CodeSonar Release 3.9 Release Notes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.0p0 Hot Tips

CONFIDENTIAL

CodeSecure Inc

Release Notes

CodeSonar Release 3.9, patchlevel 0: Release Notes

What's New
Customer Tickets Fixed

What's New

Java	CodeSonar can now build and analyze projects based on Java code.
Treemap Visualization	The visualization tool has been extended to include a Treemap layout option.
License Management	CodeSonar licenses are no longer managed through FLEXlm. Instead, license management is handled directly by CodeSonar.
Warning Classes	One new C/C++ warning class: Coercion Alters Value. The new Java capability includes a broad range of Java-specific warning classes.
Performance Improvements	Analysis result submission to the hub is significantly faster than previously, especially when the hub is on a remote system.
Increased Build Parallelism Capacity	Over 500 concurrent parse processes can now be used during the CodeSonar project build, where previously the maximum was below 100. For projects based on normal software builds with this degree of parallelism, the analysis will be orders of magnitude faster in some cases.
GUI	Several GUI pages have extended functionality.
API	There are no changes to the general-purpose API, plug-in API, or extension API in this release. Note, however, that none of these are currently supported for Java projects, or for the Java parts of mixed projects.
CWE	This version of CodeSonar uses CWE version 2.3, published October 30, 2012. See the CWE section for further information about CWE in CodeSonar.
Configuration Parameter Changes	Two configuration parameters have been added and two have been modified. None have been deleted.

Details

Java

CodeSonar can now build and analyze projects based on Java code.

Building/Analyzing	CodeSonar projects are built from Java bytecode; analysis results are then mapped back to source code so that human-readable Warning Reports can be produced. Java projects can only be built from the command line. Mechanisms for passing command line options through to FindBugs or PMD are provided. The Windows build wizard is not currently supported but is expected to be supported in future releases. For full details, see Build and Analysis for Java Projects.
Alerts	There are several new, Java-specific alerts: Miscellaneous Error Missing Debug Info num Missing Source Files For troubleshooting information, see Build and Analysis for Java Projects: Resolving Alerts.
Warning Classes	The CodeSonar Java analysis makes use of two third-party tools: FindBugs^™ and PMD. The new Java warning classes correspond to FindBugs bug patterns and to PMD rules, and have mnemonics of the form FB.* and PMD.*, respectively. See all FindBugs bug descriptions See all PMD rulesets and rules. Relevant CWE IDs are included in the categories list for each class.
Metrics	CodeSonar computes metrics for Java code.
Visualization	CodeSonar's interactive program visualization tool can be used with Java projects.
API	The various CodeSonar APIs (general-purpose, plug-in, and extension) are not currently supported for Java projects, or for the Java parts of mixed projects.

Treemap Visualization

The visualization tool has been extended to include a Treemap layout option. The Treemap depicts program and directory structure, with call graph information overlaid. Node size (area) reflects a user-selected metric : by default, area is proportional to LCode. Nodes of size 0 are not displayed.

In consequence:

The Layout menu in the Layout tab of the Extended Toolbar now includes a Treemap option.
Node Size is now available as a metric display option for all layouts.
In the CodeSonar Web GUI, Analysis and Project pages now provide treemap links in their Visualization sections.

License Management

CodeSonar licenses are no longer managed through FLEXlm. Instead, license management is handled directly by CodeSonar.

There are two kinds of license.

A standard license is locked to a specific hub machine; the CodeSonar hub must run on this machine. No license server is needed. Most CodeSonar licenses are standard licenses.
A floating license is locked to a specific serverhost machine; a license server must run on this machine. Hubs can run on any machine, but must connect to the license server in order to use a license.

For information on setting up and managing licenses, including troubleshooting information, see the manual page for your license type:

CodeSonar Installation: Standard License
CodeSonar Installation: Floating License

Warning Classes

New C/C++ warning class Coercion Alters Value identifies locations where an implicit coercion operation causes a value to be changed.

There are also a large number of new Java-specific warning classes.

GUI

The following GUI page types have been added or modified.

all pages	The standard page footer now provides a licensing details link (which navigates to the License Utilization page) rather than listing license details directly.
Visualization Tool	New features: The Layout menu in the Layout tab of the Extended Toolbar now includes a Treemap option. The Metric tab of the Extended Toolbar now offers Node Size as a display option.
Analysis	The Visualization section now contains a treemap link along with the call graph link that was previously present.
License Utilization	New features (only available for users logged in as Administrator, otherwise a Configure License link is provided): Edit License(s) field : use to set up a standard license for the hub. Request a new license link : use to obtain preliminary licensing information that you will then submit to CodeSecure for signing.
Project	The Visualization section now contains a treemap link along with the call graph link that was previously present.

Configuration Parameter Changes

Two configuration parameters have been added and one has been modified. None have been deleted.

New Configuration Parameters

The following new configuration parameters have been introduced.

Parameter	Purpose
PRETEND_FLOAT_IS_INT	Specifies whether the analysis should treat floating point typed values as integral typed values.
REACHABILITY_ROOTS	Specifies the procedures from which reachability information is computed for interpreting WARNING_FILTER reachable rules.

Modified Configuration Parameters

The following configuration parameters have been modified.

Parameter	Change
ANALYSIS_SLAVES	For ANALYSIS_SLAVES=Auto, CodeSonar now includes file system cache memory (on Linux and Solaris) and "inactive" pages (OS X) in its definition of "free physical memory" when determining the appropriate maximum number of slaves.
WARNING_FILTER	New reachable= rule type added.

Customer Tickets Fixed

9224	License errors after refreshing license on hub
9500	Incremental builds have leftover postq.* files
9520	Analysis crash: htmldump_render_line( usage_sfid, xt->line, ppcatbuf ) exited with CS_ERROR_IO_SEEK
9671	cprocess stuck traverse_constant
9992	Add support for bugzilla 4.X to bugzilla warning processor