CodeSonar Plug-in for Visual Studio: Viewing Analysis Results [Windows only]

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

C and C++

Third-Party External

CodeSonar Plug-in for Visual Studio: Viewing Analysis Results [Windows only]

Once you have installed the CodeSonar plug-in for Visual Studio and analyzed a project or imported an analysis, you can view the analysis results inside Visual Studio. The plug-in also provides functionality for editing warning properties.

Overview
Warning Markers and Highlighting
Analysis Report View
Warning View
Hub Authentication
Visual Studio Plug-in Links

Overview

The CodeSonar Visual Studio plug-in presents analysis results in the Visual Studio GUI.

Warning location information is overlaid on the corresponding Visual Studio source listings.
The Analysis Report view provides information about a project's current analysis and its results.
The Warning view provides detailed information about a warning issued by the CodeSonar analysis.

Warning Markers and Highlighting

Information about the CodeSonar warnings issued in each source file is overlaid on the Visual Studio source listings, as shown in the following screenshot.

annotated screenshot fragment: file listing showing warning markers

A warning marker is shown in the margin of each line that contains one or more warnings.
Hover over a warning marker to see the class of the corresponding warning.
The source code at each warning location is highlighted in orange.
Orange markings to the right of the scrollbar show warning locations within the file.
Right-click a warning marker to display a tabular view of the warnings at the marked location. Note the table columns can be sorted.

Hiding and Showing Warning Markers

Warning markers and the corresponding location highlighting can be enabled and disabled from the CodeSonar menu (in the main Visual Studio menu bar).

When warning markers and highlighting are enabled, a check mark is displayed next to the CodeSonar > Show Warning Markers menu item.
Select CodeSonar > Show Warning Markers to disable warning markers and highlighting; select it again to re-enable them.

Changing the Location Highlighting Style

The styling used for warning location highlighting can be enabled and disabled from the Options dialog.

Select CodeSonar menu > Options.
Select CodeSonar > Annotation Preferences from the tree menu.
Use the tools provided to select a highlighting mechanism and color.
Click OK.

Analysis Report View

The Analysis Report view provides information about a project's current analysis and its results.

To close the Analysis Report, click the X in its header.
Note that this does not have any effect on a running analysis; in particular, it does not stop the analysis.
To open the Analysis Report for the current analysis, select CodeSonar > Analysis Results.
- If you have not analyzed the project with the CodeSonar plug-in, the Analysis Results menu item will not be available.
- If the analysis or the project has been deleted from the hub, the view will be empty. If the analysis or project is deleted while the view is open, the interactive elements in the view will not be available.

The following annotated screenshot shows the various parts of an Analysis Report view.

annotated screenshot: Analysis Report view

The name of the analyzed project is displayed in the view title bar.
The view header contains the analysis name.
Click to refresh the analysis information (by retrieving it from the hub).
Click to open the web GUI Analysis page for this analysis.
The view has four tabs: Overview, Warnings, Files, and Procedures.

Overview Tab

screenshot fragment: Overview tab

The Overview tab has two panels: one with analysis information, and one with links to additional information that is presented in the CodeSonar Web GUI.

Analysis Information	Basic analysis properties: Analysis Name Analysis Description Analysis ID Started Finished User (Username) Host (Machine) Address Lines with Code (the value of metric LCode)
Links	Links to information presented in the web GUI are divided into labeled sections. Hub info. The URL of the Analysis page for this analysis. Alerts. Links to detailed information about the CodeSonar alerts produced by the analysis, if any. Charts and Tables. Two charts summarizing warning information: warnings by class and warnings by file. Metrics. Two charts summarizing warning information: file comment density and procedure complexity. Logs. The analysis build log, parse log, and analysis log.

Analysis Information

Basic analysis properties:

Analysis Name
Analysis Description
Analysis ID
Started
Finished
User (Username)
Host (Machine)
Address
Lines with Code (the value of metric LCode)

Links

Links to information presented in the web GUI are divided into labeled sections.

Hub info. The URL of the Analysis page for this analysis.
Alerts. Links to detailed information about the CodeSonar alerts produced by the analysis, if any.
Charts and Tables. Two charts summarizing warning information: warnings by class and warnings by file.
Metrics. Two charts summarizing warning information: file comment density and procedure complexity.
Logs. The analysis build log, parse log, and analysis log.

Warnings Tab

screenshot fragment: Warnings tab

The Warnings tab contains a table of the warnings issued by the analysis, and provides functionality for searching and filtering these warnings.

table of warnings	The warnings issued by the analysis, or a subset defined by the warning filter setting and the most recently executed search (if any). There is one row for each warning, with columns as follows. Score (including score coloring) ID (the Warning ID) Class (Warning Class . Name) Significance (Warning Class . Significance ) File Line Number Procedure Priority State Finding Owner Table rows are interactive: Double-click a row to open the Warning view for the corresponding warning and the source file listing for the warning file. Edit a warning's Priority, State, Finding, and Owner as follows. Click on the table row for the warning you want to modify. The Priority, State, Finding, and Owner values will be shown as menu selections. Click on the value you want to edit to display a menu of the available settings. Select a menu item to update the setting. The value will be updated on the hub. The table can be sorted. Click any column heading to sort by that column. To specify sorting criteria directly, click the Warnings tab label, select Sort By, then use the sub-menu that opens to specify your search.
selecting classes	If you only want to display warnings of certain classes: Click the Warnings tab label. Select Classes. The sub-menu that opens will list all warning classes for which at least one warning was issued by the analysis. Click list items to select (or deselect) them. Select All and Unselect All shortcuts are also provided. The table contents will be updated to reflect your new selection.
warning search field	To search within the set of warnings issued by the analysis: Enter a search term in the field. Terms may be plain text or conditions constructed using the warning search language. Press enter (or return). The table contents will be updated to show only those warnings that satisfy the search constraints and any constraints imposed by the current warning filter selection and the classes selection. The search term will remain in the search field until you edit the field.
warning filter	The options available from the Filter menu correspond to the names of saved searches in the Warning domain. Select a filter from the menu to filter the table contents according to the corresponding search constraints. This menu corresponds to the Visible Warnings selector in the web GUI. See GUI Reference: Visibility Filter selector for information about the built-in filters and instructions for viewing the conditions associated with a saved search, removing a saved search, and creating a new saved search.

Files Tab

screenshot fragment: Files tab

The Files tab contains a table of the files analyzed by the analysis, and provides functionality for searching and filtering these files.

table of files	The files in the analysis, or a subset defined by the file filter setting and the most recently executed search (if any). There is one row for each warning, with columns as follows. File Lines with Code (the value of the Lines with Code (LCode) metric, if computed by the analysis). Table rows are interactive: double-click a row to open the corresponding file in Visual Studio. The table can be sorted. Click any column heading to sort by that column. To specify sorting criteria directly, click the Files tab label, select Sort By, then use the sub-menu that opens to specify your search.
file search field	To search within the set of files in the analysis: Enter a search term in the field. Terms may be plain text or conditions constructed using the file search language. Press enter (or return). The table contents will be updated to show only those files that satisfy the search constraints and any constraints imposed by the current file filter selection. The search term will remain in the search field until you edit the field.
file filter	The options available from the Filter menu correspond to the names of saved searches in the File domain. Select a filter from the menu to filter the table contents according to the corresponding search constraints. This menu corresponds to the Visible Files selector in the web GUI. See GUI Reference: Visibility Filter selector for information about the built-in filters and instructions for viewing the conditions associated with a saved search, removing a saved search, and creating a new saved search.

table of files

The files in the analysis, or a subset defined by the file filter setting and the most recently executed search (if any). There is one row for each warning, with columns as follows.

File
Lines with Code (the value of the Lines with Code (LCode) metric, if computed by the analysis).

Table rows are interactive: double-click a row to open the corresponding file in Visual Studio.

The table can be sorted.

Click any column heading to sort by that column.
To specify sorting criteria directly, click the Files tab label, select Sort By, then use the sub-menu that opens to specify your search.

file search field

To search within the set of files in the analysis:

Enter a search term in the field. Terms may be plain text or conditions constructed using the file search language.
Press enter (or return).

The table contents will be updated to show only those files that satisfy the search constraints and any constraints imposed by the current file filter selection. The search term will remain in the search field until you edit the field.

file filter

The options available from the Filter menu correspond to the names of saved searches in the File domain. Select a filter from the menu to filter the table contents according to the corresponding search constraints.

This menu corresponds to the Visible Files selector in the web GUI. See GUI Reference: Visibility Filter selector for information about the built-in filters and instructions for viewing the conditions associated with a saved search, removing a saved search, and creating a new saved search.

Procedures Tab

screenshot fragment: Procedures tab

The Procedures tab contains a table of the procedures encountered by the analysis, and provides functionality for searching and filtering these procedures.

table of procedures	The procedures in the analysis, or a subset defined by the procedure filter setting and the most recently executed search (if any). There is one row for each warning, with columns as follows. File Procedure Lines with Code (the value of the Lines with Code (LCode) metric, if computed by the analysis). Cyclomatic Complexity (the value of the Cyclomatic Complexity (vG) metric, if computed by the analysis). Table rows are interactive: double-click a row to open the file containing the corresponding procedure in Visual Studio. The table can be sorted. Click any column heading to sort by that column. To specify sorting criteria directly, click the Procedures tab label, select Sort By, then use the sub-menu that opens to specify your search.
procedure search field	To search within the set of procedures in the analysis: Enter a search term in the field. Terms may be plain text or conditions constructed using the procedure search language. Press enter (or return). The table contents will be updated to show only those procedures that satisfy the search constraints and any constraints imposed by the current procedure filter selection. The search term will remain in the search field until you edit the field.
procedure filter	The options available from the Filter menu correspond to the names of saved searches in the Procedure domain. Select a filter from the menu to filter the table contents according to the corresponding search constraints. This menu corresponds to the Visible Procedures selector in the web GUI. See GUI Reference: Visibility Filter selector for information about the built-in filters and instructions for viewing the conditions associated with a saved search, removing a saved search, and creating a new saved search.

table of procedures

The procedures in the analysis, or a subset defined by the procedure filter setting and the most recently executed search (if any). There is one row for each warning, with columns as follows.

File
Procedure
Lines with Code (the value of the Lines with Code (LCode) metric, if computed by the analysis).
Cyclomatic Complexity (the value of the Cyclomatic Complexity (vG) metric, if computed by the analysis).

Table rows are interactive: double-click a row to open the file containing the corresponding procedure in Visual Studio.

The table can be sorted.

Click any column heading to sort by that column.
To specify sorting criteria directly, click the Procedures tab label, select Sort By, then use the sub-menu that opens to specify your search.

procedure search field

To search within the set of procedures in the analysis:

Enter a search term in the field. Terms may be plain text or conditions constructed using the procedure search language.
Press enter (or return).

The table contents will be updated to show only those procedures that satisfy the search constraints and any constraints imposed by the current procedure filter selection. The search term will remain in the search field until you edit the field.

procedure filter

The options available from the Filter menu correspond to the names of saved searches in the Procedure domain. Select a filter from the menu to filter the table contents according to the corresponding search constraints.

This menu corresponds to the Visible Procedures selector in the web GUI. See GUI Reference: Visibility Filter selector for information about the built-in filters and instructions for viewing the conditions associated with a saved search, removing a saved search, and creating a new saved search.

Warning View

The Warning view provides detailed information about a warning issued by the CodeSonar analysis.

To close a Warning view, click the X in its header.
To open the warning view for a specific warning, double-click the corresponding row in the warning table displayed in the Warnings tab of the Analysis Report.

The following annotated screenshot shows the various parts of an Analysis Report view.

annotated screenshot: Warning view

The Instance ID of the warning is displayed in the view title bar.
The view header contains basic information about the warning, in the following format.
Warning_Class at File_Name: line_num id=warning_id
Click to refresh the warning information (by retrieving it from the hub).
Click to open the web GUI Warning Report page for this warning.
The view has two tabs: Code and Notes

Code Tab

screenshot fragment: Code tab

The Code tab contains an annotated code excerpt that shows the context in which the warning was issued. CodeSonar provides additional information to explain the conditions leading to the warning and aid in diagnosis:

Path Names	Provided at the top of the excerpt. Click to open the Visual Studio source listing for the file (if it is not already open).
Line Numbers	Correspond directly to line numbers in the file. Click to open the Visual Studio source listing for the file (if it is not already open) and scroll to the specified line.
Explanation Information	Significant locations in the excerpt are annotated. All warnings have a warning description box summarizing the issue and the reason or reasons that it has arisen, with links to the code locations and annotations that are especially important. Depending on the class of the warning, there may also be data annotations and control flow annotations. If the excerpt includes a code location at which a parse error occurred, a parse error annotation is displayed at that location.
Interaction/Navigation	Interaction and navigation functionality in the Code tab are as described in Warning Report: Interaction and Navigation
Source Coloring	Along with syntax coloring (described in Source Coloring and Hyperlinking), the source excerpt has background coloring to aid in interpreting the warning. Basic highlighting identifies code that is particularly relevant to the warning. If the warning is associated with an execution path, the highlighting shows the code on the warning's core path. For example, sometimes both parts of an if statement are highlighted because the statement is nested inside a loop, and the if condition evaluated to "true" in some iterations of the loop and "false" in others. (Use the control flow annotations to determine control flow in the last iteration.) Red highlighting is used by some warning classes to identify the precise location at which the warning was issued. This is especially useful if the warning is issued at a source line that contains multiple statements.

Notes Tab

screenshot fragment: Notes tab

The Notes tab contains fields for viewing and editing the warning's user-modifiable properties, plus a change history. Note that all these properties apply to warning groups (not individual warning instances).

Priority, State, Finding, Owner	Select a new values from the pull-down menus, and click OK. (New, custom values can be defined from the web GUI).
Note	Enter a new note in the field, and click OK.
Change History	The sequence of comments attached to this warning. These consist of all the user Notes added to the warning, plus all the messages automatically generated by CodeSonar when a user changes the warning's Priority, State, Finding, or Owner.

Hub Authentication

There are various situations in which you may need to sign in to the CodeSonar hub. For example:

When you modify a warning Priority/ State/Finding/ Owner, or add a Note to a warning, the Visual Studio plug-in communicates these changes to the hub so that the hub database can be updated. This update must be authorized by a hub user account with ANALYSIS_ANNOTATE permission for the corresponding analysis: if special user Anonymous does not have this permission, you will need to sign in to a suitable user account in order to make the changes.
When you import analysis results, the import must be authorized by a hub user account with the following permissions.
- ANALYSIS_READ, ANALYSIS_TERMINATE, ANALYSIS_WARNING_EXISTS, and ANALYSIS_WARNING_READ for the analysis.
- Global permissions G_LIST_PROPERTIES and G_LIST_USERS.
If special user Anonymous does not have these permissions, you will need to sign in to a suitable account in order to perform the import.
If the number of licensed anonymous sessions is exceeded, you will need a user session to communicate with the hub.

The hub username and password are stored as project properties. There are two options for specifying the hub username and password for a project:

use the project properties dialog to specify them in advance, or
modify a warning associated with the project and provide credentials using the hub authentication dialog that opens

Hub Authentication Dialog

The hub authentication dialog will open if you attempt to modify a warning Priority/ State/Finding/Owner, or add a Note to a warning, for a project that does not already have a hub username and password stored as project properties.

screenshot: hub authentication dialog

Check the hub location specified in the dialog to make sure that it has the value you expect. (If not, Cancel and then use the project properties dialog to make any necessary changes.)
Do you have an account on this hub?
- YES: go on to the next step.
- NO:
  1. Click the Create account link to open a web GUI Sign In page.
  2. Follow the instructions in Task: Add a New User Account for Yourself.
  Once you have created a new account, go on to the next step.
Do you recall the account password?
- YES: go on to the next step.
- NO:
  1. Click the Forgot password? link to open a web GUI Sign In page.
  2. Switch to the forgot password tab, and obtain a forgotten password code.
  3. When you have received the emailed code, follow the instructions for resetting a password.
  Once you have reset your password, go on to the next step.
Enter your username and password in the dialog fields.
Click OK.

The username and password you provide will be stored as project properties and used to authenticate future modifications for the same project.

Visual Studio Plug-in Links

The following sections provide detailed information about installing and using the CodeSonar plug-in for Visual Studio.

To report problems with this documentation, please visit https://support.codesecure.com/.