CodeSonar Release 4.4p0 Release Notes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.0p0 Hot Tips

CONFIDENTIAL

CodeSecure Inc

Release Notes

CodeSonar Release 4.4, patchlevel 0: Release Notes

Notes on Upgrading
What's New
Details
Customer Tickets Fixed

Notes on Upgrading

If you are upgrading from a CodeSonar release before 4.2p0, note that Role Based Access Control (RBAC) was introduced in that version, involving substantial changes cutting across almost all aspects of the product. See the CodeSonar 4.2p0 release notes for more information.

What's New

Determinism	CodeSonar 4.4 contains changes that make analysis results change less from run to run.
Warning Class Changes	A number of new Java warning classes due to upgrades to FindBugs^TM and PMD; new C/C++ warning classes in support of various MISRA rules; several new C/C++ warning classes provided for diagnostic purposes.
Custom Compiler Models	There have been some changes to the C++ API for custom compiler models. If you have created custom compiler models with this API, you may need to adjust them slightly.
Configuration Parameters	There are several new parameters, along with changes to factory settings and behavior for some existing parameters.
Configuration Presets	New configuration preset: stable_results.
GUI Changes	A user who signed in when there were no available licensed user session slots, or who started an anonymous session when there were no available licensed anonymous session slots, will now see a warning message displayed above the GUI page footer stating that they are in an "overflow session".
API	There are new functions in the Plug-In API and General Purpose API. Internal CodeSonar symbols are no longer exported for dynamic linking.
AST Changes	One new unnormalized C/C++ AST class; new fields in several existing AST classes.
EDG Upgrade	CodeSonar now uses EDG version 4.11. This provides better compatibility with C++14 and some miscellaneous fixes for parse errors.
Java 1.8 Compatibility	CodeSonar can analyze .class files built by a 1.8 JDK. FindBugs and PMD have been upgraded.
Eclipse Compatibility	The Eclipse integration is compatible with Eclipse versions 3.7 (Indigo) through 4.6 (Neon) (official/supported versions only).
Product Compatibility Notes	CodeSonar is not compatible with ALYac Internet Security Pro. CodeSonar will not be able to communicate with an HTTP hub on systems with Bitdefender^™ installed, even if Bitdefender is disabled. You can work around this by configuring your hub to use HTTPS.
Third-Party Upgrades	Several of the third-party elements packaged with CodeSonar have been upgraded. For full version information and other details, see the Notices page.
PostgreSQL Note	Setting any of the PostgreSQL environment variables, especially any that deal with connecting via TLS, can prevent new hubs from being created and may prevent you from starting existing hubs. For more information, see Hub Directory and Database: PostgreSQL Environment Variables.
Chrome Note	Chrome does not support in-browser generation and storage of user certificates as readily as other browsers do. If you want to use certificate-based user authentication with Chrome, see the additional information in section Manually Generating and Uploading User Certificates.
OSX Note	In its default configuration, OS X System Integrity Protection will (by design) prevent the CodeSonar build/analysis from observing your normal software build. To perform the CodeSonar build/analysis on OS X systems, you will need to disable SIP, as described in the FAQ.

Details

Determinism

CodeSonar 4.4 contains changes that make analysis results change less from run to run. The configuration preset stable_results must be used to take advantage of these changes. The preset reduces jitter by making some sacrifices in the way of analysis result quality and performance. Empirically, on a large project, the jitter measurements were as follows:

Version	Configuration Preset	Jitter
CodeSonar 4.4	stable_results	0.6%
CodeSonar 4.4	default	20%
CodeSonar 4.2	default	30%

The "taint+dp" warning class checks continue to exhibit some degree of nondeterminism. If result stability is important to you, you may wish to ensure that these classes are disabled (note that all but Tainted Buffer Access are disabled by default).

Warning Class Changes

Changes to the set of available warning classes originate from several enhancements to CodeSonar.

FindBugs Upgrade. If you perform a CodeSonar build/analysis of Java code with FindBugs enabled, the version of FindBugs invoked will depend on your JRE version (must be at least 1.5.0).
- JRE version 1.7 or 1.8 → FindBugs version 3.0.1.
- JRE version 1.5 or 1.6 → FindBugs version 2.0.2.
These two FindBugs versions have slightly different sets of warning classes: if some of your Java analyses are performed on machines with JRE 1.7 or 1.8 and some on machines with older JRE versions, you will need to take this into account in comparing results. Documentation links for warning classes that are present in FindBugs version 2.0.2 but not version 3.0.1 may not work correctly.
The upgrade may be associated with memory consumption regressions.
PMD Upgrade. If you perform a CodeSonar build/analysis of Java code with PMD enabled, the version of PMD invoked will depend on your JRE version (must be at least 1.5.0).
- JRE version 1.7 or 1.8 → PMD version 5.4.2.
- JRE version 1.5 or 1.6 → PMD version 5.0.4.
These two PMD versions have slightly different sets of warning classes: if some of your Java analyses are performed on machines with JRE 1.7 or 1.8 and some on machines with older JRE versions, you will need to take this into account in comparing results. Documentation links for warning classes that are present in PMD version 5.0.4 but not version 5.4.2 may not work correctly.
Expanded MISRA Coverage. There are several new C/C++ warning classes in support of MISRA guidelines. Additionally, warning categories now include mappings for MISRA C:2012 Amendment 1 Additional security guidelines for MISRA C:2012 (April 2016).

New Warning Classes

	Name [Mnemonic]	Notes
New Java Warning Classes
	Array index is out of bounds [FB.CORRECTNESS.RANGE_ARRAY_INDEX]	Added in FindBugs
	Array length is out of bounds [FB.CORRECTNESS.RANGE_ARRAY_LENGTH]	Added in FindBugs
	Avoid Protected Method In Final Class Not Extending [PMD.Design.AvoidProtectedMethodInFinalClassNotExtending]	Added in PMD
	Array offset is out of bounds [FB.CORRECTNESS.RANGE_ARRAY_OFFSET]	Added in FindBugs
	Boxing a primitive to compare [FB.PERFORMANCE.DM_BOXED_PRIMITIVE_FOR_COMPARE]	Added in FindBugs
	Boxing/unboxing to parse a primitive [FB.PERFORMANCE.DM_BOXED_PRIMITIVE_FOR_PARSING]	Added in FindBugs
	Clone Method Must Be Public [PMD.Clone-Implementation.CloneMethodMustBePublic]	Added in PMD
	Clone Method Return Type Must Match Class Name [PMD.Clone-Implementation. CloneMethodReturnTypeMustMatchClassName]	Added in PMD
	Comment Default Access Modifier [PMD.Comments.CommentDefaultAccessModifier]	Added in PMD
	Condition has no effect due to the variable type [FB.STYLE.UC_USELESS_CONDITION_TYPE]	Added in FindBugs
	Condition has no effect [FB.STYLE.UC_USELESS_CONDITION]	Added in FindBugs
	Consecutive Appends Should Reuse [PMD.String-and-StringBuffer.ConsecutiveAppendsShouldReuse]	Added in PMD
	Enum field is public and mutable [FB.BAD_PRACTICE.ME_MUTABLE_ENUM_FIELD]	Added in FindBugs
	Field is a mutable collection which should be package protected [FB.MALICIOUS_CODE.MS_MUTABLE_COLLECTION_PKGPROTECT]	Added in FindBugs
	Field is a mutable collection [FB.MALICIOUS_CODE.MS_MUTABLE_COLLECTION]	Added in FindBugs
	Guard Log Statement Java Util [PMD.Java-Logging.GuardLogStatementJavaUtil]	Added in PMD
	Guard Log Statement [PMD.Java-Logging.GuardLogStatement]	Added in PMD
	Incorrect combination of Math.max and Math.min [FB.CORRECTNESS.DM_INVALID_MIN_MAX]	Added in FindBugs
	Method relaxes nullness annotation on return value [FB.STYLE.NP_METHOD_RETURN_RELAXING_ANNOTATION]	Added in FindBugs
	Method tightens nullness annotation on parameter [FB.STYLE.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION]	Added in FindBugs
	Method with Optional return type returns explicit null [FB.CORRECTNESS.NP_OPTIONAL_RETURN_NULL]	Added in FindBugs
	Modified Cyclomatic Complexity [PMD.Code-Size.ModifiedCyclomaticComplexity]	Added in PMD
	Position Literals First In Case Insensitive Comparisons [PMD.Design.PositionLiteralsFirstInCaseInsensitiveComparisons]	Added in PMD
	Possible bad parsing of shift operation [FB.CORRECTNESS.BSHIFT_WRONG_ADD_PRIORITY]	Added in FindBugs
	Possible exposure of partially initialized object [FB.MT_CORRECTNESS.DC_PARTIALLY_CONSTRUCTED]	Added in FindBugs
	Public enum method unconditionally sets its field [FB.BAD_PRACTICE.ME_ENUM_FIELD_SETTER]	Added in FindBugs
	Return value of method without side effect is ignored [FB.STYLE.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT]	Added in FindBugs
	Rough value of known constant found [FB.BAD_PRACTICE.CNT_ROUGH_CONSTANT_VALUE]	Added in FindBugs
	Simplified Ternary [PMD.Basic.SimplifiedTernary]	Added in PMD
	Single Method Singleton [PMD.Design.SingleMethodSingleton]	Added in PMD
	Singleton Class Returning New Instance [PMD.Design.SingletonClassReturningNewInstance]	Added in PMD
	Std Cyclomatic Complexity [PMD.Code-Size.StdCyclomaticComplexity]	Added in PMD
	Uncommented Empty Method Body [PMD.Design.UncommentedEmptyMethodBody]	Added in PMD
	Use Utility Class [PMD.Design.UseUtilityClass]	Added in PMD
	Useless increment in return statement [FB.CORRECTNESS.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN]	Added in FindBugs
	Useless non-empty void method [FB.STYLE.UC_USELESS_VOID_METHOD]	Added in FindBugs
	Useless object created on stack [FB.STYLE.UC_USELESS_OBJECT_STACK]	Added in FindBugs
	Useless object created [FB.STYLE.UC_USELESS_OBJECT]	Added in FindBugs
	Useless Qualified This [PMD.Unnecessary.UselessQualifiedThis]	Added in PMD
	compareTo()/compare() incorrectly handles float or double value [FB.BAD_PRACTICE.CO_COMPARETO_INCORRECT_FLOATING]	Added in FindBugs
New C/C++ Warning Classes
	## Follows # Operator [LANG.PREPROC.PASTEHASH]	MISRA
	Array Parameter Mismatch [LANG.FUNCS.APM]	MISRA
	Assignment Result in Expression [LANG.STRUCT.USEASSIGN]	MISRA
	Coercion: Integer Constant to Pointer [LANG.CAST.PC.CONST2PTR]	MISRA
	Declaration of Reserved Name [LANG.STRUCT.DECL.RESERVED]	MISRA
	Macro Uses # Operator [LANG.PREPROC.HASH]	MISRA
	Misplaced case [LANG.STRUCT.SW.MPC]	MISRA
	Missing Parentheses [LANG.STRUCT.PARENS]	MISRA
	Non-Boolean Preprocessor Expression [LANG.PREPROC.NBPE]	MISRA
	Pointer Arithmetic [LANG.STRUCT.PARITH]	MISRA
	Side Effects in Initializer List [LANG.STRUCT.SE.INIT]	MISRA
	Side Effects in Logical Operand [/LANG.STRUCT.SE.LOGIC]	MISRA
	Undefined Macro in #if [LANG.PREPROC.UMIF]	MISRA
	Unexercised Call [DIAG.UNEX.CALL]	for diagnostic purposes
	Unexercised Computation [DIAG.UNEX.COMP]	for diagnostic purposes
	Unexercised Conditional [DIAG.UNEX.COND]	for diagnostic purposes
	Unexercised Control Flow [DIAG.UNEX.CONTROL]	for diagnostic purposes
	Unexercised Data Flow [DIAG.UNEX.DATA]	for diagnostic purposes
	Unspecified Array Size with Designator Initialization [LANG.STRUCT.INIT.UADI]	MISRA
	Unterminated Escape Sequence [LANG.STRUCT.UESC]	MISRA
	Use of <stdarg.h> Feature [BADMACRO.STDARG_H]	MISRA
	Use of <stdio.h> Input/Output Macro [BADMACRO.STDIO_H]	MISRA
	Use of <wchar.h> Input/Output Macro [BADMACRO.WCHAR_H]	MISRA

Warning Class Name Changes

Name	Previously	Notes
"." or "\|" used for regular expression	"." used for regular expression	Renamed in FindBugs
Bad comparison of nonnegative value with negative constant or zero	Bad comparison of nonnegative value with negative constant	Renamed in FindBugs
Can't use reflection to check for presence of annotation without runtime retention	Cant use reflection to check for presence of annotation without runtime retention	Renamed in FindBugs
Class defines equal(Object); should it be equals(Object)?	Class defines equal(Object), should it be equals(Object)?	Renamed in FindBugs
Class defines hashcode(); should it be hashCode()?	Class defines hashcode(), should it be hashCode()?	Renamed in FindBugs
Class defines tostring(); should it be toString()?	Class defines tostring(), should it be toString()?	Renamed in FindBugs
Class's readObject() method is synchronized	Classs readObject() method is synchronized	Renamed in FindBugs
Class's writeObject() method is synchronized but nothing else is	Classs writeObject() method is synchronized but nothing else is	Renamed in FindBugs
D'oh! A nonsensical method invocation	Doh! A nonsensical method invocation	Renamed in FindBugs
Integral division result cast to double or float	integral division result cast to double or float	Renamed in FindBugs
Integral value cast to double and then passed to Math.ceil	integral value cast to double and then passed to Math.ceil	Renamed in FindBugs
Method call passes null for non-null parameter (deref all)	Method call passes null for nonnull parameter (deref all)	Renamed in FindBugs (name also contains a disambiguation string added to satisfy CodeSonar's warning class name uniqueness constraint)
Method call passes null for non-null parameter (deref)	Method call passes null for nonnull parameter (deref)	Renamed in FindBugs (name also contains a disambiguation string added to satisfy CodeSonar's warning class name uniqueness constraint)
Method call passes null to a non-null parameter	Method call passes null to a nonnull parameter	Renamed in FindBugs
Method discards result of readLine after checking if it is non-null	Method discards result of readLine after checking if it is nonnull	Renamed in FindBugs
Method may return null, but is declared @Nonnull	Method may return null, but is declared @NonNull	Renamed in FindBugs
Non-null field is not initialized	Nonnull field is not initialized	Renamed in FindBugs
Non-virtual method call passes null for non-null parameter	Non-virtual method call passes null for nonnull parameter	Renamed in FindBugs
Nonconstant string passed to execute or addBatch method on an SQL statement	Nonconstant string passed to execute method on an SQL statement	Renamed in FindBugs
Parameter must be non-null but is marked as nullable	Parameter must be nonnull but is marked as nullable	Renamed in FindBugs
Potentially ambiguous invocation of either an inherited or outer method	Ambiguous invocation of either an inherited or outer method	Renamed in FindBugs
Private readResolve method not inherited by subclasses	private readResolve method not inherited by subclasses	Renamed in FindBugs
Store of null value into field annotated @Nonnull	Store of null value into field annotated NonNull	Renamed in FindBugs

Warning Class Mnemonic Changes

Name	New Mnemonic [Previously]	Notes
Primitive value is unboxed and coerced for ternary operator	FB.PERFORMANCE.BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR [FB.CORRECTNESS.BX_UNBOXED_AND_COERCED_FOR_TERNARY_OPERATOR]	Recategorized in FindBugs
compareTo()/compare() returns Integer.MIN_VALUE	FB.BAD_PRACTICE.CO_COMPARETO_RESULTS_MIN_VALUE [FB.CORRECTNESS.CO_COMPARETO_RESULTS_MIN_VALUE]	Recategorized in FindBugs

Deleted Warning Classes

Class	Notes
Creates an empty jar file entry [FB.BAD_PRACTICE.AM_CREATES_EMPTY_JAR_FILE_ENTRY]	Removed from FindBugs
Creates an empty zip file entry [FB.BAD_PRACTICE.AM_CREATES_EMPTY_ZIP_FILE_ENTRY]	Removed from FindBugs
Method uses toArray() with zero-length array argument [FB.PERFORMANCE.ITA_INEFFICIENT_TO_ARRAY]	Removed from FindBugs

Configuration Parameters

There are several new parameters, along with changes to factory settings and behavior for some existing parameters.

New configuration parameters

DATA_RACE_BARRIER_PERIOD	Controls a trade off between performance and false negatives for Data Race warnings.
REFINEMENT_BARRIER_PERIOD	Controls a trade off between analysis performance and false negatives for taint-related warnings.
SIDE_EFFECT_FREE_FUNCTIONS	Specifies functions whose calls are to be considered side effect free.
SOURCE_MIN_REACHABLE_FROM_ROOTS	Provides a safeguard against misidentifying a large portion of source code as unreachable.
SOURCE_MAX_REACHABLE_FROM_LIBRARIES	Provides a safeguard against misidentifying a large portion of source code as reachable from libraries.
TAINT_PLUS_DP_REFINEMENT	Specifies whether or not the analysis will apply decision procedure refinement for "taint+dp" warnings.

Modified configuration parameters

MASTER_KEEPALIVE_PERIOD	The factory setting is now 3000 (previously 86400).
SKIP_ANALYSIS_OF	The reachability definitions associated with settings UNREACHABLE_FUNCTIONS and SOURCE_LIBRARIES have changed slightly.
SLAVE_TIMEOUT	The factory setting is now 1800 (previously 3600).
WARNING_FILTER	The reachability definitions associated with reachable and starts_in_source_libraries rules have changed slightly.

Custom Compiler Models

There have been some changes to the C++ API provided for authoring custom compiler models. If you have not previously authored any custom models with this API, you will not be affected by the change. If you have authored custom models with this API, make the following modifications to your compiler model source then rebuild and reinstall.

Update your custom models so that	Where previously...
The compiler model class subclasses C_CompilerModel.	...it subclassed CompilerModel.
It uses the EDGFrontEnd class to obtain front end arguments: EDGFrontEnd::cs_and_fe_options() to obtain basic front end arguments. EDGFrontEnd::first_options() to obtain first front end arguments.	...it used the CProcess class: CProcess::cso_and_edg_options CProcess::first_options()

For example:

/* previously class MyModel : public CompilerModel */
class MyModel : public C_CompilerModel {

/* [...] */

/* previously 
 * CmdArgumentVector fe_cmds_c(CProcess::cso_and_edg_options(csl_c,bit_width,config));
 * CmdArgumentVector fe_cmds_cxx(CProcess::cso_and_edg_options(csl_cxx,bit_width,config)); 
 */ 
CmdArgumentVector fe_cmds_c(EDGFrontEnd::cs_and_fe_options(csl_c,bit_width,config));
CmdArgumentVector fe_cmds_cxx(EDGFrontEnd::cs_and_fe_options(csl_cxx,bit_width,config));

/* [...] */

/* previously 
 * const std::vector<CmdArgument>& fe_ffa = CProcess::first_options(sf.first,"object_file.o"); 
 */ 
const std::vector<CmdArgument>& fe_ffa = EDGFrontEnd::first_options(sf.first,"object_file.o");

/* [...] */

}

API Changes

Summary:

There are new functions in the CodeSonar Plug-In API and new functions in the general-purpose API.
Internal CodeSonar symbols are no longer exported for dynamic linking.
See also the notes on the changes for custom compiler models.

Plug-In API

There are several new functions in the CodeSonar Plug-In API.

New Function	Purpose
C: csonar_pdg_reachable() Scheme: codesonar:pdg-reachable?	Check: is the specified PDG reachable from the reachability roots specified with configuration file parameter REACHABILITY_ROOTS?
C: csonar_sf_get_pdgs_for_procedure() Scheme: codesonar:sf-get-pdgs-for-procedure	Get all PDGs for all instances of a procedure (specified by its source file, line, and friendly-name hash).

General Purpose API

There are a number of new functions in the general purpose API, many of them concerned with stable comparison and hashing.

New Functions		Purpose
C	Scheme	Purpose
cs_abs_loc_stable_compare()	abs-loc-stable-cmp abs-loc-stable<? abs-loc-stable>? abs-loc-stable<=? abs-loc-stable>=?	Compare two ABS_LOCs, with stable results across sufficiently-similar analyses.
cs_abs_loc_stable_hash()	abs-loc-stable-hash	Get a hash value for an ABS_LOC, with stable results across sufficiently-similar analyses.
cs_ast_field_stable_compare()	ast-field-stable-cmp ast-field-stable<? ast-field-stable>? ast-field-stable<=? ast-field-stable>=?	Compare two AST fields, with stable results across sufficiently-similar analyses.
cs_ast_stable_compare()	ast-stable-cmp ast-stable<? ast-stable>? ast-stable<=? ast-stable>=?	Compare two ASTs, with stable results across sufficiently-similar analyses.
cs_basic_block_stable_compare()	basic-block-stable-cmp basic-block-stable<? basic-block-stable>? basic-block-stable<=? basic-block-stable>=?	Compare two BASIC_BLOCKs, with stable results across sufficiently-similar analyses.
cs_basic_block_stable_hash()	basic-block-stable-hash	Get a hash value for a BASIC_BLOCK, with stable results across sufficiently-similar analyses.
cs_directory_stable_compare()	directory-stable-cmp directory-stable<? directory-stable>? directory-stable<=? directory-stable>=?	Compare two directory values, with stable results across sufficiently-similar analyses.
cs_directory_stable_hash()	directory-stable-hash	Get a hash value for a directory value, with stable results across sufficiently-similar analyses.
cs_pdg_stable_compare()	pdg-stable-cmp pdg-stable<? pdg-stable>? pdg-stable<=? pdg-stable>=?	Compare two PDG values, with stable results across sufficiently-similar analyses.
cs_pdg_stable_hash()	pdg-stable-hash	Get a hash value for a PDG, with stable results across sufficiently-similar analyses.
cs_pdg_vertex_stable_compare()	pdg-vertex-stable-cmp pdg-vertex-stable<? pdg-vertex-stable>? pdg-vertex-stable<=? pdg-vertex-stable>=?	Compare two PDG_VERTEX values, with stable results across sufficiently-similar analyses.
cs_pdg_vertex_stable_hash()	pdg-vertex-stable-hash	Get a hash value for a PDG_VERTEX, with stable results across sufficiently-similar analyses.
cs_prj_files_directory()	prj_files_directory	Get the Analysis Directory for the currently-loaded analysis.
cs_sf_stable_compare()	sf-stable-cmp sf-stable<? sf-stable>? sf-stable<=? sf-stable>=?	Compare two source files, with stable results across sufficiently-similar analyses.
cs_sf_stable_hash()	sf-stable-hash	Get a hash value for a source file, with stable results across sufficiently-similar analyses.
cs_sfid_stable_compare()	sfid-stable-cmp sfid-stable<? sfid-stable>? sfid-stable<=? sfid-stable>=?	Compare two source file instances, with stable results across sufficiently-similar analyses.
cs_sfid_stable_hash()	sfid-stable-hash	Get a hash value for a source file instance, with stable results across sufficiently-similar analyses.
cs_uid_stable_compare()	uid-stable-cmp uid-stable<? uid-stable>? uid-stable<=? uid-stable>=?	Compare two compilation units, with stable results across sufficiently-similar analyses.
cs_uid_stable_hash()	uid-stable-hash	Get a hash value for a compilation unit, with stable results across sufficiently-similar analyses.
cs_get_startup_argv()	- (use standard Scheme functionality)	Get the argv array used to start the process hosting the plugin.

Internal CodeSonar symbols no longer exported

Internal CodeSonar symbols are no longer exported for dynamic linking.

This resolves some C++ ABI compatibility issues that could arise when using C++ API plug-ins.
Plug-in using undocumented C APIs may be affected. Some new public API functions have been created, but some remain to be done. If you are relying on any undocumented C APIs, please notify CodeSecure.

AST changes

One new unnormalized C/C++ AST class: cc:builtin-choose-expr.
New fields in two unnormalized C/C++ AST classes: cc:expr and cc:array.
New fields in two normalized C/C++ AST classes: c:class and c:struct.

Customer Tickets Fixed

NUMBER	NAME	NOTES
8149	Need model for MPLAB PIC18 compiler mcc18	(added in 4.2p0 but ticket resolution not cited then)
15602	check for null in unrelated dynamic cast	(fixed since 4.2p0 but ticket resolution not cited then)
15926	[EDGcpfe/17108] Parse error: expression must have constant value with use of std::tuple_size	fixed
15968	ABI key configuration file not used	fixed
15969	Non-ASCII characters do not render in PDF reports	ensure Default Character Encoding is set to UTF-8 on the Content tab of the Settings page.
15988	Context menu does not display on right-click when viewing large files	fixed
16153	Add license usage to XML output of dry run analysis pages	fixed
16178	List index out of range when committing note	fixed
16222	MISRA false positive: No Matching #if caused by "#if(...)"	fixed
16224	Attribute Error upon clicking "Save and Next"	fixed
16240	Improve license error messages	fixed
16525	[EDGcpfe/17220] MS compat: std::_Tuple_val<_Ty>::_Tuple_val cannot be referenced -- it is a deleted function	fixed
16527	[EDGcpfe/17295] MS compat: braced initializer	fixed
16541	MISRA false positive: Function defined in header file	Warnings of this class no longer triggered on functions that are instantiations of templates.