CodeSonar Release 5.4p0 Release Notes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar Release 5.4, patchlevel 0: Release Notes

Official release date: September 14, 2020.

If you have made changes to any of your CodeSonar configuration files, you will need to upgrade those files as part of the upgrade process.

See Upgrading Configuration Files for instructions.

For some configuration files, the procedure includes steps that must be carried out before CodeSonar is upgraded.

If you are upgrading a CodeSonar installation that will be used by someone else:

Determine the most appropriate person to upgrade the general template and compiler template configuration files.
This will depend on local factors such as who usually makes changes to these files.
Notify the other user that they will need to upgrade their general project and project-compiler configuration files for all projects.

Launching the CodeSonar installer directly from Firefox on Windows 10 may prevent certain parts of the installer from functioning correctly. Instead, download the installer to a suitable location and run it from there.

Warning Classes	There are six new warning classes. This version of CodeSonar uses CWE v4.2.
GUI	New page type Usernames The Compare Analyses feature has been extended.
codesonar get	New -o and -follow-redirect options to codesonar get.
New codesonar Subcommands	New command codesonar dump_warnings.py downloads warning information directly from the hub in CSV, JSON, or text format, without the need to interact with the CodeSonar Web GUI or write a custom script. You can write and install custom codesonar Python subcommands.
Library Model Improvements	The library models shipped with CodeSonar now include models for FreeRTOS functions.
Hub Moving Instructions Change	Due to the PostgreSQL upgrade, the process for restoring a primary hub with pg_restore will differ slightly depending on whether or not the hub backup was created with an earlier CodeSonar version. See Relocating A Primary Hub (Different Machine) for details.
Compiler Model Changes	There is a new IAR compiler model iccavr. There is no longer an armcpp compiler model. All native compilers previously mapped to this model are now mapped to the armcc model. Several of the models have undergone general improvements and bug fixes.
Third Party Upgrades	A number of third party packages shipped with CodeSonar have been upgraded, in particular PostgreSQL, yFiles, and Z3. See the Notices page for information, including version numbers, about all third party components.
HTTP API documentation	New pages describing mechanisms for interacting with the hub without utilizing the user interface: HTTP API Reference Specifying Table Configurations
EDG Upgrade	CodeSonar now uses EDG version 6.0. This provides better C++17 support (fewer parse errors). There are also some useful new front end options.
API Changes	Hash functions have been added to C++ and Python API classes where they were not previously available.
AST Changes	A small number of unnormalized C/C++ AST classes have new fields.
Hub Machine Requirements	In addition to existing requirements for running a CodeSonar hub, IA-32 processors must support SSE2.
Now supported	Windows Server 2019 is newly supported as of this release.
Release Status	CodeSonar 5.0p0 is now in sunset. CodeSonar 4.5p1 is now at end of life.
Deprecation Notices	Mac OS X and Solaris will not be supported as of the next CodeSonar release. This is the last release that will include installers for these platforms. Direct integrations for the following third party Java and C# analysis tools will be removed in the next CodeSonar release. Java and C# analysis will be handled directly by CodeSonar. FindBugs^TM (Java) PMD (Java) FxCop (C#)
Java and C# Analysis Notice	As of the next CodeSonar release, the Java and C# analysis capability currently provided by separate tool Julia will become part of the CodeSonar product.

Warning Classes

There are six new warning classes. This version of CodeSonar uses CWE v4.2.

GUI

New page type Usernames
The Compare Analyses feature has been extended.

codesonar get

New -o and -follow-redirect options to codesonar get.

New codesonar Subcommands

New command codesonar dump_warnings.py downloads warning information directly from the hub in CSV, JSON, or text format, without the need to interact with the CodeSonar Web GUI or write a custom script.
You can write and install custom codesonar Python subcommands.

Library Model Improvements

The library models shipped with CodeSonar now include models for FreeRTOS functions.

Hub Moving Instructions Change

Due to the PostgreSQL upgrade, the process for restoring a primary hub with pg_restore will differ slightly depending on whether or not the hub backup was created with an earlier CodeSonar version. See Relocating A Primary Hub (Different Machine) for details.

Compiler Model Changes

There is a new IAR compiler model iccavr.
There is no longer an armcpp compiler model. All native compilers previously mapped to this model are now mapped to the armcc model.
Several of the models have undergone general improvements and bug fixes.

Third Party Upgrades

A number of third party packages shipped with CodeSonar have been upgraded, in particular PostgreSQL, yFiles, and Z3. See the Notices page for information, including version numbers, about all third party components.

HTTP API documentation

New pages describing mechanisms for interacting with the hub without utilizing the user interface:

HTTP API Reference
Specifying Table Configurations

EDG Upgrade

CodeSonar now uses EDG version 6.0. This provides better C++17 support (fewer parse errors). There are also some useful new front end options.

API Changes

Hash functions have been added to C++ and Python API classes where they were not previously available.

AST Changes

A small number of unnormalized C/C++ AST classes have new fields.

Hub Machine Requirements

In addition to existing requirements for running a CodeSonar hub, IA-32 processors must support SSE2.

Now supported

Windows Server 2019 is newly supported as of this release.

Release Status

CodeSonar 5.0p0 is now in sunset.
CodeSonar 4.5p1 is now at end of life.

Deprecation Notices

Mac OS X and Solaris will not be supported as of the next CodeSonar release. This is the last release that will include installers for these platforms.

Direct integrations for the following third party Java and C# analysis tools will be removed in the next CodeSonar release. Java and C# analysis will be handled directly by CodeSonar.

FindBugs^TM (Java)
PMD (Java)
FxCop (C#)

Java and C# Analysis Notice

As of the next CodeSonar release, the Java and C# analysis capability currently provided by separate tool Julia will become part of the CodeSonar product.

Details

This version of CodeSonar uses CWE v4.2 (released August 20, 2020).

There are six new warning classes

New Warning Class	Mnemonic	Notes
C-style Cast	LANG.CAST.CSTYLE	Supports MisraC++2008:5-2-4.
Float Pointer Conversion	LANG.CAST.PC.FLOAT	Supports MisraC++2008:3-9-3.
Function-Like Macro	LANG.PREPROC.FUNCMACRO	Supports MisraC++2008:16-0-4.
Member Function Could Be const	LANG.TYPE.MFCBCONST	Supports MisraC++2008:9-3-3.
Member Function Could Be static	LANG.TYPE.MFCBSTATIC	Supports MisraC++2008:9-3-3.
Variable Could Be const	LANG.TYPE.VCBC	Supports MisraC++2008:7-1-1.

New Warning Class

Mnemonic

Notes

C-style Cast

LANG.CAST.CSTYLE

Supports MisraC++2008:5-2-4.

Float Pointer Conversion

LANG.CAST.PC.FLOAT

Supports MisraC++2008:3-9-3.

Function-Like Macro

LANG.PREPROC.FUNCMACRO

Supports MisraC++2008:16-0-4.

Member Function Could Be const

LANG.TYPE.MFCBCONST

Supports MisraC++2008:9-3-3.

Member Function Could Be static

LANG.TYPE.MFCBSTATIC

Supports MisraC++2008:9-3-3.

Variable Could Be const

LANG.TYPE.VCBC

Supports MisraC++2008:7-1-1.

CodeSonar now uses EDG version 6.0.

Parsing for C++2a is improved. See the C++ Support section for detailed information about support for the various C++ standards.

Most of C17/C18 is now supported in C17/C18 mode. See the C Support section for detailed information about support for the various C standards.

Hash functions have been added to C++ and Python API classes where they were not previously available.

API Implementation
C++	Python	C
ast_field_not_found_error::hash()	ast_field_not_found_error.__hash__()	not implemented
ast_pattern::hash()	ast_pattern.__hash__()	not implemented
ast_pattern_compilation_error::hash()	ast_pattern_compilation_error.__hash__()	not implemented
step_path::hash()	step_path.__hash__()	not implemented
step_xform::hash()	step_xform.__hash__()	not implemented
warning::hash()	warning.__hash__()	not implemented

API Implementation

C++

Python

ast_field_not_found_error::hash()

ast_field_not_found_error.__hash__()

not implemented

ast_pattern::hash()

ast_pattern.__hash__()

not implemented

ast_pattern_compilation_error::hash()

ast_pattern_compilation_error.__hash__()

not implemented

step_path::hash()

step_path.__hash__()

not implemented

step_xform::hash()

step_xform.__hash__()

not implemented

warning::hash()

warning.__hash__()

not implemented

A small number of unnormalized C/C++ AST classes have new fields. There are no other AST changes in this release.

Modified Class	Changes
cc:cast	new attribute :cast-kind
cc:range-based-for	new child :initialization
cc:switch	new attribute :exhaustive-switch

Modified Class

Changes

cc:cast

new attribute :cast-kind

cc:range-based-for

new child :initialization

cc:switch

new attribute :exhaustive-switch

NUMBER	NAME	NOTES
6659	Add instructions to separate postgres from hub using a satellite hub	There is a new page in the manual Using Your Own Hub Database.
15945	MISRA FP (Rule 16.4): NO_IMPLICIT_DEFAULT_FOR_ENUM_SWITCH does not handle smaller enum types	fixed
18272	MISRA FP (Rule 6-5-4, C++ 2008): Malformed for-loop Step	fixed
21481	Uncaught exception in hub: OperationalError - deadlock detected	fixed
31233	Moving 100 projects from the hub root to a projecttree causes what seems to be an infinite loop with the message "Moving failed for ..."	fixed
33361	Add Windows Server 2019 to the supported OS list	Windows Server 2019 is officially supported as of this release.
33415	Addition of libnsl.so.1 to System Requirements	libnsl.so.1 added to System Requirements manual page.
33483	Telemetry: Creation of ENABLED/DISABLED file fails silently if the user doesn't have proper permissions	fixed; error message now printed.
33679	Feature Request: A page describing how to upgrade your analysis installs and projects for CodeSonar	Information and link to existing Upgrading Configuration Files page added to Release Notes.
33692	Clarify documentation for analysis based on compound build commands	If you usually invoke your build with a list of commands, you will need to quote the list and include an invocation command: generally cmd /c on Windows and sh -c on other systems. See the Basic Tutorial for examples.
33747	Possible FP for warning class LANG.TYPE.IAT : Inappropriate Assignment Type	fixed
33823	Update needed for CodeSonar manual: stating that all warning processors are for example only and there is no guarantee of suitability or support	Documentation expanded to clarify that warning processors are for example only.
33953	There is no armcpp compiler model	There is no longer an armcpp compiler model. All native compilers previously mapped to this model are now mapped to the armcc model.

NUMBER

NAME

NOTES

6659

Add instructions to separate postgres from hub using a satellite hub

There is a new page in the manual Using Your Own Hub Database.

15945

MISRA FP (Rule 16.4): NO_IMPLICIT_DEFAULT_FOR_ENUM_SWITCH does not handle smaller enum types

fixed

18272

MISRA FP (Rule 6-5-4, C++ 2008): Malformed for-loop Step

fixed

21481

Uncaught exception in hub: OperationalError - deadlock detected

fixed

31233

Moving 100 projects from the hub root to a projecttree causes what seems to be an infinite loop with the message "Moving failed for ..."

fixed

33361

Add Windows Server 2019 to the supported OS list

Windows Server 2019 is officially supported as of this release.

33415

Addition of libnsl.so.1 to System Requirements

libnsl.so.1 added to System Requirements manual page.

33483

Telemetry: Creation of ENABLED/DISABLED file fails silently if the user doesn't have proper permissions

fixed; error message now printed.

33679

Feature Request: A page describing how to upgrade your analysis installs and projects for CodeSonar

Information and link to existing Upgrading Configuration Files page added to Release Notes.

33692

Clarify documentation for analysis based on compound build commands

If you usually invoke your build with a list of commands, you will need to quote the list and include an invocation command: generally cmd /c on Windows and sh -c on other systems. See the Basic Tutorial for examples.

33747

Possible FP for warning class LANG.TYPE.IAT : Inappropriate Assignment Type

fixed

33823

Update needed for CodeSonar manual: stating that all warning processors are for example only and there is no guarantee of suitability or support

Documentation expanded to clarify that warning processors are for example only.

33953

There is no armcpp compiler model

There is no longer an armcpp compiler model. All native compilers previously mapped to this model are now mapped to the armcc model.

CodeSonar Release 5.4, patchlevel 0: Release Notes

Notes on Upgrading

Windows Installation Notice for Firefox Users

What's New

Details

Warning Classes

EDG Upgrade

API

AST Changes

Customer Tickets Fixed