Using CodeSonar Extension API

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

Using The CodeSonar Extension API

The CodeSonar extension API allows users to implement checks for custom warning classes in a straightforward way, and to supplement CodeSonar's analysis by providing additional information about how the program should be interpreted.

CodeSonar provides C extension functions and macros for implementing custom warning checks that can be built directly into project code. The checks can be implemented either by directly adding check code into program files, or by writing special code wrappers in separate files linked into the CodeSonar project. For details, see Including Custom Checks.

user-defined attributes	Users can attach named attributes to any memory location, then update and test the values of these attributes. This provides a way to identify possible problem conditions.
replacement functions	csonar_replace_p() allows users to associate specific attribute updates and trigger checks with each call to p, or to implement a model for p.
memory tracking	Given a specific memory location: csonar_important_global() instructs CodeSonar to take particular care to track that location. csonar_escape() informs CodeSonar that the location may have undergone arbitrary operations (such as assignment, freeing, and so forth).
warning triggers	Users can specify triggering conditions based on the values of program variables and/or user-defined attributes, then instruct CodeSonar to issue warnings when those triggers are satisfied.

user-defined attributes

Users can attach named attributes to any memory location, then update and test the values of these attributes. This provides a way to identify possible problem conditions.

replacement functions

csonar_replace_p() allows users to associate specific attribute updates and trigger checks with each call to p, or to implement a model for p.

memory tracking

Given a specific memory location:

csonar_important_global() instructs CodeSonar to take particular care to track that location.
csonar_escape() informs CodeSonar that the location may have undergone arbitrary operations (such as assignment, freeing, and so forth).

warning triggers

Users can specify triggering conditions based on the values of program variables and/or user-defined attributes, then instruct CodeSonar to issue warnings when those triggers are satisfied.

Including Custom Checks	Methods for implementing and including checks that use the Extension API.
Attributes	More information on user-defined attributes.
CodeSonar Extension API Functions and Macros	Full documentation for the extension functions and macros.
Example/Tutorial: Custom Checking with the Extension API	Illustrates the use of CodeSonar extension API to construct checks for new warning classes.
Example/Tutorial: Custom Taint-Related Checks with the Extension API	Illustrates the use of the extension API to model taint-related properties of program artifacts, and check for uses of tainted values in sensitive contexts.

Including Custom Checks

Methods for implementing and including checks that use the Extension API.

Attributes

More information on user-defined attributes.

CodeSonar Extension API Functions and Macros

Full documentation for the extension functions and macros.

Example/Tutorial: Custom Checking with the Extension API

Illustrates the use of CodeSonar extension API to construct checks for new warning classes.

Example/Tutorial: Custom Taint-Related Checks with the Extension API

Illustrates the use of the extension API to model taint-related properties of program artifacts, and check for uses of tainted values in sensitive contexts.

Using The CodeSonar Extension API

For More Information