CodeSonar Release 3.3p0 Release Notes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.0p0 Hot Tips

CONFIDENTIAL

CodeSecure Inc

Release Notes

CodeSonar Release 3.3, patchlevel 0: Release Notes

Official release date: November 10, 2008.

Improved Performance

Many of our customers are analyzing projects that consist of millions of lines of code. CodeSonar's deep analysis was taking a while on these large projects. After carefully rearchitecting portions of the analysis engine, the analysis time has been reduced dramatically. For example, analysis time has been reduced by 50 percent to 67 percent on most benchmarks on Windows, Linux, and Solaris. For some customers running on Mac OS X, analysis time has been reduced by 80 percent.

Notes on Upgrading

CodeSonar 3.3p0 includes changes to the internal representation of CodeSonar projects. As a consequence, GUI source listing pages from projects built with earlier versions of CodeSonar will not be viewable on hubs running CodeSonar 3.3p0. The source excerpts included in GUI warning reports will still be visible. Rebuild your projects with CodeSonar 3.3p0 to make source listing pages available.
Some configuration file defaults have changed. We provide a patch file for updating your existing configuration files; for full documentation see the manual.

Other New Features

Warning Filters

Warning filters allow users to perform actions on warnings before they are submitted to the hub. They are controlled through the WARNING_FILTER configuration file variable.

WARNING_FILTER rules specify an action to be carried out on any warning that matches a list of conditions. The available actions are:

Discarding the warning entirely (never submitting it to the hub). If all warnings of some warning class are thus discarded then the checks for that class will not be carried out at all, which can lead to time savings.
Specifically allowing the warning (potentially overruling an earlier discard action).
Modifying the warning owner.
Modifying the warning priority.

New Warning Classes

CodeSonar now includes checks for the following warning classes.

Excessive Stack Depth The size of the program call stack exceeds a previously-specified limit. (Check disabled by default.)
Function Call Has No Effect A function call has no effect. At present, all warnings of this class refer to memory-copying function calls whose length argument is a constant-valued expression that evaluates to zero.
Scope Could Be Local Static A variable has been declared with global or file-static scope, when it could actually be local-static. (Check disabled by default.)
Scope Could Be File Static A variable has been declared with global scope, when it could actually be file-static. (Check disabled by default.)
Potential Unbounded Loop A loop does not have a fixed bound. (Check disabled by default.)
Unchecked Parameter Dereference A function parameter is dereferenced without an initial NULL check, which could lead to a NULL pointer dereference. (Check disabled by default.)

New GUI Functionality

The following changes have been made to the CodeSonar Web GUI.

Chart axes can now have log scales, where appropriate.
Hovering over Chart data labels and legend entries will now pop up information summaries, and clicking on them will navigate to the relevant search results.
Long trigger messages in the Warning Reports are now elided. You can hover over an elided message to view the entire message in a pop-up.
Any trigger message in a Warning Report – elided or not – can be clicked to expand it in the code excerpt pane.
In cases where three or more warnings have been issued at a single source code line, Warning Reports and Source Listings now display the first warning followed by a comment of the form /* N more...*/. Click on this comment to expand to a full list of the warnings issued at that line.
Token Highlighting: you can hover over a token in a Source Listing or a Warning Report code excerpt to highlight all occurrences of that token.

New Configuration File Parameters

New Parameter	Notes
`CHECK_MINSCOPE`	Specifies whether or not CodeSonar will carry out checks for Scope Could Be Local Static and Scope Could Be File Static warnings.
`CHECK_PARAM_DEREFS`	Specifies whether or not CodeSonar will carry out checks for Unchecked Parameter Dereference warnings.
`CHECK_UNBOUNDED_LOOPS`	Specifies whether or not CodeSonar will carry out checks for Potential Unbounded Loop warnings.
`CHECK_STACK_DEPTH`	Specifies whether or not CodeSonar will carry out checks for Excessive Stack Depth warnings.
`CODEWARRIOR_INSTALLS`	Specifies CodeWarrior install directories for which compiler IDE plugin invocations should be intercepted.
`CODEWARRIOR_PLUGINS`	Specifies individual CodeWarrior compiler IDE plugins whose invocations should be intercepted.
`COMPILER_MODELS`	Defines a map from compiler executable basenames to compiler models. Replaces hook option `-model` and the Windows build wizard Tools dialog.
`DISABLED_COMPILERS`	Specifies executables whose execution should not be treated as a compiler invocation by the CodeSonar project builder. Replaces hook option `-disable-compiler` and the Windows build wizard Tools dialog.
`FORCE_ENVIRONMENT`	Prevents the software build system (e.g., make) from overwriting environment variables necessary for proper process hooking on POSIX systems.
`FOREGROUND`	[Command line builds only] Specifies whether or not a "codesonar hook-html" command will run the analysis in the codesonar hook-html process itself.
`HOOK_LOG`	Instructs CodeSonar to log all process invocations inside a hook or hook-html sub-command to the specified file.
`HUB_ADDRESS`	[Command line builds only] Specifies the hub address CodeSonar should use.
`IGNORED_COMPILATION_COMMANDS`	Specifies compilation command lines that should be ignored by the CodeSonar project builder.
`INVOKE_COMPILER_FIRST`	Specifies whether or not to invoke the real compiler before invoking the CodeSonar parser. Replaces hook option `-invoke-compiler-first`.
`SPAWN_HUB`	[Command line builds only] Specifies whether or not "codesonar hook" or "codesonar hook-html" will create a new hub if the hub is not already running.
`STACK_DEPTH_THRESHOLD`	The call stack size, in bytes, beyond which CodeSonar issue Excessive Stack Depth warnings (if `CHECK_STACK_DEPTH` is set to `Yes`).
`STACK_DEPTH_ACTIVATION_RECORD_CONSTANTS`	Allow the user to estimate the size of various elements that contribute to the size of the call stack.
`STACK_DEPTH_COMPILER_PADDING`
`STACK_DEPTH_UNDEFINED_FUNCTION_SIZE`
`TOKEN_RENDERER_CAPACITY`	Control aspects of token highlighting.
`TOKEN_RENDERER_BACKOFF_CAPACITY`
`TOKENS_PER_LINE`
`UNIX_TEXT_MODE`	Instructs CodeSonar to perform crlf -> lf translations on stdout and stderr and do the inverse on stdin. Replaces hook option `-unix-text-mode`.
`USE_SERVICES`	[Windows only] Specifies whether or not CodeSonar hub and launch daemon processes will be created as Windows services.
`WARNING_FILTER`	Allows warnings to be modified before they are submitted to the hub, or discarded entirely without being submitted.

New Plug-In API Function

There is one new function in the CodeSonar Plug-In API.

C:	cs_boolean csonar_warningclass_always_discarded( cs_warningclass_t wclass)
Scheme:	(codesonar:warningclass-always-discarded? wclass)
Check whether instances of class `wclass` are always being ignored due to `WARNING_FILTER` settings in the configuration file.

New General-Purpose API Functions

C function Scheme function Description

C function	Scheme function	Description
cs_const_string cs_ast_dump( cs_ast ast, cs_integer depth)	(ast-dump ast depth)	Get an ASCII art tree rendering of `ast` with attribute subtrees bounded to `depth`.
cs_result cs_pdg_formal_in( cs_pdg pdg, cs_integer fi_rank, cs_pdg_vertex *out_vertex)	(pdg-formal-in pdg fi_rank)	Retrieve the PDG_VERTEX corresponding to the formal-in parameter of `pdg` with rank `fi_rank`.
cs_result cs_pdg_formals_out_as_list( cs_pdg pdg, cs_pdg_vertex pdg_vertex_list[], cs_size_t capacity_bytes, cs_size_t * bytes_needed)	(pdg-formals-out-as-list pdg)	Retrieve a list containing the formal-out vertices of `pdg` in the order in which they occur in the code.

cs_const_string cs_ast_dump(
    cs_ast ast, 
    cs_integer depth)

(ast-dump 
    ast
    depth)

Get an ASCII art tree rendering of ast with attribute subtrees bounded to depth.

cs_result cs_pdg_formal_in(
    cs_pdg pdg, 
    cs_integer fi_rank, 
    cs_pdg_vertex *out_vertex)

(pdg-formal-in 
    pdg
    fi_rank)

Retrieve the PDG_VERTEX corresponding to the formal-in parameter of pdg with rank fi_rank.

cs_result cs_pdg_formals_out_as_list(
    cs_pdg pdg, 
    cs_pdg_vertex pdg_vertex_list[], 
    cs_size_t capacity_bytes, 
    cs_size_t * bytes_needed)

(pdg-formals-out-as-list 
    pdg)

Retrieve a list containing the formal-out vertices of pdg in the order in which they occur in the code.

Removed

Deleted Hook Options

Hook options have been removed in favor of configuration file parameters. The replacement parameters are shown in the table below.

Retired Hook Option	Replacement Configuration File Parameter
`-disable-compiler compiler-name`	`DISABLED_COMPILERS`
`-invoke-compiler-first`	`INVOKE_COMPILER_FIRST`
`-model compiler-name model-name`	`COMPILER_MODELS`
`-unix-text-mode`	`UNIX_TEXT_MODE`

Functionality Removed From Windows Build Wizard

Paralleling the removal of hook options, some functionality has been removed from the Windows build wizard.

Screen 2 now has a "CodeWarrior" field. This allows users to set up CodeWarrior support for the project build, if needed.
There is no longer a Compilers field on screen 2, nor a Tools dialog. Instead, use the COMPILER_MODELS and DISABLED_COMPILERS configuration file parameter to specify which compiler executables should be recognized and which compiler model each should be associated with.
There is no longer a "Parse after native compiler" checkbox on screen 2. Use the INVOKE_COMPILER_FIRST configuration file parameter instead.

Deleted Configuration File Parameters

The following configuration file parameters have been removed.

Deleted Parameter	Notes
`COLLAPSE_SOURCE`	CodeSonar now always stores a copy of each file instance.
`CLUSTER_WARNINGS_BY_STARTPOINT`	Ceased to be meaningful with CodeSonar 3.0.