CodeSonar Release 4.5, patchlevel 2 Release Notes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar Release 4.5, patchlevel 2: Release Notes

Official release date: February 26, 2018.

If you are upgrading from a version before 4.5: When you upgrade your hub, you will be prompted to set the password for the special Administrator hub user account when the hub restarts. This will replace the previous Administrator password. You can reuse your previous Administrator password if it meets the hub password requirements specified in the Settings: Password Policy tab.

CodeSonar for Libraries	This release marks the first availability of CodeSonar for Libraries.
GUI	Additional content in two page types; new footer message type.
Warning Classes	This version of CodeSonar uses CWE v3.0 (released November 16, 2017).
Compiler Models	The mwccmcf compiler model has fixes to modeling for options -nosyspath and -stdinc.
Satellite Hubs	The codesonar hub-start subcommand for starting a satellite hub now accepts the same authentication options as other authenticated codesonar subcommands. These are used to authenticate and authorize the initial stages of setting up a satellite hub and are distinct from the later step in which the password for the Administrator account on the primary hub may be requested in order to modify the primary hub database. Authentication options provided to hub-start when starting a non-satellite hub are ignored.
Warning Processors	The XML input schema for interactive application has been extended to add several new attributes to the analysis element.
Unicode on Windows	CodeSonar now supports unicode source file names and compilation command lines on Windows systems. Set the Default Character Encoding for the hub to utf8 for proper rendering (Content tab of Settings / Admin Settings page).
Python	Upgraded to version 2.7.13.
z3	Upgraded to version 2.5.0.
API Changes	Various changes to the API, all related to warning reporting.

CodeSonar for Libraries

This release marks the first availability of CodeSonar for Libraries.

GUI

Additional content in two page types; new footer message type.

Warning Classes

This version of CodeSonar uses CWE v3.0 (released November 16, 2017).

Compiler Models

The mwccmcf compiler model has fixes to modeling for options -nosyspath and -stdinc.

Satellite Hubs

The codesonar hub-start subcommand for starting a satellite hub now accepts the same authentication options as other authenticated codesonar subcommands. These are used to authenticate and authorize the initial stages of setting up a satellite hub and are distinct from the later step in which the password for the Administrator account on the primary hub may be requested in order to modify the primary hub database.
Authentication options provided to hub-start when starting a non-satellite hub are ignored.

Warning Processors

The XML input schema for interactive application has been extended to add several new attributes to the analysis element.

Unicode on Windows

CodeSonar now supports unicode source file names and compilation command lines on Windows systems. Set the Default Character Encoding for the hub to utf8 for proper rendering (Content tab of Settings / Admin Settings page).

Python

Upgraded to version 2.7.13.

Upgraded to version 2.5.0.

API Changes

Various changes to the API, all related to warning reporting.

Details

This release marks the first availability of CodeSonar for Libraries. CodeSonar for Libraries allows you to perform mixed builds, which extend the build and analysis for C/C++ projects by also recognizing linker invocations in the link phase of the observed software build and incorporating the binaries associated with those invocations into the CodeSonar project, so they are included in the analysis. Warnings whose paths include both source code and binary components of the project are reported with each binary segment of the path projected onto the closest call site in the analyzed source code. Warning reports therefore always show the warning in the source context, never in a disassembled binary.

If you wish to add CodeSonar for Libraries capabilities to your license, contact sales@codesecure.com.

Parse Logs now include an explicit statement about the number of parse errors encountered during the parse phase.

If there are no parse errors, this statement will specify that the number is zero.
No compilation unit will contribute more than ERROR_SUBMISSION_LIMIT_PER_COMPILATION errors to this count.

Parse Log sections in reports now also include parse error count statements.

Parse Details Logs now include an explicit statement about the number of parse errors encountered for the compilation unit.

If there are no parse errors, this statement will specify that the number is zero.
The count cannot exceed ERROR_SUBMISSION_LIMIT_PER_COMPILATION.

The standard footer will now display a message if SMTP Settings are configured for the hub but the Public URL is not set. You will only see this message if at least one of your assigned roles has G_ADMINISTER_HTTP_SETTINGS permission: users without the ability to set the Public URL will not be asked to do so.

There are various changes to the CodeSonar API, all related to warning reporting.

	C++	Python	C	Scheme
New Warning Reporting Functions
Report a warning with a code span location.	New warningclass::report() and warningclass::report_return_warnings() overloads, see table.	New warningclass.report() and warningclass.report_return_warnings() overloads, see table.	csonar_report_location_span_warning()	-
Report a warning with a code span location in a specified procedure.	-	-	csonar_report_location_span_warning_in_pdg()	-
Locations Node Functionality Changes
New constructor case where locations node describes a code span.	locations_node::locations_node()	locations_node.__init__()	Changes to struct cs_locations_node_t	-
New functions	locations_node::get_end_col() locations_node::get_start_col()	locations_node.get_end_col() locations_node.get_start_col()
Flag Changes
New locations node flags	class locations_node_flags	class locations_node_flags	typedef cs_locations_node_flags	LOCATIONS_NODE_FLAG
ENDBOX is no longer a report flag	class report_flags	class report_flags	typedef cs_report_flags	REPORT_FLAG

C++

Python

Scheme

New Warning Reporting Functions

Report a warning with a code span location.

New warningclass::report() and warningclass::report_return_warnings() overloads, see table.

New warningclass.report() and warningclass.report_return_warnings() overloads, see table.

csonar_report_location_span_warning()

Report a warning with a code span location in a specified procedure.

csonar_report_location_span_warning_in_pdg()

Locations Node Functionality Changes

New constructor case where locations node describes a code span.

locations_node::locations_node()

locations_node.__init__()

Changes to struct cs_locations_node_t

New functions

locations_node::get_end_col()
locations_node::get_start_col()

locations_node.get_end_col()
locations_node.get_start_col()

Flag Changes

New locations node flags

class locations_node_flags

typedef cs_locations_node_flags

LOCATIONS_NODE_FLAG

ENDBOX is no longer a report flag

class report_flags

typedef cs_report_flags

REPORT_FLAG

NUMBER	NAME	NOTES
8461	Parse Error: Frontend cannot open source files with non-ascii characters	fixed
10293	Codesonar cored: Assertion `( getbytes( byte_offset ) + ( num_elements * getbytes( byte_size ) ) ) <= apcl->size' failed	fixed
16167	std::vector::emplace header patch update	fixed
17251	assign2author is not RBAC capable	fixed
17566	False positive 'Uninitialized Variable'	fixed
17665	Reporting Feature Request: Have the Parse Log table report no parse errors explicitly	fixed: see notes under GUI, above.
16812	Analysis comparison between different projects doesn't work	fixed
17755	Parse Errors: identifier "__builtin_ia32_mmx_zero" is undefined (gcc 3.2, 3.3)	fixed
17849	Socket error when changing SMTP settings	fixed
18144	Add notes about multi-word macro definitions to manual	Documentation updated for configuration parameters EDG_FRONTEND_OPTIONS_APPEND and EDG_FRONTEND_OPTIONS_PREPEND and for front end option -D / --define-macro.
18098	Assertion failure: assert( cursor->pos < cursor->v->capacity )	fixed
18145	No bad configuration option alert, but configuration file not applied properly	fixed
18103	assign2author expects sandboxes to be on the same machine as the Hub	fixed
18173	cprocess cored: type_pointed_to: not a pointer type, using ClR::ClR;	fixed
18196	Regression: IAR compiler model doesn't handle --predef_macros argument correctly	fixed
18199	Nested switch statements cause a false positive 'Malformed switch Statement' warning	fixed
18280	Hang during QNX compilation	fixed
18311	IAR compiler model mishandling the -v option	fixed
18369	IAR compiler model regression	fixed
18455	'Missing Braces in Initialization' does not understand iterators in C++	fixed
18464	'Malformed for-loop Step' does not understand iterators in C++	fixed
18496	Simple program crashes cprocess	fixed
18505	Problem relocating project from Windows to Linux	fixed
18536	Use of _Generic in C++	fixed
18545	Exception when loading known hubs	fixed

NUMBER

NAME

NOTES

8461

Parse Error: Frontend cannot open source files with non-ascii characters

fixed

10293

Codesonar cored: Assertion `( getbytes( byte_offset ) + ( num_elements * getbytes( byte_size ) ) ) <= apcl->size' failed

fixed

16167

std::vector::emplace header patch update

fixed

17251

assign2author is not RBAC capable

fixed

17566

False positive 'Uninitialized Variable'

fixed

17665

Reporting Feature Request: Have the Parse Log table report no parse errors explicitly

fixed: see notes under GUI, above.

16812

Analysis comparison between different projects doesn't work

fixed

17755

Parse Errors: identifier "__builtin_ia32_mmx_zero" is undefined (gcc 3.2, 3.3)

fixed

17849

Socket error when changing SMTP settings

fixed

18144

Add notes about multi-word macro definitions to manual

Documentation updated for configuration parameters EDG_FRONTEND_OPTIONS_APPEND and EDG_FRONTEND_OPTIONS_PREPEND and for front end option -D / --define-macro.

18098

Assertion failure: assert( cursor->pos < cursor->v->capacity )

fixed

18145

No bad configuration option alert, but configuration file not applied properly

fixed

18103

assign2author expects sandboxes to be on the same machine as the Hub

fixed

18173

cprocess cored: type_pointed_to: not a pointer type, using ClR::ClR;

fixed

18196

Regression: IAR compiler model doesn't handle --predef_macros argument correctly

fixed

18199

Nested switch statements cause a false positive 'Malformed switch Statement' warning

fixed

18280

Hang during QNX compilation

fixed

18311

IAR compiler model mishandling the -v option

fixed

18369

IAR compiler model regression

fixed

18455

'Missing Braces in Initialization' does not understand iterators in C++

fixed

18464

'Malformed for-loop Step' does not understand iterators in C++

fixed

18496

Simple program crashes cprocess

fixed

18505

Problem relocating project from Windows to Linux

fixed

18536

Use of _Generic in C++

fixed

18545

Exception when loading known hubs

fixed