strncat_s$ +BAD_FUNCTION_MESSAGE = Use of strncat_s + +BAD_FUNCTION_REGEX = ^strtok_s$ +BAD_FUNCTION_MESSAGE = Use of strtok_s + +BAD_FUNCTION_REGEX = ^strerror_s$ +BAD_FUNCTION_MESSAGE = Use of strerror_s + +BAD_FUNCTION_REGEX = ^strerrorlen_s$ +BAD_FUNCTION_MESSAGE = Use of strerrorlen_s + +BAD_FUNCTION_REGEX = ^fwprintf_s$ +BAD_FUNCTION_MESSAGE = Use of fwprintf_s + +BAD_FUNCTION_REGEX = ^fwscanf_s$ +BAD_FUNCTION_MESSAGE = Use of fwscanf_s + +BAD_FUNCTION_REGEX = ^snwprintf_s$ +BAD_FUNCTION_MESSAGE = Use of snwprintf_s + +BAD_FUNCTION_REGEX = ^swprintf_s$ +BAD_FUNCTION_MESSAGE = Use of swprintf_s + +BAD_FUNCTION_REGEX = ^swscanf_s$ +BAD_FUNCTION_MESSAGE = Use of swscanf_s + +BAD_FUNCTION_REGEX = ^vfwprintf_s$ +BAD_FUNCTION_MESSAGE = Use of vfwprintf_s + +BAD_FUNCTION_REGEX = ^vfwscanf_s$ +BAD_FUNCTION_MESSAGE = Use of vfwscanf_s + +BAD_FUNCTION_REGEX = ^vsnwprintf_s$ +BAD_FUNCTION_MESSAGE = Use of vsnwprintf_s + +BAD_FUNCTION_REGEX = ^vswprintf_s$ +BAD_FUNCTION_MESSAGE = Use of vswprintf_s + +BAD_FUNCTION_REGEX = ^vswscanf_s$ +BAD_FUNCTION_MESSAGE = Use of vswscanf_s + +BAD_FUNCTION_REGEX = ^vwprintf_s$ +BAD_FUNCTION_MESSAGE = Use of vwprintf_s + +BAD_FUNCTION_REGEX = ^vwscanf_s$ +BAD_FUNCTION_MESSAGE = Use of vwscanf_s + +BAD_FUNCTION_REGEX = ^wprintf_s$ +BAD_FUNCTION_MESSAGE = Use of wprintf_s + +BAD_FUNCTION_REGEX = ^wscanf_s$ +BAD_FUNCTION_MESSAGE = Use of wscanf_s + +BAD_FUNCTION_REGEX = ^wcscpy_s$ +BAD_FUNCTION_MESSAGE = Use of wcscpy_s + +BAD_FUNCTION_REGEX = ^wcsncpy_s$ +BAD_FUNCTION_MESSAGE = Use of wcsncpy_s + +BAD_FUNCTION_REGEX = ^wmemcpy_s$ +BAD_FUNCTION_MESSAGE = Use of wmemcpy_s + +BAD_FUNCTION_REGEX = ^wmemmove_s$ +BAD_FUNCTION_MESSAGE = Use of wmemmove_s + +BAD_FUNCTION_REGEX = ^wcscat_s$ +BAD_FUNCTION_MESSAGE = Use of wcscat_s + +BAD_FUNCTION_REGEX = ^wcsncat_s$ +BAD_FUNCTION_MESSAGE = Use of wcsncat_s + +BAD_FUNCTION_REGEX = ^wcstok_s$ +BAD_FUNCTION_MESSAGE = Use of wcstok_s + +BAD_FUNCTION_REGEX = ^wcsnlen_s$ +BAD_FUNCTION_MESSAGE = Use of wcsnlen_s + +BAD_FUNCTION_REGEX = ^wcrtomb_s$ +BAD_FUNCTION_MESSAGE = Use of wcrtomb_s + +BAD_FUNCTION_REGEX = ^mbsrtowcs_s$ +BAD_FUNCTION_MESSAGE = Use of mbsrtowcs_s + +BAD_FUNCTION_REGEX = ^wcsrtombs_s$ +BAD_FUNCTION_MESSAGE = Use of wcsrtombs_s + +BAD_FUNCTION_REGEX = ^asctime_s$ +BAD_FUNCTION_MESSAGE = Use of asctime_s + +BAD_FUNCTION_REGEX = ^ctime_s$ +BAD_FUNCTION_MESSAGE = Use of ctime_s + +BAD_FUNCTION_REGEX = ^gmtime_s$ +BAD_FUNCTION_MESSAGE = Use of gmtime_s + +BAD_FUNCTION_REGEX = ^localtime_s$ +BAD_FUNCTION_MESSAGE = Use of localtime_s + + +BAD_MACRO_CLASS = Use of L_tmpnam_s +BAD_MACRO_NAME = ^(L_tmpnam_s)$ + +BAD_MACRO_CLASS = Use of TMP_MAX_S +BAD_MACRO_NAME = ^(TMP_MAX_S)$ + +###### End of bad functions and macros forbidden by Misra C 2012 1.4 + # Parameter PLUGINS # # Purpose @@ -6840,6 +7361,117 @@ TIME_LIMIT_TAINT_REFINE_PER_PROCEDURE = 200 +# Parameter MOVED_FROM_UV_WHITELIST +# +# Purpose +# Specifes exceptions to the Uninitialized Variable checks on +# moved-from objects (when enabled). In particular, specifies +# classes whose objects will not be treated as uninitialized after +# they have been moved from. +# +# Tags +# - WC_LANG.MEM.UVAR: Used by Uninitialized Variable +# +# Type +# Boost 'POSIX Extended Regular Expression' +# [http://www.boost.org/doc/libs/1_63_0/libs/regex/doc/html/boost_regex/syntax/basic_extended.html] +# +# Behavior +# Suppose MOVED_FROM_UV_CHECK_ENABLED=Yes and we have some object O +# that has been left in moved-from state by a move constructor or +# move assignment. +# +# - If O's class matches a MOVED_FROM_UV_WHITELIST regular +# expression, CodeSonar will NOT issue a Uninitialized Variable +# warning if O is used while it is in moved-from state. +# - Otherwise, CodeSonar will issue a Uninitialized Variable +# warning in this case. +# +# If MOVED_FROM_UV_CHECK_ENABLED=No, Uninitialized Variable +# warnings are never issued for uses of moved-from objects and this +# parameter has no effect. +# +# Notes +# Objects passed to move constructors or move assignments are left +# in a moved-from state. The state of such objects is valid but +# unspecified: you can reestablish known state by, for example, +# assigning new values. +# +# Certain implementations of classes in the standard library +# guarantee that state for some members is preserved after an +# object has been moved from, and then makes use of these members +# in subsequent assignments. +# +# For example, some std::string implementations guarantee that the +# members that handle memory allocation are preserved when a string +# object S has been moved-from, and then use those members when S +# is reassigned. Because this preservation guarantee is not +# represented in the code, CodeSonar cannot take it into account +# and will issue a warning for valid reinitializations like the +# following. +# std::string a( "abcd" ); +# std::string b( std::move( a ) ); +# a = "efgh"; // *** constructor makes use of preserved members +# +# When the code is using a std::string implementation that +# preserves and reuses moved-from, the assignment at the marked +# line will cause a Uninitialized Variable warning. The warning +# location will not be at the assignment, but at the statement that +# reuses the memory allocation member: generally in library code. +# +# - You can suppress this individual warning in the CodeSonar GUI +# or construct a WARNING_FILTER discard rule to discard it based +# on line contents or other properties. +# - To specify that Uninitialized Variable warnings should NEVER be +# issued for moved-from objects of class std::basic_string, you +# can use a MOVED_FROM_UV_WHITELIST rule: +# MOVED_FROM_UV_WHITELIST += ^std:.*:basic_string: + +MOVED_FROM_UV_WHITELIST += ^std:.*:unique_ptr: +MOVED_FROM_UV_WHITELIST += ^std:.*:shared_ptr: +MOVED_FROM_UV_WHITELIST += ^std:.*:weak_ptr: +MOVED_FROM_UV_WHITELIST += ^std:.*:basic_ios: +MOVED_FROM_UV_WHITELIST += ^std:.*:basic_filebuf: +MOVED_FROM_UV_WHITELIST += ^std:.*:thread: +MOVED_FROM_UV_WHITELIST += ^std:.*:unique_lock: +MOVED_FROM_UV_WHITELIST += ^std:.*:shared_lock: +MOVED_FROM_UV_WHITELIST += ^std:.*:promise: +MOVED_FROM_UV_WHITELIST += ^std:.*:future: +MOVED_FROM_UV_WHITELIST += ^std:.*:shared_future: +MOVED_FROM_UV_WHITELIST += ^std:.*:packaged_task: + + +# Parameter MOVED_FROM_UV_CHECK_ENABLED +# +# Purpose +# Specifies whether objects left in moved-from state by a move +# constructor or move assignment should be considered uninitialized +# when performing checks for Uninitialized Variable. +# +# Tags +# - WC_LANG.MEM.UVAR: Used by Uninitialized Variable +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : Issue Uninitialized Variable warnings when objects left +# in moved-from state are used before being reinitialized. +# - No : Do not issue Uninitialized Variable warnings for uses of +# moved-from objects. +# +# Notes +# Objects passed to move constructors or move assignments are left +# in a moved-from state. The state of such objects is valid but +# unspecified: you can reestablish known state by, for example, +# assigning new values. +# +# Use MOVED_FROM_UV_WHITELIST to suppress these warnings for +# individual object classes. + +MOVED_FROM_UV_CHECK_ENABLED = Yes + + # Parameter TIME_LIMIT_LIVEVAR # # Purpose @@ -12553,6 +13185,18 @@ # # The following metrics are disabled by default. To enable a # particular metric class, use the corresponding "allow" rule. +# METRIC_FILTER += allow metric="CALLING" +# METRIC_FILTER += allow metric="CALLS" +# METRIC_FILTER += allow metric="GOTO" +# METRIC_FILTER += allow metric="STMIF" +# METRIC_FILTER += allow metric="NCOMM" +# METRIC_FILTER += allow metric="NPATH" +# METRIC_FILTER += allow metric="PARAM" +# METRIC_FILTER += allow metric="RETURN" +# METRIC_FILTER += allow metric="STST1" +# METRIC_FILTER += allow metric="STST2" +# METRIC_FILTER += allow metric="STST3" +# METRIC_FILTER += allow metric="STPTH" # METRIC_FILTER += allow metric="n1" # METRIC_FILTER += allow metric="N1" # METRIC_FILTER += allow metric="n2" @@ -13099,6 +13743,64 @@ # NON_TERMINATING_LOOP_MARK += while *[(] *1 *[)] +# Parameter PRJ_FILES_SIZE_PREDICTION_LINEAR_MODEL_SLOPE +# Parameter PRJ_FILES_SIZE_PREDICTION_LINEAR_MODEL_INTERCEPT +# +# Purpose +# For remote-managed analyses, specify the parameters in the linear +# model used to estimate the disk requirements for the analysis +# directory. +# +# Type +# real number +# +# Behavior +# As part of the data and control transfer for a remote-managed +# analysis +# [doc/html/Elements/PROPERTIES_Analysis.html#remote_analysis], +# CodeSonar estimates the the final size of the analysis directory +# [doc/html/Elements/PROPERTIES_Analysis.html#analysis_dir] as +# follows. +# P = S*B + I +# where: +# - P is the the predicted analysis directory size after analysis +# - B is the size of the build directory +# [doc/html/Elements/PROPERTIES_Analysis.html#build_dir] after +# all and before analysis +# - S is the value of PRJ_FILES_SIZE_PREDICTION_LINEAR_MODEL_SLOPE +# - I is the value of +# PRJ_FILES_SIZE_PREDICTION_LINEAR_MODEL_INTERCEPT +# +# If the launch daemon L specified for the analysis cannot +# accommodate the predicted final size of the analysis directory, +# the analysis will fail. +# +# Specifically, the Space Quota +# [doc/html/Workings/LaunchDaemon.html#space_quota] for L must be +# sufficient to accommodate the following. +# +# - The predicted final size P, +# - AND the total size of all analysis directories for completed +# remote analyses that used L, +# - AND the predicted final sizes of all currently running remote +# analyses using L. +# +# If multiple candidate launch daemons are specified, CodeSonar +# will choose one that can accommodate the predicted final size, or +# fail if there are no such launch daemons. +# +# These parameters have no effect for local-managed analyses +# [doc/html/Elements/PROPERTIES_Analysis.html#local_analysis]. +# +# Notes +# Adjust these parameters if you are experiencing problems due to +# estimated size being too high (so analysis fails even though the +# analysis directory could actually be accommodated) or too low. + +PRJ_FILES_SIZE_PREDICTION_LINEAR_MODEL_SLOPE=2.0 +PRJ_FILES_SIZE_PREDICTION_LINEAR_MODEL_INTERCEPT=20 + + # Parameter PROGRAM_ENTRY_POINTS # # Purpose @@ -15231,7 +15933,7 @@ # # See also SIGNIFICANCE_LEN_MACRO, SIGNIFICANCE_LEN_OTHER. -## SIGNIFICANCE_LEN_EXTERN = -1 +SIGNIFICANCE_LEN_EXTERN = -1 # Parameter SIGNIFICANCE_LEN_MACRO @@ -15266,7 +15968,7 @@ # # See also SIGNIFICANCE_LEN_EXTERN, SIGNIFICANCE_LEN_OTHER. -## SIGNIFICANCE_LEN_MACRO = -1 +SIGNIFICANCE_LEN_MACRO = -1 # Parameter SIGNIFICANCE_LEN_OTHER @@ -15302,7 +16004,7 @@ # # See also SIGNIFICANCE_LEN_EXTERN, SIGNIFICANCE_LEN_MACRO. -## SIGNIFICANCE_LEN_OTHER = -1 +SIGNIFICANCE_LEN_OTHER = -1 # Parameter MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH @@ -15361,7 +16063,55 @@ # c << 10; # c << 64; /* Shift Amount Exceeds Bit Width */ -## MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH = No +MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH = No + + +# Parameter READ_PAST_NTERM_CONSERVATIVE_CHECK +# +# Purpose +# Specifies that Read Past Null Terminator warnings should only be +# issued when comparing arrays having "essentially char type". +# +# Tags +# - WC_MISC.MEM.RPNT: Used by Read Past Null Terminator +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : CodeSonar will determine the essential type +# [doc/html/WarningClasses/MISRA.html#essential_type_category] of +# the actual parameters to the comparison and only issue Read +# Past Null Terminator warnings if both parameters are arrays +# having essentially char type. +# - No : CodeSonar will issue Read Past Null Terminator warnings +# regardless of the essential type of the actual parameters to +# the comparison. +# +# Notes +# Misra 2012 Rule 21.14 +# [doc/html/WarningClasses/MISRA.html#misra_2012__21.14] applies +# only when the actual parameters to memcmp() are arrays having +# essentially char type. Thus, the following code is technically +# compliant (but violates other rules). +# void * s1 = (void *)"abc"; // not an array of essentially char type +# void * s2 = (void *)"abc"; // not an array of essentially char type +# if ( memcmp( s1, s2, 5 ) == 0 ) ...; +# +# - READ_PAST_NTERM_CONSERVATIVE_CHECK=Yes : checks for this +# warning class follow the technical definition of Misra 2012 +# Rule 21.14. This call to memcmp() will NOT trigger a Read Past +# Null Terminator warning. +# - READ_PAST_NTERM_CONSERVATIVE_CHECK=No : checks for this warning +# class cover all calls to memcmp(), regardless of argument type. +# This call to memcmp() will trigger a Read Past Null Terminator +# warning. +# +# Setting READ_PAST_NTERM_CONSERVATIVE_CHECK=Yes can reduce false +# positives for comparison of binary data that happens to contain +# null characters. + +READ_PAST_NTERM_CONSERVATIVE_CHECK=No # Parameter UNFINISHED_CODE_TAGS @@ -15889,7 +16639,7 @@ ## IPv4 NETWORK_HOST_BLACKLIST += allow ^127.0.0.1$ -NETWORK_HOST_BLACKLIST += allow ^0.[0-9]+\.[0-9]+\.[0-9]+$ +NETWORK_HOST_BLACKLIST += allow ^0\.[0-9]+\.[0-9]+\.[0-9]+$ NETWORK_HOST_BLACKLIST += [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ ## IPv6 @@ -16584,13 +17334,13 @@ # Type # { java1, java2, java3, java4, java5, java6, java7, java8, java9, # java10, java11, java12, java13, java14, java15, java16, java17, -# java18, androidAPI1, androidAPI2, androidAPI3, androidAPI4, -# androidAPI5, androidAPI6, androidAPI7, androidAPI8, androidAPI9, -# androidAPI10, androidAPI11, androidAPI12, androidAPI13, -# androidAPI14, androidAPI15, androidAPI16, androidAPI17, -# androidAPI18, androidAPI19, androidAPI20, androidAPI21, -# androidAPI22, androidAPI23, androidAPI24, androidAPI25, -# androidAPI26, androidAPI27, androidAPI28 } +# java18, java19, androidAPI1, androidAPI2, androidAPI3, +# androidAPI4, androidAPI5, androidAPI6, androidAPI7, androidAPI8, +# androidAPI9, androidAPI10, androidAPI11, androidAPI12, +# androidAPI13, androidAPI14, androidAPI15, androidAPI16, +# androidAPI17, androidAPI18, androidAPI19, androidAPI20, +# androidAPI21, androidAPI22, androidAPI23, androidAPI24, +# androidAPI25, androidAPI26, androidAPI27, androidAPI28 } # # Languages # Java @@ -17959,7 +18709,8 @@ # { net10, net11, net20, net30, net35, net40, net45, net451, # net452, net46, net461, net462, net47, net471, net472, net48, # netcoreapp1.0, netcoreapp1.1, netcoreapp2.0, netcoreapp2.1, -# netcoreapp2.2, netcoreapp3.0, netcoreapp3.1, net5.0, net6.0 } +# netcoreapp2.2, netcoreapp3.0, netcoreapp3.1, net5.0, net6.0, +# net7.0 } # # Languages # C#