CodeSonar Release 4.1, patchlevel 0: Release Notes

What's New

Authentication Third-party authentication mechanisms such as LDAP can be applied to a CodeSonar hub.
Access Control The hub Administrator can restrict access to the information stored on the hub on a per-user basis. Full Role Based Access Control (RBAC) will be available in CodeSonar 4.2.
Configuration Tool CodeSonar now provides a command line tool for performing configuration tasks such as setting up a hub or obtaining a signed license. For details, see The CodeSonar Configuration Tool.
Distributed Analysis For all parallel CodeSonar analyses, the analysis master can accept any manually-started analysis slave process, regardless of the process location or owner, provided that the slave process has access to the address on which the analysis master is listening (and that the other conditions for accepting a manually-started slave process are met). In this sense, all parallel analyses can be distributed across multiple machines if the listening address for the analysis master permits it. For details, see Distributed Analysis.
Warning Classes A large number of new warning classes, many of them in support of the MISRA C:2012 and MISRA C:2004 guidelines.
Warning class category information is now available in CSV files. See the Warning Categories page for details and links.
Warning Clustering New notions of warning cluster and cluster representative.
Browse Sequences Where possible, the CodeSonar GUI will provide warning browse sequences A warning browse sequence facilitates stepping through Warning Reports for the warnings in a recently-viewed table without needing to navigate back and forth to the table. Similarly, the GUI will provide file browse sequences that facilitate stepping through Source Listings. For full details, see Warning and File Browse Sequences.
Automatic Warning Assignment When automatic assignment is enabled and a user makes changes to a warning that has never previously been modified, that user will be made the Owner of the warning unless their modifications include setting an Owner.
Configuration Presets Configuration presets are named combinations of configuration parameter settings that can be applied directly in the CodeSonar build/analysis command. CodeSonar ships with a number of ready-to-use presets.
Taint Path Checking The propagation of taint to a specified value along a specified path can be examined in the CodeSonar GUI.
GUI Changes Several new GUI page types, and new functionality on a number of existing pages.
New Build/Analysis Flags -clean, -preset, -conf-file
Java Build/Analysis Options -sourcepath and -auxclasspath can now be specified more than once.
Path Normalization CodeSonar now also stores stores a normalized file path for files; searches that involves file and directory paths are now carried out with respect to the normalized forms. Unnormalized paths no longer undergo specific downcasing on Windows (although they may be downcased by Windows tools). There are new API functions to retrieve normalized forms.
codesonar relocate If you have analyzed a project and then moved the analysis files, run codesonar relocate to inform the hub of their new location. Task: Relocate Analysis Files provides a detailed usage example.
Score Score is a new property of a warning instance.
Significance Significance is a new property of a warning class.
Metrics There are a number of new built-in metrics.
Configuration Parameters There are a number of new and modified configuration parameters; two parameters have been removed.
API Changes Changes to Extension API, Plug-In API, General Purpose API.
AST Changes There are new and modified AST classes.
Eclipse Plug-In Changes The Warnings tab has new Score and Significance columns, and no longer has a Rank column.
GUI Internationalization A selector in the standard GUI header allows users to select the (human) language in which warning report annotations are rendered. GUI links to warning class documentation will navigate to documentation in the appropriate language (where available).
There are currently two available languages: English (en) and Japanese (ja). The default language selection is specified by the Administrator.
New OSes Supported We have added CodeSonar support for two operating systems:
  • NetBSD 6.1.4 (x86-64 only; 64-bit build tools only)
  • FreeBSD 10.0 (x86-64 only; 64-bit build tools only. See note on FreeBSD / make.)
CWE Version This version of CodeSonar uses CWE version 2.8, published July 31, 2014.
Other Improvements
  • Reduced false negatives in the taint analysis (but taint analysis is now more expensive).
  • taint tracking in the GUI
  • Many bug fixes and result quality improvements.
  • Updated versions of many third-party modules.
  • Some performance improvements for the parsing phase.
  • Many compiler models are now implemented in C++ instead of Scheme.
    (Support for user-authored C++ compiler models will be added in a future release.)
  • Visualization data is no longer eagerly copied to the hub when performing analyses, but instead is pulled from the analysis machine on demand. This dramatically reduces the workload on the hub end, and can therefore reduce analysis time significantly in some cases.
  • Support for opening ports in the Windows firewall during installation.
  • Increased tolerance for network connection problems between the hub and the license server (only applicable for floating licenses).
  • Improved clang compatibility.
  • If the user's build system fails (and exits with non-zero), the analysis state will now be "Native Build Failed" instead of "Parsing Over" (command-line build/analysis only).
  • Potential mixups when using multiple hubs can now be detected more explicitly
  • Attempts to use the empty string as a project name will now result in a sensible error message
Future Warning In a future CodeSonar version, the C API will change from providing functions that operate on compilation unit based positions to providing functions that operate on file based positions. In particular, functions that take or return cs_uid/cs_unitline/cs_offset will be replaced with versions taking or returning cs_sfid/cs_line/cs_file_offset, or removed if no longer necessary. The corresponding changes will be made in the APIs provided for other languages. If you are writing new plug-ins based on location information, structure your code to make it easy to replace any calls to such functions. There will be no release in which both kinds of function are supported.

Authentication

See Authentication and User Accounts: User Authentication for full details.

If your organization already has infrastructure for authenticating users, you can use a hub authentication plug-in to configure the CodeSonar hub to use the same infrastructure for hub authentication. The new GUI Authentication Services and Edit Authentication Service pages provide functionality for viewing, modifying, adding, and removing authentication services.

Users will always sign in to the hub through the GUI Sign In page. A sign-in attempt will be successful if

One consequence of the new authentication functionality is that hub user account email addresses are no longer required to be unique.

Access Control

See Authentication and User Accounts: Access Control for full details.

The Administrator can set access controls for ordinary users with respect to several kinds of information:

Analysis Results The Administrator can control access to projects, analyses, warnings, files, procedures, metrics, and code by enforcing specified Visibility Filters on a hub-wide or per-user basis.
GUI Access by Session Type The Administrator can specify whether anonymous sessions may access the GUI, and whether certain commands and functionality are available only to the Administrator.
User Account Information The Administrator controls the settings of Can Change Email? and Can Change Password? for all ordinary users.

For a usage example, see Task: Lock Down a Hub.

Full Role Based Access Control (RBAC) will be available in CodeSonar 4.2.

Taint Path Checking

Pages that previously offered warning path feasibility checking now have additional modes in which they offer taint propagation checking and taint propagation checking in warning context.

For more details, see:

GUI changes

There are a number of GUI changes in this version of CodeSonar.

New GUI Page Types

Analysis Cloud View information about the hub's analysis cloud register, modify process limits for launch daemons in the register.
Analysis Cloud Active Jobs View information about analysis processes that are currently cloud-associated with launch daemons in the hub's analysis cloud register, broken down according to the analyses that the processes are attached to.
Authentication Services View and configure authentication services for the hub.
Bulk Add Users Create new user accounts in bulk.
Edit Authentication Service View and modify the configuration for a hub authentication service.
Tainted Value Examine propagation of taint to a specific value along a specific path.
Warning Cluster List the representative instances of all warnings in a specific cluster, navigate to their warning reports.

Modified GUI Page Types

Account Editor New access control functionality.
Admin Settings Changes to several tabs.
  • Hub Settings.
    • New settings: Default Language, Allow users to change email by default, Allow users to change password by default, Allow Anonymous Browsing?, Use Visibility Settings to Enforce Access Control.
    • Modified setting: the setting previously called "Server Logs and SQL Console Accessible To" is now called Command URLs and SQL Accessible To and covers additional URLs and SQL functionality.
  • Other Links: new options Backup Database, Authentication Services, Bulk Add Users, Analysis Cloud.
Advanced Search Changes to Warnings tab:
  • New Fields: Score, Significance.
  • Format Changes:
    • Owner and Class Name fields are now checklists.
    • Class Name, Class Name Contains, Categories, and Significance are grouped in a new "Class" section.
  • Removed Field: Rank.
Analysis: Procedures Additional available table columns: File Path, Directory, Line Number, Language.
Analysis: Warnings Additional available table columns: Score (including score coloring), Cluster, Significance, Line Content.
Analysis Search Results Additional available table column: Linking Started.
The availability of 'overwrite' functionality for saving a search is now managed by the new access control mechanism.
Code Search Results The availability of 'overwrite' functionality for saving a search is now managed by the new access control mechanism.
Explore Callers Two additional page modes are now available, supporting the new taint path checking functionality.
  • Taint mode offers taint propagation checking.
  • Taint+Warning mode offers taint propagation checking in warning context.
The URL scheme for this page type has changed: all URLs now begin with /contexts/explore/explore/[...]

We previously documented Explore Callers (Warning) and Explore Callers (Source) on separate GUI reference pages; they are considered to be two modes (Warning, Ordinary) of the "Explore Callers" page type and are documented as such.
File Search Results The availability of 'overwrite' functionality for saving a search is now managed by the new access control mechanism.
New table columns: Analysis Name , Analysis ID, Analysis Description, Project, Project Description
Home Additional available table column: Linking Started.
Manage Saved Searches The availability of deletion functionality is now managed by the new access control mechanism.
Metric Report Additional available columns for procedure-granularity tables: File Path, Directory, Line Number, Language.
The availability of 'overwrite' functionality for saving a search is now managed by the new access control mechanism.
Procedure Search Results Additional available table columns: File Path, Directory, Line Number, Language.
The availability of 'overwrite' functionality for saving a search is now managed by the new access control mechanism.
Project Additional available table column: Linking Started.
Project Search Results Additional available table column: Linking Started.
The availability of 'overwrite' functionality for saving a search is now managed by the new access control mechanism.
Search Callers Two additional page modes are now available, supporting the new taint path checking functionality.
  • Taint mode offers taint propagation checking.
  • Taint+Warning mode offers taint propagation checking in warning context.
The URL scheme for this page type has changed: all URLs now begin with /contexts/explore/search/[...]
Sign In Because email addresses are no longer required to be unique, they cannot be provided for identification at sign-in: a username is required.
The availability of "Forgot Password" functionality is now managed by the new access control mechanism.
Source Listing Clicking a line number no longer offers navigation to the Explore Callers page: all path exploration options are offered through the information window.
Automated scrolling to function definitions has been de-animated.
User Settings The availability of functionality for changing password and email is now managed by the new access control mechanism.
Visualization Tool Several changes.
  • Two additional visualization modes are now available, supporting the new taint path checking functionality.
    • Taint mode offers taint propagation checking.
    • Taint+Warning mode offers taint propagation checking in warning context.
  • The "Warning Path" panel has been renamed to Check Paths.
  • Directory-granularity metrics are now available. Their values are displayed in the Info Panel when a directory node is selected, and each is available for metric visualization in the Display Panel.
  • The metric display settings have been simplified: users are no longer required to specify how values should be mapped into the selected color space.
Warning Report Automated scrolling to the warning location has been de-animated.
Warning Search Results Additional available table columns: Score (including score coloring), Cluster, Significance, Line Content.
The availability of 'overwrite' functionality for saving a search is now managed by the new access control mechanism.

Other Modified GUI Features

Feature Changes
Charting The set of colors used for charts has been changed to improve the degree of contrast between adjacent chart elements.
Information Window A number of changes.
  • Forward and back buttons are now available.
  • The "def" tab has been renamed to "code".
  • For tainted values, the "info" tab now contains a message noting the presence of taint and links to several mechanisms for exploring its origin.
Source Interaction A number of changes.
  • Changes to the pop-up menu on identifiers.
    • Taint-related functionality is no longer included in this menu. Instead, it is in the information window.
    • By default, the "Go to definition" item will display the definition in the information window. Click the current tab icon next to the item to instead display the definition in the current browser tab, or new tab to display it in a new tab.
Saving Searches The availability of 'overwrite' functionality is now managed by the new access control mechanism.
Search Languages All search languages: The sql field-name is only available if Command URLs and SQL Accessible To is set to Anyone.
Warning search language:
  • New field-names score, significance, cluster, clustered, line_content, line_content_xml, new_warning.
  • The interpretation of rank-based terms has been amended to provide more intuitive results. (The same interpretation is used for the new score field-name.) For details, see Warning Search Language: rank and score terms.
Tables Standard browser functionality can be used to open the new GUI page in a new tab or window. If a link is opened with Ctrl-click or Shift-click, the corresponding table row will be highlighted until another table row is clicked.

A marker will be displayed in a table column heading if the rows are currently sorted by that column: next arrow(descending) or previous arrow(ascending).

The sub-menu for adding new columns is now labeled Show (previously it was "More Columns"). There is a new All item in this menu: select it to show all table columns. For warning tables there is also a new Notes item in this sub-menu, replacing the Show Notes/Hide Notes item that was previously present in the top-level menu.
Visibility Filters The Administrator can use the new access control mechanism to specify that ordinary users cannot change their visibility settings.

Score

Score is a new property of a warning instance.

Significance

Significance is a new property of a warning class. Every class is classified with one of the following significance values: {"unspecified", "security", "reliability", "redundancy", "style", "diagnostic"}.

Consequences are as follows.

Warning Classes

New C/C++ Warning Classes

There are many new C/C++ warning classes, the majority of them in support of the MISRA C:2012 and MISRA C:2004 guidelines.

Class Mnemonic Enabled by default?
/* in Comment LANG.COMM.NEST.CSTYLE no
// in Comment LANG.COMM.NEST.CPPSTYLE no
Backwards goto LANG.STRUCT.BGOTO no
Bit-field Signedness Not Explicit LANG.TYPE.BFSIGN no
Bit-field Too Short LANG.TYPE.BFSHORT no
Body Is Not Compound Statement LANG.STRUCT.BNC no
Boolean switch Expression LANG.STRUCT.SW.BOOL no
Cast: Arithmetic Type/Void Pointer LANG.CAST.PC.AV no
Cast: Non-integer Arithmetic Type/Object Pointer LANG.CAST.PC.AO no
Cast: Object Pointers LANG.CAST.PC.OBJ no
Cast Removes const Qualifier LANG.CAST.PC.CRCQ no
Cast Removes volatile Qualifier LANG.CAST.PC.CRVQ no
Comment Suggests Code Unfinished LANG.COMM.TODO no
Commented-out Code LANG.COMM.CODE no
Condition Is Not Boolean LANG.STRUCT.NBC no
Confusing Literal Suffix LANG.TYPE.CSUF no
Continue Statement LANG.STRUCT.CONTINUE no
Conversion from Function Pointer LANG.CAST.PC.FN2DATA no
Conversion to Function Pointer LANG.CAST.PC.DATA2FN no
Conversion: Pointer/Integer LANG.CAST.PC.INT no
Conversion: Pointer to Incomplete LANG.CAST.PC.INC no
Conversion: Void Pointer to Object Pointer LANG.CAST.PC.PV no
Dangerous Include File Name LANG.PREPROC.INCL.FNAME no
Declaration of Flexible Array Member LANG.STRUCT.DECL.FAM no
Declaration of Variable Length Array LANG.STRUCT.DECL.VLA no
Disallowed Macro Name LANG.ID.BADMAC no
Expression Value Widened by Assignment LANG.TYPE.AWID no
Expression Value Widened by Other Operand LANG.TYPE.OWID no
Extern Array Without Size LANG.STRUCT.DECL.EAWS no
Float-typed Loop Counter LANG.STRUCT.LOOP.FPC no
Function Defined in Header File LANG.STRUCT.DEF.FDH no
GNU Extension LANG.EXT.GNU no
GNU Typeof LANG.EXT.TYPEOF no
Implicit Address of Function LANG.STRUCT.FNADDR no
Inappropriate Assignment Type LANG.TYPE.IAT no
Inappropriate Bit-field Type LANG.TYPE.BFINT no
Inappropriate Cast Type LANG.TYPE.ICT no
Inappropriate Cast Type: Expression LANG.TYPE.ICTE no
Inappropriate Character Arithmetic LANG.TYPE.ICA no
Inappropriate Operand Type LANG.TYPE.IOT no
Inline Function Not Static LANG.TYPE.INS no
Incomplete Function Prototype LANG.FUNCS.PROT no
Inconsistent Function Declarations LANG.STRUCT.DECL.IF no
Inconsistent Object Declarations LANG.STRUCT.DECL.IO no
Label Not In Enclosing Block LANG.STRUCT.GLABEL no
Line Splicing in Comment LANG.COMM.NEST no
Macro Name is C Keyword LANG.ID.NU.MK no
Malformed #include LANG.PREPROC.INCL.MF no
Malformed for-loop Condition LANG.STRUCT.LOOP.MFTERM no
Malformed for-loop Initialization LANG.STRUCT.LOOP.MFINIT no
Malformed for-loop Step LANG.STRUCT.LOOP.MFSTEP no
Malformed Switch Statement LANG.STRUCT.SW.BAD no
Microsoft Extension LANG.EXT.MS no
Mismatched Operand Types LANG.TYPE.MOT no
Misplaced Return Statement LANG.STRUCT.MISRS no
Missing Braces in Initialization LANG.STRUCT.INIT.MBI no
Missing break LANG.STRUCT.SW.MB no
Misplaced default LANG.STRUCT.SW.MPD no
Missing default LANG.STRUCT.SW.MD no
Missing External Declaration LANG.STRUCT.DECL.NOEXT no
Missing External Definition LANG.STRUCT.DEF.NOEXT no
Missing Final else LANG.STRUCT.NOELSE no
Missing for-loop Step LANG.STRUCT.LOOP.NOSTEP no
Missing for-loop Termination LANG.STRUCT.LOOP.NOTERM no
Missing Literal Suffix LANG.TYPE.MSUF no
Mixed Assembly and Code LANG.ASM.MIXED no
Multiple Abnormal Loop Exits LANG.STRUCT.LOOP.MAE no
Multiple External Declarations LANG.STRUCT.DECL.MULTIEXT no
Multiple External Definitions LANG.STRUCT.DEF.MULTIEXT no
Multiple Return Statements LANG.STRUCT.MULRS no
Nested Function Declaration LANG.STRUCT.DECL.FNEST no
Non-const String Literal LANG.TYPE.NCS no
Non-distinct Identifiers: External Names LANG.ID.ND.EXT no
Non-distinct Identifiers: Macro/Macro LANG.ID.ND.MM no
Non-distinct Identifiers: Macro/Other LANG.ID.ND.MO no
Non-distinct Identifiers: Nested Scope LANG.ID.ND.NEST no
Non-distinct Identifiers: Same Scope LANG.ID.ND.SS no
Non-unique Identifiers: External Name LANG.ID.NU.EXT no
Non-unique Identifiers: Internal Name LANG.ID.NU.INT no
Non-unique Identifiers: Tag LANG.ID.NU.TAG no
Non-unique Identifiers: Typedef LANG.ID.NU.TYPE no
Object Defined in Header File LANG.STRUCT.DEF.ODH no
Octal Constant LANG.TYPE.OC no
Over-initialized Element LANG.STRUCT.INIT.OIE no
Partially Uninitialized Aggregate LANG.STRUCT.INIT.PIAGG no
Partially Uninitialized Array LANG.STRUCT.INIT.PIARR no
Preprocessing Directives in Macro Argument LANG.PREPROC.MACROARG no
Restrict Qualifier Used LANG.TYPE.RESTRICT no
Risky Integer Promotion LANG.CAST.RIP no
Side Effects in Expression with Decrement LANG.STRUCT.SE.DEC no
Side Effects in Expression with Increment LANG.STRUCT.SE.INC no
Side Effects in sizeof LANG.STRUCT.SE.SIZEOF no
Tainted Buffer Access LANG.MEM.TBA yes
Too Few Cases in switch LANG.STRUCT.SW.IF no
Typographically Ambiguous Identifiers LANG.ID.AMBIG no
Union Type LANG.TYPE.UNION no
Unused Label LANG.STRUCT.UULABEL no
Unused Macro LANG.STRUCT.UUMACRO no
Unused Parameter LANG.STRUCT.UUPARAM no
Unused Tag LANG.STRUCT.UUTAG no
Unused Type LANG.STRUCT.UUTYPE no
Unused Variable LANG.STRUCT.UUVAR no
Use of <fenv.h> Exception Handling Function BADFUNC.FENV_H no
Use of <setjmp.h> LANG.PREPROC.INCL.SETJMP_H no
Use of <signal.h> LANG.PREPROC.INCL.SIGNAL_H no
Use of <stdio.h> Input/Output BADFUNC.STDIO_H no
Use of <tgmath.h> LANG.PREPROC.INCL.TGMATH_H no
Use of <time.h> Time/Date Function BADFUNC.TIME_H no
Use of <wchar.h> Input/Output BADFUNC.WCHAR_H no
Use of abort BADFUNC.ABORT no
Use of atof BADFUNC.ATOF no
Use of atoi BADFUNC.ATOI no
Use of atol BADFUNC.ATOL no
Use of atoll BADFUNC.ATOLL no
Use of bsearch BADFUNC.BSEARCH no
Use of Comma Operator LANG.STRUCT.COMMA no
Use of exit BADFUNC.EXIT no
Use of getenv BADFUNC.GETENV no
Use of qsort BADFUNC.QSORT no

Mnemonic changes

Class New Mnemonic Previously
Condition Contains Side Effects LANG.STRUCT.SE.COND LANG.STRUCT.SIDEEFFECT
Global Variable Declared with Different Types LANG.STRUCT.DECL.MGT LANG.STRUCT.DECLTYPE
High Risk Loop LANG.STRUCT.LOOP.HR LANG.MEM.HRLOOP
Inconsistent Enumerator Initialization LANG.STRUCT.INIT.ENUM LANG.STRUCT.ENUMINIT
Multiple Declarations of a Global LANG.STRUCT.DECL.MG LANG.STRUCT.DECLMULTI
Multiple Declarations On Line LANG.STRUCT.DECL.ML LANG.STRUCT.MULTIDECL
Potential Unbounded Loop LANG.STRUCT.LOOP.UB LANG.STRUCT.ULOOP
Unused Value LANG.STRUCT.UUVAL LANG.STRUCT.UVAL

Other Warning Class Changes

Class Change
Socket In Wrong State No longer requires special additional steps for enabling. Can now be enabled in the standard way with a WARNING_FILTER rule: 
WARNING_FILTER += allow class="Socket In Wrong State"
The class is disabled by default.
All BSI-Specific BADFUNC Classes Checks for these warning classes are now defined in the general template configuration file and no longer require special additional steps for enabling. They can now be enabled in the standard way with WARNING_FILTER rules.

CWE Mapping Changes

The CWE mapping assignments for some warning classes have changed, as shown in the following table.

Class Newly added CWE ID(s) Removed CWE ID(s)
Addition Overflow of Allocation Size CWE:190, CWE:680 -
Addition Overflow of Size CWE:190, CWE:680 -
Dangerous Function Cast - CWE:628
Data Race CWE:364 -
Double Close CWE:666 -
Encryption without Padding CWE:780 -
Excessive Stack Depth CWE:400 -
Hardcoded Authentication CWE:798 CWE:547
Hardcoded DNS Name CWE:506 CWE:547
Hardcoded Crypto Key CWE:798 CWE:547
Hardcoded Crypto Salt CWE:798 CWE:547
Ignored Return Value CWE:391 CWE:253
Integer Overflow of Allocation Size CWE:190 -
Leak CWE:459, CWE:772, CWE:775 -
Misaligned Object CWE:465, CWE:763 -
Missing Return Statement CWE:758 -
Missing Return Value CWE:391 CWE:253
Multiplication Overflow of Allocation Size CWE:190, CWE:680 -
Multiplication Overflow of Size CWE:190, CWE:680 -
Negative Character Value - CWE:119
Negative file Descriptor CWE:227 CWE:710
Negative Shift Amount CWE:758 -
Null Pointer Dereference CWE:690 -
Null Test After Dereference CWE:690 -
Overlapping Memory Regions CWE:475 -
Potential Unbounded Loop CWE:835 -
Shift Amount Exceeds Bit Width CWE:758 -
Subtraction Underflow of Allocation Size CWE:190, CWE:680 -
Subtraction Underflow of Size CWE:190, CWE:680 -
Tainted Allocation Size CWE:789 CWE:20
Truncation of Allocation Size CWE:190, CWE:680 -
Truncation of Size CWE:190, CWE:680 -
Type Mismatch CWE:227, CWE:590/a>, CWE:761 -
Type Overrun CWE:119 CWE:120, CWE:126
Type Underrun CWE:119 CWE:124, CWE:127
Uninitialized Variable CWE:665, CWE:758 -
Unreasonable Size Argument - CWE:789, CWE:805
Unused Value CWE:398 -
Use After Close CWE:666 -
Use After Free CWE:672 -
Use of _exec CWE:676 CWE:426
Use of _spawn CWE:676 CWE:426
Use of AddAccessAllowedAce CWE:676 -
Use of AddAccessDeniedAce CWE:676 -
Use of AfxLoadLibrary CWE:676 CWE:426
Use of AfxParseURL CWE:676 CWE:242
Use of catopen CWE:676 CWE:242
Use of chroot CWE:676 CWE:242
Use of CoLoadLibrary CWE:676 CWE:426
Use of CreateFile CWE:676 CWE:242
Use of CreateProcess CWE:676 CWE:242
Use of CreateThread CWE:676 CWE:242
Use of crypt CWE:327, CWE:328, CWE:338, CWE:676 -
Use of cuserid CWE:676 -
Use of execlp CWE:676 CWE:426
Use of execvp CWE:676 CWE:426
Use of FormatMessage CWE:676 CWE:242
Use of getlogin CWE:676 -
Use of getopt CWE:676 CWE:242
Use of getpass CWE:676 CWE:242
Use of GetTempFileName CWE:676 -
Use of LoadLibrary CWE:676 CWE:426
Use of LoadModule CWE:676 -
Use of longjmp CWE:676 -
Use of memset CWE:676 -
Use of mkstemp CWE:676 -
Use of mktemp CWE:676 -
Use of MoveFile CWE:676 -
Use of OemToAnsi CWE:676 CWE:242
Use of OemToChar CWE:676 CWE:242
Use of popen CWE:676 CWE:426
Use of rand CWE:676 -
Use of rand48 CWE:676 -
Use of random CWE:676 -
Use of realpath CWE:676 -
Use of recvmsg CWE:676 CWE:242
Use of setjmp CWE:676 -
Use of setuid CWE:676 CWE:242
Use of SHCreateProcessAsUserW CWE:676 CWE:426
Use of ShellExecute CWE:676 CWE:426
Use of signal CWE:676 CWE:242
Use of strcat CWE:676 CWE:242
Use of StrCatChainW CWE:676 CWE:242
Use of strcmp CWE:676 CWE:242
Use of strcpy CWE:676 CWE:242
Use of strlen CWE:676 CWE:242
Use of strtrns CWE:676 CWE:242
Use of syslog CWE:676 CWE:242
Use of system CWE:676 CWE:426
Use of t_open CWE:676 CWE:242
Use of tmpfile CWE:676 -
Use of tmpnam CWE:676 -
Use of ttyname CWE:676 CWE:242
Use of vfork CWE:676 CWE:242
Use of WinExec CWE:676 -
Varargs Function Cast - CWE:628

Warning Clustering

Metrics

Directory-granularity metrics are now computed for display in the visualization tool. They are not available in other parts of the GUI or through the plug-in API.

There are also some new file-granularity metrics.

New at Directory granularity only
(already existed at File granularity)		 New at both File and Directory granularity
  • Blank Lines
  • Code Lines
  • Comment Lines
  • Lines with Code
  • Lines with Comments
  • Mixed Lines
  • Total Lines
  • Cyclomatic Complexity
  • Distinct Operands
  • Distinct Operators
  • Essential Complexity
  • Halstead Intelligent Content
  • Halstead Program Difficulty
  • Halstead Program Length
  • Halstead Program Level
  • Halstead Program Volume
  • Halstead Programming Effort
  • Halstead Programming Time
  • Modified Cyclomatic Complexity
  • Module Design Complexity
  • Taint Propagator Total
  • Taint Sink Total
  • Taint Source Total
  • Total Operands
  • Total Operators

Configuration Parameters

New Configuration Parameters

Parameter Purpose
ASSIGN_COND_MODE Determines the scenarios under which Assignment in Conditional warnings are generated.
BAD_FUNCTION_SIGNIFICANCE Specify warning class significance for a class defined with BAD_FUNCTION_* rules.
BOOL_TYPES Specifies a set of types and values that are to be considered as Boolean for the purpose of the Misra C checks.
COMPILER_MODEL_PLUGINS Provide paths to additional compiler model plug-ins.
DATA_RACE_MAX_RELATED_PATHS Controls how many related Data Race warnings get reported.
FUNCTION_POINTER_RESOLUTION Enable function pointer resolution.
GLOBAL_FUNCTION_POINTER_MODE Specifies how function pointers propagate through global variables.
GLOBAL_TAINT_MODE Specifies how taint propagates through global variables.
HARDCODED_ARGS_SIGNIFICANCE Specify warning class significance for a class defined with HARDCODED_ARGS_* rules.
MANAGED_OBJECTS_IO_CHECKSUMS Specifies whether checksums should be computed/checked when performing I/O.
MASTER_KEEPALIVE_PERIOD Specifies how often the master will broadcast keepalive requests to all slaves.
MAX_CFG_EDGES Specifies an approximate upper bound on the number of CFG edges a procedure can have.
MAX_CFG_NODES Specifies an approximate upper bound on the number of CFG nodes a procedure can have.
MAX_CHECKED_FUNCTION_POINTER_RESOLVENTS Specifies an upper bound on the number of targets that a function pointer or virtual call site may resolve to in order for interprocedural checking to be performed through that call.
MAX_PERCENT_F_CHARACTERS Maximum number of characters that %f in printf-family functions will expand to, not including the decimal point or the minus sign.
MAX_PERCENT_LF_CHARACTERS Maximum number of characters that %lf in printf-family functions will expand to, not including the decimal point or the minus sign.
MAX_POINTER_ANALYSIS_PASSES Specifies an upper bound on the number of analysis passes that will take place in the pointer analysis phase (if pointer analysis is enabled).
MEMORY_PER_ANALYSIS_PROCESS Used to compute slave limits for ANALYSIS_SLAVES=Auto and DAEMON_SLAVES=Auto.
METRIC_WARNING_SIGNIFICANCE Specify warning class significance for a class defined with METRIC_WARNING_* rules.
REQUEST_REMOTE_SLAVES Specifies whether or not automatically-started analysis slaves can be distributed through the hub's analysis cloud.
SIGNIFICANCE_LEN_EXTERN Specifies the number of characters in which global identifiers should be considered to be significant.
SIGNIFICANCE_LEN_MACRO Specifies the number of characters in which macros should be considered to be significant.
SIGNIFICANCE_LEN_OTHER Specifies the number of characters in which identifiers other than globals or macros should be considered to be significant.
SKIP_ANALYSIS_OF Use to specify that certain sets of procedures should not be analyzed.
SLAVE_TIMEOUT The number of seconds a slave will wait for network operations with the master to time out.
TAINTED_BUF_TRIGGER_ON_UNKNOWN_BUFFERS Specifies whether Tainted Buffer Access warnings will be issued when the accessed buffer cannot be identified and so the size of the accessed buffer cannot be determined.
TAINT_CALLSITE_EXPANSION_EFFORT Bound effort for expanding callsites during taint refinement.
TAINT_HIGHLIGHTING Enable taint highlighting in the hub GUI.
TAINT_MAX_WARNING_PATH_LENGTH For warnings implemented by taint analysis, specifies the maximum number of program points along an execution path that will be considered.
TAINT_PLUS_DP_REFINEMENT_DISMISS Specifies whether or not taint+dp warnings will be dismissed outright if refinement determines that they cannot occur.
TAINT_PLUS_DP_REFINEMENT_DISMISS_TIMEOUT Specifies whether or not taint+dp warnings will be dismissed if the decision procedure times out during refinement of a taint/decision procedure warning.
TAINT_PLUS_DP_REFINEMENT_TIMEOUT Specifies the timeout for the decision procedure when performing refinement for taint+dp warnings.
TAINT_RANK_BONUS Specifies whether to increase rank of warnings that contain taint along the path of the warning.
TAINT_SEARCH_BOUND Bound for searching paths during taint refinement.
TIME_LIMIT_TAINT_REFINE Maximum number of seconds the analysis may spend refining taint warnings.
TIME_LIMIT_TAINT_REFINE_PER_PROCEDURE Milliseconds the analysis may spend per procedure (amortized) on taint refinement.
UNINITIALIZED_GLOBALS Specifies whether global variables without explicit initialization should be treated as uninitialized and therefore subject to Uninitialized Variable warnings.
UNINITIALIZED_GLOBALS Specifies whether global variables without explicit initialization should be treated as uninitialized and therefore subject to Uninitialized Variable warnings.

Changes to Existing Configuration Parameters

Parameter Changes
ANALYSIS_SLAVES,
DAEMON_SLAVES		 The computation used for the Auto setting is now min(Cores, (Mem / MEMORY_PER_ANALYSIS_PROCESS) - 1).
(previously it was min(Cores, (Mem / 512MB) - 1).)
FORCE_ENVIRONMENT Factory setting is now Yes (previously No).
IGNORED_COMPILATIONS Values now use Boost regex library style (previously STk style)
MAX_ALLOCATION_SIZE Factory setting is now 1073741824 (previously 0: unlimited)
MAX_ANALYSIS_SLAVES Factory setting is now 256 (previously 62).
MAX_DAEMON_SLAVES Factory setting is now 256 (previously 62).
METRIC_DERIVED_DEF Many new default derived metrics.
SYSTEM_INCLUDE_PATHS Addition of cygwin64 and qnx default paths to recognized system include paths.
WARNING_FILTER Additional functionality added.

Deleted Configuration Parameters

Parameter Notes
EXTRA_COMPILATION_UNITS Removed because it did not work if any system headers were included in the extra compilation unit. Additionally, the extra compilation units were often built with an incompatible ABI when compared to the rest of the project. These pitfalls should be avoided by compiling the compilation units under each appropriate build/analyze command with the same compiler that builds the rest of the project.
TRACK_TAINTED_VALUES If taint-related warning classes are enabled, the appropriate degree of taint tracking is enabled automatically. Taint highlighting availability is now controlled by TAINT_HIGHLIGHTING.

API changes

Extension API

Plug-In API

General-Purpose API

AST changes

Unnormalized C/C++ ASTs

The following classes have one or more new fields.

Normalized C/C++ ASTs

The following classes have one or more new fields.

C/C++ AST Helper enums

The following enums have one or more changes.

Customer Tickets Fixed

2231 Bug reports may be hard to read if colorblind fixed
8659 IGNORED_COMPILATIONS -> Boost regex IGNORED_COMPILATIONS now takes a Boost regular expression
8885 Mark "last clicked" warning in table If a link is opened with Ctrl-click or Shift-click, the corresponding table row will be highlighted until another table row is clicked.
9224 License errors after refreshing license on hub fixed
9987 False Positive: #if without #endif if matching #if directive is preceded with tab character fixed
10318 False Positive: buffer overrun with use of dynamic_cast<Derived*>(pBase) fixed
10452 clarification needed: OSX with case sensitive HFS+ formatted partition See note on working around a case-sensitive OS X file system.
10670 visual cue for table sort order A marker will be displayed in a table column heading if the rows are currently sorted by that column: next arrow(descending) or previous arrow(ascending).
10762 Java: Bad Error Message on usage "cs-java-scan X - sourcepath Y" fixed
10785 Japanese warning class documentation: automatically display depending on environment fixed
10859 False Negative: Specific Buffer Overrun fixed
11959 ascii codec can't decode byte 0x8b in position 0: ordinal not in range fixed
11977 Explain how to write assertions for the analysis See new manual section CodeSonar and assert().
12183 Add Eclipse functionality to specify project name fixed
12254 Some datarace warnings not detected with MP analysis fixed
12917 Update cl compiler model to handle /FU flag (CLI mode) fixed
13624 FORCE_ENVIRONMENT = Yes causes android build to fail fixed