CodeSonar Release 3.8 Release Notes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.0p0 Hot Tips

CONFIDENTIAL

CodeSecure Inc

Release Notes

CodeSonar Release 3.8, patchlevel 0: Release Notes

What's New
Changes To Requirements
Customer Tickets Fixed

What's New

Visualization	Award-winning UI for visualizing the program call graph.
Parallel Analysis	The main CodeSonar analysis phase is now parallelized, and can run in parallel or serial mode. Parallel mode provides some fault tolerance along with better time performance.
CWE	CodeSonar is now certified CWE-Compatible.
Annotation Import/Export	User annotations on warnings can be exported from a hub; the resulting annotation files can be imported into other hubs.
Warning Group Scope	By default, warning groups (and therefore, in particular, user annotations on warning groups) are shared between different projects on a hub. The previous behavior, where each warning group was associated with exactly one project, is still available.
Warning Classes	There is one new warning class: Blocking in Critical Section.
STL Analysis Improvements/ Source File Patching	Application of new infrastructure improvements provides up to 38% drop in warning counts on projects using common STL implementations.
GUI	A number of GUI pages have extended functionality.
Warning Search Language	Extended with set operators.
Analysis Comparison	Analysis pages provide up to three shortcut links for comparing the sets of warnings issued by two or more analyses.
Advanced Search	Treatment for multiple terms in the same advanced search field has been standardized: the operator is now always OR.
Concurrency Modeling	This version of CodeSonar has many new concurrency library models, and introduces modeling for additional features.
API Changes	New Extension API prototypes allow users to write custom models to indicate blocking functions and data race exclusion.
AST Changes	Minimal AST changes.
Configuration Parameter Changes	There are several new parameters, and some parameters have been deleted.
Other Analysis Improvements	General improvements to the CodeSonar analysis engine.
Miscellaneous	Other items.

Changes To Requirements

For full, current requirements, see CodeSonar System Requirements.

NEW Visualization requirements
- Java 1.6u22 or later. Make sure Java is enabled in your web browser.
NEW Parallel analysis requirements
If you don't have specific parallelization goals, run the CodeSonar analysis with ANALYSIS_SLAVES=Auto and DAEMON_SLAVES=Auto to have CodeSonar compute how many analysis slaves to run based on your machine's resources.
If you do have specific parallelization goals, you will need:
- one core for each analysis slave process,
- 512MB RAM for each analysis slave process, plus an additional 512MB RAM for the analysis master.
Now Supported
- OS X 10.8
No Longer Supported
- Opera browser (any version)
- Any Solaris version before 2.10

Details

Visualization

The CodeSonar Web GUI now includes an interactive program visualization tool.

The visualization is highly interactive.
- move around the call graph and zoom in and out to reveal or hide details.
- hover over call graph components for a visual overview of their relationships within the graph.
- select call graph components to view relevant source code and other detailed information.
- hide or disable nodes you aren't interested in.
- display a function's callers or callees.
Metric values can be visualized alongside call graph relationships.
The tool supports search over the directory, file, and function names in the analyzed project.
A variety of layout types support different visualization needs.
New side-by-side source listing functionality supports detailed examination of visualized relationships.
Visualization can be accessed from Project, Analysis, and Source Listing pages.

Parallel Analysis

The main CodeSonar analysis phase is now parallelized, and can run in parallel or serial mode. Parallel mode provides some fault tolerance along with better time performance, but requires more working memory than serial mode.

The presence and degree of parallelism in the analysis process is controlled by configuration file parameters, ANALYSIS_SLAVES/MAX_ANALYSIS_SLAVES (while the project is being analyzed) and DAEMON_SLAVES/MAX_DAEMON_SLAVES (once the analysis has transitioned to daemon mode).
Configuration parameters UNIT_OF_WORK_RETRIES, MASTER_LISTEN_INTERFACE govern other aspects of the parallel analysis.
Slave processes can be started manually, in addition to being started automatically by the analysis master.

NOTE: Plug-in authors should either ensure that they implement sufficient interprocess coordination to ensure that global state in plug-ins is communicated correctly, or analyze in serial mode.

See section Parallelism in CodeSonar for a full discussion of the availability and extent of parallelization within CodeSonar.

Warning Classes

New warning class Blocking in Critical Section identifies calls to blocking functions from threads that currently hold one or more locks.

STL Analysis Improvements/Source File Patching

Application of new infrastructure improvements provides up to 38% drop in warning counts on projects using common STL implementations.

CodeSonar 3.8 introduces functionality for applying specified source file patches during the source modification step of the CodeSonar project build phase. As with command- and regular-expression-based source modifications, source file patching is generally applied in order to improve analysis results by removing code that cannot be analyzed, adding code that makes important relationships explicit, or both.

An important application is C++ template header patching. CodeSonar ships with a number of template header patches for C++ libraries:

STL	STL header patches for use with gcc 3.x, gcc 4.x, and Visual Studio 6-10.
Boost	Patches for some Boost headers. (These headers, and thus their corresponding patches, are compiler-independent.)

New configuration file parameter SOURCE_PATCH_DIRECTORIES is used to specify locations where CodeSonar should look for source file patches.

For full details, see sections Source File Patching and Source File Patching Example.

CWE

CodeSonar is now certified CWE-Compatible. (See CWE section for further information about CWE in CodeSonar)

This version of CodeSonar uses CWE version 2.2, published May 14, 2012.

Annotation Import/Export

CodeSonar's annotation import/export functionality enables users to copy user-editable warning fields (Priority, State, Finding, Owner, and Notes) between corresponding warnings on different hubs. See the Importing and Exporting Annotations section for full details.

Export functionality is available from the GUI Home and Project pages, from the Warnings tab of Analysis pages, and from Warning Search Results.

Import functionality is available either from the Home Page or from Project pages, depending on how the hub is set up for warning group sharing.

Warning Group Scope

The scope of a warning group specifies the extent to which the group (and its associated properties and annotations) is shared across a hub. This release introduces the notion of hub-scoped warning groups: in CodeSonar 3.7 and earlier, all warning groups were project-scoped. See Warning Group Scope for details.

A warning group with global scope (or hub scope) may have instances from multiple projects. Global-scoped warning groups are useful when different projects share common code and you want to avoid duplication of effort in examining warnings from that code. They are also useful when you are analyzing variations of the same code under multiple project names: whether deliberately (for example, because of a code branch) or accidentally (because of an error in specifying project name).
A warning group with project scope is associated with a specific project P, and instances of the warning group can only be issued by analyses of P. Project-scoped warning groups are useful when you want to enforce strict separation between different projects, even if they have some code in common.

This change has several effects:

A new "Share annotations between projects" hub setting, available from Admin Settings, determines the scope for new warning groups on the hub.
Some of the details of project removal, annotation import/export, warning search, and analysis comparison vary depending on warning scope. See Warning Group Scope: Interactions with Other Functionality for details.
The Warning Project property is now associated with warning instances, where previously it was associated with warning groups.

Expanded Concurrency Modeling

Concurrency models for the following libraries have been added.

CMS-RTX
MFC
OpenMP
ThreadX
uC/OS-III

The following concurrency properties are now modeled.

Blocking functions: functions that should trigger Blocking in Critical Section warnings if they are called inside a critical section.
Data race exclusion: data, operations, and functions that cannot lead to a data race (and so should be ignored by the Data Race check).

GUI

The following GUI page types have been added or modified.

Visualization Tool	New page type for visualization.
Side By Side Source Listings	New page type for visualization.
Admin Settings	Some reorganization; new hub setting "Share annotations between projects".
Advanced Search	Search term interpretation changes as detailed here.
Analysis: all tabs	New features: Visualization link. File Explorer. The File Explorer allows you to restrict the contents of any Analysis page tab to a single source file or directory tree. This restriction is applied in addition to any constraints arising from the current visibility filter selection. Analysis Comparison: shortcut links to compare with previous analysis and compare with next analysis, and functionality for constructing custom analysis comparisons.
Analysis: Warnings tab	Always includes an annotation Export link.
Home	Always includes an annotation Export link. Includes an annotation Import link if warning group sharing is ON.
Native Compilation Details Log	CodeSecure diagnostic output is provided if the VERBOSITY setting is 6 or higher.
Project	New features: Visualization link. Always includes an annotation Export link. Includes an annotation Import link if warning group sharing is OFF.
Warning Search Results	New features: Always includes an annotation Export link. For queries referring to two or more Analysis IDs, the result table will include an Analysis Check column for every Analysis ID specified. Each Analysis Check column corresponds to a specific analysis. The column is labeled with the analysis name. The table entry for a warning instance belonging to warning group G will have a checkmark in this column if and only if the analysis issued at least one warning instance in group G. In the XML and CSV versions of the page, the checkmark is replaced by the Instance ID of a warning instance that belongs to group G and was issued by the analysis. Available Analysis Check columns are displayed by default.

Warning Search Language

The warning search language now includes set operators UNION, INTERSECT, and DIFFERENCE.

Analysis Comparison

Analysis pages in the Web GUI provide up to three shortcut links for comparing the sets of warnings issued by two or more analyses. Each comparison is carried out by executing a search of the form

aid= A₁ UNION aid= A₂ UNION ... UNION aid= A_n

for Analysis IDs A₁..A_n.

Analysis comparison results are displayed in a Warning Search Results page with the following properties.

The table of warnings includes an analysis check column for each analysis involved in the comparison.
If at least one warning instance from warning group G was issued by at least one of the analyses involved in the comparison, there is exactly one instance of G in the table (and that instance was issued by one of the analyses in question). Otherwise there are no instances of G.
The table entry for a warning instance belonging to warning group G has a checkmark in the analysis check column for analysis A if and only if analysis A issued at least one warning instance in group G.

For full details, see GUI Reference: Analysis.

Advanced Search

The operator applied when multiple terms are entered for a single condition is now always OR.

There is one exception: behavior for the field labeled "where the warning report contains..." is controlled by the "[all of | the exact phrase | at least one of]" menu provided.

This represents a change in behavior for the following fields.

Warnings domain:
- "where the project name contains"
- "where the analysis name contains"
- "where the file path [contains | doesn't contain]"
- "Class"
- "Categories"
- "Source Excerpt"
Files domain
- "where the file path [contains | doesn't contain]"
- "where the project name contains"
- "where the analysis name contains"
Code domain
- "where the file path contains"
Procedures domain
- "where the file path [contains | doesn't contain]"
Metrics domain
- "where the file path [contains | doesn't contain]"

Configuration Parameter Changes

New Configuration Parameters

The following new configuration parameters have been introduced.

Parameter	Relevant To
SOURCE_PATCH_DIRECTORIES	source file patching
ANALYSIS_SLAVES	parallel analysis
MAX_ANALYSIS_SLAVES	parallel analysis
DAEMON_SLAVES	parallel analysis
MAX_DAEMON_SLAVES	parallel analysis
UNIT_OF_WORK_RETRIES	parallel analysis
MASTER_LISTEN_INTERFACE	parallel analysis
EXPLORE_MORE_LOOP_PATHS	analysis
DATA_RACE_IGNORE_NAMES	concurrency checking
FORCE_THREAD_ENTRY_NAMES	concurrency checking
LOCK_MAX_PENDING_WARNINGS_PER_PROCEDURE	concurrency checking
INFER_CONST	analysis
REFINE_LEAKS_THOROUGHLY	analysis
VISUALIZATION	visualization
ASSUME_UNDEFINED_PARAMETERS_MAYBE_FREED ASSUME_UNDEFINED_PARAMETERS_MAYBE_INITIALIZED ASSUME_UNDEFINED_PARAMETERS_MAYBE_MODIFIED ASSUME_FUNCPTR_PARAMETERS_MAYBE_FREED ASSUME_FUNCPTR_PARAMETERS_MAYBE_INITIALIZED ASSUME_FUNCPTR_PARAMETERS_MAYBE_MODIFIED ASSUME_VARARG_PARAMETERS_MAYBE_FREED ASSUME_VARARG_PARAMETERS_MAYBE_INITIALIZED ASSUME_VARARG_PARAMETERS_MAYBE_MODIFIED ASSUME_OTHER_PARAMETERS_MAYBE_FREED ASSUME_OTHER_PARAMETERS_MAYBE_INITIALIZED ASSUME_OTHER_PARAMETERS_MAYBE_MODIFIED	analysis

Deleted Configuration Parameters

The following configuration parameters are no longer supported.

CHECK_EMPTY_BRANCH
CONSTANT_CACHE_CAPACITY

API Changes

Extension API

New prototypes allow users to write custom models to indicate blocking functions and data race exclusion.

csonar_blocking_function()
csonar_relay_ignore()
csonar_tls_set()
csonar_tls_get()
Special variable &csonar_win32_atomic_lock is available for modeling atomic operations.

AST changes

Unnormalized C/C++ AST Class Field Changes

The following classes have undergone field changes.

c:#= has new attribute :original

Other Analysis Improvements

General improvements to the CodeSonar analysis engine.

Reduced Leak false negatives.

Miscellaneous

New, preferred aliases for the CodeSonar command line build and analysis commands are now available.
- codesonar analyze replaces codesonar hook-html
- codesonar build replaces codesonar hook
hook and hook-html are still supported for the time being.
The top.html hub page is no longer provided. Information about the current hub processes can now be obtained by running the following command.
codesonar/bin/cshub_inspect hubdir [time outfile]

Customer Tickets Fixed

An asterisk [*] next to the ticket number denotes a modification to content in the CodeSonar manual; click to navigate to the corresponding manual location.

2231	Bug reports may be hard to read if colorblind
6355	Hub exception: AttributeError: 'DeferredColumnLoader' object has no attribute 'group'
7074	Update compiler model for IAR icc430
7154	Change multiple warnings emails every user on the hub
7181	FN: buffover in infinite loop
7618 [*]	Add troubleshooting tip for error "libhookcs.so' from LD_PRELOAD cannot be preloaded"
7691	Manually test various compilers for customers
7748	Advise users of the port@server option for LM_LICENSE_FILE
8093	FP: Wrong pointer from dynamic_cast with nested classes
8153	FP: leak b/c of missing destructor call
8354	FP: buffover from sscanf
8467	Analysis fails to find project files if partial path with subfolder is specified
8844	[EDGcpfe/12671][EDGcpfe/11293]Parse error: class template "umap<keyT, valT>" has no member "begin"
8847	Can't change mode on store.xref
8946	FP: NPD in class constructor when operator new returns null
8968	FN: leak not detected if other member variable is initialized
9077	Metrics associates wrong file with procedure when declared as friend function
9079	FN: leak with infinite loop
9165	Incorrect prototype for _snprintf_s
9344 [*]	Hub must be run from a local disk.