JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
In many cases the default configuration file parameter settings will work well for your analyses. This section lists the parameters to concentrate on if you want to run the analysis in a way that improves determinism, producing the most stable results from run to run. This comes at the cost of a somewhat higher rate of false positives and somewhat slower taint analysis.
The stable_results preset collects together all the settings described below. To use the preset:
| Command Line |
Specify -preset stable_results as part of your
build/analysis command. For example:
codesonar analyze MyProj -preset stable_results localhost:7340 make
|
|---|---|
| Define as a default preset | Copy stable_results.conf from $CSONAR/codesonar/presets/ to $CSONAR/codesonar/default_presets/. OR Use the CodeSonar Configuration Tool Modify Analysis Settings option. |
| Windows Build Wizard | Select stable_results from the Preset list on screen 2. |
| Eclipse Plug-In | Select stable_results from the Presets list in the Properties dialog. |
| Visual Studio Plug-In | Select stable_results from the Presets list in the Project Properties dialog. |
The following table suggests configuration settings to try if you want to to run the analysis in a way that improves determinism, producing the most stable results from run to run.
| Parameter | Notes |
|---|---|
| GLOBAL_FUNCTION_POINTER_MODE =
context_sensitive GLOBAL_TAINT_MODE = context_sensitive |
Setting these parameters to context_sensitive mode will improve
determinism. If points-to facts are dropped (as described in
the full documentation for the individual parameters), they are
dropped in a deterministic manner, so the outcome is always the
same.
The context_insensitive mode is not deterministic, because processes may read/write the shared context_insensitive information in different orders from analysis to analysis due to parallelism from ANALYSIS_SLAVES. |
| TAINT_PLUS_DP_REFINEMENT_TIMEOUT = 30 | This timeout setting allows sufficient time for most or all refinement operations to not time out, so nondeterminism arising from refinements timing out in some analyses but not others is reduced or eliminated. |
| RELAXED_TOPDOWN_FUNCPTR_RESOLUTION = No | This parameter ensures function pointer resolution that does not run to completion (due to the setting of MAX_POINTER_ANALYSIS_PASSES) always has the same partial results, which improves determinism. (Setting to Yes can cause the partial results to differ between analysis runs.) |
The stable_results preset will improve determinism, but may not completely eliminate nondeterminism. If you use the stable_results preset and still encounter nondeterminism, be aware of the following scenarios that can result in nondeterminism.
Awareness of these potential conditions in your workflow and an effort to eliminate them, combined with the use of the stable_results preset, should yield results with maximum determinism.
To report problems with this documentation, please visit https://support.codesecure.com/.