JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++

Library Model Macros and Functions

Many of the CodeSonar library models themselves call the models for free() or malloc() to represent pointer freeing or memory allocation that are carried out by the function. Likewise, many models call memset() to represent the function writing to some location in memory. Writing models that call existing models is generally a good idea: it takes advantage of the work that has already gone into expressing important relationships and setting up warning checks, and is also generally simpler than writing a model from scratch.

The built-in library models also make use of various CodeSonar functions and extension API macros to describe certain values and relationships.

This section describes the function models and extension API macros that are most likely to be useful for users that are authoring library models. Note that the remainder of the extension API is also available for use in library models.

Useful Models

void _exit(int status)
void csonar_assert(int *c)
void free(void *ptr)
void * malloc(size_t size)
void * memset(void *s, int c, size_t n)
size_t strlen(const char *s)

Useful API Functions/Macros

int cs_untrusted_value() A value that could be anything at all (including values that cause problems or errors).

In previous versions of CodeSonar, cs_untrusted_value() functionality was provided by macro CSM_INPUT_SOURCE(). We recommend cs_untrusted_value() over CSM_INPUT_SOURCE() in all situations; CSM_INPUT_SOURCE() will likely be deprecated in a future version.
void CSM_SETS_ERRNO_TO_NONZERO() Models the setting of errno to some non-zero value.
int CSM_UNKNOWN_INTEGER() An integer value that cannot be determined statically (but should be considered benign).
float CSM_UNKNOWN_FLOAT() A float value that cannot be determined statically (but should be considered benign).
  __CSURF_MARKER_LIBRARY_FUNCTION__ If this symbol is defined at the start of a function, the function is treated as a library function.

Model Notes

_exit
void _exit(int status)
Use To Model Abnormal termination.
Example Modeling abnormal termination in exit(): 
void exit(int status) {
    int i;
    for(i = 0; i < 1024 && atexit_arr[i]; i++)
        (*atexit_arr[i])();
    for(i = 0; i < 1024 && on_exit_farr[i]; i++)
        (*on_exit_farr[i])(status, on_exit_aarr[i]);
    _exit(status);
}
csonar_assert
void csonar_assert(int c)
Use To Model The assertion that condition c always evaluates to true and the CodeSonar analysis should proceed accordingly.
Example Suppose the input stream can contain only capital letters. Then use csonar_assert to prevent CodeSonar from considering the possibility that other characters may be read in. 
i = getchar(); 
csonar_assert( i >= 'A' && i <= 'Z' );
Note csonar_assert(0) is equivalent to abort().
free
void free(void *ptr)
Use To Model Freeing a pointer ptr.
Example Modeling the freeing of the argument to kfree(): 
#include "libc.h"

void kfree(void *obj){
    free(obj);
}
Note that this model can be paraphrased as "kfree() works like free()", which could also be expressed using a FUNCTION_MAP rule in a suitable configuration file.
malloc
void * malloc(size_t size)
Use To Model Dynamic allocation.
Example Modeling the memory allocation that takes place in calloc(): 
#include "libc.h"

void *calloc(size_t nelem, size_t elsize) {
    void *rv = malloc(nelem*elsize);
    int i;
    if( !rv ) return (void*)0;
    rv = memset(rv, 0, elsize);
    return rv;
}
memset
void * memset(void *s, int c, size_t n)
Use To Model Setting a number of bytes.
Example Modeling the memory initialization that takes place in calloc(): 
#include "libc.h"

void *calloc(size_t nelem, size_t elsize) {
    void *rv = malloc(nelem*elsize);
    int i;
    if( !rv ) return (void*)0;
    rv = memset(rv, 0, elsize);
    return rv;
}
strlen
size_t strlen(const char *s)
Use To Model The length of a string.

The strlen() model provides comprehensive string-related bug checking, so it can be useful to call it even if the length of the string is not actually required by the model. For example, see the atoi() model in the example for csonar_taint_mux().
Example In strncat(), determining where to start writing the appended string and how much to write: 
#include "libc.h"

char *strncat(char *dst, const char *src, size_t n){
    size_t dstlen = strlen(dst);
    size_t copylen = strlen(src);
        
    if (n < copylen) copylen = n;
    if( copylen > 0 ) memcpy(dst + dstlen, src, copylen);
        
    /* Write terminating NUL here rather than in 
     * the IF statement so that CodeSonar can 
     * readily deduce the new strlen(dst) in all cases */
    dst[dstlen + copylen] = '\0'; 
    return dst;
}

Interpreting Other Constructs

The following list is provided to help you interpret the library models shipped with CodeSonar, if you are interested in doing so. In general, you will not need to use these constructs in your own models.

for(;;);
Indicates nonreturn/nontermination. Sometimes used to indicate to the analysis that a path is not feasible. 
#ifdef _MONOLITHIC_INPUT_OUTPUT
A
#else
B
#endif
Provided for compatibility with CodeSurfer. In CodeSonar, the #else branch will always be followed: code block B will always be executed and code block A will never be executed.
 

To report problems with this documentation, please visit https://support.codesecure.com/.