Alerts

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

Alerts

CodeSonar issues alerts when certain problems arise with the build/analysis. There are three alert levels: red, yellow, and blue.

If alerts have been issued, alert messages are displayed on the Analysis page. Click on an alert message to display full information about the problem and how to resolve it.

Overview

If alerts have been issued, alert messages are displayed on the Analysis page, as shown in the screenshot fragment below.
Click on an alert message to view detailed information about the alert.

We provide summary information about the alert types here; full information is provided in the Web GUI when you click an alert message.

Red Alerts

A red alert indicates a severe problem. In some cases, the build/analysis will not run to completion until the problem is resolved.

num Parse Errors	num parse errors were encountered, and num ≥ 200 (otherwise, would be a yellow alert), or the CodeSonar front end crashed. Click the alert message to view the CodeSonar Parse Error Log.
Bad File System	The project was built on a file system that is potentially not capable of running CodeSonar correctly and efficiently. Click the alert message for full information about the problem.
Native Build Failed	The observed command that the CodeSonar project was based on exited with failure. Click the alert message to view the Build Log.
num Bad Configuration File Settings	There are num problems with configuration file settings. Click the alert message for full information about the problems.
num Bad Extension Constructs	The project incorporates custom checks that a user implemented with the Extension API constructs, and one or more of the extension constructs is used incorrectly. Click the alert message for a list of the incorrect constructs and their locations in the source code.
num Failed Analysis Tasks	There were num cases where a unit of work in the analysis was attempted UNIT_OF_WORK_RETRIES+1 times and failed every time. This may indicate that the analysis is consistently crashing on one or more procedures. The analysis log is likely to contain additional information about the problem
Analysis Stuck (No Slaves)	The analysis has requested slaves but none have connected, so the analysis cannot proceed. This can occur for a number of different reasons: click the alert message for information about what is causing the problem in this case, and how to resolve it.
Analysis Stalled	The analysis has abruptly disconnected from the hub while running. It may indicate that the computer running the analysis was turned off, the analysis was killed, the analysis crashed, etc.
Missing Debug Information	[Java] One or more classes were compiled without debugging information. In consequence the bytecode locations for some warnings will probably be incorrectly translated into source locations, so those warnings will be reported at the wrong locations.
num Missing Source Files	[Java and C# only] Java: CodeSonar could not locate corresponding source code for one or more of the analyzed classes. Click the alert message for a list of classes that have no source information. C#: CodeSonar could not locate corresponding source code for one or more of the analyzed Microsoft C# assembly files. Click the alert message for more information.
Miscellaneous Error [for C and C++ compilation units]	One of a variety of errors: click on the alert message for more information.
Miscellaneous Error [for Java compilation units]	One of the following. One or more classes that are used by the analyzed code were not provided to the analysis. Therefore: these classes were not analyzed, and their influence on code that is analyzed cannot be fully accounted for. CodeSonar has encountered an error while running cs-java-scan. One or more of the following was encountered while running the Java analysis engine. The Java version is not valid. (The Java versions suitable for use with CodeSonar are listed on the System Requirements page.) One or more cs-java-scan options is missing a parameter. One or more required cs-java-scan options is missing. The analysis timed out. cs-java-scan raised an exception. cs-java-scan did not produce an expected output file. A problem was encountered while performing postprocessing on the analysis results. CodeSonar has encountered an error while running Sarif-Processing. A problem was encountered while performing CodeSonar's postprocessing on the analysis results. CodeSonar has encountered an error while running Sarif-Import. A problem was encountered while importing the analysis results into the hub.
Miscellaneous Error [for C# compilation units]	One of a variety of errors: click on the alert message for more information.
No Entry Point	CodeSonar could not find the program's main function, so no analysis occurred.

num Parse Errors

num parse errors were encountered, and num ≥ 200 (otherwise, would be a yellow alert), or the CodeSonar front end crashed. Click the alert message to view the CodeSonar Parse Error Log.

Bad File System

The project was built on a file system that is potentially not capable of running CodeSonar correctly and efficiently. Click the alert message for full information about the problem.

Native Build Failed

The observed command that the CodeSonar project was based on exited with failure. Click the alert message to view the Build Log.

num Bad Configuration File Settings

There are num problems with configuration file settings. Click the alert message for full information about the problems.

num Bad Extension Constructs

The project incorporates custom checks that a user implemented with the Extension API constructs, and one or more of the extension constructs is used incorrectly. Click the alert message for a list of the incorrect constructs and their locations in the source code.

num Failed Analysis Tasks

There were num cases where a unit of work in the analysis was attempted UNIT_OF_WORK_RETRIES+1 times and failed every time.
This may indicate that the analysis is consistently crashing on one or more procedures. The analysis log is likely to contain additional information about the problem

Analysis Stuck (No Slaves)

The analysis has requested slaves but none have connected, so the analysis cannot proceed. This can occur for a number of different reasons: click the alert message for information about what is causing the problem in this case, and how to resolve it.

Analysis Stalled

The analysis has abruptly disconnected from the hub while running. It may indicate that the computer running the analysis was turned off, the analysis was killed, the analysis crashed, etc.

Missing Debug Information

[Java] One or more classes were compiled without debugging information. In consequence the bytecode locations for some warnings will probably be incorrectly translated into source locations, so those warnings will be reported at the wrong locations.

num Missing Source Files

[Java and C# only]

Java: CodeSonar could not locate corresponding source code for one or more of the analyzed classes. Click the alert message for a list of classes that have no source information.
C#: CodeSonar could not locate corresponding source code for one or more of the analyzed Microsoft C# assembly files. Click the alert message for more information.

Miscellaneous Error
[for C and C++ compilation units]

One of a variety of errors: click on the alert message for more information.

Miscellaneous Error
[for Java compilation units]

One of the following.

One or more classes that are used by the analyzed code were not provided to the analysis. Therefore:
- these classes were not analyzed, and
- their influence on code that is analyzed cannot be fully accounted for.
CodeSonar has encountered an error while running cs-java-scan.
One or more of the following was encountered while running the Java analysis engine.
- The Java version is not valid.
  (The Java versions suitable for use with CodeSonar are listed on the System Requirements page.)
- One or more cs-java-scan options is missing a parameter.
- One or more required cs-java-scan options is missing.
- The analysis timed out.
- cs-java-scan raised an exception.
- cs-java-scan did not produce an expected output file.
- A problem was encountered while performing postprocessing on the analysis results.
CodeSonar has encountered an error while running Sarif-Processing.
A problem was encountered while performing CodeSonar's postprocessing on the analysis results.
CodeSonar has encountered an error while running Sarif-Import.
A problem was encountered while importing the analysis results into the hub.

Miscellaneous Error
[for C# compilation units]

One of a variety of errors: click on the alert message for more information.

No Entry Point

CodeSonar could not find the program's main function, so no analysis occurred.

Yellow Alerts

A yellow alert indicates a less severe problem that may cause analysis results to be incomplete.

num Dropped Warnings	num results entries in imported SARIF files could not be converted to CodeSonar warning instances. Click the alert message to view information about each dropped instance: the warning class and the reason the warning was dropped.
num Parse Errors	num parse errors were encountered, and num < 200 (otherwise, would be a red alert). Click the alert message to view the CodeSonar Parse Error Log.
num Unexpected Reachability Conditions	One or more of the configured threshold conditions for reachability analysis has been violated. These thresholds are established by parameters: SOURCE_MIN_REACHABLE_FROM_ROOTS SOURCE_MAX_REACHABLE_FROM_LIBRARIES
Android Manifest Issue	One of the following conditions was encountered. If no Android Manifest and related XML files were submitted, the analysis precision could be affected, especially when processing components' lifecycle methods, permission-related issues and relationship between components. If multiple Android Manifest were submitted to the analysis, only one of them is picked up and will be listed below. If other Manifest-related files are missing (such as layout or preferences XMLs) the precision of the analysis may be affected.
Duplicated Component	[Java and C# compilation units only] The analyzed artifacts include two or more components (for example, classes) with the same fully-qualified name. The analysis will include the first component encountered with each name, and ignore any others.
Invalid Component	[Java and C# compilation units only] CodeSonar was not able to extract analyzable code from one of the analyzed artifacts.
Native Component	[Java and C# compilation units only] The analyzed artifacts include one or more components (for example, classes) written in native code: typically C or C++. The Java (C#) build/analysis will not understand the native code and will not account for its effects on Java (C#) components. If the component is written in C or C++, you can include it in the CodeSonar project by observing its compilation. The C/C++ build analysis will account for the component contents and effects on other C and C++ components, but not for its effects on Java (C#) components.
Incremental Parent Analysis Absent	The analysis was performed in incremental mode, but its parent analysis is not present on the hub.
Multiple Versions of Source File	The analysis contains multiple source file instances with the same path but different contents. Click the alert message for more information, including the file path.

num Dropped Warnings

num results entries in imported SARIF files could not be converted to CodeSonar warning instances.
Click the alert message to view information about each dropped instance: the warning class and the reason the warning was dropped.

num Parse Errors

num parse errors were encountered, and num < 200 (otherwise, would be a red alert). Click the alert message to view the CodeSonar Parse Error Log.

num Unexpected Reachability Conditions

One or more of the configured threshold conditions for reachability analysis has been violated. These thresholds are established by parameters:

Android Manifest Issue

One of the following conditions was encountered.

If no Android Manifest and related XML files were submitted, the analysis precision could be affected, especially when processing components' lifecycle methods, permission-related issues and relationship between components.
If multiple Android Manifest were submitted to the analysis, only one of them is picked up and will be listed below.
If other Manifest-related files are missing (such as layout or preferences XMLs) the precision of the analysis may be affected.

Duplicated Component

[Java and C# compilation units only] The analyzed artifacts include two or more components (for example, classes) with the same fully-qualified name.
The analysis will include the first component encountered with each name, and ignore any others.

Invalid Component

[Java and C# compilation units only] CodeSonar was not able to extract analyzable code from one of the analyzed artifacts.

Native Component

[Java and C# compilation units only] The analyzed artifacts include one or more components (for example, classes) written in native code: typically C or C++.

The Java (C#) build/analysis will not understand the native code and will not account for its effects on Java (C#) components.
If the component is written in C or C++, you can include it in the CodeSonar project by observing its compilation.
The C/C++ build analysis will account for the component contents and effects on other C and C++ components, but not for its effects on Java (C#) components.

Incremental Parent Analysis Absent

The analysis was performed in incremental mode, but its parent analysis is not present on the hub.

Multiple Versions of Source File

The analysis contains multiple source file instances with the same path but different contents.
Click the alert message for more information, including the file path.

Blue Alerts

Blue alerts are discretionary and informational. Use discretion to determine whether action is warranted.

num Undefined Functions	CodeSonar did not encounter definitions (function bodies) for some functions that are called in the project. Click the alert message to view the Undefined Functions Report for the analysis.
Missing Classes	Code for some classes was not submitted for analysis, but those classes are referenced in the code.
No Warnings Enabled	All Java or C# warning classes are disabled, and this might be unintentional.
Reduced Warning Detail	A warning instance derived from an imported SARIF file will be displayed with reduced detail. Click the alert message for information about the cause and consequences.

num Undefined Functions

CodeSonar did not encounter definitions (function bodies) for some functions that are called in the project.
Click the alert message to view the Undefined Functions Report for the analysis.

Missing Classes

Code for some classes was not submitted for analysis, but those classes are referenced in the code.

No Warnings Enabled

All Java or C# warning classes are disabled, and this might be unintentional.

Reduced Warning Detail

A warning instance derived from an imported SARIF file will be displayed with reduced detail.
Click the alert message for information about the cause and consequences.