CodeSonar Release 3.0p0 Release Notes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar Release 3.0, patchlevel 0: Release Notes

Official release date: February 21, 2008.

CodeSecure is proud to announce version 3.0 of CodeSonar. This version features a major overhaul of the architecture and user interface. This is the most significant change to CodeSonar since it was first released. Users are encouraged to study the details below, especially as this version has some incompatibilities with previous versions.

Major New Features in CodeSonar 3.0p0

Enterprise-level interface

Whereas previously CodeSonar was oriented towards single users, it is now more suitable for enterprise-level use. The results of an analysis are fed to a relational database, and a web-based interface provides a range of customizable views of the information in the database, including warnings issued by CodeSonar, source code, and information about projects and analyses. Analysis, database, and web components can be distributed across multiple machines. The default database is PostgresSQL, but users can select SQLite or integrate with Oracle or other databases easily.
CodeSonar's web-based interface allows users to search and organize the warnings. A filtering mechanism helps users focus on the subset of the warnings that are relevant to them.
The history of all warnings and analyses is stored in the database so users can see how properties of their code have changed over time.
Users can attach notes to warnings, and assign owners, priorities, and other properties. These annotations remain associated with the warnings across multiple analyses. Email is automatically sent to users when changes are made to their warnings.
A new suppression mechanism makes use of the warning annotation mechanism. To suppress a warning, simply mark it as a false positive, or as suppressed, and the filter mechanism removes them from view. Note that the former suppression mechanisms are no longer supported.

CWE Integration CodeSonar is now integrated with CWE: the Common Weakness Enumeration, which provides a uniform mechanism for describing source-code flaws and weaknesses. Users can search the database for warnings using CWE identifiers.

XML, CSV and Text output All views of the warnings CodeSonar reports can be saved as XML and text or comma-separated value format (CSV), facilitating integration with other tools.

New Plugin API The Plug-in API, provided in both C and Scheme, allows users to write complex custom checks.

Licensing The CodeSonar default licensing scheme has been changed.

Other New Features in CodeSonar 3.0p0

New Compiler Models and Integrations Hi-Tech, Intel C/C++, Wind River diab, TI Code Composer, Renesas HEW, and Freescale CodeWarrior are now all supported.

New Operating System Support CodeSonar now supports Solaris for x86 and Solaris for x64.

New Warning Classes

Empty Branch Statement
Empty if Statement
Empty switch Statement

Incompatibilities with Previous Versions

Previous Analyses The new architecture is incompatible with previous analyses. Be sure to remove all CodeSonar temporary files, especially those with a .prj suffix, before using this new version.

Suppression Mechanism The previous suppression mechanism is no longer supported. Old suppression files cannot be imported with the new version.

Fixes

There have been several minor bug fixes to the analysis engine, to compiler models, and to library models.

Manual Erratum

The installation instructions for Solaris link to a version of gtar that is only compatible with Sparc Solaris. For Solaris for x86 and Solaris for x86-64, please use this version.