--- proj3.4.conf 2013-08-30 14:23:15.598585200 -0400 +++ proj3.5p1.conf 2013-08-30 14:23:33.522295400 -0400 @@ -458,16 +458,30 @@ # # Notes # For example, # \code -# IGNORED_COMPILATIONS += ^.*foo.c$ +# IGNORED_COMPILATIONS += ^.*foo\.c$ # \endcode # specifies that compilations of files whose paths end in "foo.c" # should be ignored. This includes compilations of "foo.c", # "/usr/local/foo.c", and "mydir/myfoo.c", but not "foo.cpp". # # You can specify as many \tt IGNORED_COMPILATIONS entries as you # want. +# +# Note that backslashes used as directory separators need to be +# escaped, so a rule containing a Windows path will look (something) +# like the following: +# \code +# IGNORED_COMPILATIONS += bar\\foo\.c +# \endcode +# +# The forward slashes used as directory separators on other systems +# do not require escaping: +# \code +# IGNORED_COMPILATIONS += bar/foo\.c +# \endcode +# # Parameter IGNORED_COMPILATION_COMMANDS # @@ -1009,9 +1023,9 @@ # Notes # If environment variable \tt CS_PREPROCESS_IF_FAIL is set, its # value will override the setting of this parameter. # -#PREPROCESS_IF_FAIL = No +#PREPROCESS_IF_FAIL = Yes # Parameter PREPROCESS_ALWAYS # @@ -1273,23 +1287,23 @@ # WARNING_FILTER += discard class="Free Non-Heap Variable" # WARNING_FILTER += discard class="Free Null Pointer" # WARNING_FILTER += discard class="Function Call Has No Effect" # WARNING_FILTER += discard class="Ignored Return Value" -# WARNING_FILTER += discard class="Insecure Randomness" -# WARNING_FILTER += discard class="Insecure Temporary File" # WARNING_FILTER += discard class="Leak" # WARNING_FILTER += discard class="Misaligned Object" # WARNING_FILTER += discard class="Missing Return Statement" # WARNING_FILTER += discard class="Negative Character Value" # WARNING_FILTER += discard class="Negative Shift Amount" # WARNING_FILTER += discard class="Negative File Descriptor" +# WARNING_FILTER += discard class="No Space For Null Terminator" # WARNING_FILTER += discard class="Null Pointer Dereference" # WARNING_FILTER += discard class="Null Test After Dereference" -# WARNING_FILTER += discard class="Potential Unbounded Loop" +# WARNING_FILTER += discard class="Overlapping Memory Regions" # WARNING_FILTER += discard class="Redundant Condition" # WARNING_FILTER += discard class="Return Pointer to Freed" # WARNING_FILTER += discard class="Return Pointer to Local" # WARNING_FILTER += discard class="Shift Amount Exceeds Bit Width" +# WARNING_FILTER += discard class="Socket In Wrong State" # WARNING_FILTER += discard class="Try-lock that will never succeed" # WARNING_FILTER += discard class="Type Overrun" # WARNING_FILTER += discard class="Type Underrun" # WARNING_FILTER += discard class="Uninitialized Variable" @@ -1297,46 +1311,28 @@ # WARNING_FILTER += discard class="Unreachable Computation" # WARNING_FILTER += discard class="Unreachable Conditional" # WARNING_FILTER += discard class="Unreachable Control Flow" # WARNING_FILTER += discard class="Unreachable Data Flow" +# WARNING_FILTER += discard class="Unreasonable Size Argument" # WARNING_FILTER += discard class="Unused Value" # WARNING_FILTER += discard class="Use After Close" # WARNING_FILTER += discard class="Use After Free" +# WARNING_FILTER += discard class="Use of crypt" +# WARNING_FILTER += discard class="Use of gets" +# WARNING_FILTER += discard class="Use of getwd" +# WARNING_FILTER += discard class="Use of LoadModule" +# WARNING_FILTER += discard class="Use of mktemp" +# WARNING_FILTER += discard class="Use of realpath" +# WARNING_FILTER += discard class="Use of tmpfile" +# WARNING_FILTER += discard class="Use of tmpnam" +# WARNING_FILTER += discard class="Use of WinExec" # WARNING_FILTER += discard class="Useless Assignment" # WARNING_FILTER += discard class="Varargs Function Cast" -# WARNING_FILTER += discard class="accept on socket in wrong state" -# WARNING_FILTER += discard class="access After Open" -# WARNING_FILTER += discard class="alloca Buffer Length Unreasonable" -# WARNING_FILTER += discard class="bcopy Length Unreasonable" -# WARNING_FILTER += discard class="bind on socket in wrong state" -# WARNING_FILTER += discard class="calloc Object Count Unreasonable" -# WARNING_FILTER += discard class="calloc Object Length Unreasonable" -# WARNING_FILTER += discard class="chmod After Open" -# WARNING_FILTER += discard class="chown After Open" -# WARNING_FILTER += discard class="connect on socket in wrong state" -# WARNING_FILTER += discard class="listen on socket in wrong state" -# WARNING_FILTER += discard class="malloc Buffer Length Unreasonable" -# WARNING_FILTER += discard class="memccpy Length Unreasonable" -# WARNING_FILTER += discard class="memccpy With Overlapping Regions" -# WARNING_FILTER += discard class="memcpy Length Unreasonable" -# WARNING_FILTER += discard class="memcpy With Overlapping Regions" -# WARNING_FILTER += discard class="realloc Buffer Length Unreasonable" -# WARNING_FILTER += discard class="recv on socket in wrong state" -# WARNING_FILTER += discard class="recvfrom on socket in wrong state" -# WARNING_FILTER += discard class="recvmsg on socket in wrong state" -# WARNING_FILTER += discard class="send on socket in wrong state" -# WARNING_FILTER += discard class="stat After Open" -# WARNING_FILTER += discard class="strcpy With Overlapping Regions" -# WARNING_FILTER += discard class="strncpy Does Not Null-terminate" -# WARNING_FILTER += discard class="strncpy Length Unreasonable" -# WARNING_FILTER += discard class="strncpy With Overlapping Regions" # \endcode # # The following checks are disabled by default. To enable checks for # a particular class, use the corresponding "allow" rule. # \code -# WARNING_FILTER += allow class="Call to longjmp" -# WARNING_FILTER += allow class="Call to setjmp" # WARNING_FILTER += allow class="Conditional Compilation" # WARNING_FILTER += allow class="Excessive Stack Depth" # WARNING_FILTER += allow class="Function Too Long" # WARNING_FILTER += allow class="Function Pointer" @@ -1351,15 +1347,18 @@ # WARNING_FILTER += allow class="Not Enough Assertions" # WARNING_FILTER += allow class="Pointer Before Beginning of Object" # WARNING_FILTER += allow class="Pointer Past End of Object" # WARNING_FILTER += allow class="Pointer Type Inside Typedef" +# WARNING_FILTER += allow class="Potential Unbounded Loop" # WARNING_FILTER += allow class="Recursion" # WARNING_FILTER += allow class="Recursive Macro" # WARNING_FILTER += allow class="Scope Could Be File Static" # WARNING_FILTER += allow class="Scope Could Be Local Static" # WARNING_FILTER += allow class="Too Many Dereferences" # WARNING_FILTER += allow class="Unbalanced Parenthesis" # WARNING_FILTER += allow class="Unchecked Parameter Dereference" +# WARNING_FILTER += allow class="Use of longjmp" +# WARNING_FILTER += allow class="Use of setjmp" # WARNING_FILTER += allow class="Variadic Macro" # \endcode # # To enable all \link ../WarningClasses/Pow10Checks.html Power of @@ -1392,20 +1391,35 @@ # - \tt BAD_FUNCTION_REGEX is a regular expression. If a reference # to a function that matches this is found, then a warning # is issued. # - \tt BAD_FUNCTION_MESSAGE is the text of the message that will -# be shown. This defaults to "Bad Function". +# be shown, and will also be used as the warning class name. It +# defaults to "Bad Function". # - \tt BAD_FUNCTION_CATEGORIES is the set of categories for the warning, # as a semicolon-separated list. This defaults to the empty string. # - \tt BAD_FUNCTION_RANK is the rank assigned to the warning, with # default 15.0. # # Notes -# For example, +# +# If two or more sets of \tt BAD_FUNCTION_* rules have the same \tt +# BAD_FUNCTION_MESSAGE value, the same warning class will be used to +# cover all cases. Therefore, sets of rules with the same \tt +# BAD_FUNCTION_MESSAGE should also have the same \tt +# BAD_FUNCTION_CATEGORIES and \tt BAD_FUNCTION_RANK values (that is, +# they should only differ in the \tt BAD_FUNCTION_REGEX setting). +# +# Similarly, if a set of \tt BAD_FUNCTION_* rules has a \tt # +# BAD_FUNCTION_MESSAGE that is the same as the name of a standard # +# CodeSonar warning class, the category and rank settings of the # +# standard class will apply and any \tt BAD_FUNCTION_CATEGORIES or +# \tt # BAD_FUNCTION_RANK specified in the set will not be used. +# +# Examples: # \code # BAD_FUNCTION_REGEX = ^gets$ -# BAD_FUNCTION_MESSAGE = Dangerous Function -# BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:242 +# BAD_FUNCTION_MESSAGE = Use of gets +# BAD_FUNCTION_CATEGORIES = BADFUNC.BO.GETS;CWE:242 # BAD_FUNCTION_RANK = 1.0 # \endcode # specifies that uses of the function "gets" should be flagged as # warnings. @@ -1416,25 +1430,92 @@ # \link http://cwe.mitre.org/data/definitions/14.html CWE:14\endlink # for details. # \code # BAD_FUNCTION_REGEX = ^memset$ -# BAD_FUNCTION_MESSAGE = Insecure Optimization -# BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:14 +# BAD_FUNCTION_MESSAGE = Use of memset +# BAD_FUNCTION_CATEGORIES = BADFUNC.MEMSET;CWE:14 # BAD_FUNCTION_RANK = 10.0 # \endcode +# +# For functions in C++ compilation units with C++ linkage, the +# regular expression will be matched against the fully qualified +# function signature (including namespace and template +# components). For example, suppose we have function \tt myfunc() in +# such a compilation unit, where \tt myfunc() returns \tt int and has +# one int parameter. Then: +# \code +# BAD_FUNCTION_REGEX = ^int myfunc(int)$ +# \endcode +# will match a use of \tt myfunc(). If \tt myfunc() is overloaded, +# only uses with the corresponding type signature will match. We can +# remove the delimiters from the regular expression to widen the search: +# \code +# BAD_FUNCTION_REGEX = myfunc +# \endcode +# will match all uses of \tt myfunc(), regardless of type signature, +# but will also match uses of \tt myfunc_2(), \tt not_myfunc(), and +# so on. It is important to note that +# \code +# BAD_FUNCTION_REGEX = ^myfunc$ +# \endcode +# will not match ANY use of \tt myfunc() in this compilation unit. +# +# To inspect the function signature strings that CodeSonar will be +# matching \tt BAD_FUNCTION_REGEX expressions against, write a \link +# ../API/CodeSonarPlugins/PluginAPI.html CodeSonar plug-in\endlink +# that traverses the PDGs of the project, getting the function +# ABS_LOC for each and then printing its name. +# +# The \tt $str$Class_Name form used in some of the \tt +# BAD_FUNCTION_MESSAGE factory settings is for internal GrammaTech +# use. Do not imitate this format: specify plain class names as shown +# in the examples above. + #BAD_FUNCTION_REGEX = ^crypt$ -#BAD_FUNCTION_MESSAGE = Insecure Randomness -#BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:330 +#BAD_FUNCTION_MESSAGE = $Insecure Randomness$Use of crypt +#BAD_FUNCTION_CATEGORIES = BADFUNC.CRYPT;BSI:CRYPT-01;BSI:CRYPT-02;CWE:326;CWE:330 +#BAD_FUNCTION_RANK = 40.0 + +#BAD_FUNCTION_REGEX = ^gets$|^_get(t|w)s$ +#BAD_FUNCTION_MESSAGE = $Dangerous Function$Use of gets +#BAD_FUNCTION_CATEGORIES = BADFUNC.BO.GETS;BSI:GETS;CWE:120;CWE:242 +#BAD_FUNCTION_RANK = 1.0 -#BAD_FUNCTION_REGEX = ^mks?temp$|^_?tmpfile$|^tmpnam(_r)?$ -#BAD_FUNCTION_MESSAGE = Insecure Temporary File -#BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:377 - -#BAD_FUNCTION_REGEX = ^gets$ -#BAD_FUNCTION_MESSAGE = BAD_FUNC$Buffer Overrun -#BAD_FUNCTION_CATEGORIES = POSIX.FUNCS.INSECURE;CWE:242 +#BAD_FUNCTION_REGEX = ^_?tmpfile$ +#BAD_FUNCTION_MESSAGE = $Insecure Temporary File$Use of tmpfile +#BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.TMPNAM;BSI:TMPNAM-TMPFILE;BSI:Truncate;CWE:377 +#BAD_FUNCTION_RANK = 42.0 + +#BAD_FUNCTION_REGEX = ^tmpnam(_r)?$|^_(t|w)tmpnam$ +#BAD_FUNCTION_MESSAGE = $Insecure Temporary File$Use of tmpnam +#BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.TMPNAM;BSI:TMPNAM-TMPFILE;BSI:Truncate;CWE:377 +#BAD_FUNCTION_RANK = 43.0 + +#BAD_FUNCTION_REGEX = ^tempnam$|^_(t|w)?tempnam$ +#BAD_FUNCTION_MESSAGE = $Insecure Temporary File$Use of tmpnam +#BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.TMPNAM;BSI:TMPNAM-TMPFILE;BSI:Truncate;CWE:377 +#BAD_FUNCTION_RANK = 43.0 + +#BAD_FUNCTION_REGEX = ^GetTempFileName(A|W)?$ +#BAD_FUNCTION_REGEX = Use of GetTempFileName +#BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.GETTEMPFILENAME;BSI:GetTempFileName;CWE:377 +#BAD_FUNCTION_RANK = 43.0 + +#BAD_FUNCTION_REGEX = ^setjmp$ +#BAD_FUNCTION_MESSAGE = $Call to setjmp$Use of setjmp +#BAD_FUNCTION_CATEGORIES = BADFUNC.SETJMP;POW10:1 #BAD_FUNCTION_RANK = 1.0 +#BAD_FUNCTION_REGEX = ^longjmp$ +#BAD_FUNCTION_MESSAGE = $Call to longjmp$Use of longjmp +#BAD_FUNCTION_CATEGORIES = BADFUNC.LONGJMP;POW10:1 +#BAD_FUNCTION_RANK = 12.0 + +#BAD_FUNCTION_REGEX = ^mks?temp$|^_(t|w)?mktemp$ +#BAD_FUNCTION_MESSAGE = $Insecure Temporary File$Use of mktemp +#BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.MKTEMP;BSI:MKTEMP;BSI:Mkstemp;CWE:377 +#BAD_FUNCTION_RANK = 47.0 + # Parameter PLUGINS # # Purpose @@ -1778,13 +1859,13 @@ # unlikely to expire using the default value for \param SEARCH_BOUND. # # This parameter affects checks for most warning classes. The classes # NOT affected are: -# - \wclink LANG.TYPE.NEGCHAR Negative Character Value \endwclink # - \wclink LANG.CAST.FN Dangerous Function Cast \endwclink # - \wclink LANG.STRUCT.EBS Empty {Branch, if, switch, while} # Statement \endwclink -# - \wclink POSIX.FUNCS.NOEFFECT Function Call Has No Effect \endwclink +# - \wclink MISC.NOEFFECT Function Call Has No Effect \endwclink +# - \wclink MISC.NEGCHAR Negative Character Value \endwclink # - \wclink LANG.CAST.VARARG Varargs Function Cast \endwclink # #TIME_LIMIT_INTRA_EXPLORE = 25 @@ -1812,16 +1893,15 @@ # to be exceeded in large procedures. # # This parameter affects checks for most warning classes. The classes # NOT affected are: -# - \wclink LANG.TYPE.NEGCHAR Negative Character Value \endwclink # - \wclink LANG.CAST.FN Dangerous Function Cast \endwclink # - \wclink LANG.STRUCT.EBS Empty {Branch, if, switch, while} # Statement \endwclink -# - \wclink POSIX.FMT Format String \endwclink -# - \wclink POSIX.FUNCS.NOEFFECT Function Call Has No Effect \endwclink +# - \wclink MISC.FMT Format String \endwclink +# - \wclink MISC.NOEFFECT Function Call Has No Effect \endwclink # - \wclink LANG.FUNCS.IRV Ignored Return Value \endwclink -# - \wclink LANG.ALLOC.LEAK Leak \endwclink +# - \wclink MISC.NEGCHAR Negative Character Value \endwclink # - \wclink LANG.STRUCT.NTAD Null Test After Dereference \endwclink # - \wclink LANG.STRUCT.ULOOP Potential Unbounded Loop \endwclink # - \wclink LANG.STRUCT.RC Redundant Condition \endwclink # - The \wclink LANG.STRUCT.UC Unreachable Code \endwclink family: @@ -2361,8 +2441,9 @@ #RETURN_CHECKER_CHECKED_FUNCS += ^ftrylockfile$ #RETURN_CHECKER_CHECKED_FUNCS += ^fwrite$ #RETURN_CHECKER_CHECKED_FUNCS += ^getc$ #RETURN_CHECKER_CHECKED_FUNCS += ^getchar$ +#RETURN_CHECKER_CHECKED_FUNCS += ^getcwd$ #RETURN_CHECKER_CHECKED_FUNCS += ^lseek$ #RETURN_CHECKER_CHECKED_FUNCS += ^lstat$ #RETURN_CHECKER_CHECKED_FUNCS += ^mkdir$ #RETURN_CHECKER_CHECKED_FUNCS += ^mknod$ @@ -2382,22 +2463,20 @@ #RETURN_CHECKER_CHECKED_FUNCS += ^sendto$ #RETURN_CHECKER_CHECKED_FUNCS += ^truncate$ #RETURN_CHECKER_CHECKED_FUNCS += ^write$ #RETURN_CHECKER_CHECKED_FUNCS += ^writev$ -#RETURN_CHECKER_CHECKED_FUNCS += ^CreateEventA$ -#RETURN_CHECKER_CHECKED_FUNCS += ^CreateEventW$ -#RETURN_CHECKER_CHECKED_FUNCS += ^CreateFileA$ -#RETURN_CHECKER_CHECKED_FUNCS += ^CreateFileW$ -#RETURN_CHECKER_CHECKED_FUNCS += ^CreateMutexA$ -#RETURN_CHECKER_CHECKED_FUNCS += ^CreateMutexW$ -#RETURN_CHECKER_CHECKED_FUNCS += ^CreateProcessA$ -#RETURN_CHECKER_CHECKED_FUNCS += ^CreateProcessW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CAccessToken::Impersonate$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CAccessToken::ImpersonateLoggedOnUser$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CoImpersonateClient$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateEvent[AW]?$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateFile[AW]?$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateMutex[AW]?$ +#RETURN_CHECKER_CHECKED_FUNCS += ^CreateProcess[AW]?$ #RETURN_CHECKER_CHECKED_FUNCS += ^CreateThread$ +#RETURN_CHECKER_CHECKED_FUNCS += ^DdeImpersonateClient$ #RETURN_CHECKER_CHECKED_FUNCS += ^DuplicateHandle$ -#RETURN_CHECKER_CHECKED_FUNCS += ^FindFirstFileA$ -#RETURN_CHECKER_CHECKED_FUNCS += ^FindFirstFileW$ -#RETURN_CHECKER_CHECKED_FUNCS += ^FindNextFileA$ -#RETURN_CHECKER_CHECKED_FUNCS += ^FindNextFileW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^FindFirstFile[AW]?$ +#RETURN_CHECKER_CHECKED_FUNCS += ^FindNextFile[AW]?$ #RETURN_CHECKER_CHECKED_FUNCS += ^GetCurrentProcess$ #RETURN_CHECKER_CHECKED_FUNCS += ^GetCurrentProcessId$ #RETURN_CHECKER_CHECKED_FUNCS += ^GetCurrentThread$ #RETURN_CHECKER_CHECKED_FUNCS += ^GetCurrentThreadId$ @@ -2426,8 +2505,13 @@ #RETURN_CHECKER_CHECKED_FUNCS += ^HeapSetInformation$ #RETURN_CHECKER_CHECKED_FUNCS += ^HeapSize$ #RETURN_CHECKER_CHECKED_FUNCS += ^HeapValidate$ #RETURN_CHECKER_CHECKED_FUNCS += ^HeapWalk$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ImpersonateDdeClientWindow$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ImpersonateLoggedOnUser$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ImpersonateNamedPipeClient$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ImpersonateSecurityContext$ +#RETURN_CHECKER_CHECKED_FUNCS += ^ImpersonateSelf$ #RETURN_CHECKER_CHECKED_FUNCS += ^LocalAlloc$ #RETURN_CHECKER_CHECKED_FUNCS += ^LocalFlags$ #RETURN_CHECKER_CHECKED_FUNCS += ^LocalHandle$ #RETURN_CHECKER_CHECKED_FUNCS += ^LocalLock$ @@ -2435,16 +2519,18 @@ #RETURN_CHECKER_CHECKED_FUNCS += ^LocalSize$ #RETURN_CHECKER_CHECKED_FUNCS += ^OpenFile$ #RETURN_CHECKER_CHECKED_FUNCS += ^OpenProcess$ #RETURN_CHECKER_CHECKED_FUNCS += ^OpenThread$ +#RETURN_CHECKER_CHECKED_FUNCS += ^QuerySecurityContextToken$ #RETURN_CHECKER_CHECKED_FUNCS += ^ReadFile$ -#RETURN_CHECKER_CHECKED_FUNCS += ^RegOpenKeyExA$ -#RETURN_CHECKER_CHECKED_FUNCS += ^RegOpenKeyExW$ -#RETURN_CHECKER_CHECKED_FUNCS += ^RegQueryValueExA$ -#RETURN_CHECKER_CHECKED_FUNCS += ^RegQueryValueExW$ +#RETURN_CHECKER_CHECKED_FUNCS += ^RegOpenKeyEx[AW]?$ +#RETURN_CHECKER_CHECKED_FUNCS += ^RegQueryValueEx[AW]?$ +#RETURN_CHECKER_CHECKED_FUNCS += ^RpcImpersonateClient$ #RETURN_CHECKER_CHECKED_FUNCS += ^SetEndOfFile$ +#RETURN_CHECKER_CHECKED_FUNCS += ^SetEntriesInAcl[AW]?$ #RETURN_CHECKER_CHECKED_FUNCS += ^SetFilePointer$ #RETURN_CHECKER_CHECKED_FUNCS += ^SetFilePointerEx$ +#RETURN_CHECKER_CHECKED_FUNCS += ^SetThreadToken$ #RETURN_CHECKER_CHECKED_FUNCS += ^WaitForSingleObject$ #RETURN_CHECKER_CHECKED_FUNCS += ^WriteFile$ #RETURN_CHECKER_CHECKED_FUNCS += ^GlobalUnlock$ #RETURN_CHECKER_CHECKED_FUNCS += ^HeapUnlock$ @@ -2488,9 +2574,9 @@ # # Purpose # At least this many calls to a given function with a format string # in some fixed argument position must be seen before the sample is -# considered large enough to warn the user about \wclink POSIX.FMT +# considered large enough to warn the user about \wclink MISC.FMT # Format String \endwclink problems. # # Type # integer @@ -2507,9 +2593,9 @@ # Purpose # Sets a threshold T such that for fixed k, if the number of call # sites to a given function without a format string in the k'th # argument position is at least T times the number of call sites with -# a format string in the k'th argument position, no \wclink POSIX.FMT +# a format string in the k'th argument position, no \wclink MISC.FMT # Format String \endwclink warnings will be produced for the # function/position pair. # # Type @@ -2524,9 +2610,9 @@ # Parameter FORMAT_STRING_CHECKER_CHECKED_FUNCS # # Purpose -# Used by \wclink POSIX.FMT Format String\endwclink to specify +# Used by \wclink MISC.FMT Format String\endwclink to specify # exceptions to the statistical analysis: (position, regular # expression) pairs such that calls to functions whose names match # the specified regular expression must always have a format string # argument in the specified position. @@ -2557,20 +2643,44 @@ # Extension API\endlink. # #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^__eprintf$ -#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^v?printf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^_[ct]printf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^_ftprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^_s[tw]printf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^_v?sn[tw]?printf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^_v?stprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^[fs]wprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^snwprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^v?w?printf$ #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^v?[fs]printf$ -#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^syslog$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^vfwprintf$ #FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^v?snprintf$ -#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^v?scanf$ -#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^[fs]scanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^vstprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^vswprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^wnsprintf[AW]?$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^wsprintf[AW]?$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^wvsprintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^wvnsprintf[AW]?$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^_cscanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^_[fs]tscanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^_tscanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^f[tw]?scanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^sw?scanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^v?[fs]scanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^vftscanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^[vw]?scanf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^StringCchPrintf$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^v?syslog$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^CH?String::FormatV?$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^CHString::FormatMessageW$ +#FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^CString::FormatMessageV?$ # Parameter FORMAT_STRING_CHECKER_IGNORED_FUNCS # # Purpose -# Used by \wclink POSIX.FMT Format String\endwclink to specify +# Used by \wclink MISC.FMT Format String\endwclink to specify # exceptions to the statistical analysis: (position, regular # expression) pairs such that calls to functions whose names match # the specified regular expression are never required to have a # format string argument in the specified position. @@ -2795,35 +2905,35 @@ # Parameter DFS_MAX_VISITED_CONSTANT # # Purpose # Used by the \wclink LANG.FUNCS.RECURSION Recursion\endwclink and -# \wclink LANG.ALLOC.POSTINIT Dynamic Allocation After -# Initialization\endwclink checks to compute an upper bound on -# the number of procedures the depth-first search in these checks can -# visit in an incremental run. +# \wclink ALLOC.POSTINIT Dynamic Allocation After +# Initialization\endwclink checks to compute an upper bound on the +# number of procedures the depth-first search in these checks can +# visit in an incremental run. # # Type # \tt DFS_MAX_VISITED_COEFFICIENT : non-negative integer # # \tt DFS_MAX_VISITED_CONSTANT : non-negative integer # # Behavior # The depth-first search used by the \wclink LANG.FUNCS.RECURSION -# Recursion\endwclink and \wclink LANG.ALLOC.POSTINIT Dynamic -# Allocation After Initialization\endwclink checks is bounded on -# incremental analyses in proportion to the total number of -# procedures changed since the last analysis. +# Recursion\endwclink and \wclink ALLOC.POSTINIT Dynamic Allocation +# After Initialization\endwclink checks is bounded on incremental +# analyses in proportion to the total number of procedures changed +# since the last analysis. # # Specifically, the depth-first search will terminate after visiting a number # of procedures equal to: # \tt DFS_MAX_VISITED_COEFFICIENT * (# of procedures changed) # + \tt DFS_MAX_VISITED_CONSTANT # # Notes # Note that the \wclink LANG.FUNCS.RECURSION Recursion\endwclink and -# \wclink LANG.ALLOC.POSTINIT Dynamic Allocation After -# Initialization\endwclink checks are disabled by default: use -# \param WARNING_FILTER rules to enable them. +# \wclink ALLOC.POSTINIT Dynamic Allocation After +# Initialization\endwclink checks are disabled by default: use \param +# WARNING_FILTER rules to enable them. # #DFS_MAX_VISITED_COEFFICIENT = 8 #DFS_MAX_VISITED_CONSTANT = 128 @@ -2831,22 +2941,22 @@ # Parameter DFS_MAX_LOCAL_VISITED # # Purpose # Used by the \wclink LANG.FUNCS.RECURSION Recursion\endwclink and -# \wclink LANG.ALLOC.POSTINIT Dynamic Allocation After +# \wclink ALLOC.POSTINIT Dynamic Allocation After # Initialization\endwclink checks: specifies a bound on the number # of procedures visited by a single local depth-first search # # Type # non-negative integer # # Behavior # In incremental analyses, the depth-first search used by the \wclink -# LANG.FUNCS.RECURSION Recursion\endwclink and \wclink -# LANG.ALLOC.POSTINIT Dynamic Allocation After -# Initialization\endwclink checks descends from each procedure that -# changed since the last analysis. Each local depth-first search -# will visit at most \tt DFS_MAX_LOCAL_VISITED procedures. +# LANG.FUNCS.RECURSION Recursion\endwclink and \wclink ALLOC.POSTINIT +# Dynamic Allocation After Initialization\endwclink checks descends +# from each procedure that changed since the last analysis. Each +# local depth-first search will visit at most \tt +# DFS_MAX_LOCAL_VISITED procedures. # # This works in conjunction with the \param # DFS_MAX_VISITED_COEFFICIENT and \param DFS_MAX_VISITED_CONSTANT # configuration options to bound the depth-first search: it prevents @@ -2854,9 +2964,9 @@ # starving any subsequent searches. # # Notes # Note that the \wclink LANG.FUNCS.RECURSION Recursion\endwclink and -# \wclink LANG.ALLOC.POSTINIT Dynamic Allocation After +# \wclink ALLOC.POSTINIT Dynamic Allocation After # Initialization\endwclink checks are disabled by default: use # \param WARNING_FILTER rules to enable them. # #DFS_MAX_LOCAL_VISITED = 16 @@ -3129,47 +3239,69 @@ # #ERROR_SUBMISSION_LIMIT_PER_COMPILATION = 30 -# Parameter VOLATILE_IS_UNKNOWABLE +# Parameter VOLATILE_TREATMENT # # Purpose # Specifies whether reads through volatile types always result in # unknown values. # # Type -# {Yes, No} +# {UNKNOWABLE, ADVERSARIAL, IGNORE} # # Behavior -# If set to "Yes", any attempt to read through a volatile type -# will result in an unknown value. +# If set to "UNKNOWABLE", any attempt to read through a volatile +# type will result in an unknown value that is not considered +# adversarial. +# +# If set to "ADVERSARIAL", any attempt to read through a volatile +# type will result in an adversarial value. # -# If set to "No", CodeSonar ignores the \tt volatile keyword. +# If set to "IGNORE", CodeSonar ignores the \tt volatile keyword. # # Notes # The following test case will produce a \wclink LANG.MEM.NPD Null # Pointer Dereference\endwclink warning if this preference is set to -# "Yes". +# "UNKNOWABLE" or "ADVERSARIAL". # \code # int *p = 0; # volatile int i; # i = 5; # if( i != 5 ) # *p; # \endcode # +# The following test case will produce a \wclink Division By Zero +# \endwclink warning if this preference is set to +# "ADVERSARIAL". +# \code +# volatile int i; +# i = 5; +# 10 / i; +# \endcode +# +# The following test case will produce a \wclink Division By Zero +# \endwclink warning if this preference is set to +# "ADVERSARIAL" or "IGNORE". +# \code +# volatile int i; +# i = 0; +# 10 / i; +# \endcode +# # The following test case will produce an \wclink LANG.STRUCT.UC # Unreachable Data Flow\endwclink warning if this preference is set -# to "No". +# to "IGNORE". # \code # int j; # volatile int timer = 0; # while( timer != 1000 ) # ; # j = 42; # \endcode # -#VOLATILE_IS_UNKNOWABLE = Yes +#VOLATILE_TREATMENT = UNKNOWABLE # Parameter FLOAT_IS_ADVERSARIAL # @@ -3277,11 +3409,6 @@ # # (Otherwise) # codesonar -w xcc -I/codesonar/smel -c # \endcode -#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\csonar_libc_checks.c -#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\cpp_checks.cpp -#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\opnew.cpp -#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\opnewl.cpp -#EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\win32_checks.c