CodeSonar Release 4.2p0 Release Notes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.0p0 Hot Tips

CONFIDENTIAL

CodeSecure Inc

Release Notes

CodeSonar Release 4.2, patchlevel 0: Release Notes

Notes on Upgrading
What's New
RBAC
Other Details
Customer Tickets Fixed

Notes on Upgrading

When you upgrade your hub, you will be prompted to set the password for the special Administrator hub user account when the hub restarts. This will replace the previous Administrator password.
Upgrading a hub will introduce functionality and infrastructure for Role Based Access Control (RBAC), including built-in roles, an extended set of built-in users, and initial role-permission settings for any securable resources that previously existed on that hub. See RBAC, below, for more information.
You will not be able to perform any incremental analysis whose parent analysis was performed with a previous CodeSonar version.

What's New

GUI Changes	There are a number of new GUI page types; several existing page types have additional functionality.
RBAC	CodeSonar now uses a Role Based Access Control (RBAC) scheme to restrict access to information and functionality.
Other Security Enhancements	Along with the RBAC scheme, this release includes a number of additional security enhancements.
Compiler Models and Front End	There are several changes to compiler model infrastructure, five new compiler models (one of which replaces several previous models), and some changes to the front end. CodeSonar now uses EDG 4.10.1, which provides the ability to parse C++14 and C++/CX.
API Changes	There are three new functions in the CodeSonar Plug-in API, and one new function in the General-Purpose API.
Extended Cygwin Support	The CodeSonar configuration tool can now be run from Cygwin; satellite hubs can now be started from a Cygwin prompt.
FreeBSD 8.4	Now supported
Warning Class Changes	There are several new warning classes, and one renamed warning class.
Warning Class Category Mappings	We now provide broad mappings for CodeSonar warning class categories, in addition to the close mappings that were previously provided. The mapping information is available in tables in the manual and in CSV files. We have added close and broad mappings from CodeSonar warning classes for several additional coding standards, along with corresponding new configuration presets.

RBAC

CodeSonar now uses a Role Based Access Control (RBAC) scheme to restrict access to information and functionality. In brief, this works as follows.

The information (including analysis results and administrative information) on a CodeSonar hub is considered as a collection of securable resources.
The hub manages a set of roles, each of which has a set of role-permissions that describes the kinds of access ("permissions") the role has for each securable resource on the hub. New and upgraded hubs will have several built-in roles:
- Administrator has a superset of the permissions previously held only by the Administrator user: access to hub information functionality plus access to all analysis information.
- User has permissions equivalent to those previously held by a signed-in user.
- Anyone has permissions equivalent to those previously held by a user in an anonymous session.
- Enabled has the ability to sign in.

Each user on the hub is assigned a nonempty set of roles. The user is then considered to have all permissions that are held by at least one of the user's roles.
In a limited set of special cases CodeSonar will behave as if a user has certain permissions that are not conferred by their roles, or does not have certain permissions that would otherwise be conferred: see RBAC: Role-Permissions: Special User Permission Adjustments for details.

Various aspects of CodeSonar operation have changed due to the introduction of RBAC.

GUI
Built-in Users
New and Modified Hub Elements and CodeSonar Concepts
Administrative Settings
Parallel Analysis
Command Lines
Windows Build Wizard
Eclipse Plug-In

RBAC: GUI

Access to GUI pages and functionality within those pages is no longer governed by "session type", but by RBAC permissions.

There is no longer a distinction between an Admin session and an Ordinary User session. Every session associated with a signed-in user is considered a "user session" for the sake of licensing.
When a session is taking place with no user signed in, it is considered to be associated with special user Anonymous, and to be an "anonymous session" for the sake of licensing.
See GUI Changes for a list of new RBAC-related GUI page types, and for changes to existing page types.

RBAC: Built-in Users

There are several changes to the built-in Administrator account.

Administrator no longer has a default password. Instead, its initial password is set when the hub is first started.
You will be prompted to specify a new Administrator password when you upgrade your CodeSonar hub to this version. The previous password will be discarded.
Administrator no longer necessarily has sole access to administrative functionality, nor is it prevented from viewing analysis information. It is entirely possible for a non-Administrator user to have all the same permissions, and thus all the same access, as Administrator.
Exception: Administrator is the only user who can set up a satellite hub.
Administrator is no longer exempt from counting against licensed user sessions or active users.

There are two new built-in hub user accounts.

Anonymous: a special account that exists to associate roles (and thus role-permissions) with users who are not signed in.
Default Template User: an initial "ordinary user" provided so that it can be used as a template user for account creation on new hubs.

New and Modified Hub Elements and CodeSonar Concepts

Element	Changes
Hub User Account	New properties Roles, Default Role, and User Certificates. Username can no longer be modified. The process for activating and deactivating users has changed.
Analysis	New Analysis Launch Daemon property; properties Username, Machine, Installation, Address, Protocol Version (and new property Hub User) are derived from this launch daemon. Analyses are now securable resources.
File	New file instance ID property.
Launch Daemon	New properties Derived Name, Hub User, Key, Launch Daemon ID, Parent LDGroup (with derived property LDPath). Property "Username" has been renamed to System User. The identifying property tuple for a launch daemon is now a 5-tuple: [Machine, System User, Hub User, Installation, Key]. The configuration tool now asks whether you want to start a launch daemon as a service (on Windows), rather than always starting it as a service. Launch daemons are now securable resources.
Project	New property Parent Project Tree, with derived properties Project Path, Ancestors. Build/analysis commands (including those issued through the Windows Build Wizard and Eclipse plug-in) can optionally specify a project name that is distinct from the "pfiles-name" used to construct local analysis file names. Name uniqueness is enforced only with respect to those projects visible to the user (enforcing uniqueness more broadly would result in an information leakage vulnerability). Projects are now securable resources.
Named Chart	Name uniqueness is enforced only with respect to those named charts that are visible to the user (enforcing uniqueness more broadly would result in an information leakage vulnerability). Named charts are now securable resources.
Report Template	Name uniqueness is enforced only with respect to those templates that are visible to the user (enforcing uniqueness more broadly would result in an information leakage vulnerability). Report templates are now securable resources.
Saved Search	Name uniqueness is enforced only with respect to those saved searches that are visible to the user (enforcing uniqueness more broadly would result in an information leakage vulnerability). Saved searches are now securable resources.
Warning Processor	New ID property. Warning processors are now securable resources.
Third-Party Authentication Services	The LDAP authentication plug-in shipped with CodeSonar has been modified: the "Reject untrusted certificates" option has been replaced by option Reject certificates with wrong hostname. If the LDAP server certificate is not trusted by the hub, clicking Submit will result in message "LDAP Error: Untrusted SSL certificate in the certificate chain" (above the page title): scroll down to inspect the certificate, if it is ok, select "Add an exception for the following certificate" and click Submit again. Property changes for configured authentication services: New property Template User. Deleted properties "Allow users to change password", "Allow users to change email". The equivalent functionality is now handled through the roles (and thus role-permissions) assigned to the Template User. There are several changes to the Python wrapper class provided for custom authentication plug-ins. New method get_user_from_cert(). Plug-ins must now define at least one of get_user(), get_user_from_cert(). (Previously they had to define get_user().) get_conf_html() now takes a conf_data argument.
New Securable Resource Types	Project Tree, Launchd Group.
New Concepts for RBAC	Role, Permission, Role-Permission, Securable Resource

RBAC: Administrative Settings

A number of administrative settings have been superseded by RBAC features:

Deleted Setting	Replacement Functionality
Command URLs and SQL Accessible To	Managed by role-permissions. Permission requirements for individual command URLs are described in GUI Reference: Hub Commands; SQL access is controlled by G_SQL_CONSOLE.
Who Can Create Accounts	Managed by role-permissions: see Hub User Accounts: Creating Hub User Accounts for details.
Allow users to change password by default	Specify a default template user that has G_CHANGE_OWN_PASSWORD permission through one or more of its assigned roles.
Allow users to change email by default	Specify a default template user that has G_CHANGE_OWN_EMAIL permission through one or more of its assigned roles.
Allow Anonymous Browsing?	Anonymous browsing is available if and only if special user Anonymous has G_SIGN_IN permission through one or more of its assigned roles. When anonymous browsing is enabled, the available information and functionality depend on the role-permissions for the roles assigned to \ Anonymous.
Use Visibility Settings to Enforce Access Control?	Access control is managed by role-permissions.
Visibility Defaults	There are no longer hub-wide visibility defaults. Visibility defaults are managed on a per-user basis; initial visibility defaults for a new account are copied from those of the template user specified at account creation time.

Parallel Analysis

Parallel analysis (including distributed analysis) slaves and masters perform mutual authentication when slaves are started automatically. The mutual authentication requirement must be disabled in order to start slaves manually; only do this if you trust all users that could connect to the port on which the analysis master listens.

Command Lines

New codesonar subcommands:

codesonar generate-hub-cert - obtain a new user certificate (issued by the hub).

New options to existing codesonar subcommands:

New Option(s)	Applicable codesonar subcommands (subcommands that don't take any of the new options are not listed)
New Option(s)	analyze	build	get	hub-info	hub-start	hub-stop	install-launchd	relocate
[-auth authtype] [-hubuser username] [-hubpwfile pwfile] [-hubcert certfile] [-hubkey privatekeyfile]	YES	YES	YES	YES	.	YES	YES	YES
[-project [/[ancestors/]]proj-name]	YES	YES	.	.	.	.	.	.
[-launchd-group ldgroup]	YES	YES	.	.	.	.	YES	YES
[-launchd-key ldkey]	YES	YES	.	.	.	.	YES	YES
[protocol://] (with host:port)	YES	YES	YES	YES	.	YES	YES	YES
[-force]	.	.	.	YES	.	.	.	.
[-setadminpw]	.	.	.	.	YES	.	.	.
[-max-processes proclimit]	.	.	.	.	.	.	YES	.

RBAC: Eclipse Plug-In

The following restrictions apply to the Eclipse plug-in. We expect to eliminate these restrictions in a future release.

It can only be used with a hub that has HTTPS disabled.
CodeSonar builds and analyses can only be authenticated as special user Anonymous.
(This also means that the analysis launch daemon will be authenticated as Anonymous.)
You can authenticate the changing of warning annotations as a hub user other than Anonymous by providing the hub user account username and password in the project properties dialog. (Certificate-based authentication is not yet supported.)
You can authenticate the importing of analysis results as a hub user other than Anonymous by providing the hub user account username and password in the project properties dialog. (Certificate-based authentication is not yet supported.)

There are two new Project Properties settings: Project and Launchd Group.

RBAC: Windows Build Wizard Changes

New Project and Auth fields on screen 1.
Depending on hub configuration and on Auth selection, one or more of the following dialogs may be presented after you click Record.

Other Details

Other Security Enhancements

In addition to the RBAC scheme, this release adds the the following security enhancements.

HTTPS	HTTPS is broadly applied across hub communications. When HTTPS is enabled on the hub it is used for all hub communications, including serving web GUI pages and interacting with the CodeSonar build/analysis. Users can optionally include a protocol with the hub location for CodeSonar build/analysis and other commands. HTTPS-enabled hubs can be configured to reject http:// URLs, or to redirect them to their https:// equivalents.
Passwords	Several changes to handling for hub passwords. Password policy for the hub can now be set from the Settings: Password Policy tab: minimum length, minimum number of character classes, password hash iteration count, number of authentication attempts that will trigger lockout. Password hashing is now done using PBKDF2. By default, hashing uses 100k iterations (about 1 second). Passwords that were last changed before upgrading are grandfathered in to older hashing schemes until they are reset. For maximum security, reset all passwords after upgrading. Administrator no longer has a default password.
TLS/TLS Certificates	Applied to a broader set of interactions, and with a higher degree of security. TLS certificate validation is more thorough. The hub can be configured to use TLS for database communication. Otherwise it will connect to the database with a password - "trust" authentication is no longer used. Analysis master↔slave sockets will use TLS if new configuration parameter MASTER_USE_TLS is set to Yes. Generated TLS certificates are more restrictive and have higher strength. If you are upgrading an HTTPS-enabled hub that uses hub-generated self-signed certificates, we recommend generating new certificates. HTTPS-enabled hubs can be configured to permit certificate-based user authentication for users with sufficient permissions. For details, see the manual section on TLS Certificates.
Hub directory location	CodeSonar will no longer start a hub whose hub directory is located under the CodeSonar installation directory.
OpenSSL upgrade	CodeSonar now uses OpenSSL v1.0.2g.
Web GUI protections	Web GUI pages have added protections against cross-site request forgery (CSRF), cross-site scripting (XSS), and clickjacking.
Session cookies	Several adjustments. Checked on every request instead of every connection. May be important in the presence of (reverse) proxies. Marked HTTPS-only on HTTPS hubs By default, they expire if the browser closes Marked samesite in anticipation of Internet-Draft draft-west-first-party-cookies-06

GUI changes

There are a number of GUI changes in this version of CodeSonar.

New GUI Page Types

Global Role-Permissions	View and edit the global role-permission assignments for each role on the hub.
Launchd Group	Information about a single launchd group, including a table of its child launch daemons and launchd groups.
Project Tree	Information about a single project tree, including a table of its child projects and project trees.
Resource Role-Permissions	View and edit the role-permission assignments for each role on the hub with respect to a single securable resource.
Role Ancestors	View the set of ancestor roles for a role; edit the set of parent roles; edit the role name and description.
Role Users	View the set of direct and indirect user assignments for a role; edit direct user assignments; edit the role name and description.
Roles	View all roles on the hub; delete roles; add new roles.
Security Dashboard	View security suggestions for the hub; link to security functionality.
User Certificates	Manage the TLS certificates for a single hub user account.
User Roles	View the set of directly and indirectly assigned roles for a user; edit direct assignments.

Removed GUI Page Types

Generate SSL Certificate	This functionality is now provided on the Configure HTTPS page.

Modified GUI Page Types

There are broad changes across all page types to incorporate RBAC and other new functionality.

Every page is now subject to permission checking to determine whether the current user can access the page at all and, if so, what information and functionality will be available. Each page type entry in the GUI Reference lists the applicable permissions.

Elements with security implications in otherwise non-security-related pages are typically marked with icons.

	Denotes functionality that is not available to the current user (Anonymous, if no user is signed in). Click to sign in as a user with the appropriate permissions.
	[May also be black or grey, depending on context.] Denotes a link to a page for viewing or modifying permissions or other security-related settings.

Breadcrumb schemes for many page types have been extended.

The following table describes other changes to existing page types.

Account Editor	Account Settings tab modified: New Access Control and Configure TLS Certificates subsections Can no longer change account Username. New Sign In tab for user 'impersonation'.
Admin Settings/ User Settings	The page previously called "User Settings" is now called "Settings". The Settings and Admin Settings pages are much more closely related than previously. The only difference between the two is how they handle functionality that the user does not have permission to access: the Admin Settings page disables it while still leaving it visible (using a 'lock' icon to indicate that it is unavailable), while the User Settings page does not even show the existence of such functionality. Clicking on the Settings link at top left of any GUI page now always navigates to the User Settings page for the currently signed-in user. A link to the Admin Settings page is provided on the Other Links tab of the Settings page. The tabs have been rearranged and renamed. The updated set of tabs is as follows. Account (previously "Account Settings"). New Access Control and Configure TLS Certificates sections. Content (new). Contains some of the settings that were previously on the Hub Settings tab and all of the settings that were previously on the Dates tab. HTTP (new).Contains some of the settings that were previously on the Hub Settings tab, along with new settings Sessions expire on browser close? and Use TLS for database communication?. SMTP (previously "SMTP Settings"). The "Connect Using SSL" option has been renamed to "Connect Using TLS". Analysis (previously "Analysis Settings"). New Project links... setting User Administration (new). Contains some of the links that were previously on the Other Links tab, along with links to various page types that are new in this release. Password Policy (new). Contains new settings related to aspects of hub-wide password policy. Other Links: Some of the links previously on this tab have been moved to the new User Administration tab. Deleted content is as follows. The Dates tab has been removed; all its settings are now in the Content tab. The Hub Settings tab has been removed. Some of its settings have been moved to the HTTP and Content tabs. The remainder are no longer offered because they have been superseded by RBAC functionality.
Analysis	New link to corresponding Analysis Role-Permissions page.
Analysis: Files tab	Additional available table columns.
Analysis Cloud	New functionality: Modify root launchd group description. Create a new launchd group. Delete launch daemons and launchd groups from table. Move launch daemons and launchd groups in table to a different parent launchd group. Launchd group outline : an overview of the hub's launchd group hierarchy for orientation and navigation. Changes in table contents: Additional available columns. Table may also contain launchd groups. Listed launch daemons depend on the hub's launchd group hierarchy.
Analysis Search Results	Additional available table columns.
Analysis Slaves	Additional available table columns.
Authentication Services	Additional available columns in table of current services; some changes to set of fields in form for adding a new service.
Bulk Add Users	Some changes to property selectors.
Charting (Chart, Chart Table , Chart Wizard)	New links to corresponding Saved Chart Role-Permissions page in File menu and Open Saved Chart dialog. Warnings can now be charted by Significance. Charts in the Analysis domain can now be ordered by Hub User.
Edit Authentication Service	Some changes to set of fields in form for editing service.
File Search Results	Additional available table columns.
Home	New functionality: Modify root project tree description. Create a new project; create a new project tree. Deletion functionality also covers project trees in the table. Move projects and project trees in table to a different parent project tree. Project tree outline : an overview of the hub's project tree hierarchy for orientation and navigation. Changes in table contents: Additional available columns. Table may also contain project trees. Listed project trees depend on the hub's project tree hierarchy. New Settings:Analysis setting "Project links..." controls behavior of links from project entries (default is to link to Analysis:Warnings for most recent analysis, as previously).
Logs	Contents for Parse Details Log, Parse Log / Parse Error Log, and Native Compilation Details Log now depend variously on the settings of new configuration parameters SEND_HOOK_LOG_TO_HUB, SEND_PARSE_LOG_TO_HUB.
Manage Warning Processors	Additional available table columns.
Management Reports	Report Template Editor and Reports sections on Analysis/Project/Home/Project Tree pages provide links to link to corresponding Report Role-Permissions page. You can now include Project Tree sections in the Report Template Editor: use the report elements menu to insert an Analysis section, then use the section editing dialog to change the Section setting to "Project Tree".
Project Search Results	Changes in table contents: Additional available columns. New Settings:Analysis setting "Project links..." controls behavior of links from project entries (default is to link to Analysis:Warnings for most recent analysis, as previously).
Saved Searches	Additional available table columns.
Sign In	Sign In tab now provides functionality for signing in with a certificate, if hub configuration permits.
Users (previously Manage Users)	Several changes to contents and functionality. The page has been renamed (previously it was "Manage Users"). Removed functionality: Delete user: now only from Account Editor Enable/Disable User: now managed through G_SIGN_IN permission, see Task: Activate or Deactivate a User Account for detailed instructions. New functionality: Set default template user. More navigation links to other GUI pages.

Warning Class Changes

New Warning Classes

There are several new C/C++ warning classes.

Warning Class Name	Mnemonic
FILE* Dereference	IO.FILEDEREF
Invalid Preprocessor Directive	LANG.PREPROC.INVALID
Implicit Function Declaration	LANG.STRUCT.DECL.IMPFN
Macro Definition of Reserved Name	LANG.PREPROC.RDEF
Macro Undefinition of Reserved Name	LANG.PREPROC.RUNDEF
Macro Parameter Not Parenthesized	LANG.PREPROC.NOFPAREN
Modified Parameter	LANG.FUNCS.MODP
Static Array Parameter	LANG.FUNCS.SAP
Trigraph	LANG.STRUCT.TRIGRAPH
Unterminated C String	MISC.MEM.NTERM.CSTRING
Use of offsetof	BADMACRO.OFFSETOF
Write to Read Only File	IO.WRITERO

Removed Warning Classes

The warning class previously known as "Disallowed Macro Name" (LANG.ID.BADMAC) has been replaced by new class "Use of offsetof" (BADMACRO.OFFSETOF).

Warning Class Category Mappings

This version of CodeSonar uses CWE version 2.9, published December 7, 2015.

We now provide broad mappings for CodeSonar warning class categories, in addition to the close mappings that were previously provided. The mapping information is available in tables in the manual and in CSV files.

We have added close and broad mappings from CodeSonar warning classes for several additional coding standards, along with corresponding new configuration presets, as shown in the following table.

Category	Preset
CERT-C: SEI CERT C Coding Standard.	certc
CERT-CPP: SEI CERT C++ Coding Standard.	certcpp
CERT-Java: SEI CERT Oracle Coding Standard for Java.	certjava
DISA: Defense Information Systems Agency (DISA) Application Security and Development Security Technical Implementation Guide (STIG).	disa
MisraC++2008 MISRA C++:2008 Guidelines for the use of the C++ language in critical systems (June 2008).	misrac++2008, misrac++2008_inc

Configuration Parameter Changes

There are a number of new compiler-independent parameters, and one new compiler-specific parameter.

New Compiler-Independent Parameters

Parameter	Purpose
BAD_MACRO_BASE_RANK BAD_MACRO_CATEGORIES BAD_MACRO_CLASS BAD_MACRO_FILENAME BAD_MACRO_INFO BAD_MACRO_LINK BAD_MACRO_NAME BAD_MACRO_SIGNIFICANCE	These parameters are used together to specify bad macros to check for and warnings to issue when those macros occur.
DATA_RACE_MAX_LOCKSETS_PER_MEM_ACCESS	Bounds the number of sets held of locks that are tracked for any given (transitive) memory access.
JAVA_PLUGIN_JVM_FLAGS	Specifies additional flags passed to the JVM.
LAUNCHD_GROUP	Specifies the parent launchd group for new CodeSonar launch daemons.
LAUNCHD_KEY	Specifies extra key data for CodeSonar launch daemons.
MANAGED_OBJECTS_PROTECT_PAGES	Specifies whether in-memory pages of managed objects should be protected when not in immediate use.
MASTER_USE_TLS	Specifies whether analysis master↔slave sockets should use TLS.
NO_IMPLICIT_DEFAULT_FOR_ENUM_SWITCH	States that an implicit default clause should not be generated when a switch statement is being parsed.
REMOTE_SLAVES_LAUNCHDS	Specifies the launch daemon or daemons from which analysis slaves may be requested.
SEND_HOOK_LOG_TO_HUB	Specifies whether or not native compilation log information will be sent to the hub.
SEND_PARSE_LOG_TO_HUB	Specifies whether or not parse details logs will be sent to the hub.
TAINT_MAX_ATTEMPTED_SIMILAR_PATHS	Bounds the number of potentially similar taint warnings that CodeSonar will attempt to refine.
TAINT_MAX_CHECKED_LOCATIONS_PER_INPUT	For the taint analysis, specifies how many usages of a particular input to a procedure can be checked at call sites.
TAINT_MAX_SIMILAR_PATHS	Bounds the number of similar taint warnings that CodeSonar will report.
UNFINISHED_CODE_TAGS	Specifies tags that are considered indicators that the code is incomplete.

New Compiler-Specific Parameters

Parameter	Purpose
CS_TARG_VTABLE_ENTRY_INT_KIND	Integer kind used for the size of a vtable entry in the IA-64 ABI.

Compiler Models And Front End

There are several changes to compiler model infrastructure, three new compiler models (one of which replaces several previous models), and some changes to the front end.

Compiler model infrastructure changes

Model-specific ABI key formats	ABI keys specified with COMPILER_MODELS, --cs_model_abi_key, --cs_user_abi_key can have special formats that convey additional, model-specific semantics. Most existing user-specified ABI keys should be unaffected; contact CodeSecure support if you are having any difficulties. The following models offer model-specific ABI key formats: ch38, cl, dcc, gcc, gpp, shc, shcpp. These special-format keys replace the previous mechanism whereby values such as version numbers could be specified in files with names of the form $CSONAR/csurf/etc/*-compiler-config.txt
Implementation	Compiler models are now all implemented in C++. The Authoring Compiler Models page contains detailed information for users who wish to create C++ models. If you have previously implemented a custom STk compiler model or made modifications to one of the STk models shipped with CodeSonar and do not want to translate your customizations to C++, you will need to configure CodeSonar to "fall back" to the STk compiler models. Note that if you do this you will not be able to use the compiler models that are new in this release, since they are implemented in C++ only. Contact CodeSecure support if you experience any problems.

Model-specific ABI key formats

ABI keys specified with COMPILER_MODELS, --cs_model_abi_key, --cs_user_abi_key can have special formats that convey additional, model-specific semantics. Most existing user-specified ABI keys should be unaffected; contact CodeSecure support if you are having any difficulties.

The following models offer model-specific ABI key formats: ch38, cl, dcc, gcc, gpp, shc, shcpp.

These special-format keys replace the previous mechanism whereby values such as version numbers could be specified in files with names of the form $CSONAR/csurf/etc/*-compiler-config.txt

Implementation

Compiler models are now all implemented in C++.

The Authoring Compiler Models page contains detailed information for users who wish to create C++ models. If you have previously implemented a custom STk compiler model or made modifications to one of the STk models shipped with CodeSonar and do not want to translate your customizations to C++, you will need to configure CodeSonar to "fall back" to the STk compiler models. Note that if you do this you will not be able to use the compiler models that are new in this release, since they are implemented in C++ only. Contact CodeSecure support if you experience any problems.

Changes to Model Set

Borland	The new borland compiler model models the behavior of the Borland C++ compiler for Win32 and the Embarcadero C++ compiler for Win32.
CodeVisionAVR	The new cvavr compiler model models the behavior of a build carried out with CodeVisionAVR. The process for constructing a CodeSonar project based on a CodeVisionAVR build differs somewhat to that for other tools. In particular, CodeSonar does not observe the CodeVisionAVR build directly: instead, the cvavr compiler model is applied to the CodeVisionAVR project file.
Cosmic	The new cosmic compiler model models the behavior of the Cosmic Software C compilers.
MPLAB C18	The new mcc18 compiler model models the behavior of the MPLAB C18 C compiler.
IAR	There is now only one IAR compiler model: iar. This model covers all compilers covered by the previous models iccarm, iccgeneric, icc430, and iccm32. The old model names are deprecated; COMPILER_MODELS rules that mapped to these names should be changed to map to iar. For example, rule COMPILER_MODELS += icc8057.exe -> iccgeneric should be changed to COMPILER_MODELS += icc8057.exe -> iar

Front end changes

EDG version	CodeSonar now uses EDG 4.10.1, and benefits from: Bug fixes for C++11 handling. Support of Clang __has_feature and related facilities (though not other Clang language extensions such as blocks). The ability to parse C++14 and C++/CX.
Normalized C AST changes	Several normalized C AST classes have new attributes. c:abi: new :endianness attribute. c:class: new :first-field-is-vptr attribute. c:struct: new :first-field-is-vptr attribute.
Unormalized C AST changes	There are new and modified unnormalized C AST classes. New Classes cc:c11-generic cc:stmt-expr-result For a GNU statement expression that ends with an expression statement, the expression statement will now be parsed to an unnormalized C AST of class cc:stmt-expr-result, where previously it would have had class cc:stmt-expr. If you have written custom checks or other CodeSonar customizations that check unnormalized C AST properties, you may need to amend them to take this into account. cc:vector-fill Modified Classes cc:generic-array: new :is-static attribute. cc:param-type: new :declared-type attribute. cc:typeref: new :is-deduced-decltype-auto and :is-deduced-auto attributes.
New Front End Options	(in addition to those provided by the EDG upgrade) --cs_define_edg_macros --cs_ext_c99_for_init --cs_ext_openmp --cs_sized_int --cs_targ_plain_int_bit_field_is_signed --cs_targ_plain_int_bit_field_is_unsigned --cs_targ_sizeof_double --cs_targ_sizeof_long_double --cs_targ_wchar_t_int_kind --cs_universal_character_names_allowed --cs_universal_character_names_allowed

API Changes

General-Purpose API	New function: C: cs_project_name() Scheme: project-name
CodeSonar Plug-In API	New functions: C: csonar_pdg_vertex_enum_killed() Scheme: codesonar:pdg-vertex-enum_killed C: csonar_pdg_vertex_enum_used() Scheme: codesonar:pdg-vertex-enum_used [CodeSonar for Binaries only] C: csonar_binary_backend_option() Scheme: -

Customer Tickets Fixed

7985	Show ignored compilations in parse log	fixed
9661	Update model for armcc to use include directories from environment variables	fixed
13840	Parse error with use of std::bind	fixed
13852	CodeSonar crashes when project is in root directory of drive	fixed
13649	clang and maybe gcc default std to c11	fixed
14019	Parse errors from gcc builtins when STL <future> is included.	fixed
14236	let user specify JVM options for Java plugins	Use new configuration parameter JAVA_PLUGIN_JVM_FLAGS.
14256	API for getting project name	Use new function cs_project_name().
14585	Explore Callers distinguishes results by non-colorblind-safe colors	fixed
14592	gcc model -lSOMETHING.cpp flag	fixed
14704 14705 14708	[EDGcpfe/16468] set(str.find("x"), str.end()) : no instance of constructor matches the argument	fixed
14952	FP when all switch cases are covered	fixed
14986	STL: FPs with std::make_pair and std::string	fixed
15289	Analysis assertion failed: (size_t)CHARACTER_SPAN_END(span) > cursor	fixed
15341	Hub Exception AttributeError 'NoneType' object has no attribute 'domain'	fixed
15425	FP: Flipping bits causes Coercion Alters Value or Cast Alters Value warning	fixed
15646	Disable auto-complete on username/password boxes	fixed
15657	FP: Mismatched Operand Type with enum	fixed
15667	Parse C++/CX WinRT code	fixed
15726	armcc compiler model dropping -D flags	fixed
15739	Renesas compiler model doesn't handle newlines in include parameters	fixed
15843	tasking compiler model doesn't process certain flags like -c99 -I -D	fixed
15886	cprocess crash: can't load vcmeta.dll	fixed