JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.0p0 Hot Tips | CONFIDENTIAL | CodeSecure Inc |
Official release date: December 7, 2019.
| Warning Classes |
Several changes:
|
|---|---|
| EDG Upgrade | CodeSonar now uses EDG version 5.1. This provides better C++17 support (fewer parse errors) and parsing for C++20. There are also some new front end options. |
| Configuration Parameters | There is one new configuration parameter, CONSTEXPR_CALL_DEPTH_LIMIT, which specifies an upper bound on the depth of constexpr calls that can be folded. |
| Anonymous Usage Statistics Feature | CodeSonar collects a range of anonymized statistics about usage and performance on an opt-in basis. |
| Eclipse Plug-in | There are several improvements and bug fixes in the CodeSonar plug-in for Eclipse. |
| Microsoft Visual Studio Plug-In |
There are several improvements and bug fixes in the CodeSonar
plug-in for Visual Studio. In particular, Microsoft Visual
Studio 2019 is now supported.
Important: If you are upgrading from a beta version of CodeSonar 5.2p0, follow the directions below to uninstall the Visual Studio plug-in from all Visual Studio versions before upgrading CodeSonar. |
| SMTP Configuration Behavior Change | The SMTP setting validation process has been improved. |
| SARIF Version Upgrade | The SARIF Importer now supports SARIF v2.1.0. |
| Compiler Model Changes | There are two new Clang compiler models: clang and clangpp. On OS X and FreeBSD, the gcc and gpp models redirect if Clang is detected as the native compiler. |
| Search languages | Several search languages have new field-names. |
| API Changes | CodeSonar 5.2p0 has minimal API additions. There are no modifications or deletions of previously-existing functionality. |
| AST Changes | There are several changes to the C/C++ AST hierarchies due to the EDG upgrade. These include new and modified AST classes, deleted AST ordinals, and modified helper enumerations. |
| Embarcadero bcc32.exe Note | The borland compiler model does not work with some language extensions and system headers added by Embarcadero. When these features are not present in the code base, the model is expected to work with Embarcadero bcc32.exe. |
| Firefox Note | Recent versions of Firefox do not support in-browser certificate generation. This means that you will not be able to generate user certificates in your browser, and instead will need to follow the instructions in section Manually Generating and Uploading User Certificates. |
| Hub Backup Note | The recommended hub backup method is now streaming replication. Full instructions are provided in Task: Back Up and Restore a Hub Database. |
| z3 | Upgraded to version 4.8.5. |
| Product Compatibility Notes | CodeSonar is not compatible with F-Secure Ultralight Hoster. |
Several changes:
| Class Name | Mnemonic | Added in support of |
|---|---|---|
| Use of strchr | BADFUNC.BO.STRCHR | MISRA C++ 18-0-5/Misra2012:21.17 |
| Use of strcoll | BADFUNC.BO.STRCOLL | MISRA C++ 18-0-5/Misra2012:21.17 |
| Use of strcspn | BADFUNC.BO.STRCSPN | MISRA C++ 18-0-5/Misra2012:21.17 |
| Use of strpbrk | BADFUNC.BO.STRPBRK | MISRA C++ 18-0-5/Misra2012:21.17 |
| Use of strrchr | BADFUNC.BO.STRRCHR | MISRA C++ 18-0-5/Misra2012:21.17 |
| Use of strspn | BADFUNC.BO.STRSPN | MISRA C++ 18-0-5/Misra2012:21.17 |
| Use of strstr | BADFUNC.BO.STRSTR | MISRA C++ 18-0-5/Misra2012:21.17 |
| Use of strtok | BADFUNC.BO.STRTOK | MISRA C++ 18-0-5/Misra2012:21.17 |
| Use of <stdlib.h> Allocator/Deallocator | BADFUNC.STDLIB_H_MEM | MISRA C++ 18-4-1/Misra2012:21.3 |
| Use of <stdlib.h> Allocator/Deallocator Macro | BADMACRO.STDLIB_H_MEM | MISRA C++ 18-4-1/Misra2012:21.3 |
CodeSonar now uses EDG version 5.1. This provides better C++17 support (fewer parse errors) and parsing for C++20. See the C++ Support section for detailed information about support for the various C++ standards.
There are new front end options available:
CodeSonar collects a range of anonymized statistics about usage and performance.
To protect your privacy, only the following information is collected:
You can opt in or out of uploading the collected statistics to CodeSecure during installation, and can change your mind at any time.
There are a number of improvements and bug fixes in the CodeSonar plug-in for Visual Studio. In particular:
Important: If you are upgrading from a beta version of CodeSonar 5.2p0, follow the directions below to uninstall the Visual Studio plug-in from all Visual Studio versions before upgrading CodeSonar.
| MSVS 2015 | Manually uninstall "CodeSonar Visual Studio Plug-in" using the Windows "Add or remove programs" functionality. |
|---|---|
| MSVS 2017 |
In Visual Studio:
|
| MSVS 2019 |
In Visual Studio:
|
Previously, SMTP configuration included sending a test email after validation, which allowed for potentially bad configurations to be saved. Now, CodeSonar sends the test email as part of the validation process, ensuring that only valid SMTP configurations are saved.
CodeSonar now supports SARIF v2.1.0.
There are two new Clang compiler models:
The gcc compiler model will redirect to the clang compiler model and the gpp model to the clangpp model on OS X and FreeBSD if it detects that the native compiler is Clang. For full details, see Native-Compiler-Based Model Selection in OS X and FreeBSD.
New search language field-names:
CodeSonar 5.2p0 has minimal API additions. There are no modifications or deletions of previously-existing functionality.
| API Implementation | ||
|---|---|---|
| C++ | Python | C |
| cs::sfileinst::asts_at() | cs.sfileinst.asts_at() | cs_file_asts_at() |
There are several changes to the C/C++ AST hierarchies due to the EDG upgrade. These include new and modified AST classes, deleted AST ordinals, and modified helper enumerations.
| C/C++ AST Family | New Class |
|---|---|
| For normalized C/C++ ASTs | c:field-or-base-class |
| For unnormalized C/C++ ASTs | cc:dynamic-init-lambda |
| Class | Changes | |
|---|---|---|
| For normalized C/C++ ASTs | Parent is now c:field-or-base-class (previously c:ast) | |
|
||
| For unnormalized C/C++ ASTs | cc:block | New attribute :compiler-generated |
The following normalized C/C++ AST ordinals have been deleted.
Several C/C++ AST helper enumerations have new symbols.
| Modified Helper Enumeration | New Symbols |
|---|---|
| attribute_kind |
|
| character_kind |
|
| distinct_type_kind |
|
| opname_kind_cpp |
|
| NUMBER | NAME | NOTES |
|---|---|---|
| 12928 | MISRA check false negative Rule 15.6: "Body Is Not Compound Statement" | fixed |
| 14288 | FP: Leak and Double Free warnings from std::list::erase | fixed |
| 15657 | FP: Mismatched Operand Type with enum | fixed |
| 16443 | User Certificates: could not generate certificate in browser | If you are using a browser that does not support in-browser certificate generation, follow the instructions in Manually Generating and Uploading User Certificates. Recent versions of Firefox fall into this category, as do Chrome and Edge. |
| 18213 | MISRA C++ 18-0-5 coverage | See New Warning Classes, above |
| 19431 | Saving analysis IDs should perhaps not pop up a modal dialog | fixed |
| 19722 | Unexpected type for a pointer leads to NPD | NULL_POINTER_THRESHOLD documentation updated to clarify. |
| 20309 | IAR configuration files: Currently setting --no_restrict | fixed |
| 20338 | Change the name of an analysis by script | See new scripting tasks. |
| 20339 | Change the name of a project via script | |
| 20340 | Find the ID of the latest analysis in a project, based on project name via script | |
| 20341 | Delete an analysis by script | |
| 20342 | Delete a project by script | |
| 20529 | MISRA FP: Use of Built in Numeric Types from csinclude/math.h isfinite macro | fixed |
| 20578 | TI cl2000 compiler model and c99 | fixed |
| 20685 | Scope Could Be File static / Local static, and C++ variables | fixed |
| 21054 | IAR iccarm compiler model update | fixed |
| 21056 | Ability to filter on project tree subtrees in tables and charts | ptree_path field name added to several search languages. |
| 21061 | FP: Invalid Unreachable Computation warning | fixed |
| 21067 | Feature Request: Make it possible to not do a clean analysis after doing a VS build without CodeSonar | fixed |
| 21160 | IAR workbench 8.20 __spec_string | fixed |
| 21161 | __STATIC_INLINE in armcc compiler conf | Compiler template configuration file for armcc compiler model adjusted. |
| 21170 | "Excessive 'Parse Errors' in IAR is causing the analysis to stall." is open | fixed |
| 21171 | Parse Error: #error directive: "Reading built-in header-file. If you used upper case, try #include <stdarg.h>" (IAR) | fixed |
| 21178 | gcc compiler model should specify language mode | fixed |
| 21181 | VS2017 variadic templates not turned on? | fixed |
| 21184 | Renesas model bug | fixed |
| 21226 | Clean up intermediate files from Julia analyses | fixed |
| 21228 | EDG argument --nullptr should be added to front end options | Documentation for --nullptr and --no_nullptr added. |
| 21239 | Data Race for a modeled function complains about race on internal variable | fixed |
| 21403 | gcc compiler model does not preserve order of arguments | fixed |
| 21454 | Hub session limit exhausted unexpectedly - numerous anonymous sessions for /command/anon_info | fixed |
| 21479 | Expressions involving constant zero RHS not properly evaluated | fixed |
| 22312 | LDAP authentication and LDAP filters | Example filters added to documentation. |
| 23436 | No mention of C standard support | New manual section added: C Support. |
| 23547 | cs-dotnet-scan not working when C# Unity Container library is used | fixed |
| 21185, 24655 |
Parse Error: ***INTERNAL ERROR: BuildLvalueExpr: illegal l-value 'THROWEXPR' ('main') | fixed |