--- proj3.3p1.conf 2013-08-30 14:22:58.596844400 -0400 +++ proj3.4.conf 2013-08-30 14:23:15.598585200 -0400 @@ -6,12 +6,12 @@ # # CodeSonar will use preferences defined in this file when running the # analysis. # -# The file must be placed at .conf, where .html -# would be the codesonar result file. A template preference file can -# be found at $CSONAR/codeonar/template.conf, where $CSONAR is the -# CodeSonar installation directory. +# The file must be placed at .conf, where is the +# project name. The general configuration file template is located at +# $CSONAR/codesonar/template.conf, where $CSONAR is the CodeSonar +# installation directory. # # # The file format is a sequence of lines of the form: # PREFERENCE = VALUE @@ -31,11 +31,12 @@ # located at $CSONAR/codesonar/template.conf, where $CSONAR is the # CodeSonar installation. # # Preferences that come later in this file take precedence over -# preferences that come earlier. The += operator will append to a -# preference. If the first occurrence of a preference uses the += -# operator, then it is treated as an = operator. +# preferences that come earlier. The += operator will treat its +# right-hand-side as a string, and append to the existing string value. +# If the first occurrence of a preference uses the += operator, then it +# is treated as an = operator. # # If a command line flag contradicts a conf file setting (even in the # template conf file), then behavior is undefined. GrammaTech # strongly encourages users to use conf files to encode settings @@ -50,17 +51,21 @@ # project preference file will take precedence over options specified # in the template preference file. +# Parameter CFLAGS_PREPEND +# # Purpose -# Modify the CFLAGs being passed to the parser. +# Modify the CFLAGs being passed to the parser. Typical CFLAGs +# include -D, -U, and -I directives. +# +# Type +# a list of CFLAGS # # Behavior # The parser will be passed the same CFLAGs as the real # compiler, with these additional CFLAGs prepended. # -# Typical CFLAGs include -D, -U, and -I directives. -# # Notes # Most compilers will implicitly define various preprocessor symbols # and include directories. If real compiler cannot be automatically # queried for its implicit definitions (only works for gcc), then the @@ -68,44 +73,43 @@ # these flags specify the CPU architecture, the operating system, and # the compiler's include directory. # # The += operator will actually prepend to this preference (in all -# other cases, the += operator appends). This means that if you have -# two \tt CFLAGS_PREPEND += statements in this file, the CFLAGS in the -# second statement will be prepended to the CFLAGS in the first -# statement. -# -# Type -# a list of CFLAGS +# other cases except \param EDG_FRONTEND_OPTIONS_PREPEND, the += +# operator appends). This means that if you have two \tt +# CFLAGS_PREPEND += statements in this file, the CFLAGS in the second +# statement will be prepended to the CFLAGS in the first statement. # #CFLAGS_PREPEND += +# Parameter CFLAGS_APPEND +# # Purpose -# Modify the CFLAGs being passed to the parser. +# Modify the CFLAGs being passed to the parser. Typical CFLAGs +# include -D, -U, and -I directives. +# +# Type +# a list of CFLAGS # # Behavior # The parser will be passed the same CFLAGs as the real # compiler, with these additional CFLAGs appended. -# Typical CFLAGs include -D, -U, and -I directives. # # Notes # Most compilers will implicitly define various preprocessor symbols -# and include directories. If real compiler cannot be automatically -# queried for its implicit definitions (only works for gcc), then the +# and include directories. If the real compiler cannot be automatically +# queried for its implicit definitions (this only works for gcc), then the # user must specify them here to avoid parse errors. Typically, # these flags specify the CPU architecture, the operating system, and # the compiler's include directory. # -# Type -# a list of CFLAGS -# #CFLAGS_APPEND += # Parameter COMPILER_MODELS # -# Behavior +# Purpose # Defines a map from compiler executable basenames to compiler models. # # If your compiler executable has a basename not listed below as a # 'default', then you should add an entry mapping it to the compiler @@ -120,11 +124,12 @@ # Notes # On Windows, the file extension (which should be .exe or .com) for # the domain is not optional. Some examples are given below. The # range of the map is the list of 'model used' entries in the -# appropriate \link ../CompilerModels/CompilersRecognized.html -# Compilers Recognized\endlink table. Users can also author new -# compiler models in Scheme, thereby expanding the range. +# appropriate \link +# ../C_Module/CompilerModels/CompilersRecognized.html Compilers +# Recognized\endlink table. Users can also author new compiler models +# in Scheme, thereby expanding the range. # # Windows default models: # \code # COMPILER_MODELS += cl.exe -> cl @@ -141,10 +146,14 @@ # COMPILER_MODELS += ecomppc.exe -> ecomppc # COMPILER_MODELS += ecomx86.exe -> ecomppc # COMPILER_MODELS += ecomarm.exe -> ecomppc # COMPILER_MODELS += ecom86.exe -> ecomppc +# COMPILER_MODELS += ecom68.exe -> ecomppc # COMPILER_MODELS += armcc.exe -> armcc # COMPILER_MODELS += tcc.exe -> armcc +# COMPILER_MODELS += iccarm.exe -> iccarm +# COMPILER_MODELS += icc430.exe -> icc430 +# COMPILER_MODELS += iccm32c.exe -> iccm32c # COMPILER_MODELS += mcpcom.exe -> mcpcom # COMPILER_MODELS += cw-cc.exe -> xcc # COMPILER_MODELS += picc.exe -> picc # COMPILER_MODELS += shc.exe -> shc @@ -166,8 +175,9 @@ # COMPILER_MODELS += dplus -> dcc # COMPILER_MODELS += ecomppc -> ecomppc # COMPILER_MODELS += ecomx86 -> ecomppc # COMPILER_MODELS += ecom86 -> ecomppc +# COMPILER_MODELS += ecom68 -> ecomppc # COMPILER_MODELS += ecomarm -> ecomppc # COMPILER_MODELS += mcpcom -> mcpcom # COMPILER_MODELS += shc -> shc # COMPILER_MODELS += shcpp -> shcpp @@ -175,58 +185,68 @@ # COMPILER_MODELS += armcc -> armcc # COMPILER_MODELS += tcc -> armcc # \endcode # -# To activate the Hi-Tech compiler model for command-line builds: +# To activate the Hi-Tech compiler model for Linux, Solaris, and OS X: # \code -# (Windows) -# COMPILER_MODELS += picc.exe -> picc -# (other systems) # COMPILER_MODELS += picc -> picc # \endcode # -# To activate the Ti CodeComposer compiler models for command-line -# builds on Windows: +# To activate the IAR compiler models for Linux, Solaris, and OS X: +# \code +# COMPILER_MODELS += iccarm -> iccarm +# COMPILER_MODELS += iccm32c -> iccm32c +# COMPILER_MODELS += icc430 -> icc430 +# \endcode +# +# To activate the Ti CodeComposer compiler models for Linux, Solaris, +# and OS X: # \code -# (Windows) -# COMPILER_MODELS += cl6x.exe -> cl6x -# COMPILER_MODELS += cl30.exe -> cl30x -# (other systems) # COMPILER_MODELS += cl6x -> cl6x # COMPILER_MODELS += cl30 -> cl30x # \endcode # -# To activate WindRiver compilers, use the following. This will disable +# To activate Wind River compilers, use the following. This will disable # recognition of some Green Hills compilers because of an executable # name conflict. +# # \code # (Windows) # COMPILER_MODELS += ccppc.exe -> ccppc # COMPILER_MODELS += c++ppc.exe -> c++ppc # (other systems) # COMPILER_MODELS += ccppc -> ccppc # COMPILER_MODELS += c++ppc -> c++ppc # \endcode +# + # Parameter DISABLED_COMPILERS # +# Purpose +# Forces the project builder to ignore certain compilers that it +# would, by default, notice. +# +# Type +# Whitespace separated list of compiler basenames +# # Behavior # Invocations of compilers listed here will be ignored by the project -# builder. Use this parameter to force the project builder to ignore -# certain compilers that it would, by default, notice. +# builder. +# +# Behavior is undefined if the same compiler executable appears in +# both the \param COMPILER_MODELS domain and the \tt +# DISABLED_COMPILERS set. # # Notes -# On Windows, you may not omit the file extension of the executable -# (which should always be .exe or .com). A superset of the default -# compilers is commented out below. Behavior is undefined if the -# same compiler executable appears in both the \param COMPILER_MODELS -# domain and in the \tt DISABLED_COMPILERS set. +# On Windows, always include the file extension of the executable +# (which should be .exe or .com). +# +# A superset of the default compilers appears below. # -# Type -# Whitespace separated list of compiler basenames - # Windows: +# \code # DISABLED_COMPILERS += armcc.exe # DISABLED_COMPILERS += ch38.exe # DISABLED_COMPILERS += cl.exe # DISABLED_COMPILERS += cl30.exe @@ -249,9 +269,11 @@ # DISABLED_COMPILERS += picc.exe # DISABLED_COMPILERS += shc.exe # DISABLED_COMPILERS += shcpp.exe # DISABLED_COMPILERS += tcc.exe +# \endcode # Posix: +# \code # DISABLED_COMPILERS += gcc # DISABLED_COMPILERS += gxx # DISABLED_COMPILERS += g++ # DISABLED_COMPILERS += gpp @@ -271,107 +293,117 @@ # DISABLED_COMPILERS += shcpp # DISABLED_COMPILERS += ch38 # DISABLED_COMPILERS += armcc # DISABLED_COMPILERS += tcc +# \endcode +# Parameter FORCE_ENVIRONMENT +# # Purpose -# Prevent the software build system (e.g., make) from writing over -# environment variables necessary for proper process hooking on POSIX -# systems. +# Specifies whether or not to prevent the software build system (for +# example, make) from writing over environment variables necessary +# for proper process hooking on POSIX systems. +# +# Type +# {Yes, No} # # Behavior -# Every time a process calls exec, if the CS_ENVIRON environment -# variable has not been written over, then any important environment -# variables (e.g., LD_PRELOAD, LD_LIBRARY_PATH) that have been -# written over will be repaired in the environment used to create the -# new process. +# Every time a process calls \tt exec, if the \tt CS_ENVIRON +# environment variable has not been written over, then any important +# environment variables (such as \tt LD_PRELOAD, \tt LD_LIBRARY_PATH) +# that have been written over will be repaired in the environment +# used to create the new process. # # Notes # This parameter has no effect on Windows systems. # # Most build systems do not need this to be set. The most common # cause for setting this to "Yes" is a build system that overwrites -# LD_PRELOAD at some point. +# \tt LD_PRELOAD at some point. # # If your build system writes over the entire environment or the -# CS_ENVIRON variable at some point, then in addition to setting -# FORCE_ENVIRONMENT to "Yes", you will need to resurrect the -# CS_ENVIRON environment variable to the value it had before it was +# \tt CS_ENVIRON variable at some point, then in addition to setting +# \tt FORCE_ENVIRONMENT to "Yes", you will need to resurrect the +# \tt CS_ENVIRON environment variable to the value it had before it was # written over. # # Setting this to "Yes" can prevent build systems from causing # compiler invocations to be missed. If you believe source files # (compilation units) are missing from your project and \param # COMPILER_MODELS is set correctly, then setting this to "Yes" may # help. It is slightly invasive and could conceivably cause -# problems, although that hasn't been observed yet. -# -# The CS_ENVIRON environment variable takes precedence over this -# configuration file variable, if it is set when the hook command -# runs. +# problems, although none have been observed. # -# Type -# {Yes, No} +# The \tt CS_ENVIRON environment variable, if set, takes precedence over +# \tt FORCE_ENVIRONMENT. # #FORCE_ENVIRONMENT = No # Parameter UNIX_TEXT_MODE # # Purpose -# Perform crlf -> lf translations on stdout and stderr. Do the -# inverse on stdin. -# -# Notes -# This variable is ignored by the Windows project builder GUI. -# -# This parameter is ignored on non-windows systems. This can be -# useful if running an interactive Cygwin shell inside a hook -# command. +# Specifies whether or not to perform crlf -> lf translations on +# stdout and stderr and do the inverse on stdin. # # Type # {Yes, No} - +# +# Notes +# This parameter is ignored by the Windows project builder GUI and on +# non-Windows systems. +# +# Setting this to "Yes" can be useful if running an interactive +# Cygwin shell inside a hook command. +# # UNIX_TEXT_MODE = No # Parameter INVOKE_COMPILER_FIRST # # Purpose -# Invoke the real compiler before invoking the CodeSurfer or -# CodeSonar parser. +# Specifies whether or not to invoke the real compiler before +# invoking the CodeSurfer or CodeSonar parser. +# +# Type +# {Yes, No} # # Notes # This parameter is ignored on non-Windows systems. Its only known # use is to make sure the parser has access to output files produced -# by the compiler when using Microsoft's #import directive. +# by the compiler when using Microsoft's \tt #import directive. # -# Type -# {Yes, No} - # INVOKE_COMPILER_FIRST = No # Parameter CODEWARRIOR_INSTALLS # # Purpose -# Invocations of all compiler IDE plugins of CodeWarrior install +# Specifies CodeWarrior install directories so that compiler IDE +# plug-ins can be identified for interception. +# +# Type +# Whitespace-separated list of directories +# +# Behavior +# Invocations of all compiler IDE plug-ins of CodeWarrior install # directories in this list will be intercepted. # # Notes -# This variable is ignored by the Windows project builder GUI. -# CodeWarrior integration must be configured through the GUI. -# -# To configure interception of some subset of the compiler plugins, -# use the \param CODEWARRIOR_PLUGINS parameter instead. If you are -# running from the command line and neither \tt CODEWARRIOR_INSTALLS nor -# \tt CODEWARRIOR_PLUGINS is specified in the template or project -# configuration file, then the settings selected at install time will +# \link ../C_Module/CompilerModels/CompilerModelsCodeWarrior.html +# Set up CodeWarrior Support\endlink before basing a project on a +# CodeWarrior build. CodeWarrior is supported for Windows systems only. +# +# This parameter is ignored by the Windows project builder GUI and on +# non-Windows systems. +# +# To configure interception of some subset of the compiler plug-ins, +# use \param CODEWARRIOR_PLUGINS instead. If you are running from +# the command line and neither \tt CODEWARRIOR_INSTALLS nor \tt +# CODEWARRIOR_PLUGINS is specified in the template or project +# configuration file, then the settings specified at install time will # be used. -# -# Type -# Whitespace-separated list of directories # # For example: # \code # CODEWARRIOR_INSTALLS += "C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.0" @@ -380,23 +412,31 @@ # Parameter CODEWARRIOR_PLUGINS # # Purpose -# Invocations of CodeWarrior compiler IDE plugins in this parameter +# Specifies individual CodeWarrior compiler IDE plug-ins for interception. +# +# Type +# Whitespace-separated list of directories +# +# Behavior +# Invocations of CodeWarrior compiler IDE plug-ins in this parameter # will be intercepted. # # Notes -# This variable is ignored by the Windows project builder GUI. -# CodeWarrior integration must be configured through the GUI. -# -# To configure interception of all CodeWarrior IDE compiler plugins, -# use the \param CODEWARRIOR_INSTALLS parameter instead. If you are -# running from the command line and neither \tt CODEWARRIOR_INSTALLS nor -# \tt CODEWARRIOR_PLUGINS is specified in the template or project conf -# file, then the settings selected at install time will be used. +# \link ../C_Module/CompilerModels/CompilerModelsCodeWarrior.html +# Set up CodeWarrior Support\endlink before basing a project on a +# CodeWarrior build. CodeWarrior is supported for Windows systems only. # -# Type -# Whitespace-separated list of directories +# This parameter is ignored by the Windows project builder GUI and on +# non-Windows systems. +# +# To configure interception of all CodeWarrior IDE compiler plug-ins, +# use the \param CODEWARRIOR_INSTALLS parameter instead. If you are +# running from the command line and neither \tt CODEWARRIOR_INSTALLS +# nor \tt CODEWARRIOR_PLUGINS is specified in the template or project +# configuration file, then the settings specified at install time will +# be used. # # For example: # \code # CODEWARRIOR_PLUGINS += "C:\Program Files\Freescale\CodeWarrior for Microcontrollers V6.0\bin\plugins\compiler\MCFCCompiler.dll" @@ -404,337 +444,363 @@ # Parameter IGNORED_COMPILATIONS # +# Purpose +# Specifies files whose compilations should be ignored. +# # Type # A \link ../Asides/STkRegExp.html # Scheme regular expression\endlink # -# Purpose -# Ignore compilations whose path is matched by the given regular -# expression. -# -# Notes -# If a file in a compilation command has a path that matches the +# Behavior +# If a file in a compilation command has a path that matches the # regular expression, that compilation will be ignored. # -# For example, -# \code -# IGNORED_COMPILATIONS=^.*foo.c$ -# \endcode -# specifies that compilations of files whose paths end in "foo.c" -# should be ignored. This includes compilations of "foo.c", -# "/usr/local/foo.c", and "mydir/myfoo.c", but not "foo.cpp". +# Notes +# For example, +# \code +# IGNORED_COMPILATIONS += ^.*foo.c$ +# \endcode +# specifies that compilations of files whose paths end in "foo.c" +# should be ignored. This includes compilations of "foo.c", +# "/usr/local/foo.c", and "mydir/myfoo.c", but not "foo.cpp". # -# You can specify as many \tt IGNORED_COMPILATIONS entries as you -# want. +# You can specify as many \tt IGNORED_COMPILATIONS entries as you +# want. # Parameter IGNORED_COMPILATION_COMMANDS # +# Purpose +# Specifies compilation commands that should be ignored. +# # Type # string # -# Purpose -# Ignore compilation command lines matching this option. -# +# Behavior +# Ignore compilation command lines matching the specified string. +# # Notes # This can be significantly faster than using \param # IGNORED_COMPILATIONS, but is not as precise. \tt IGNORED_COMPILATIONS # could ignore foo.c and not bar.c in the command "gcc -c foo.c # bar.c", but \tt IGNORED_COMPILATION_COMMANDS must either accept the # entire command or none of it. # -# For example: -# \code -# IGNORED_COMPILATION_COMMANDS += gcc -c foo.c -# \endcode +# For example: +# \code +# IGNORED_COMPILATION_COMMANDS += gcc -c foo.c +# \endcode +# Parameter ERROR_LIMIT_PER_COMPILATION +# # Purpose # Specifies the maximum number of parse errors allowed in a # compilation before the compilation is excluded from the analysis. # +# Type +# integer +# # Behavior # If the percentage of project compilation units exceeding this limit # is greater than \param MINIMUM_GOOD_COMPILATIONS, no analysis will # take place. # -# Type -# integer -# #ERROR_LIMIT_PER_COMPILATION = 30 -# Purpose -# Specifies the minimum percentage of the compilations that have to -# be included for the analysis to proceed. +# Parameter MINIMUM_GOOD_COMPILATIONS # -# Notes -# A good compilation is defined as a compilation unit for which the -# number of parse errors is less than \param -# ERROR_LIMIT_PER_COMPILATION. +# Purpose +# At least this percentage of the project compilation units must be +# "good compilations", meaning that they have no more parse errors +# than the limit specified by \param ERROR_LIMIT_PER_COMPILATION. +# +# Type +# integer between 0 and 100, inclusive # -# Type -# integer between 0 and 100 +# Behavior +# If the percentage of good compilations in the project is below this +# value, the analysis will not proceed. # #MINIMUM_GOOD_COMPILATIONS = 80 +# Parameter MALLOC_FAILURE_BEHAVIOR +# # Purpose -# Do malloc/calloc/alloca/realloc/new/new[] return NULL on failure? +# Specifies the treatment of allocators such as +# malloc/calloc/alloca/realloc/new/new[] on failure. # +# Type +# {RETURN_NULL, DOESNT_FAIL} +# +# Behavior +# - \tt RETURN_NULL : allocators are modeled as returning NULL on failure +# - \tt DOESNT_FAIL : allocators are assumed never to fail +# # Notes # This setting is mainly useful for users who don't care what their # software does when it runs out of memory. # -# Type -# {RETURN_NULL, DOESNT_FAIL} -# #MALLOC_FAILURE_BEHAVIOR = RETURN_NULL # MALLOC_FAILURE_BEHAVIOR = DOESNT_FAIL +# Parameter NEW_FAILURE_BEHAVIOR +# # Purpose -# What happens when new/new[] cannot allocate memory? +# Specifies the treatment of new/new[] on failure. # +# Type +# {EXCEPTION, RETURN_NULL, DOESNT_FAIL} +# +# Behavior +# - \tt EXCEPTION : new/new[] are modeled as throwing an exception on +# failure +# - \tt RETURN_NULL : new/new[] are modeled as returning NULL on failure +# - \tt DOESNT_FAIL : new/new[] are assumed never to fail +# # Notes -# Different C++ runtimes have different behaviors. It is recommended +# \param MALLOC_FAILURE_BEHAVIOR = \tt DOESNT_FAIL takes precedence +# over this parameter. +# +# Different C++ runtimes have different behaviors. We recommend # that you write a small test program to see what your compiler does. # -# If \param MALLOC_FAILURE_BEHAVIOR is set to DOESNT_FAIL, -# then this variable will always behave as if it is set to -# DOESNT_FAIL. -# -# Type -# {STANDARD, EXCEPTION, RETURN_NULL, DOESNT_FAIL} -# #NEW_FAILURE_BEHAVIOR = EXCEPTION # NEW_FAILURE_BEHAVIOR = RETURN_NULL # NEW_FAILURE_BEHAVIOR = DOESNT_FAIL +# Parameter INITIALIZER_LIMIT +# # Purpose -# Ignore initializers that are sufficiently large to bog down the -# analysis. +# Specifies an upper bound on the number of elements in an initializer. # +# Type +# integer +# # Behavior -# Setting to a nonnegative integer places a bound on the -# number of initializer elements, -1 means unlimited. +# Initializers containing more elements than this limit will be +# ignored by the analysis. # -# Type -# integer +# A value of -1 means that there is no limit on initializer size +# +# Notes +# Very large initializers can significantly affect analysis time. # #INITIALIZER_LIMIT = 512 +# Parameter VERBOSITY +# # Purpose # Specifies status message verbosity # +# Type +# {0, 1, 2, 3, ..., 10} +# # Behavior # The higher the \tt VERBOSITY value, the more status messages are # issued. If the value is 0 or 1, messages will only be issued for # fatal and near-fatal errors. # -# Type -# {0, 1, 2, 3, ..., 10} -# #VERBOSITY = 2 +# Parameter BUILD_OPTIONS +# # Purpose # Specifies CodeSurfer builder options. # +# Type +# a list of build options +# # Behavior # See the CodeSurfer manual, section \link # ../../../../csurf/doc/codesurfer/CodeSurfer.html#OptionsPreferences/BuildOptionsSummary.html # Build Options: Summary \endlink for a list of the available # options. # # Notes -# CodeSonar users should usually not need to change this. The -# "-verbose 10" setting will cause the builder to emit more status -# messages. +# CodeSonar users should usually not need to change this. # -# Type -# a list of build options +# To cause the builder to emit more status messages: +# \code +# BUILD_OPTIONS += -verbose 10 +# \endcode # #BUILD_OPTIONS += -# BUILD_OPTIONS += -verbose 10 + +# Parameter EDG_FRONTEND_OPTIONS_PREPEND +# # Purpose -# Specifies front end options to add to the front end command +# Specifies front end options to prepend to the front end command # line, in front of any CodeSurfer build options specified. # +# Type +# a list of front-end options +# # Behavior # See section \link -# ../CompilerModels/CsurfFrontEndOptions.html Front-End Options -# \endlink for descriptions of the available options. +# ../C_Module/CompilerModels/CsurfFrontEndOptions.html +# Front-End Options \endlink for descriptions of the available +# options. # # Notes -# One useful option is the ability to add a preinclude file. +# An example use case is adding a preinclude file. # -# Type -# a list of front-end options +# The += operator will actually prepend to this preference (in all +# other cases except \param CFLAGS_PREPEND , the += operator +# appends). This means that if you have two \tt +# EDG_FRONTEND_OPTIONS_PREPEND += statements in this file, the +# options in the second statement will be prepended to the options in +# the first statement. # #EDG_FRONTEND_OPTIONS_PREPEND += +# Parameter EDG_FRONTEND_OPTIONS_APPEND +# # Purpose -# Specifies front end options to append to the end of the front end -# command line. +# Specifies front end options to append to the front end command +# line. +# +# Type +# a list of front-end options # # Behavior -# See section \link -# ../CompilerModels/CsurfFrontEndOptions.html Front-End Options -# \endlink for descriptions of the available options. +# See section \link +# ../C_Module/CompilerModels/CsurfFrontEndOptions.html +# Front-End Options \endlink for descriptions of the available +# options. # # Notes -# One useful option is the ability to add a preinclude file. -# -# Type -# a list of front-end options +# An example use case is adding a preinclude file. # #EDG_FRONTEND_OPTIONS_APPEND += +# Parameter MANAGED_OBJECTS_RESIDENT_LIMIT +# # Purpose -# Megabytes of memory to allocate for managed IR objects. -# +# Specifies the amount of memory (in Megabytes) to allocate for +# managed IR objects. +# +# Type +# integer +# # Behavior # When the intermediate representation (IR) of the program being # analyzed occupies approximately this much virtual address space, a # portion of the IR will be paged out. +# +# A low value may cause thrashing. A high value may cause the tool +# to exhaust virtual address space. # # Notes -# A low value may cause thrashing. A high value may cause the tool -# to exhaust virtual address space. Only a subset of the objects in -# memory are managed under this limit. CodeSonar has been observed -# to peak at approximately a gigabyte of additional address space on -# large programs, for default preferences. -# -# Type -# integer +# Only a subset of the objects in memory are managed under this +# limit. CodeSonar has been observed to peak at approximately a +# gigabyte of additional address space on large programs, for default +# preferences. # #MANAGED_OBJECTS_RESIDENT_LIMIT = 256 +# Parameter MANAGED_OBJECTS_IO_BUFFER_CAPACITY +# # Purpose -# Megabytes of memory to allocate for IO buffering +# Specifies the amount of memory (in Megabytes) to allocate for +# IO buffering. # +# Type +# integer +# # Notes # A low value may cause thrashing. A high value may cause the tool # to exhaust virtual address space. # -# Type -# integer -# #MANAGED_OBJECTS_IO_BUFFER_CAPACITY = 128 +# Parameter ZFRAG_POOL_MINIMUM_CAPACITY +# # Purpose -# Megabytes of memory to eagerly reserve for defragmentable -# allocations. +# Specifies the amount of memory (in Megabytes) to eagerly reserve for +# defragmentable allocations. # +# Type +# integer +# # Notes +# It is not recommended that users alter this unless advised to do so +# by GrammaTech. +# # Setting this to a large value can help avoid problems where large # allocations are eventually unsatisfiable in long-running processes -# because of memory fragmentation. This is not disjoint from other -# memory limits in the configuration file. This should probably not -# be altered unless support advises to do so. -# -# Type -# integer +# because of memory fragmentation. It interacts with other memory +# limits in the configuration file. # #ZFRAG_POOL_MINIMUM_CAPACITY = 256 +# Parameter ZFRAG_POOL_SMALL_THRESHOLD +# # Purpose +# Specifies a lower bound on allocation size (in bytes) below which +# degramentable memory will not be used. +# +# Type +# integer +# +# Behavior # Defragmentable memory will be used only for allocations greater # than or equal to this many bytes. # # Notes +# It is not recommended that users alter this unless advised to do so +# by GrammaTech. +# # Defragmentable allocations have a space overhead of 32 bytes and -# time overhead linear in the amount of space allocated. This should -# probably not be altered unless support advises to do so. +# time overhead linear in the amount of space allocated. # -# Type -# integer -# #ZFRAG_POOL_SMALL_THRESHOLD = 4096 +# Parameter MAX_MATCH_LENGTH +# # Purpose # When performing source replacement with \param -# SOURCE_PATTERN_REPLACEMENT, this is the size of the buffer +# SOURCE_PATTERN_REPLACEMENT, this is the size (in bytes) of the buffer # used to hold the part of the source file currently undergoing # matching. # +# Type +# integer +# # Notes # File substrings whose length exceeds this value will never be # matched, but too high a value can cause performance problems. # -# Type -# integer -# #MAX_MATCH_LENGTH = 4095 # Parameter SOURCE_PATTERN_REPLACEMENT # # Purpose -# Specify a regular expression based replacement to be carried out +# Specifies a regular expression based replacement to be carried out # over the source code being analyzed (before preprocessing # occurs). # -# Notes -# Matching and replacement is carried out within each source file, -# before preprocessing occurs. -# -# The updated text is saved in the store: the analysis back end never -# sees the original code. Note that this means that any error -# reporting will involve line numbers and text from the updated -# files. -# -# If no is specified for a \tt SOURCE_PATTERN_REPLACEMENT -# entry, the entry will be ignored with a warning. -# -# The '/' character is the standard delimiter, but you can use a -# different delimiter if necessary. Occurrences of the delimiter -# inside and must be escaped. -# -# If you don't wish to use the delimited expression form at all, you -# can use the combination of \param SOURCE_PATTERN, \param -# SOURCE_REPLACEMENT, and \param SOURCE_MODIFIERS to specify a -# regular expression based replacement as described below. -# -# For example, +# Type +# A string of the form # \code -# SOURCE_PATTERN_REPLACEMENT=s/foo//I -# \endcode -# specifies that all occurrences of "foo" in the source code, -# regardless of case, should be deleted. This is exactly equivalent -# to -# \code -# SOURCE_PATTERN_REPLACEMENT=s*foo**I -# \endcode -# (the same expression with a different delimiter), and to -# \code -# SOURCE_PATTERN=foo -# SOURCE_REPLACEMENT= -# SOURCE_MODIFIERS=I -# \endcode -# -# You can specify as many \tt SOURCE_PATTERN_REPLACEMENT entries as you -# want: replacements will be carried out in the same order that the -# entries are specified. All \tt SOURCE_PATTERN_REPLACEMENTs will be -# carried out after all \tt SOURCE_REPLACE_COMMANDs. -# -# Type -# A string of the form -# \code -# s///+ +# s///+ # \endcode # # where: # @@ -800,8 +866,52 @@ # < match_not_bow # > match_not_eow # ^ match_not_bol # \endcode +# +# Notes +# Matching and replacement is carried out within each source file, +# before preprocessing occurs. +# +# The updated text is saved in the store: the analysis back end never +# sees the original code. Note that this means that any error +# reporting will involve line numbers and text from the updated +# files. +# +# If no is specified for a \tt SOURCE_PATTERN_REPLACEMENT +# entry, the entry will be ignored with a warning. +# +# The '/' character is the standard delimiter, but you can use a +# different delimiter if necessary. Occurrences of the delimiter +# inside and must be escaped. +# +# If you don't wish to use the delimited expression form at all, you +# can use the combination of \param SOURCE_PATTERN, \param +# SOURCE_REPLACEMENT, and \param SOURCE_MODIFIERS to specify a +# regular expression based replacement as described below. +# +# For example, +# \code +# SOURCE_PATTERN_REPLACEMENT=s/foo//I +# \endcode +# specifies that all occurrences of "foo" in the source code, +# regardless of case, should be deleted. This is exactly equivalent +# to +# \code +# SOURCE_PATTERN_REPLACEMENT=s*foo**I +# \endcode +# (the same expression with a different delimiter), and to +# \code +# SOURCE_PATTERN=foo +# SOURCE_REPLACEMENT= +# SOURCE_MODIFIERS=I +# \endcode +# +# You can specify as many \tt SOURCE_PATTERN_REPLACEMENT entries as you +# want: replacements will be carried out in the same order that the +# entries are specified. All \tt SOURCE_PATTERN_REPLACEMENTs will be +# carried out after all \tt SOURCE_REPLACE_COMMANDs. +# # Parameter SOURCE_PATTERN # Parameter SOURCE_REPLACEMENT @@ -810,17 +920,14 @@ # Purpose # Provide an alternative to \param SOURCE_PATTERN_REPLACEMENT for # specifying regular expression based replacements in the source # code: -# -# \tt SOURCE_PATTERN corresponds to the part of a -# \tt SOURCE_PATTERN_REPLACEMENT expression -# -# \tt SOURCE_REPLACEMENT corresponds to the part of a -# \tt SOURCE_PATTERN_REPLACEMENT expression -# -# \tt SOURCE_MODIFIERS corresponds to the + part of a -# \tt SOURCE_PATTERN_REPLACEMENT expression +# - \tt SOURCE_PATTERN corresponds to the part of a +# \tt SOURCE_PATTERN_REPLACEMENT expression +# - \tt SOURCE_REPLACEMENT corresponds to the part of a +# \tt SOURCE_PATTERN_REPLACEMENT expression +# - \tt SOURCE_MODIFIERS corresponds to the + part of a +# \tt SOURCE_PATTERN_REPLACEMENT expression # # Type # \tt SOURCE_PATTERN : \link # ../../../../third-party/boost/libs/regex/doc/html/boost_regex/syntax.html @@ -828,9 +935,9 @@ # # \tt SOURCE_REPLACEMENT : string # # \tt SOURCE_MODIFIERS : one or modifiers as described in the entry for -# \param SOURCE_PATTERN_REPLACEMENT. +# \param SOURCE_PATTERN_REPLACEMENT # # Notes # For the sake of execution order, a replacement specified with # these parameters is treated as a \param @@ -862,8 +969,12 @@ # Purpose # Specify a text-replacement command to be executed on each source # file being analyzed (before preprocessing occurs). # +# Type +# A string corresponding to a command that reads from stdin and +# writes to stdout. +# # Notes # Use this parameter to specify a substring replacement command to # execute on the source files before preprocessing occurs. # @@ -878,139 +989,182 @@ # You can specify as many \tt SOURCE_REPLACE_COMMAND entries as you # want: replacements will be carried out in the same order that the # entries are specified. # -# All \tt SOURCE_REPLACE_COMMANDs will be carried out before all \param -# SOURCE_PATTERN_REPLACEMENT. +# All replacements specified with \tt SOURCE_REPLACE_COMMAND will be +# carried out before any replacements specified with \param +# SOURCE_PATTERN_REPLACEMENT (or \param SOURCE_PATTERN, \param +# SOURCE_REPLACEMENT, \param SOURCE_MODIFIERS). # -# Type -# A string corresponding to a command that reads from stdin and -# writes to stdout. +# Parameter PREPROCESS_IF_FAIL +# # Purpose # Specifies whether or not preprocessed versions of compilation # units containing parse errors will be saved. # +# Type +# {Yes, No} +# # Notes -# If environment variable CS_PREPROCESS_IF_FAIL is set, its value will -# override the setting of this parameter. +# If environment variable \tt CS_PREPROCESS_IF_FAIL is set, its +# value will override the setting of this parameter. +# #PREPROCESS_IF_FAIL = No +# Parameter PREPROCESS_ALWAYS +# # Purpose # Specifies whether or not preprocessed versions of all compilation units # will be saved. # +# Type +# {Yes, No} +# # Notes -# If environment variable CS_PREPROCESS_ALWAYS is set, its value will -# override the setting of this parameter. +# If environment variable \tt CS_PREPROCESS_ALWAYS is set, its value +# will override the setting of this parameter. +# #PREPROCESS_ALWAYS = No # Parameter HOOK_LOG # # Purpose -# Log all process invocations inside a hook, hook-build, hook-html, -# or hook-start sub-command. A (very) poor man's strace/truss. +# Specifies a log file for hook* sub-commands. +# +# Type +# file path +# +# Behavior +# All process invocations inside a hook, hook-build, hook-html, +# or hook-start sub-command will be logged to the specified file. # # Notes -# This parameter has no effect on Windows. -# -# If environment variable CS_HOOK_LOG is set, its value will -# override the setting of this parameter. +# For example: +# \code +# HOOK_LOG = /PATH/TO/log_file +# \endcode +# +# This parameter has no effect on Windows systems. +# +# If environment variable \tt CS_HOOK_LOG is set, its value will +# override the setting of this parameter. # -# For example: -# \code -# HOOK_LOG = /PATH/TO/log_file -# \endcode # Parameter FATSTATS_DUMP_FILE # # Purpose # Specifies an output file for certain diagnostic information. # +# Type +# file path +# # Notes -# If environment variable FATSTATS_DUMP_FILE is set, its value will +# If environment variable \tt FATSTATS_DUMP_FILE is set, its value will # override the setting of this parameter. # # For example: # \code # FATSTATS_DUMP_FILE = /PATH/TO/dump_file # \endcode -# Parameter HUB_ADDRESS + +# Parameter INCREMENTAL_BUILD # -# Behavior +# Purpose +# Specifies whether or not the build/analysis will be incremental. +# +# Type +# {Yes, No} +# +# Behavior +# If set to "Yes", the build/analysis will be incremental. If set to +# "No", the entire project will be rebuilt and re-analyzed. +# +#INCREMENTAL_BUILD = Yes + +# Parameter HUB_ADDRESS +# +# Purpose # Specifies the hub address CodeSonar should use. # -# Notes -# This is ignored by the Windows project builder GUI. +# Type +# String of the form : # -# If an address is specified on the command line, then it takes -# precedence. Setting this in template.conf affects the hub-start, -# hub-stop, hub-info, hook, and hook-html commands. Setting this in -# any other conf file will affect only hook and hook-html commands -# using that conf file. A conf file setting will take precedence -# over the CODESONAR_HUB environment variable. +# Behavior +# CodeSonar will use the specified hub address. +# - If an address is specified on the command line, then it takes +# precedence. +# - The HUB_ADDRESS setting takes precedence over the +# CODESONAR_HUB environment variable. +# - Setting HUB_ADDRESS in template.conf affects the hub-start, +# hub-stop, hub-info, hook, and hook-html commands. Setting it in +# any other configuration file will affect only hook and hook-html +# commands using that file. # +# Notes # For example: # \code # HUB_ADDRESS = 127.0.0.1:7340 # \endcode # +# This parameter is ignored by the Windows project builder GUI. +# +#HUB_ADDRESS = 127.0.0.1:7340 + +# Parameter ANALYSIS_NAME +# +# Purpose +# Specifies a name for the analysis. +# # Type -# String of the form : +# string +# +# Behavior +# CodeSonar will label the analysis with the specified name. If a +# name is specified on the command line, then it takes precedence. +# Different analyses of the same project may have different names +# (e.g., to distinguish different versions). +# +# Notes +# For example: +# \code +# ANALYSIS_NAME = Bob's Project Revision 472 +# \endcode +# +# CodeSonar will generate a name for the analysis if none is specified. +# # Parameter USE_SERVICES # # Purpose -# [Windows only] Specifies whether or not CodeSonar hub and launch -# daemon processes will be created as Windows services. +# [Windows only] Specifies whether or not the CodeSonar launch +# daemon process will be created as a Windows service. +# +# Type +# {Yes, No} # # Behavior -# If "Yes", any new hub or launch daemon started by "codesonar hook" +# If "Yes", any launch daemon started by "codesonar hook" # or "codesonar hook-html" will be created as a Windows service. # # If "No", Windows will kill hub processes and launch daemons when # the user logs out, unless the processes are started from the Scheduled -# Tasks panel or by another windows service. +# Tasks panel or by another Windows service. # # Notes -# This variable is ignored by the Windows project builder GUI. -# -# This variable has no effect on non-windows systems. +# This parameter is ignored by the Windows project builder GUI. # -# Type -# {Yes, No} +# This parameter has no effect on non-Windows systems. # - # USE_SERVICES = Yes -# Parameter SPAWN_HUB -# -# Purpose -# Specifies whether or not "codesonar hook" or "codesonar hook-html" -# will create a new hub if the hub is not already running. -# -# Notes -# This variable is ignored by the Windows project builder GUI. -# -# If unspecified, then CodeSonar will be willing to spawn a hub only -# if no hub address is specified on the command line or through the -# CODESONAR_HUB environment variable. This default behavior was -# selected for backwards compatibility with CodeSonar 2.0. -# -# Type -# {Yes, No} -# - -# SPAWN_HUB = No - - # Parameter FOREGROUND # # Purpose # Specifies whether or not a "codesonar hook-html" command will run the @@ -1025,42 +1179,34 @@ # If "No", a separate background process runs the analysis after control # returns to the shell. # # Notes -# This variable is ignored by the Windows project builder GUI. +# This parameter is ignored by the Windows project builder GUI. # # The "CodeSonar Analysis Log" in the web GUI will not be populated -# when this is set to Yes. Instead, the log will show up on the +# when this is set to "Yes". Instead, the log will show up on the # hook-html command's stdout and stderr. By default, analysis # processes run in the background and can continue running after the # user has logged out. # - # FOREGROUND = No # Parameter WARNING_FILTER # -# Behavior +# Purpose # Allows warnings to be modified before they are submitted to the # hub, or discarded entirely without being submitted. # # Type # Zero or more patterns, each consisting of an followed by # one or more s. # # is one of: -# - discard (warnings matching the rules will be discarded instead of -# being submitted to the hub). -# - allow (warnings matching the rules will be submitted to the hub, -# even if they matched a previous "discard") -# - priority:= (warnings matching the rules will have their -# Priority set to before being submitted to the hub. If -# is not a legal priority value on the hub, the hub will -# be updated to add to the list of priority values.) -# - owner:= (warnings matching the rules will have their Owner set -# to before being submitted to the hub. If is not -# an active user on the hub, the pattern has no effect) +# - discard +# - allow +# - priority:= +# - owner:= # # is one of: # - class # - categories @@ -1078,26 +1224,42 @@ # and is one of: # - : (substring match) # - = (exact match) # +# Behavior +# Depends on the : +# - \tt discard : warnings matching the rules will be discarded instead +# of being submitted to the hub. +# - \tt allow : warnings matching the rules will be submitted to the +# hub, even if they matched a previous "discard" +# - \tt priority:= : warnings matching the rules will have +# their Priority set to before being submitted to the +# hub. If is not a legal priority value on the hub, the +# hub will be updated to add to the list of priority +# values. +# - \tt owner:= : warnings matching the rules will have their +# Owner set to before being submitted to the hub. If +# is not an active user on the hub, the pattern has no +# effect. +# # Notes # If there are two or more s in a pattern, the pattern # will be applied to warnings that match ALL of the rules. # # If \tt WARNING_FILTER settings specify that all warnings of a specific # class should be discarded (with no exceptions from subsequent -# "allow" patterns"), CodeSonar will not even carry out checks for +# "allow" patterns), CodeSonar will not even carry out checks for # that class. This will generally lead to time savings. # -# For example: +# The following checks are enabled by default. To discard warnings of +# a particular class, use the corresponding "discard" rule. # \code -# WARNING_FILTER += discard class="Accept on socket in wrong state" -# WARNING_FILTER += discard class="Bind on socket in wrong state" # WARNING_FILTER += discard class="Buffer Overrun" # WARNING_FILTER += discard class="Buffer Underrun" # WARNING_FILTER += discard class="Cast Alters Value" -# WARNING_FILTER += discard class="Connect on socket in wrong state" +# WARNING_FILTER += discard class="Dangerous Function" # WARNING_FILTER += discard class="Dangerous Function Cast" +# WARNING_FILTER += discard class="Deadlock" # WARNING_FILTER += discard class="Division By Zero" # WARNING_FILTER += discard class="Double Close" # WARNING_FILTER += discard class="Double Free" # WARNING_FILTER += discard class="Double Lock" @@ -1105,69 +1267,207 @@ # WARNING_FILTER += discard class="Empty Branch Statement" # WARNING_FILTER += discard class="Empty if Statement" # WARNING_FILTER += discard class="Empty switch Statement" # WARNING_FILTER += discard class="Empty while Statement" -# WARNING_FILTER += discard class="Excessive Stack Depth" # WARNING_FILTER += discard class="File System Race Condition" # WARNING_FILTER += discard class="Format String" # WARNING_FILTER += discard class="Free Non-Heap Variable" # WARNING_FILTER += discard class="Free Null Pointer" # WARNING_FILTER += discard class="Function Call Has No Effect" # WARNING_FILTER += discard class="Ignored Return Value" +# WARNING_FILTER += discard class="Insecure Randomness" +# WARNING_FILTER += discard class="Insecure Temporary File" # WARNING_FILTER += discard class="Leak" -# WARNING_FILTER += discard class="Listen on socket in wrong state" +# WARNING_FILTER += discard class="Misaligned Object" # WARNING_FILTER += discard class="Missing Return Statement" +# WARNING_FILTER += discard class="Negative Character Value" # WARNING_FILTER += discard class="Negative Shift Amount" -# WARNING_FILTER += discard class="Negative file descriptor" +# WARNING_FILTER += discard class="Negative File Descriptor" # WARNING_FILTER += discard class="Null Pointer Dereference" # WARNING_FILTER += discard class="Null Test After Dereference" # WARNING_FILTER += discard class="Potential Unbounded Loop" -# WARNING_FILTER += discard class="Recv on socket in wrong state" -# WARNING_FILTER += discard class="Recv_from on socket in wrong state" -# WARNING_FILTER += discard class="Recvmsg on socket in wrong state" # WARNING_FILTER += discard class="Redundant Condition" # WARNING_FILTER += discard class="Return Pointer to Freed" # WARNING_FILTER += discard class="Return Pointer to Local" -# WARNING_FILTER += discard class="Scope Could Be File Static" -# WARNING_FILTER += discard class="Scope Could Be Local Static" -# WARNING_FILTER += discard class="Send on socket in wrong state" # WARNING_FILTER += discard class="Shift Amount Exceeds Bit Width" # WARNING_FILTER += discard class="Try-lock that will never succeed" # WARNING_FILTER += discard class="Type Overrun" # WARNING_FILTER += discard class="Type Underrun" -# WARNING_FILTER += discard class="Unchecked Parameter Dereference" # WARNING_FILTER += discard class="Uninitialized Variable" -# WARNING_FILTER += discard class="Unreachable Code" +# WARNING_FILTER += discard class="Unreachable Call" +# WARNING_FILTER += discard class="Unreachable Computation" +# WARNING_FILTER += discard class="Unreachable Conditional" +# WARNING_FILTER += discard class="Unreachable Control Flow" +# WARNING_FILTER += discard class="Unreachable Data Flow" # WARNING_FILTER += discard class="Unused Value" +# WARNING_FILTER += discard class="Use After Close" # WARNING_FILTER += discard class="Use After Free" # WARNING_FILTER += discard class="Useless Assignment" # WARNING_FILTER += discard class="Varargs Function Cast" +# WARNING_FILTER += discard class="accept on socket in wrong state" # WARNING_FILTER += discard class="access After Open" # WARNING_FILTER += discard class="alloca Buffer Length Unreasonable" # WARNING_FILTER += discard class="bcopy Length Unreasonable" +# WARNING_FILTER += discard class="bind on socket in wrong state" +# WARNING_FILTER += discard class="calloc Object Count Unreasonable" # WARNING_FILTER += discard class="calloc Object Length Unreasonable" # WARNING_FILTER += discard class="chmod After Open" # WARNING_FILTER += discard class="chown After Open" -# WARNING_FILTER += discard class="delete Object Created by malloc" -# WARNING_FILTER += discard class="delete Object Created by new[]" -# WARNING_FILTER += discard class="delete[] Object Created by malloc" -# WARNING_FILTER += discard class="delete[] Object Created by new" -# WARNING_FILTER += discard class="free Object Created by new" -# WARNING_FILTER += discard class="free Object Created by new[]" +# WARNING_FILTER += discard class="connect on socket in wrong state" +# WARNING_FILTER += discard class="listen on socket in wrong state" # WARNING_FILTER += discard class="malloc Buffer Length Unreasonable" # WARNING_FILTER += discard class="memccpy Length Unreasonable" # WARNING_FILTER += discard class="memccpy With Overlapping Regions" # WARNING_FILTER += discard class="memcpy Length Unreasonable" # WARNING_FILTER += discard class="memcpy With Overlapping Regions" # WARNING_FILTER += discard class="realloc Buffer Length Unreasonable" +# WARNING_FILTER += discard class="recv on socket in wrong state" +# WARNING_FILTER += discard class="recvfrom on socket in wrong state" +# WARNING_FILTER += discard class="recvmsg on socket in wrong state" +# WARNING_FILTER += discard class="send on socket in wrong state" # WARNING_FILTER += discard class="stat After Open" # WARNING_FILTER += discard class="strcpy With Overlapping Regions" # WARNING_FILTER += discard class="strncpy Does Not Null-terminate" # WARNING_FILTER += discard class="strncpy Length Unreasonable" # WARNING_FILTER += discard class="strncpy With Overlapping Regions" # \endcode +# +# The following checks are disabled by default. To enable checks for +# a particular class, use the corresponding "allow" rule. +# \code +# WARNING_FILTER += allow class="Call to longjmp" +# WARNING_FILTER += allow class="Call to setjmp" +# WARNING_FILTER += allow class="Conditional Compilation" +# WARNING_FILTER += allow class="Excessive Stack Depth" +# WARNING_FILTER += allow class="Function Too Long" +# WARNING_FILTER += allow class="Function Pointer" +# WARNING_FILTER += allow class="Goto Statement" +# WARNING_FILTER += allow class="Integer Overflow of Allocation Size" +# WARNING_FILTER += allow class="Macro Does Not End With ) or }" +# WARNING_FILTER += allow class="Macro Does Not Start With ( or {" +# WARNING_FILTER += allow class="Macro Uses -> Operator" +# WARNING_FILTER += allow class="Macro Uses [] Operator" +# WARNING_FILTER += allow class="Macro Uses ## Operator" +# WARNING_FILTER += allow class="Macro Uses Unary * Operator" +# WARNING_FILTER += allow class="Not Enough Assertions" +# WARNING_FILTER += allow class="Pointer Before Beginning of Object" +# WARNING_FILTER += allow class="Pointer Past End of Object" +# WARNING_FILTER += allow class="Pointer Type Inside Typedef" +# WARNING_FILTER += allow class="Recursion" +# WARNING_FILTER += allow class="Recursive Macro" +# WARNING_FILTER += allow class="Scope Could Be File Static" +# WARNING_FILTER += allow class="Scope Could Be Local Static" +# WARNING_FILTER += allow class="Too Many Dereferences" +# WARNING_FILTER += allow class="Unbalanced Parenthesis" +# WARNING_FILTER += allow class="Unchecked Parameter Dereference" +# WARNING_FILTER += allow class="Variadic Macro" +# \endcode +# +# To enable all \link ../WarningClasses/Pow10Checks.html Power of +# Ten\endlink checks: +# \code +# WARNING_FILTER += allow categories:POW10 +# BUILD_OPTIONS += -retain-unnormalized-c-ast yes +# \endcode + + +# Parameter BAD_FUNCTION_REGEX +# Parameter BAD_FUNCTION_MESSAGE +# Parameter BAD_FUNCTION_CATEGORIES +# Parameter BAD_FUNCTION_RANK +# +# Purpose +# Specifies functions that are prohibited. +# +# Type +# - \tt BAD_FUNCTION_REGEX: \link +# ../../../../third-party/boost/libs/regex/doc/html/boost_regex/syntax.html +# Boost regular expression\endlink +# - \tt BAD_FUNCTION_MESSAGE: string +# - \tt BAD_FUNCTION_CATEGORIES: string +# - \tt BAD_FUNCTION_RANK: number +# +# Behavior +# These four parameters are used together to specify bad functions to +# check for and warnings to issue when those functions occur. +# - \tt BAD_FUNCTION_REGEX is a regular expression. If a reference +# to a function that matches this is found, then a warning +# is issued. +# - \tt BAD_FUNCTION_MESSAGE is the text of the message that will +# be shown. This defaults to "Bad Function". +# - \tt BAD_FUNCTION_CATEGORIES is the set of categories for the warning, +# as a semicolon-separated list. This defaults to the empty string. +# - \tt BAD_FUNCTION_RANK is the rank assigned to the warning, with +# default 15.0. +# +# Notes +# For example, +# \code +# BAD_FUNCTION_REGEX = ^gets$ +# BAD_FUNCTION_MESSAGE = Dangerous Function +# BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:242 +# BAD_FUNCTION_RANK = 1.0 +# \endcode +# specifies that uses of the function "gets" should be flagged as +# warnings. +# +# The following introduces a warning on use of the function +# "memset" because some compilers may insecurely remove the call +# during optimization. See +# \link http://cwe.mitre.org/data/definitions/14.html CWE:14\endlink +# for details. +# \code +# BAD_FUNCTION_REGEX = ^memset$ +# BAD_FUNCTION_MESSAGE = Insecure Optimization +# BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:14 +# BAD_FUNCTION_RANK = 10.0 +# \endcode +#BAD_FUNCTION_REGEX = ^crypt$ +#BAD_FUNCTION_MESSAGE = Insecure Randomness +#BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:330 + +#BAD_FUNCTION_REGEX = ^mks?temp$|^_?tmpfile$|^tmpnam(_r)?$ +#BAD_FUNCTION_MESSAGE = Insecure Temporary File +#BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:377 + +#BAD_FUNCTION_REGEX = ^gets$ +#BAD_FUNCTION_MESSAGE = BAD_FUNC$Buffer Overrun +#BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:242 +#BAD_FUNCTION_RANK = 1.0 + + +# Parameter PLUGINS +# +# Purpose +# Specifies filenames of Scheme API and C API plug-ins to load. +# +# Type +# string +# +# Behavior +# The specified files will be loaded as plug-ins. +# +# Notes +# For example: +# \code +# PLUGINS += /tmp/foo.stk +# PLUGINS += /tmp/foo.so +# PLUGINS += /tmp/foo.dll +# PLUGINS += /tmp/foo.bundle +# PLUGINS += c:\Documents and Settings\Bob\Desktop\foo.dll +# \endcode +# +# For more information about CodeSonar plug-ins, see \link +# ../API/CodeSonarPlugins/PluginAPI.html CodeSonar Plug-In API +# \endlink. +# Parameter REPORT_IMPLIED_EQUALITY +# +# Purpose +# Specifies whether or not implied unsafe behavior due to +# equality/disequality is sufficient cause to issue warnings. +# # Type # {Yes, No} # # Behavior @@ -1208,17 +1508,23 @@ # #REPORT_IMPLIED_EQUALITY = Yes +# Parameter REPORT_IMPLIED_INEQUALITY +# +# Purpose +# Specifies whether or not implied unsafe behavior due to +# inequality is sufficient cause to issue warnings. +# +# Type +# {Yes, No} +# # Behavior # If set to "No", then warnings will not be produced just because # conditionals along a path imply unsafe behavior due to inequality # (<, <=, >, >=); satisfying assignments to the variables must also # exist. # -# Type -# {Yes, No} -# # Notes # Setting this to "No" will decrease the false positive rate and # increase the false negative rate. # @@ -1253,12 +1559,17 @@ # #REPORT_IMPLIED_INEQUALITY = No +# Parameter DAEMON_TIMEOUT +# # Purpose # Seconds of inactivity before the analysis daemon shuts down to # conserve system resources. # +# Type +# integer +# # Behavior # When the web application needs certain information (such as source # file listings), it queries the analysis daemon. If the analysis # daemon is not running, then the web application will attempt to @@ -1273,69 +1584,79 @@ # applicable queries exceeds this value. A high value can result in # an extra process hanging around doing nothing on the analysis # machine. The default setting is 30 minutes ( = 1800 seconds). # -# Type -# integer -# #DAEMON_TIMEOUT = 1800 +# Parameter CONSTANT_CACHE_CAPACITY +# # Purpose # Megabytes of memory to allocate for values of constants, such as # those found in static initializers of const variables. # +# Type +# integer +# # Notes # A low value may cause the analysis to frequently recompute the # values of local and static constants. # -# Type -# integer -# #CONSTANT_CACHE_CAPACITY = 16 +# Parameter TOKEN_RENDERER_CAPACITY +# # Purpose # Megabytes of memory to allocate for hotlinkable tokens when # rendering source code. This is a hard limit that will not be # exceeded wheras \param TOKEN_RENDERER_BACKOFF_CAPACITY may be # exceeded. # # Type # integer -# +# #TOKEN_RENDERER_CAPACITY = 64 +# Parameter TOKEN_RENDERER_BACKOFF_CAPACITY +# # Purpose # Megabytes of memory to allocate for hotlinkable tokens before # enforcing the \param TOKENS_PER_LINE limit. # +# Type +# integer +# # Notes # Exceeding this limit may result in unlinked tokens. Using two # limits prevents a single pathological line from obliterating all # links in a procedure/file. # -# Type -# integer -# #TOKEN_RENDERER_BACKOFF_CAPACITY = 32 +# Parameter TOKENS_PER_LINE +# # Purpose # Once \param TOKEN_RENDERER_BACKOFF_CAPACITY is exceeded, the number # of hotlinkable tokens for a single line will not be allowed to # exceed this value. # # Type # integer -# +# #TOKENS_PER_LINE = 10 +# Parameter TOLERATE_PARSE_ERRORS +# # Purpose -# Whether the analysis will run anyway if there were errors parsing -# the code. +# If errors were encountered in parsing the code, specifies whether +# or not the analysis will run anyway +# +# Type +# {Yes, No} # # Behavior # If set to "No", then the analysis will refuse to run on a project # that contains parse errors. Analyzing code that contains parse @@ -1345,17 +1666,19 @@ # Notes # A log of parse errors and compiler command lines can be found at # .prj_files/log.txt. # -# Type -# {Yes, No} -# #TOLERATE_PARSE_ERRORS = Yes +# Parameter NULL_POINTER_THRESHOLD +# # Purpose # Determines what qualifies as a null pointer dereference. # +# Type +# integer +# # Behavior # Any dereference of an address less than this value will be treated # as a null pointer dereference. Most machines will never allocate # objects on the 0 page in user-mode. @@ -1368,48 +1691,56 @@ # int *p = &s->f; /* this is ok, even if s is null */ # *p = 42; /* this is where the program will # * crash if s was null, because an # * address such as '4' is being dereferenced -# * (assuming f is 4 bytes into s). +# * (assuming f is 4 bytes into s). */ # \endcode # -# Type -# integer -# #NULL_POINTER_THRESHOLD = 4096 +# Parameter REPORT_INTER_PARTIAL_UQ_WARNINGS +# # Purpose # Determines whether exhaustive interprocedural exploration is # required before reporting warnings in classes for which something # must hold on all paths. # +# Type +# {Yes, No} +# # Behavior # If set to "Yes", then warnings of classes requiring universal # quantification over paths will be reported on statements preceded # by calls to functions that have not been exhaustively explored. # The default behavior is to suppress such warnings. # The affected warning classes are: -# - Null Test After Dereference -# - Redundant Condition -# - Unreachable Code -# - Unused Value -# - Useless Assignment +# - \wclink LANG.STRUCT.NTAD Null Test After Dereference \endwclink +# - \wclink LANG.STRUCT.RC Redundant Condition \endwclink +# - The \wclink LANG.STRUCT.UC Unreachable Code \endwclink family: +# Unreachable Call, Unreachable Computation, Unreachable +# Conditional, Unreachable Control Flow, and Unreachable Data +# Flow +# - \wclink LANG.STRUCT.UVAL Unused Value \endwclink +# - \wclink LANG.STRUCT.UA Useless Assignment \endwclink # # Notes # Setting this to "Yes" will increase the false positive rate and # decrease the false negative rate for warning classes requiring # universal quantification over paths. # -# Type -# {Yes, No} -# #REPORT_INTER_PARTIAL_UQ_WARNINGS = No +# Parameter REPORT_PARTIAL_NTAD_WARNINGS +# # Purpose # Determines whether exhaustive exploration is required before -# issuing a "Null Test After Dereference" warning. +# issuing a \wclink LANG.STRUCT.NTAD Null Test After Dereference +# \endwclink warning. +# +# Type +# {Yes, No} # # Behavior # If set to "Yes", then Null Test After Dereference warnings will be # issued even if all paths leading to the test have not been @@ -1423,18 +1754,20 @@ # # In practice, setting this to "Yes" usually reveals more true # positives than false positives. # -# Type -# {Yes, No} -# #REPORT_PARTIAL_NTAD_WARNINGS = Yes +# Parameter TIME_LIMIT_INTRA_EXPLORE +# # Purpose # Seconds the analysis may spend doing intraprocedural exploration in # a single procedure. # +# Type +# integer +# # Behavior # If this time limit expires, summaries for the procedure are rolled # back and the analysis will treat call sites to the procedure as if # the procedure is not defined in the project. @@ -1445,177 +1778,232 @@ # unlikely to expire using the default value for \param SEARCH_BOUND. # # This parameter affects checks for most warning classes. The classes # NOT affected are: -# - Dangerous Function Cast -# - Empty {Branch, if, switch, while} Statement -# - Function Call Has No Effect -# - Varargs Function Cast -# Type -# integer +# - \wclink LANG.TYPE.NEGCHAR Negative Character Value \endwclink +# - \wclink LANG.CAST.FN Dangerous Function Cast \endwclink +# - \wclink LANG.STRUCT.EBS Empty {Branch, if, switch, while} +# Statement \endwclink +# - \wclink POSIX.FUNCS.NOEFFECT Function Call Has No Effect \endwclink +# - \wclink LANG.CAST.VARARG Varargs Function Cast \endwclink # #TIME_LIMIT_INTRA_EXPLORE = 25 +# Parameter TIME_LIMIT_INTRA_CLASSIFY +# # Purpose # Seconds the analysis may spend determining whether potential # intraprocedural vulnerabilities warrant further examination, per # procedure. # +# Type +# integer +# # Behavior # Potential vulnerabilities nearer to the beginning of procedures # receive preferential treatment. Once the time limit expires, # potential intraprocedural vulnerabilities starting in the current # procedure are ignored until the analysis moves on to the next # procedure. # # Notes -# On Windows, this specifies elapsed time. On unix and linux, this -# specifies a limit on user+system time. The default value for this -# preference is likely to expire in large procedures. +# On Windows, this specifies elapsed time. On Solaris/Linux/OS X, it +# specifies a limit on user+system time. The default limit is likely +# to be exceeded in large procedures. # # This parameter affects checks for most warning classes. The classes # NOT affected are: -# - Dangerous Function Cast -# - Empty {Branch, if, switch, while} Statement -# - Format String -# - Function Call Has No Effect -# - Ignored Return Value -# - Leak -# - Null Test After Dereference -# - Potential Unbounded Loop -# - Redundant Condition -# - Unreachable Code -# - Unused Value -# - Useless Assignment -# - Varargs Function Cast -# -# Type -# integer +# - \wclink LANG.TYPE.NEGCHAR Negative Character Value \endwclink +# - \wclink LANG.CAST.FN Dangerous Function Cast \endwclink +# - \wclink LANG.STRUCT.EBS Empty {Branch, if, switch, while} +# Statement \endwclink +# - \wclink POSIX.FMT Format String \endwclink +# - \wclink POSIX.FUNCS.NOEFFECT Function Call Has No Effect \endwclink +# - \wclink LANG.FUNCS.IRV Ignored Return Value \endwclink +# - \wclink LANG.ALLOC.LEAK Leak \endwclink +# - \wclink LANG.STRUCT.NTAD Null Test After Dereference \endwclink +# - \wclink LANG.STRUCT.ULOOP Potential Unbounded Loop \endwclink +# - \wclink LANG.STRUCT.RC Redundant Condition \endwclink +# - The \wclink LANG.STRUCT.UC Unreachable Code \endwclink family: +# Unreachable Call, Unreachable Computation, Unreachable +# Conditional, Unreachable Control Flow, and Unreachable Data +# Flow +# - \wclink LANG.STRUCT.UVAL Unused Value \endwclink +# - \wclink LANG.STRUCT.UA Useless Assignment \endwclink +# - \wclink LANG.CAST.VARARG Varargs Function Cast \endwclink # #TIME_LIMIT_INTRA_CLASSIFY = 8 +# Parameter TIME_LIMIT_INTER_CLASSIFY +# # Purpose # Seconds the analysis may spend determining whether potential # interprocedural vulnerabilities warrant further examination, per # procedure. # +# Type +# integer +# # Behavior # Potential vulnerabilities nearer to the beginning of procedures # receive preferential treatment. Once the time limit expires, # potential interprocedural vulnerabilities starting in the current # procedure are ignored until the analysis moves on to the next # procedure. # # Notes -# On Windows, this specifies elapsed time. On unix and linux, this -# specifies a limit on user+system time. The default value for this -# preference is very likely to expire in large procedures. +# On Windows, this specifies elapsed time. On Solaris/Linux/OS X, it +# specifies a limit on user+system time. The default limit is very +# likely to be exceeded in large procedures. # # The warning classes affected by this parameter are the same as those for # \param TIME_LIMIT_INTRA_CLASSIFY. # -# Type -# integer -# #TIME_LIMIT_INTER_CLASSIFY = 8 +# Parameter TIME_LIMIT_RESOLVE +# # Purpose # Seconds the analysis may spend resolving potential intra- and # interprocedural vulnerabilities, per procedure. # +# Type +# integer +# # Behavior # Once likely vulnerabilities have been identified, an intermediate # refinement step takes place. This preference limits the amount of # time spent on the refinement step. # # Notes -# On Windows, this specifies elapsed time. On unix and linux, this +# On Windows, this specifies elapsed time. On Solaris/Linux/OS X, it # specifies a limit on user+system time. The default limit is -# extremely unlikely to expire and exists to guard against +# extremely unlikely to be exceeded and exists to guard against # pathological behavior. # # The warning classes affected by this parameter are the same as those for # \param TIME_LIMIT_INTRA_CLASSIFY. # -# Type -# integer -# #TIME_LIMIT_RESOLVE = 16 +# Parameter TIME_LIMIT_REFINE +# # Purpose # Seconds the analysis may spend refining potential intra- and # interprocedural vulnerabilities, per procedure. # +# Type +# integer +# # Behavior # Once likely vulnerabilities have been identified in the # classification phase, the analysis applies a refinement step both # to eliminate false positives and to enhance the information # contained in the warning reports. If this limit expires, then # yet-to-be-refined likely vulnerabilities will be dropped. # # Notes -# On Windows, this specifies elapsed time. On unix and linux, this +# On Windows, this specifies elapsed time. On Solaris/Linux/OS X, it # specifies a limit on user+system time. The default limit is -# unlikely to expire and exists to guard against pathological +# not likely to be exceeded: it exists to guard against pathological # behavior. # # The warning classes affected by this parameter are the same as those for # \param TIME_LIMIT_INTRA_CLASSIFY. # -# Type -# integer -# #TIME_LIMIT_REFINE = 16 +# Parameter TIME_LIMIT_LEAK_CLASSIFY +# # Purpose # Seconds the analysis may spend determining whether potential # leaks warrant further examination, per procedure. # +# Type +# integer +# # Behavior # Potential leaks nearer to the beginning of procedures receive # preferential treatment. # # Notes -# On Windows, this specifies elapsed time. On unix and linux, this +# On Windows, this specifies elapsed time. On Solaris/Linux/OS X, it # specifies a limit on user+system time. The default limit is -# unlikely to expire using the default value for \param SEARCH_BOUND. -# -# Type -# integer +# not likely to be exceeded when the default value for \param +# SEARCH_BOUND is used. # #TIME_LIMIT_LEAK_CLASSIFY = 20 +# Parameter TIME_LIMIT_LEAK_REFINE +# # Purpose # Seconds the analysis may spend refining potential leaks, per # procedure. # +# Type +# integer +# # Behavior # Once likely leaks have been identified in the classificition phase, # the analysis applies a refinement step both to eliminate false # positives and to enhance the information contained in the warning # reports. If this limit expires, then yet-to-be-refined leaks # will be dropped. # # Notes -# On Windows, this specifies elapsed time. On unix and linux, this +# On Windows, this specifies elapsed time. On Solaris/Linux/OS X, it # specifies a limit on user+system time. The default limit is -# unlikely to expire and exists to guard against pathological +# not likely to be exceeded: it exists to guard against pathological # behavior. # +#TIME_LIMIT_LEAK_REFINE = 60 + + +# Parameter TIME_LIMIT_PROP_EXHAUSTIVE +# +# Purpose +# Seconds the analysis may spend determining which parts of a +# procedure have been exhaustively explored. +# # Type # integer # -#TIME_LIMIT_LEAK_REFINE = 60 +# Behavior +# Some checks (such as those for the \wclink LANG.STRUCT.UC +# Unreachable Code \endwclink classes) can only be reported with +# respect to portions of procedures that have been exhaustively +# explored. Making this determination can sometimes be extremely +# expensive (typically in generated code). +# +# Notes +# On Windows, this specifies elapsed time. On Solaris/Linux/OS X, it +# specifies a limit on user+system time. The default limit is not +# likely to be exceeded: it exists to guard against pathological +# behavior. +# +# The warning classes affected by this parameter are the same as those for +# \param TIME_LIMIT_INTRA_CLASSIFY. +# +#TIME_LIMIT_PROP_EXHAUSTIVE = 60 +# Parameter ROLLBACK_SUMMARIES_ON_ABORT +# +# Purpose +# Specifies whether or not function summaries will be rolled back if +# \param TIME_LIMIT_INTRA_EXPLORE expires. +# +# Type +# {Yes, No} +# # Behavior -# If set to "Yes", then summaries for a function will be rolled back if +# If set to "Yes", summaries for a function will be rolled back if # \param TIME_LIMIT_INTRA_EXPLORE expires. If this happens, call # sites to the function will be treated like any other undefined # function. # @@ -1623,50 +2011,57 @@ # Setting this to "No" can cause false positives and false negatives. # Setting this to "Yes" can cause (a different set of) false positives # and false negatives. # -# Type -# {Yes, No} #ROLLBACK_SUMMARIES_ON_ABORT = Yes +# Parameter SEARCH_BOUND +# # Purpose # Number of paths under simultaneous consideration when exploring a # procedure. # +# Type +# integer +# # Behavior # When the number is larger, more paths are searched, but more time # is used. # # Notes # This preference represents the trade-off between time and # thoroughness # -# Type -# integer -# #SEARCH_BOUND = 100 +# Parameter PATH_FINDING_EFFORT +# # Purpose # Once a set of paths believed to contain at least one vulnerability # is obtained, this many paths from the set will be searched before # moving on. # +# Type +# integer +# # Behavior # A negative setting indicates that there is no limit. Too low a # (positive) setting can cause false negatives, but might save some # time in pathological cases. # # Notes -# This bound is usually unnecessary, even on the large projects. -# -# Type -# integer +# This bound is usually unnecessary, even on large projects. # #PATH_FINDING_EFFORT = 500 +# Parameter REPORT_SIMILAR_WARNINGS +# +# Type +# {Yes, No} +# # Purpose # If two warnings look roughly alike (the source code of the interesting # points along the path is the same and the warnings have the same # class), should both of them be reported? @@ -1674,18 +2069,20 @@ # Notes # Similar warnings will share metadata (priority, state, finding, owner) # in the web application. # -# Type -# {Yes, No} -# #REPORT_SIMILAR_WARNINGS = Yes +# Parameter MAX_SIMILAR_PATHS +# # Purpose # Can influence the number of instances with similar paths that will # be generated for a single warning. # +# Type +# integer +# # Notes # "Similar paths" are paths with the same start and end points. # For example, suppose you had the following code. # \code @@ -1695,76 +2092,87 @@ # else # x = 2; # *p = 42; # \endcode -# To see Null Pointer Dereference paths through both branches of the -# conditional statement, set \tt MAX_SIMILAR_PATHS to 2 (or higher). +# +# To see \wclink LANG.MEM.NPD Null Pointer Dereference \endwclink +# paths through both branches of the conditional statement, set \tt +# MAX_SIMILAR_PATHS to 2 (or higher). # # Most users will never need a setting higher than 1 # # This parameter does not significantly affect performance. # -# Type -# integer -# #MAX_SIMILAR_PATHS = 1 +# Parameter MAX_CHECKED_INPUTS_PER_PROCEDURE +# # Purpose # Specifies how many inputs to a procedure can be checked at call sites. # +# Type +# integer +# # Behavior -# A negative value indicates no limit. A (positive) setting that is -# too low can cause false negatives. +# A negative value indicates no limit. Lower (positive) values will +# conserve disk space and time, but can cause false negatives. # # Notes # This bound may be useful for projects containing millions of lines -# of code. Checks for code nearer to the beginning of procedures -# receive preferential treatment. A lower value will conserve disk -# space and time. Both implicit and explicit inputs are counted. For +# of code. +# +# Checks for code nearer to the beginning of procedures +# receive preferential treatment. +# +# Both implicit and explicit inputs are counted. For # instance, both the pointer passed to strlen and the value pointed # to by that pointer are counted as inputs to strlen. Global # variables transitively used by a procedure also qualify. # -# Type -# integer -# #MAX_CHECKED_INPUTS_PER_PROCEDURE = 100 +# Parameter MAX_CHECKS_PER_INPUT +# # Purpose # Controls the maximum number of interprocedural checks that will be # stored per input per procedure. When analyzing call sites to # procedures, the tool examines whether these checks are satisfied in # order to flag interprocedural vulnerabilities. # +# Type +# integer +# # Behavior # A larger number means that more checks will be stored, with a # corresponding increase in disk and time usage. A smaller number # will save on space and time, at the cost of potentially overlooking # some positive results. # # Notes -# In some (rare but wonderful) cases, a larger bound will enable more +# In some (rare) cases, a larger bound will enable more # simplification to occur, improving performance and reducing false -# negatives. -# -# Type -# integer +# negatives. # #MAX_CHECKS_PER_INPUT = 10 +# Parameter MAX_GLOBAL_CHECK_AGE +# # Purpose -# Controls how much interprocedural checking is done on global -# variables. +# Specifies how many levels up the call graph interprocedural checks +# on global variables can be propagated. +# +# Type +# integer # # Behavior -# Larger values will do a more thorough check at the expense of -# system resources. A negative value indicates no limit (this is -# usually best for small to medium sized projects). This number -# specifies how many levels up the call graph interprocedural checks -# on global variables can be propagated. +# A negative value indicates no limit (this is usually best for small +# to medium sized projects). +# +# Larger values will cause CodeSonar to perform a more thorough check +# at the expense of system resources. # # Notes # Most interprocedural warnings tend to be caused by bad parameter # values, not bad values in global variables. Many users will find @@ -1772,468 +2180,919 @@ # results and a appreciable effect on analysis performance. A value # of 2 is recommended for users who want to check for bad values in # global variables crossing procedure boundaries. # -# Type -# integer -# #MAX_GLOBAL_CHECK_AGE = 0 +# Parameter MAX_CHECK_COMPLEXITY +# # Purpose -# Maximal complexity of an expression in an interprocedural check. +# Maximum complexity of an expression in an interprocedural check. +# +# Type +# integer # # Behavior -# Checks on expressions with a complexity exceeding this limit are +# Checks on expressions whose complexity exceeds this limit are # discarded. # # Notes # Expressions with more pointer dereferences and field/array accesses # have a higher complexity. # -# Type -# integer -# #MAX_CHECK_COMPLEXITY = 5 +# Parameter MAX_EXPRESSION_COMPLEXITY +# # Purpose -# A threshold for expression complexity. Information about expressions -# with higher complexity will be discarded. +# A threshold for expression complexity. +# +# Type +# integer # # Behavior -# Information relating expressions with a complexity exceeding this -# limit is discarded. +# Information about expressions whose complexity exceeds this limit +# is discarded. # # Notes # Expressions with more pointer dereferences and field/array accesses # have a higher complexity. # -# Type -# integer -# #MAX_EXPRESSION_COMPLEXITY = 12 +# Parameter MAX_SUMMARIES_PER_PROCEDURE +# # Purpose # Controls how many summaries per procedure will be stored in memory. # +# Type +# integer +# # Behavior # A negative value indicates no limit. Increasing the value for this # preference may allow more precise analysis, at the cost of longer # analysis time and higher memory usage. # # Notes # Complex procedures with a large number of possible effects may have -# a correspondingly large number of summaries. Where this number +# a correspondingly large number of summaries. If this number # exceeds the per-procedure maximum, CodeSonar will generate a # smaller number of summaries designed to preserve as much # information as possible from the original set. When the full set of -# original summaries is desired, increase the value of this +# original summaries is desired, change the value of this # preference accordingly. # -# Type -# integer -# #MAX_SUMMARIES_PER_PROCEDURE = 5 +# Parameter MAX_MODIFIED_VALUES +# # Purpose -# Bounds (per procedure) the number of modified values (outputs) that -# CodeSonar will keep track of in procedures summaries. +# Specifies a per-procedure bound on the number of modified values +# (outputs) that CodeSonar will keep track of in procedure summaries. +# +# Type +# integer # # Behavior -# Where a procedure modifies more values than this maximum, CodeSonar +# If a procedure modifies more values than this maximum, CodeSonar # will select values to discard from the summaries for the procedure -# to being the total number of values tracked down to the +# to bring the total number of values tracked down to the # maximum. Increasing the value for this preference may allow more # precise analysis, at the cost of longer analysis time and higher # memory usage. # # Notes # The values modified by a procedure may include its return value, # parameters and values from its calling environment, and values -# derived from those. -# -# Type -# integer +# derived from these. # #MAX_MODIFIED_VALUES = 100 +# Parameter RETURN_CHECKER_SAMPLE_SIZE +# # Purpose # At least this many heeded calls to a given function must be seen # before the sample is considered large enough to warn the user -# about an Ignored Return Value for that function. -# -# Behavior -# A smaller positive value will cause more warnings. A nonpositive -# value disables the checking of sample sizes, with the effect that -# no return checker warnings will be generated. +# about an \wclink LANG.FUNCS.IRV Ignored Return Value \endwclink for +# that function. # # Type # integer # +# Behavior +# A smaller value will cause more warnings based on statistical +# decisions. Negative values are prohibited. +# #RETURN_CHECKER_SAMPLE_SIZE = 20 +# Parameter RETURN_CHECKER_RATIO +# # Purpose # Sets a threshold T. If the number of ignored call sites to a given # function is at least T times the number of heeded call sites, no -# Ignored Return Value warnings will be produced. +# \wclink LANG.FUNCS.IRV Ignored Return Value \endwclink warnings +# will be produced. +# +# Type +# Real number between 0 and 1 (inclusive) # # Behavior -# Making this number larger will cause more warnings. +# Making this number larger will cause more warnings. A value of 0 +# will effectively disable statistical warnings. # -# Notes -# A negative ratio would make no sense; the dialog will not accept -# negative numbers. +#RETURN_CHECKER_RATIO = 0.04 + +# Parameter RETURN_CHECKER_CHECKED_FUNCS # -# Type -# real number +# Purpose +# Used by \wclink LANG.FUNCS.IRV Ignored Return Value\endwclink to +# specify exceptions to the statistical analysis: functions whose +# return values will always trigger a warning if ignored. +# +# Type +# \link ../Asides/STkRegExp.html STk-style regular expression\endlink +# +# Behavior +# If the name of a called function matches a \tt +# RETURN_CHECKER_CHECKED_FUNCS regular expression and the return +# value from that function call is ignored, an Ignored Return Value +# warning will always be issued (regardless of the settings of \param +# RETURN_CHECKER_SAMPLE_SIZE and \param RETURN_CHECKER_RATIO). +# +# If the Ignored Return Value warning class is disabled, such as with +# a \param WARNING_FILTER rule, this parameter has no effect. +# +# Notes +# This parameter replaces the csonar_return_check() function +# previously available in the \link ../Extensions/Extensions.html +# Extension API\endlink. +# + +#RETURN_CHECKER_CHECKED_FUNCS += ^access$ +#RETURN_CHECKER_CHECKED_FUNCS += ^bind$ +#RETURN_CHECKER_CHECKED_FUNCS += ^chdir$ +#RETURN_CHECKER_CHECKED_FUNCS += ^chmod$ +#RETURN_CHECKER_CHECKED_FUNCS += ^chown$ +#RETURN_CHECKER_CHECKED_FUNCS += ^chroot$ +#RETURN_CHECKER_CHECKED_FUNCS += ^connect$ +#RETURN_CHECKER_CHECKED_FUNCS += ^dup2$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fchdir$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fchmod$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fchown$ +#RETURN_CHECKER_CHECKED_FUNCS += ^feof$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ferror$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fgetc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fputc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fread$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fscanf$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fseek$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fsetpos$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fstat$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fstatfs$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fsync$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ftell$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ftime$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ftruncate$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ftrylockfile$ +#RETURN_CHECKER_CHECKED_FUNCS += ^fwrite$ +#RETURN_CHECKER_CHECKED_FUNCS += ^getc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^getchar$ +#RETURN_CHECKER_CHECKED_FUNCS += ^lseek$ +#RETURN_CHECKER_CHECKED_FUNCS += ^lstat$ +#RETURN_CHECKER_CHECKED_FUNCS += ^mkdir$ +#RETURN_CHECKER_CHECKED_FUNCS += ^mknod$ +#RETURN_CHECKER_CHECKED_FUNCS += ^pread$ +#RETURN_CHECKER_CHECKED_FUNCS += ^pselect$ +#RETURN_CHECKER_CHECKED_FUNCS += ^pwrite$ +#RETURN_CHECKER_CHECKED_FUNCS += ^read$ +#RETURN_CHECKER_CHECKED_FUNCS += ^readlink$ +#RETURN_CHECKER_CHECKED_FUNCS += ^readv$ +#RETURN_CHECKER_CHECKED_FUNCS += ^recv$ +#RETURN_CHECKER_CHECKED_FUNCS += ^recvfrom$ +#RETURN_CHECKER_CHECKED_FUNCS += ^rename$ +#RETURN_CHECKER_CHECKED_FUNCS += ^scanf$ +#RETURN_CHECKER_CHECKED_FUNCS += ^select$ +#RETURN_CHECKER_CHECKED_FUNCS += ^send$ +#RETURN_CHECKER_CHECKED_FUNCS += ^sendmsg$ +#RETURN_CHECKER_CHECKED_FUNCS += ^sendto$ +#RETURN_CHECKER_CHECKED_FUNCS += ^truncate$ +#RETURN_CHECKER_CHECKED_FUNCS += ^write$ +#RETURN_CHECKER_CHECKED_FUNCS += ^writev$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateEventA$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateEventW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateFileA$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateFileW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateMutexA$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateMutexW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateProcessA$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateProcessW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateThread$ +#RETURN_CHECKER_CHECKED_FUNCS += ^DuplicateHandle$ +#RETURN_CHECKER_CHECKED_FUNCS += ^FindFirstFileA$ +#RETURN_CHECKER_CHECKED_FUNCS += ^FindFirstFileW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^FindNextFileA$ +#RETURN_CHECKER_CHECKED_FUNCS += ^FindNextFileW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetCurrentProcess$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetCurrentProcessId$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetCurrentThread$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetCurrentThreadId$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetExitCodeProcess$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetFileInformationByHandle$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetFileSize$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetFileSizeEx$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetFileTime$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetFileType$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetLastError$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetProcessHeap$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetProcessId$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GetThreadId$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GlobalAlloc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GlobalFlags$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GlobalHandle$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GlobalLock$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GlobalReAlloc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GlobalSize$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapAlloc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapCompact$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapCreate$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapLock$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapQueryInformation$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapReAlloc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapSetInformation$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapSize$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapValidate$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapWalk$ +#RETURN_CHECKER_CHECKED_FUNCS += ^LocalAlloc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^LocalFlags$ +#RETURN_CHECKER_CHECKED_FUNCS += ^LocalHandle$ +#RETURN_CHECKER_CHECKED_FUNCS += ^LocalLock$ +#RETURN_CHECKER_CHECKED_FUNCS += ^LocalReAlloc$ +#RETURN_CHECKER_CHECKED_FUNCS += ^LocalSize$ +#RETURN_CHECKER_CHECKED_FUNCS += ^OpenFile$ +#RETURN_CHECKER_CHECKED_FUNCS += ^OpenProcess$ +#RETURN_CHECKER_CHECKED_FUNCS += ^OpenThread$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ReadFile$ +#RETURN_CHECKER_CHECKED_FUNCS += ^RegOpenKeyExA$ +#RETURN_CHECKER_CHECKED_FUNCS += ^RegOpenKeyExW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^RegQueryValueExA$ +#RETURN_CHECKER_CHECKED_FUNCS += ^RegQueryValueExW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^SetEndOfFile$ +#RETURN_CHECKER_CHECKED_FUNCS += ^SetFilePointer$ +#RETURN_CHECKER_CHECKED_FUNCS += ^SetFilePointerEx$ +#RETURN_CHECKER_CHECKED_FUNCS += ^WaitForSingleObject$ +#RETURN_CHECKER_CHECKED_FUNCS += ^WriteFile$ +#RETURN_CHECKER_CHECKED_FUNCS += ^GlobalUnlock$ +#RETURN_CHECKER_CHECKED_FUNCS += ^HeapUnlock$ +#RETURN_CHECKER_CHECKED_FUNCS += ^LocalUnlock$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ReleaseMutex$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ResetEvent$ +#RETURN_CHECKER_CHECKED_FUNCS += ^SetEvent$ + + +# Parameter RETURN_CHECKER_IGNORED_FUNCS +# +# Purpose +# Used by \wclink LANG.FUNCS.IRV Ignored Return Value\endwclink to +# specify exceptions to the statistical analysis: functions whose +# return values can be ignored without triggering a warning. +# +# Type +# \link ../Asides/STkRegExp.html STk-style regular expression\endlink +# +# Behavior +# If the name of a called function matches a \tt +# RETURN_CHECKER_IGNORED_FUNCS regular expression and the return +# value from that function call is ignored, an Ignored Return Value +# warning will not be issued (regardless of the settings of \param +# RETURN_CHECKER_SAMPLE_SIZE and \param RETURN_CHECKER_RATIO). +# +# If the Ignored Return Value warning class is disabled, such as with +# a \param WARNING_FILTER rule, this parameter has no effect. +# +# Notes +# This parameter replaces the csonar_ignore_return() function +# previously available in the \link ../Extensions/Extensions.html +# Extension API\endlink. # -#RETURN_CHECKER_RATIO = 0.04 +#RETURN_CHECKER_IGNORED_FUNCS += ^strchr$ +#RETURN_CHECKER_IGNORED_FUNCS += ^strlen$ + +# Parameter FORMAT_STRING_CHECKER_SAMPLE_SIZE +# # Purpose # At least this many calls to a given function with a format string # in some fixed argument position must be seen before the sample is -# considered large enough to warn the user about Format String problems. -# -# Behavior -# A smaller positive value will cause more warnings. A nonpositive -# value disables the checking of sample sizes, with the effect that -# no Format String warnings will be generated. +# considered large enough to warn the user about \wclink POSIX.FMT +# Format String \endwclink problems. # # Type # integer +# +# Behavior +# A smaller value will cause more warnings based on statistical +# decisions. Negative values are prohibited. +# #FORMAT_STRING_CHECKER_SAMPLE_SIZE = 20 +# Parameter FORMAT_STRING_CHECKER_RATIO +# # Purpose # Sets a threshold T such that for fixed k, if the number of call # sites to a given function without a format string in the k'th # argument position is at least T times the number of call sites with -# a format string in the k'th argument position, no Format String -# warnings will be produced for the function/position pair. +# a format string in the k'th argument position, no \wclink POSIX.FMT +# Format String \endwclink warnings will be produced for the +# function/position pair. +# +# Type +# Real number between 0 and 1 (inclusive) # # Behavior -# Making this number larger will cause more warnings. +# Making this number larger will cause more warnings. A value of 0 +# will effectively disable statistical warnings. # -# Notes -# A negative ratio would make no sense; the dialog will not accept -# negative numbers. +#FORMAT_STRING_CHECKER_RATIO = 0.4 + + +# Parameter FORMAT_STRING_CHECKER_CHECKED_FUNCS +# +# Purpose +# Used by \wclink POSIX.FMT Format String\endwclink to specify +# exceptions to the statistical analysis: (position, regular +# expression) pairs such that calls to functions whose names match +# the specified regular expression must always have a format string +# argument in the specified position. # # Type -# Real number between 0 and 1 (inclusive) -#FORMAT_STRING_CHECKER_RATIO = 0.4 +# A string of the form +# \code +# , +# \endcode +# where: +# - \tt is an argument position (counting from 1) +# - \tt is an \link ../Asides/STkRegExp.html STk-style regular +# expression\endlink +# +# Behavior +# Calling a function whose name matches \tt without a format +# string in the \tt 'th parameter position will always trigger a +# Format String warning, regardless of the settings of \param +# FORMAT_STRING_CHECKER_SAMPLE_SIZE and \param +# FORMAT_STRING_CHECKER_RATIO. +# +# If the Format String warning class is disabled, such as with +# a \param WARNING_FILTER rule, this parameter has no effect. +# +# Notes +# This parameter replaces the csonar_format_string_check() function +# previously available in the \link ../Extensions/Extensions.html +# Extension API\endlink. +# + +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^__eprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^v?printf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^v?[fs]printf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^syslog$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^v?snprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^v?scanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^[fs]scanf$ + + +# Parameter FORMAT_STRING_CHECKER_IGNORED_FUNCS +# +# Purpose +# Used by \wclink POSIX.FMT Format String\endwclink to specify +# exceptions to the statistical analysis: (position, regular +# expression) pairs such that calls to functions whose names match +# the specified regular expression are never required to have a +# format string argument in the specified position. +# +# Type +# A string of the form +# \code +# , +# \endcode +# where: +# - \tt is an argument position (counting from 1) +# - \tt is an \link ../Asides/STkRegExp.html STk-style regular +# expression\endlink +# +# Behavior +# Calling a function whose name matches \tt without a format +# string in the \tt 'th parameter position will not trigger a +# Format String warning, regardless of the settings of \param +# FORMAT_STRING_CHECKER_SAMPLE_SIZE and \param +# FORMAT_STRING_CHECKER_RATIO. +# +# If the Format String warning class is disabled, such as with +# a \param WARNING_FILTER rule, this parameter has no effect. +# +# Notes +# This parameter replaces the csonar_ignore_format_string() function +# previously available in the \link ../Extensions/Extensions.html +# Extension API\endlink. +# +# Parameter CALL_SITE_EXPANSIONS +# # Purpose # Specifies the extent to which the CodeSonar analysis will expand # call sites for full analysis instead of using summaries to # approximate the behavior of the call. # +# Type +# {None, Some, More, Most} +# # Behavior # A call site will only be expanded if it is on a path and is # especially relevant. # # A higher value for this preference can reduce the number of false # positive results, but will make the analysis take longer. -# +# +# Notes # If a call site on some path is expanded in the CodeSonar analysis, # the corresponding HTML warning report will allow navigation into # the call site. This provides a more complete depiction of program # behavior, but increases the size of the output. # -# Type -# {None, Some, More, Most} #CALL_SITE_EXPANSIONS = Some # CALL_SITE_EXPANSIONS = None # CALL_SITE_EXPANSIONS = More # CALL_SITE_EXPANSIONS = Most +# Parameter CALL_SITE_EXPANSION_BOUND +# # Purpose -# Places a bound on the number of call sites that can be expanded in -# a single warning report. +# Places a bound on the nesting depth of call site expansions (nested +# "+" widgets in warning reports). +# +# Type +# integer # # Notes # A limit that is too high may cause CodeSonar to have a stack -# overflow. The default limit is only encountered in pathological -# cases. Only one program capable of inducing a stack overflow has +# overflow. The default limit is only encountered in pathological +# cases: only one program capable of inducing a stack overflow has # ever been found in the wild. # -# Type -# integer -# #CALL_SITE_EXPANSION_BOUND = 30 +# Parameter ABRIDGE_HTML +# # Purpose # Determines whether HTML warning reports may abridge procedure listings # in order to show only the most relevant parts. # -# Behavior -# When this preference is set to 'No': if a path includes any part of -# a procedure, the warning report will show all of the procedure. -# # Type # {Yes, No} # +# Behavior +# When set to "No": if a path includes any part of a procedure, the +# warning report will show all of the procedure. +# #ABRIDGE_HTML = Yes -# Purpose -# Specifies whether or not CodeSonar will perform checks for the -# "Scope Could Be Local Static" and "Scope Could Be File Static" -# warning classes. -# +# Parameter MAX_FUNCTION_LENGTH +# +# Purpose +# Used by the \wclink LANG.FUNCS.TOOLONG Function Too Long\endwclink +# check: specifies the maximum allowable length of a function. +# # Type -# {Yes, No} +# non-negative integer # -# Behavior -# When set to "Yes", CodeSonar will issue "Scope Could Be Local -# Static" warnings when it detects global or file static variables -# that could be local static, and "Scope Could Be File Static" -# warnings hen it detects global variables that could be file -# static. +# Behavior +# CodeSonar will emit a \wclink LANG.FUNCS.TOOLONG Function Too Long +# \endwclink warning for functions that exceed this length. # -# When set to "No", CodeSonar will not carry out these checks. +# Notes +# Note that the \wclink LANG.FUNCS.TOOLONG Function Too +# Long\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. # -#CHECK_MINSCOPE = No +#MAX_FUNCTION_LENGTH = 60 +# Parameter MIN_ASSERTS +# # Purpose -# Specifies whether or not CodeSonar will perform checks for the -# "Excessive Stack Depth" warning class. +# Used by the \wclink LANG.FUNCS.ASSERTS Not Enough +# Assertions\endwclink check: specifies the minimum number of +# assertions each function must contain. # # Type -# {Yes, No} +# non-negative integer # -# Behavior -# When set to "Yes", CodeSonar will issue "Excessive Stack Depth" -# warnings when the call stack depth exceeds the value specified by -# \param STACK_DEPTH_THRESHOLD. +# Behavior +# CodeSonar will emit a \wclink LANG.FUNCS.ASSERTS Not Enough +# Assertions\endwclink warning when it detects a function with fewer +# calls to a recognizable assert function, provided that the function +# length exceeds the \param MIN_ASSERTS_FUNCTION_LENGTH threshold. +# +# Notes +# Note that the \wclink LANG.FUNCS.ASSERTS Not Enough +# Assertions\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. # -# When set to "No", CodeSonar will not issue any "Excessive Stack -# Depth" warnings. -#CHECK_STACK_DEPTH = No +#MIN_ASSERTS = 2 +# Parameter MIN_ASSERTS_FUNCTION_LENGTH +# # Purpose -# Specifies the call stack depth, in bytes, beyond which an "Excessive Stack -# Depth" warning will be issued. +# Used by the \wclink LANG.FUNCS.ASSERTS Not Enough +# Assertions\endwclink check: specifies the minimum length a +# function must have to be subject to the check. # # Type -# integer +# non-negative integer # # Behavior -# When \param CHECK_STACK_DEPTH is set to "Yes", CodeSonar will issue -# a warning report if the maximum call stack depth exceeds this -# threshold. Otherwise, this parameter has no effect. -#STACK_DEPTH_THRESHOLD = 65536 +# CodeSonar will only check the number of assertions in functions +# whose "lines with code" exceeds this value. +# +# Notes +# Note that the \wclink LANG.FUNCS.ASSERTS Not Enough +# Assertions\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. +# +#MIN_ASSERTS_FUNCTION_LENGTH = 0 +# Parameter MAX_PERMITTED_DEREFS +# # Purpose -# Estimate the activation record size for undefined functions for -# the purpose of measuring the call stack depth. +# Used by the \wclink LANG.STRUCT.TMD Too Many Dereferences\endwclink +# check: specifies the maximum number of dereferencing levels +# permitted on a single item. # # Type -# integer +# non-negative integer # # Behavior -# When \param CHECK_STACK_DEPTH is set to "Yes", CodeSonar will treat -# calls to undefined functions as contributing this many bytes to the -# call stack depth. Otherwise, this parameter has no effect. -#STACK_DEPTH_UNDEFINED_FUNCTION_SIZE = 128 +# If an item is dereferenced by more levels than allowed by this +# parameter, CodeSonar will issue a \wclink LANG.STRUCT.TMD Too Many +# Dereferences\endwclink warning. +# +# Notes +# For example, +# - "*x" has a maximum of one dereference, +# - "*x = *y" also has a maximum of one dereference, +# - "*x[0] = *y" has a maximum of two dereferences. +# +# Note that the \wclink LANG.STRUCT.TMD Too Many +# Dereferences\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. +# +#MAX_PERMITTED_DEREFS = 1 + + +# Parameter PTR_INSIDE_TYPEDEF_EXCEPTION +# +# Purpose +# Used by the \wclink LANG.STRUCT.PIT Pointer Type Inside +# Typedef\endwclink check: specifies types whose typedefs are allowed +# to contain pointer types. +# +# Type +# \link +# ../../../../third-party/boost/libs/regex/doc/html/boost_regex/syntax.html +# Boost regular expression\endlink +# +# Behavior +# If a typedef for type contains a pointer type but matches +# this regular expression, a \wclink LANG.STRUCT.PIT Pointer Type +# Inside Typedef\endwclink warning will not be issued. +# +# Notes +# For example, +# \code +# PTR_INSIDE_TYPEDEF_EXCEPTION += _ptr$ +# \endcode +# specifies that typedefs whose name end with _ptr are allowed to have +# pointers in their definitions. +# +# Note that the \wclink LANG.STRUCT.PIT Pointer Type Inside +# Typedef\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. +#PTR_INSIDE_TYPEDEF_EXCEPTION += _ptr$ + + +# Parameter DFS_MAX_VISITED_COEFFICIENT +# Parameter DFS_MAX_VISITED_CONSTANT +# +# Purpose +# Used by the \wclink LANG.FUNCS.RECURSION Recursion\endwclink and +# \wclink LANG.ALLOC.POSTINIT Dynamic Allocation After +# Initialization\endwclink checks to compute an upper bound on +# the number of procedures the depth-first search in these checks can +# visit in an incremental run. +# +# Type +# \tt DFS_MAX_VISITED_COEFFICIENT : non-negative integer +# +# \tt DFS_MAX_VISITED_CONSTANT : non-negative integer +# +# Behavior +# The depth-first search used by the \wclink LANG.FUNCS.RECURSION +# Recursion\endwclink and \wclink LANG.ALLOC.POSTINIT Dynamic +# Allocation After Initialization\endwclink checks is bounded on +# incremental analyses in proportion to the total number of +# procedures changed since the last analysis. +# +# Specifically, the depth-first search will terminate after visiting a number +# of procedures equal to: +# \tt DFS_MAX_VISITED_COEFFICIENT * (# of procedures changed) +# + \tt DFS_MAX_VISITED_CONSTANT +# +# Notes +# Note that the \wclink LANG.FUNCS.RECURSION Recursion\endwclink and +# \wclink LANG.ALLOC.POSTINIT Dynamic Allocation After +# Initialization\endwclink checks are disabled by default: use +# \param WARNING_FILTER rules to enable them. +# +#DFS_MAX_VISITED_COEFFICIENT = 8 +#DFS_MAX_VISITED_CONSTANT = 128 + + +# Parameter DFS_MAX_LOCAL_VISITED +# +# Purpose +# Used by the \wclink LANG.FUNCS.RECURSION Recursion\endwclink and +# \wclink LANG.ALLOC.POSTINIT Dynamic Allocation After +# Initialization\endwclink checks: specifies a bound on the number +# of procedures visited by a single local depth-first search +# +# Type +# non-negative integer +# +# Behavior +# In incremental analyses, the depth-first search used by the \wclink +# LANG.FUNCS.RECURSION Recursion\endwclink and \wclink +# LANG.ALLOC.POSTINIT Dynamic Allocation After +# Initialization\endwclink checks descends from each procedure that +# changed since the last analysis. Each local depth-first search +# will visit at most \tt DFS_MAX_LOCAL_VISITED procedures. +# +# This works in conjunction with the \param +# DFS_MAX_VISITED_COEFFICIENT and \param DFS_MAX_VISITED_CONSTANT +# configuration options to bound the depth-first search: it prevents +# a single depth-first search from hitting the global bound and +# starving any subsequent searches. +# +# Notes +# Note that the \wclink LANG.FUNCS.RECURSION Recursion\endwclink and +# \wclink LANG.ALLOC.POSTINIT Dynamic Allocation After +# Initialization\endwclink checks are disabled by default: use +# \param WARNING_FILTER rules to enable them. +# +#DFS_MAX_LOCAL_VISITED = 16 +# Parameter STACK_DEPTH_THRESHOLD +# # Purpose -# Estimate the word size to which a compiler will pad individual -# variables. +# Used by the \wclink LANG.STRUCT.CALLSTACK Excessive Stack +# Depth\endwclink check: specifies the maximum allowable depth of the +# call stack, in bytes. # # Type # integer # # Behavior -# When \param CHECK_STACK_DEPTH is set to "Yes", CodeSonar will treat -# variables as being padded to a multiple of this many bytes when -# determining their contribution to the call stack depth. +# If this threshold is exceeded, CodeSonar will issue a \wclink +# LANG.STRUCT.CALLSTACK Excessive Stack Depth\endwclink warning. # -# For example, on a 4-byte word-aligned system, four bytes will -# be allocated by the declaration 'char c', even though only one -# byte is used. +# Notes +# Note that the \wclink LANG.STRUCT.CALLSTACK Excessive Stack +# Depth\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. # -# When \param CHECK_STACK_DEPTH is set to "No", this parameter has no -# effect. -#STACK_DEPTH_COMPILER_PADDING = 4 +#STACK_DEPTH_THRESHOLD = 65536 +# Parameter STACK_DEPTH_UNDEFINED_FUNCTION_SIZE +# # Purpose -# Estimate the constant elements the compiler pushes on the call stack -# for each activation record. +# Used by the \wclink LANG.STRUCT.CALLSTACK Excessive Stack +# Depth\endwclink check: estimates the activation record size for +# undefined functions. # # Type # integer # # Behavior -# When \param CHECK_STACK_DEPTH is set to "Yes", CodeSonar will treat -# every activation record pushed on the call stack as if it -# contributes this many bytes of constant elements to the call stack -# depth. +# CodeSonar will treat calls to undefined functions as contributing +# this many bytes to the call stack depth. # -# For example, the return address is stored on the call stack for every -# activation record. +# Notes +# Note that the \wclink LANG.STRUCT.CALLSTACK Excessive Stack +# Depth\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. # -# When \param CHECK_STACK_DEPTH is set to "No", this parameter has no -# effect. -#STACK_DEPTH_ACTIVATION_RECORD_CONSTANTS = 12 +#STACK_DEPTH_UNDEFINED_FUNCTION_SIZE = 128 -# Purpose -# Specifies whether or not CodeSonar will perform checks for the -# "Potential Unbounded Loop" warning class. +# Parameter STACK_DEPTH_COMPILER_PADDING +# +# Purpose +# Used by the \wclink LANG.STRUCT.CALLSTACK Excessive Stack +# Depth\endwclink check: estimates the word size to which a compiler +# will pad individual variables. # # Type # integer # # Behavior -# When set to "Yes", CodeSonar will issue "Potential Unbounded Loop" -# warnings when it cannot identify loop bounds. This is useful for -# embedded systems where infinite loops can be extremely dangerous. +# CodeSonar will treat variables as being padded to a multiple of +# this many bytes when determining their contribution to the call +# stack depth. +# +# For example, on a 4-byte word-aligned system, four bytes will +# be allocated by the declaration 'char c', even though only one +# byte is used. +# +# Notes +# Note that the \wclink LANG.STRUCT.CALLSTACK Excessive Stack +# Depth\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. # -# When set to "No", CodeSonar will not issue any "Potential -# Unbounded Loop" warnings. -#CHECK_UNBOUNDED_LOOPS = No +#STACK_DEPTH_COMPILER_PADDING = 4 -# Purpose -# Specifies whether or not CodeSonar will perform checks for the -# "Unchecked Parameter Dereference" warning class. +# Parameter STACK_DEPTH_ACTIVATION_RECORD_CONSTANTS +# +# Purpose +# Used by the \wclink LANG.STRUCT.CALLSTACK Excessive Stack +# Depth\endwclink check: estimates the the size of the constant +# elements the compiler pushes on the call stack for each activation +# record. # # Type -# {Yes, No} -# +# integer +# # Behavior -# When set to "Yes", CodeSonar will issue "Unchecked Parameter -# Dereference" warnings when function parameters are dereferenced -# without first being checked for nullness. +# CodeSonar will treat every activation record pushed on the call +# stack as if it contributes this many bytes of constant elements to +# the call stack depth. +# +# For example, the return address is stored on the call stack for every +# activation record. +# +# Notes +# Note that the \wclink LANG.STRUCT.CALLSTACK Excessive Stack +# Depth\endwclink check is disabled by default: use a \param +# WARNING_FILTER rule to enable it. # -# When set to "No", CodeSonar will not issue any "Unchecked Parameter -# Dereference" warnings. -#CHECK_PARAM_DEREFS = No +#STACK_DEPTH_ACTIVATION_RECORD_CONSTANTS = 12 +# Parameter CHECK_EMPTY_BRANCH +# # Purpose # Specifies whether or not CodeSonar will check for conditional # statements with empty bodies. # +# Type +# {Yes, No} +# # Behavior # If "Yes", CodeSonar will carry out checks for the following warning classes: -# - Empty Branch Statement -# - Empty if Statement -# - Empty switch Statement -# - Empty while Statement +# - \wclink LANG.STRUCT.EBS Empty Branch Statement \endwclink +# - \wclink LANG.STRUCT.EBS Empty if Statement \endwclink +# - \wclink LANG.STRUCT.EBS Empty switch Statement \endwclink +# - \wclink LANG.STRUCT.EBS Empty while Statement \endwclink # # If "No", these checks will not be carried out. # -# Type -# {Yes, No} -# #CHECK_EMPTY_BRANCH = Yes -# Purpose -# Output an xml file showing variables modified by each procedure. -# Modifications are stated in terms of inputs to the procedure. +# Parameter EMIT_PROCEDURE_SIDE_EFFECTS +# +# Purpose +# Specifies whether or not CodeSonar will output an xml file showing +# the variables modified by each procedure. # # Type # {Yes, No} # +# Notes +# Modifications are stated in terms of inputs to the procedure. +# #EMIT_PROCEDURE_SIDE_EFFECTS = No +# Parameter REPORT_UNUSED_ASSIGNMENTS_FROM_CONSTANTS +# # Purpose -# Specifies whether or not CodeSonar will issue "Unused Value" warnings -# for values that arise from constant assignments. +# Specifies whether or not CodeSonar will issue \wclink +# LANG.STRUCT.UVAL Unused Value \endwclink warnings for values that +# arise from constant assignments. # # Type # {Yes, No} # # Behavior -# If "Yes", CodeSonar will issue "Unused Value" warnings in cases like: +# If "Yes", CodeSonar will issue Unused Value warnings in cases like: # \code # x = 3; # \endcode # -# If "No", such cases will not trigger "Unused Value" warnings. +# If "No", such cases will not trigger Unused Value warnings. # #REPORT_UNUSED_ASSIGNMENTS_FROM_CONSTANTS = No +# Parameter REPORT_REDUNDANT_CONDITIONS_BASED_ON_CONSTANTS +# # Purpose -# Specifies whether or not CodeSonar will issue "Redundant Condition" -# warnings for conditions testing constant values. +# Specifies whether or not CodeSonar will issue \wclink +# LANG.STRUCT.RC Redundant Condition \endwclink warnings for +# conditions testing constant values. # # Type # {Yes, No} # # Behavior -# If "Yes", CodeSonar will issue "Redundant Condition" warnings in cases like: +# If "Yes", CodeSonar will issue Redundant Condition warnings in cases like: # \code # if ( 0 ) # ... # \endcode # -# If "No", such cases will not trigger "Redundant Condition" warnings. +# If "No", such cases will not trigger Redundant Condition warnings. # #REPORT_REDUNDANT_CONDITIONS_BASED_ON_CONSTANTS = No +# Parameter FUNCTION_MAP +# # Purpose # Tells CodeSonar that function A works like function B. # +# Type +# String of the form "A -> B" where A and B are function names. +# # Behavior # The value "A -> B" indicates that CodeSonar should treat calls to # function A as calls to function B. This is equivalent to writing a # stub using csonar_replace_A that calls B, but may be more -# convenient. The behavior is undefined when the types of A and B -# are not binary-compatible (e.g., the number of parameters differs). +# convenient. +# +# If A -> B and B -> C then A ->C +# +# The behavior is undefined if +# - the types of A and B are not binary-compatible (for example, +# because they have different numbers of parameters), or +# - there are cycles in the function map. # # Notes -# The most common use for this variable is to designate functions -# that end program execution. Designating malloc and free workalikes -# is also a common task. This feature cannot be used with C++ -# identifiers containing spaces. If A -> B and B -> C then A -> C. -# Behavior is undefined in the presence of cycles in the map. +# The most common use cases are: +# - Designating functions that end program execution. +# - Designating \tt malloc and \tt free workalikes. # # For multiple mappings, use a separate \tt FUNCTION_MAP += statement # for each mapping. +# +# This feature cannot be used with C++ identifiers containing spaces. # -# Examples -# If 'fatal' caused the program to end execution, then you would do -# this: +# Examples: +# +# To specify that \tt fatal causes the program to abort: # \code # FUNCTION_MAP += fatal -> abort # \endcode # -# If 'pmalloc' behaved like 'malloc', then you would do this: +# To specify that \tt pmalloc behaves like \tt malloc: # \code # FUNCTION_MAP += pmalloc -> malloc # \endcode # -# If 'pfree' behaved like 'free', then you would do this: +# To specify that \tt pfree behaves like \tt free: # \code # FUNCTION_MAP += pfree -> free # \endcode # -# Type -# String of the form "A -> B" where A and B are function names. -# #FUNCTION_MAP += +# Parameter IGNORE_CPP_CODE +# # Purpose # Specifies whether or not the CodeSonar analysis should check C++ # compilation units. # @@ -2248,670 +3107,181 @@ # #IGNORE_CPP_CODE = No +# Parameter ERROR_SUBMISSION_LIMIT_PER_COMPILATION +# # Purpose # Specifies the maximum number of parse errors submitted to the hub # for a compilation. # +# Type +# integer. -1 means "no limit" +# # Behavior # No more than the specified number of errors will be submitted to # the hub for any single compilation. If the number of errors for -# the compilation exceeds the specified number, a There are more +# the compilation exceeds the specified number, a "There are more # errors" entry is submitted. # -# Type -# integer. -1 means "no limit" -# # Notes # This parameter has no effect on whether or not a compilation is # included in the analysis. # #ERROR_SUBMISSION_LIMIT_PER_COMPILATION = 30 -###################################################################### -#################### Target Settings #################### -###################################################################### -# Purpose -# Specifies whether or not the target has signed characters. -# -# Type -# {Yes, No} +# Parameter VOLATILE_IS_UNKNOWABLE # -#SIGNED_CHARS = Yes - - # Purpose -# Specifies whether or not a 'plain' int bit field is to be treated -# as unsigned. +# Specifies whether reads through volatile types always result in +# unknown values. # # Type # {Yes, No} # -#CS_TARG_PLAIN_INT_BIT_FIELD_IS_UNSIGNED = No - - -# Purpose -# Integer kind associated with wchar_t. +# Behavior +# If set to "Yes", any attempt to read through a volatile type +# will result in an unknown value. # -# Type -# {char, signed_char, unsigned_char, short, -# unsigned_short, int, unsigned_int, long, -# unsigned_long, long_long, unsigned_long_long} +# If set to "No", CodeSonar ignores the \tt volatile keyword. # -#CS_TARG_WCHAR_T_INT_KIND = unsigned_short - - -# Purpose -# Integer kind associated with bool. +# Notes +# The following test case will produce a \wclink LANG.MEM.NPD Null +# Pointer Dereference\endwclink warning if this preference is set to +# "Yes". +# \code +# int *p = 0; +# volatile int i; +# i = 5; +# if( i != 5 ) +# *p; +# \endcode # -# Type -# {char, signed_char, unsigned_char, short, -# unsigned_short, int, unsigned_int, long, -# unsigned_long, long_long, unsigned_long_long} +# The following test case will produce an \wclink LANG.STRUCT.UC +# Unreachable Data Flow\endwclink warning if this preference is set +# to "No". +# \code +# int j; +# volatile int timer = 0; +# while( timer != 1000 ) +# ; +# j = 42; +# \endcode # -#CS_TARG_BOOL_INT_KIND = char +#VOLATILE_IS_UNKNOWABLE = Yes -# Purpose -# Representation for ptrdiff_t: the integer kind large enough to -# hold a pointer value. -# -# Type -# {char, signed_char, unsigned_char, short, -# unsigned_short, int, unsigned_int, long, -# unsigned_long, long_long, unsigned_long_long} +# Parameter FLOAT_IS_ADVERSARIAL # -#CS_TARG_PTRDIFF_T_INT_KIND = int - - # Purpose -# Representation for size_t: the integer kind large enough to hold -# a pointer value. -# -# Type -# {char, signed_char, unsigned_char, short, -# unsigned_short, int, unsigned_int, long, -# unsigned_long, long_long, unsigned_long_long} -# -#CS_TARG_SIZE_T_INT_KIND = unsigned_int - - -# Purpose -# Integer kind associated with the largest signed integer type. In -# C99, this is intmax_t. -# -# Type -# {char, signed_char, unsigned_char, short, -# unsigned_short, int, unsigned_int, long, -# unsigned_long, long_long, unsigned_long_long} -# -#CS_TARG_INTMAX_KIND = long_long - - -# Purpose -# Integer kind associated with the largest unsigned integer type. In -# C99, this is uintmax_t. -# -# Type -# {char, signed_char, unsigned_char, short, -# unsigned_short, int, unsigned_int, long, -# unsigned_long, long_long, unsigned_long_long} -# -#CS_TARG_UINTMAX_KIND = unsigned_long_long - - -# Purpose -# Size of a wchar_t entity. -# -# Type -# integer -# -#CS_TARG_SIZEOF_WCHAR_T = 2 - - -# Purpose -# Size of a short int. -# -# Type -# integer -# -#CS_TARG_SIZEOF_SHORT = 2 - - -# Purpose -# Size of an int. +# Specifies whether all floating point values should be considered +# adversarial. # # Type -# integer +# {Yes, No} # -#CS_TARG_SIZEOF_INT = 4 - - -# Purpose -# Size of a long int. +# Behavior +# If set to "Yes", any attempt to convert a floating point to an +# integer will result in an adversarial value. # -# Type -# integer +# If set to "No", CodeSonar treats floating point values as unknown +# but not adversarial. # -#CS_TARG_SIZEOF_LONG = 4 - - -# Purpose -# Size of a long long int. +# Notes # -# Type -# integer +# The following test case will produce two \wclink LANG.MEM.BO Buffer +# Overrun\endwclink warnings if this preference is set to "Yes". +# \code +# char A[10]; +# double d = 11.0; +# A[d] = 0; +# d = 5.0; +# A[d] = 0; +# \endcode # -#CS_TARG_SIZEOF_LONG_LONG = 8 +#FLOAT_IS_ADVERSARIAL = No -# Purpose -# Size of a pointer. -# -# Type -# integer +# Parameter NULL_SENTINEL_CHAR_SIZE # -#CS_TARG_SIZEOF_POINTER = 4 - - -# Purpose -# Size of a float. +# Purpose +# Specifies the maximum sized integer that should be considered a +# character type for the purpose of tracking the null-terminator +# position. # -# Type -# integer +# Notes +# Setting this to two may prove useful for projects using +# wide characters. However, some approximations that occur as a +# consequence of using this can backfire when a single memory region +# contains multiple zeroes. It is not recommended that users alter +# this unless advised to do so by GrammaTech. # -#CS_TARG_SIZEOF_FLOAT = 4 +#NULL_SENTINEL_CHAR_SIZE = 1 -# Purpose -# Size of a double. -# -# Type -# integer +# Parameter WARN_POINTER_AT_END # -#CS_TARG_SIZEOF_DOUBLE = 8 - - -# Purpose -# Size of a long double. +# Purpose +# Specifies whether \wclink LANG.STRUCT.PPE Pointer Past End of +# Object \endwclink warnings should be issued for pointers that point +# to exactly the end of an object. # # Type -# integer +# {Yes, No} # -#CS_TARG_SIZEOF_LONG_DOUBLE = 8 - - -# Purpose -# Size of a pointer-to-data-member. +# Behavior +# If set to "Yes", Pointer Past End of Object warnings will be issued +# in cases like the following. +# \code +# int A[10]; +# int *p = &A[10]; +# \endcode # -# Type -# integer +# Notes +# This feature is turned off by default because many codebases may +# have cursor pointers that reach the end of an object but are never +# dereferenced, as in the following example. +# \code +# int A[10]; +# int *p; +# for( p = A; p < &A[10]; p++ ); +# \endcode # -#CS_TARG_SIZEOF_PTR_TO_DATA_MEMBER = 4 - +#WARN_POINTER_AT_END = No -# Purpose -# Size of a ptr-to-member-function. -# -# Type -# integer +# Parameter EXTRA_COMPILATION_UNITS # -#CS_TARG_SIZEOF_PTR_TO_MEMBER_FUNCTION = 8 - - # Purpose -# Size of a virtual-function-info entity. +# Specifies extra compilation units to be added to every CodeSonar +# project. In particular, use this parameter to include custom checks +# written with the \link ../Extensions/Extensions.html extension +# API\endlink. # # Type -# integer -# -#CS_TARG_SIZEOF_VIRTUAL_FUNCTION_INFO = 4 - - -# Purpose -# Size of a 'pointer-to-virtual-base-class' member. +# Space-separated list of strings, each representing the full path to +# a .c file. # -# Type -# integer +# Behavior +# For each file listed, CodeSonar will obtain the corresponding IR +# from the file's sibling CSURF.FILES directory and include it in the +# project. # -#CS_TARG_SIZEOF_PTR_TO_VIRTUAL_BASE_CLASS = 4 - - -# Purpose -# Alignment of a short int. +# Notes +# If a path contains spaces, it should be quoted "". # -# Type -# integer +# Every file listed should be a C or C++ source file that has +# previously been compiled in the file's directory with +# \code +# (Windows) +# codesonar -w xcc "-I/codesonar/smel" -c # -#CS_TARG_ALIGNOF_SHORT = 2 +# (Otherwise) +# codesonar -w xcc -I/codesonar/smel -c +# \endcode +#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\csonar_libc_checks.c +#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\cpp_checks.cpp +#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\opnew.cpp +#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\opnewl.cpp +#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\win32_checks.c -# Purpose -# Alignment of an int. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_INT = 4 - - -# Purpose -# Alignment of a long int. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_LONG = 4 - - -# Purpose -# Alignment of a long long int. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_LONG_LONG = 8 - - -# Purpose -# Alignment of a pointer. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_POINTER = 4 - - -# Purpose -# Alignment of a float. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_FLOAT = 4 - - -# Purpose -# Alignment of a double. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_DOUBLE = 8 - - -# Purpose -# Alignment of a long double. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_LONG_DOUBLE = 8 - - -# Purpose -# Alignment of a pointer-to-data-member. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_PTR_TO_DATA_MEMBER = 4 - - -# Purpose -# Alignment of a pointer-to-member-function. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_PTR_TO_MEMBER_FUNCTION = 4 - - -# Purpose -# Alignment of a virtual-function-info entity. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_VIRTUAL_FUNCTION_INFO = 4 - - -# Purpose -# Alignment of a 'pointer-to-virtual-base-class' member. -# -# Type -# integer -# -#CS_TARG_ALIGNOF_PTR_TO_VIRTUAL_BASE_CLASS = 4 - - -# Purpose -# The minimum alignment required for objects of class, struct, and -# union type in the target environment. -# -# Type -# integer -# -#CS_TARG_MINIMUM_STRUCT_ALIGNMENT = 1 - - -# Purpose -# The minimum value which a 'pack alignment' value may have. -# -# Type -# integer -# -#CS_TARG_MINIMUM_PACK_ALIGNMENT = 1 - - -# Purpose -# The maximum value which a 'pack alignment' value may have. -# -# Type -# integer -# -#CS_TARG_MAXIMUM_PACK_ALIGNMENT = 128 - - -# Purpose -# The maximum alignment value which the target can take advantage of. -# -# Type -# integer -# -#CS_TARG_MAXIMUM_INTRINSIC_ALIGNMENT = 8 - - -# Purpose -# Default alignment for fields of type short. Could be different from -# the intrinsic alignment of short. -# -# Type -# integer -# -#CS_TARG_SHORT_FIELD_ALIGNMENT = 2 - - -# Purpose -# Default alignment for fields of type int. Could be different from -# the intrinsic alignment of int. -# -# Type -# integer -# -#CS_TARG_INT_FIELD_ALIGNMENT = 4 - - -# Purpose -# Default alignment for fields of type long. Could be different from -# the intrinsic alignment of long. -# -# Type -# integer -# -#CS_TARG_LONG_FIELD_ALIGNMENT = 4 - - -# Purpose -# Default alignment for fields of type long long. Could be different from -# the intrinsic alignment of long long. -# -# Type -# integer -# -#CS_TARG_LONG_LONG_FIELD_ALIGNMENT = 8 - - -# Purpose -# Default alignment for fields of type float. Could be different from -# the intrinsic alignment of float. -# -# Type -# integer -# -#CS_TARG_FLOAT_FIELD_ALIGNMENT = 4 - - -# Purpose -# Default alignment for fields of type double. Could be different -# from the intrinsic alignment of double. -# -# Type -# integer -# -#CS_TARG_DOUBLE_FIELD_ALIGNMENT = 8 - - -# Purpose -# Default alignment for fields of type long double. Could be -# different from the intrinsic alignment of long double. -# -# Type -# integer -# -#CS_TARG_LONG_DOUBLE_FIELD_ALIGNMENT = 8 - - -# Purpose -# Container size to be used for bit-fields. -# -# Behavior -# If > 0, indicates the size in bytes of one of the integral types. -# -# 0 means 'use the smallest integral type into which the field will -# fit'. -# -# < 0 means 'use the base type given in the declaration. -# -# Type -# integer -# -#CS_TARG_BIT_FIELD_CONTAINER_SIZE = 4 - - -# Purpose -# Specifies whether or not bit-field allocation follows the conventions -# of Microsoft C/C++. -# -# Behavior -# When "Yes", bit-field allocation follows the conventions of -# Microsoft C/C++. -# -# Notes -# The value of targ_bit_field_container_size must be -1 and there is a -# two-stage allocation: first a bit-field container based on the -# bit-field type is allocated (as though it were a field in its own -# right), then bit fields are allocated within it. When the -# bit-field type changes or the container fills up, a new container is -# allocated. -# -# Type -# {Yes, No} -# -#CS_TARG_MICROSOFT_BIT_FIELD_ALLOCATION = No - - -# Purpose -# Specifies how to treat a 'plain' int bit field of length 1. -# -# Behavior -# If "Yes", treat a 'plain' int bit field of length 1 as -# unsigned regardless of the setting of -# targ_plain_int_bit_field_is_unsigned (because a bit field -# consisting of only a sign is not very useful). -# -# Type -# {Yes, No} -# -#CS_TARG_FORCE_ONE_BIT_BIT_FIELD_TO_BE_UNSIGNED = Yes - - -# Purpose -# Specifies signedness for enum bit fields (an extension in C). -# -# Behavior -# If "Yes", enum bit fields are always unsigned. -# -# If "No", signedness depends on the signedness and size of the -# values of the enum and defaults to the signedness indicated by -# \param CS_TARG_NONNEGATIVE_ENUM_BIT_FIELD_IS_UNSIGNED. -# -# Notes -# This parameter needs to be set to "No" to allow fully-standard C++. -# -# Type -# {Yes, No} -# -#CS_TARG_ENUM_BIT_FIELDS_ARE_ALWAYS_UNSIGNED = Yes - - -# Purpose -# Specifies signedness for enum bit fields whose enum types have -# enumerators that could all fit in the nonnegative range of the bit -# field if it were signed. -# -# Notes -# This setting is ignored if \param -# CS_TARG_ENUM_BIT_FIELDS_ARE_ALWAYS_UNSIGNED is set to "Yes".) -# -# Type -# {Yes, No} -# -#CS_TARG_NONNEGATIVE_ENUM_BIT_FIELD_IS_UNSIGNED = No - - -# Purpose -# Alignment adjustment to be made when a zero-width (unnamed) bit -# field is declared. -# -# Behavior -# If > 0 it is the alignment to be used (typically the alignment of -# one of the integral types, in which case the value should be cast -# to a_targ_alignment). -# -# If zero, means 'use the minimal alignment', which is single-byte -# alignment. -# -# If <0, means 'use the alignment of the base type given in the -# declaration'. -# -# Type -# integer -# -#CS_TARG_ZERO_WIDTH_BIT_FIELD_ALIGNMENT = 4 - - -# Purpose -# Specifies whether or not the alignment adjustment when a zero-width -# (unnamed) bit-field is declared affects the overall alignment of -# the struct as well as the alignment of the next field. -# -# Type -# {Yes, No} -# -#CS_TARG_ZERO_WIDTH_BIT_FIELD_AFFECTS_STRUCT_ALIGNMENT = Yes - - -# Purpose -# Specifies whether or not the alignment adjustment when an unnamed -# bit-field is declared affects the overall alignment of the struct -# as well as the alignment of the next field. -# -# Type -# {Yes, No} -# -#CS_TARG_UNNAMED_BIT_FIELD_AFFECTS_STRUCT_ALIGNMENT = Yes - -# Purpose -# Specifies whether or not '#pragma pack(n)' and the command-line -# option '--pack_alignment=n' affect the alignment of bit field -# containers (when bit fields straddle container alignment -# boundaries). -# -# Type -# {Yes, No} -# -#CS_TARG_USER_CONTROL_OF_STRUCT_PACKING_AFFECTS_BIT_FIELDS = Yes - - -# Purpose -# Specifies whether or not fields longer than their base types are -# padded out to the full declared length. -# -# Behavior -# If "Yes", bit fields longer than their base types are padded out to -# the full declared length. -# -# If "No", only as many bits are allocated as are in the base type. -# -# In either case, the bit field itself has the same number of bits; -# the extra bits are padding bits. -# -# Type -# {Yes, No} -# -#CS_TARG_PAD_BIT_FIELDS_LARGER_THAN_BASE_TYPE = Yes - - -# Purpose -# Maximum ptrdiff_t value. -# -# Type -# integer -# -#CS_TARG_PTRDIFF_T_MAX = 2147483647 - - -# Purpose -# Minimum ptrdiff_t value. -# -# Type -# integer -# -#CS_TARG_PTRDIFF_T_MIN = -2147483648 - - -# Purpose -# The limit of the host representation of size_t constants; the range -# it defines can be equal to or smaller than the integer size implied -# by size_t_int_kind. -# -# Type -# integer -# -#CS_TARG_SIZE_T_MAX = 4294967295 - - -# Behavior -# If "Yes", enum types will be allocated in the smallest integral -# type in which they will fit. -# -# If "No", enum types will be allocated in ints. -# -# Type -# {Yes, No} -# -#CS_TARG_ENUM_TYPES_CAN_BE_SMALLER_THAN_INT = No - - -# Purpose -# Specifies whether or not a right shift on a signed quantity does -# sign extension. -# -# Type -# {Yes, No} -# -#CS_TARG_RIGHT_SHIFT_IS_ARITHMETIC = Yes - - -# Purpose -# Specifies whether or not a shift with a too-large shift count is -# treated as if the shift count is reduced modulo the bit size of -# the object. -# -# Type -# {Yes, No} -# -#CS_TARG_TOO_LARGE_SHIFT_COUNT_IS_TAKEN_MODULO_SIZE = No -