--- proj8.3p0.conf	2025-03-05 11:35:47.053045400 +1300
+++ proj9.0p0.conf	2025-03-05 11:36:35.421379600 +1300
@@ -1,7 +1,7 @@
 #  For emacs: -*- Shell-script -*-
 #
 ######################################################################
-#  CodeSonar 8.3p0 Configuration File
+#  CodeSonar 9.0p0 Configuration File
 ######################################################################
 #
 #  CodeSonar will use preferences defined in this file when running
@@ -2425,6 +2425,55 @@
 ## HUB_ADDRESS = 127.0.0.1:7340
 
 
+# Parameter HUB_UPLOAD_STREAMS
+#
+# Purpose
+#  Specifies how many concurrent upload streams may be used to
+#  upload warnings to the hub.
+#
+# Type
+#  integer N such that 1 <= N <= 64
+#
+# Behavior
+#  The analysis will employ up to this many simultaneous HTTP (or
+#  HTTPS) connections to the hub in order to upload warnings.
+#
+# Notes
+#
+#  Typically, only analyses with hundreds of thousands or more
+#  warnings are likely to benefit substantially from settings larger
+#  than 4. Usually this can only occur when performing checks
+#  related to a standard (e.g., MISRA) on code that has historically
+#  made no attempt to comply with that standard, leading to a large
+#  number of warnings. Values in the upper part of the permissible
+#  range are not suitable for use with hubs using default settings.
+#
+#  Higher settings will occupy more hub connection slots. The
+#  maximum number of slots is governed by the hub's Max Processes
+#  [doc/html/GUI/GUI_Account_Settings.html#max_processes] setting:
+#  you can modify this from the Settings: HTTP tab
+#  [doc/html/GUI/GUI_Account_Settings.html#http_settings]. If the
+#  hub is overloaded, there will be a warning in the footer about
+#  Max Processes being tripped.
+#
+#  A higher setting can reduce the amount of time spent flushing
+#  transactions to the hub after the analysis has finished. (To
+#  determine whether this is occurring, examine the Analysis Log
+#  [doc/html/GUI/GUI_Log_Analysis.html] for occurrences of "Flushing
+#  Transactions".)
+#
+#  You may wish to lower the HUB_UPLOAD_STREAMS setting for a
+#  particular project if:
+#  - other hub users also need to make use of hub connections, or
+#  - previous analyses of the project have not spent much time
+#    flushing transactions.
+#
+#  codesonar/bin/cshub_inspect may be used during analysis to
+#  monitor the hub's connections.
+
+#HUB_UPLOAD_STREAMS = 4
+
+
 # Parameter ANALYSIS_NAME
 #
 # Purpose
@@ -4207,7 +4256,6 @@
 #    WARNING_FILTER += discard class="Bitwise OR on Boolean (C#)" 
 #    WARNING_FILTER += discard class="Bitwise OR on Boolean Constant (C#)" 
 #    WARNING_FILTER += discard class="Blocking in Critical Section (C#)" 
-#    WARNING_FILTER += discard class="Broad Throws Clause (C#)" 
 #    WARNING_FILTER += discard class="Cache and reuse 'JsonSerializerOptions' instances (C#)" 
 #    WARNING_FILTER += discard class="Call Might Return Null (C#)" 
 #    WARNING_FILTER += discard class="CancellationToken parameters must come last (C#)" 
@@ -6434,6 +6482,7 @@
 #    WARNING_FILTER += allow class="Declaration of Variable Length Array" 
 #    WARNING_FILTER += allow class="Direct Access to Field of C Atomic Object" 
 #    WARNING_FILTER += allow class="Dynamic Allocation After Initialization" 
+#    WARNING_FILTER += allow class="Dynamic Thread Creation" 
 #    WARNING_FILTER += allow class="Ellipsis" 
 #    WARNING_FILTER += allow class="Essential Type Diagnostic" 
 #    WARNING_FILTER += allow class="Excessive Macro Parameter Evaluation in C Generic" 
@@ -6896,7 +6945,6 @@
 #    WARNING_FILTER += allow class="Deprecated Transfer Protocol (Java)" 
 #    WARNING_FILTER += allow class="Deserializable Class (Java)" 
 #    WARNING_FILTER += allow class="Deserializing Non-Serializable Class (Java)" 
-#    WARNING_FILTER += allow class="Disabled Input Validation (Java)" 
 #    WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" 
 #    WARNING_FILTER += allow class="Field Too Visible (Java)" 
 #    WARNING_FILTER += allow class="Field may be null (deep) (Java)" 
@@ -14520,35 +14568,36 @@
 # Parameter DFS_MAX_VISITED_CONSTANT
 #
 # Purpose
-#  Used by the Recursion and Dynamic Allocation After Initialization
-#  checks to compute an upper bound on the number of procedures the
-#  depth-first search in these checks can visit in an incremental
-#  run.
+#  Used by the Recursion, Dynamic Allocation After Initialization,
+#  and Dynamic Thread Creation checks to compute an upper bound on
+#  the number of procedures the depth-first search in these checks
+#  can visit in an incremental run.
 #
 # Tags
 #  - WARNING_TUNING: Fine Tuning for Warnings
 #  - WC_LANG.FUNCS.RECURSION: Used by Recursion
 #  - WC_ALLOC.POSTINIT: Used by Dynamic Allocation After
 #    Initialization
+#  - WC_CONCURRENCY.DTC: Used by Dynamic Thread Creation
 #
 # Type
 #  - DFS_MAX_VISITED_COEFFICIENT : non-negative integer
 #  - DFS_MAX_VISITED_CONSTANT : non-negative integer
 #
 # Behavior
-#  The depth-first search used by the Recursion and Dynamic
-#  Allocation After Initialization checks is bounded on incremental
-#  analyses in proportion to the total number of procedures changed
-#  since the last analysis.
+#  The depth-first search used by the Recursion, Dynamic Allocation
+#  After Initialization, and Dynamic Thread Creation checks is
+#  bounded on incremental analyses in proportion to the total number
+#  of procedures changed since the last analysis.
 #
 #  Specifically, the depth-first search will terminate after
 #  visiting a number of procedures equal to:
 #   DFS_MAX_VISITED_COEFFICIENT * (# of procedures changed) + DFS_MAX_VISITED_CONSTANT
 #
 # Notes
-#  Note that the Recursion and Dynamic Allocation After
-#  Initialization checks are disabled by default: use WARNING_FILTER
-#  rules to enable them.
+#  Note that the Recursion, Dynamic Allocation After Initialization,
+#  and Dynamic Thread Creation checks are disabled by default: use
+#  WARNING_FILTER rules to enable them.
 #
 #DFS_MAX_VISITED_COEFFICIENT = 8
 #DFS_MAX_VISITED_CONSTANT = 128
@@ -14557,25 +14606,26 @@
 # Parameter DFS_MAX_LOCAL_VISITED
 #
 # Purpose
-#  Used by the Recursion and Dynamic Allocation After Initialization
-#  checks: specifies a bound on the number of procedures visited by
-#  a single local depth-first search
+#  Used by the Recursion, Dynamic Allocation After Initialization,
+#  and Dynamic Thread Creation checks: specifies a bound on the
+#  number of procedures visited by a single local depth-first search
 #
 # Tags
 #  - WARNING_TUNING: Fine Tuning for Warnings
 #  - WC_LANG.FUNCS.RECURSION: Used by Recursion
 #  - WC_ALLOC.POSTINIT: Used by Dynamic Allocation After
 #    Initialization
+#  - WC_CONCURRENCY.DTC: Used by Dynamic Thread Creation
 #
 # Type
 #  non-negative integer
 #
 # Behavior
 #  In incremental analyses, the depth-first search used by the
-#  Recursion and Dynamic Allocation After Initialization checks
-#  descends from each procedure that changed since the last
-#  analysis. Each local depth-first search will visit at most
-#  DFS_MAX_LOCAL_VISITED procedures.
+#  Recursion, Dynamic Allocation After Initialization, and Dynamic
+#  Thread Creation checks descends from each procedure that changed
+#  since the last analysis. Each local depth-first search will visit
+#  at most DFS_MAX_LOCAL_VISITED procedures.
 #
 #  This works in conjunction with the DFS_MAX_VISITED_COEFFICIENT
 #  and DFS_MAX_VISITED_CONSTANT configuration options to bound the
@@ -14583,9 +14633,9 @@
 #  hitting the global bound and starving any subsequent searches.
 #
 # Notes
-#  Note that the Recursion and Dynamic Allocation After
-#  Initialization checks are disabled by default: use WARNING_FILTER
-#  rules to enable them.
+#  Note that the Recursion, Dynamic Allocation After Initialization,
+#  and Dynamic Thread Creation checks are disabled by default: use
+#  WARNING_FILTER rules to enable them.
 #
 #DFS_MAX_LOCAL_VISITED = 16
 
@@ -15973,13 +16023,15 @@
 # Purpose
 #  Specifies additional functions that should be considered as
 #  program entry points. Currently only the Dynamic Allocation After
-#  Initialization check uses this parameter.
+#  Initialization and Dynamic Thread Creation checks use this
+#  parameter.
 #
 # Tags
 #  - WARNING_SPECIAL_FUNCTIONS: Designates Specially-Treated
 #    Functions
 #  - WC_ALLOC.POSTINIT: Used by Dynamic Allocation After
 #    Initialization
+#  - WC_CONCURRENCY.DTC: Used by Dynamic Thread Creation
 #
 # Type
 #  Boost 'POSIX Extended Regular Expression'
@@ -15991,13 +16043,19 @@
 #  allocator call that does not go through a function specified with
 #  DYN_INIT_FUNCTIONS.
 #
+#  The Dynamic Thread Creation check will trigger a warning if there
+#  is a call chain from a program entry point to a thread creation
+#  call that does not go through a function specified with
+#  THREAD_INIT_FUNCTIONS.
+#
 # Notes
 #  For example,
 #   PROGRAM_ENTRY_POINTS += ^init$
 #  specifies that the check should start at function(s) named init.
 #
-#  Note that the Dynamic Allocation After Initialization check is
-#  disabled by default: use a WARNING_FILTER rule to enable it.
+#  Note that the Dynamic Allocation After Initialization and Dynamic
+#  Thread Creation checks are disabled by default: use
+#  WARNING_FILTER rules to enable them.
 
 ## #System_Initialization is the true 'main' procedure in a CodeSonar
 ## project.
@@ -16080,6 +16138,78 @@
 #DYN_INIT_FUNCTIONS += ^dyn_init$
 
 
+# Parameter THREAD_CREATION_FUNCTIONS
+#
+# Purpose
+#  Specifies thread creation functions. Currently only used by the
+#  Dynamic Thread Creation check.
+#
+# Tags
+#  - WARNING_SPECIAL_FUNCTIONS: Designates Specially-Treated
+#    Functions
+#  - WC_CONCURRENCY.DTC: Used by Dynamic Thread Creation
+#
+# Type
+#  Boost 'POSIX Extended Regular Expression'
+#  [https://links.codesonar.com/boost/regex/extended/]
+#
+# Behavior
+#  For the Dynamic Thread Creation check, calls to functions
+#  matching this regular expression are reported unless:
+#  - they are directly or transitively called by a function
+#    specified with THREAD_INIT_FUNCTIONS, or
+#  - they are not reachable from a program entry point (see
+#    PROGRAM_ENTRY_POINTS).
+#
+# Notes
+#  For example,
+#   THREAD_CREATION_FUNCTIONS += ^thrd_create$
+#  specifies that thrd_create() should be considered a thread
+#  creation function
+#
+#  Note that the Dynamic Thread Creation check is disabled by
+#  default: use a WARNING_FILTER rule to enable it.
+
+#THREAD_CREATION_FUNCTIONS += ^(thrd_create)$
+#THREAD_CREATION_FUNCTIONS += ^(pthread_create)$
+#THREAD_CREATION_FUNCTIONS += ^(std::thread::thread)$
+
+
+# Parameter THREAD_INIT_FUNCTIONS
+#
+# Purpose
+#  Specifies functions that may directly or transitively call thread
+#  creation functions without triggering a Dynamic Thread Creation
+#  warning.
+#
+# Tags
+#  - WARNING_SPECIAL_FUNCTIONS: Designates Specially-Treated
+#    Functions
+#  - WC_CONCURRENCY.DTC: Used by Dynamic Thread Creation
+#
+# Type
+#  Boost 'POSIX Extended Regular Expression'
+#  [https://links.codesonar.com/boost/regex/extended/]
+#
+# Behavior
+#  No Dynamic Thread Creation warnings are issued for thread
+#  creators (as specified by THREAD_CREATION_FUNCTIONS) called
+#  directly or transitively by a function whose name matches this
+#  regular expression.
+#
+# Notes
+#  For example,
+#   THREAD_INIT_FUNCTIONS += ^dyn_init$
+#  specifies that function(s) dyn_init() can directly or
+#  transitively call thread creation functions without triggering a
+#  warning.
+#
+#  Note that the Dynamic Thread Creation check is disabled by
+#  default: use a WARNING_FILTER rule to enable it.
+
+#THREAD_INIT_FUNCTIONS += ^dyn_init$
+
+
 # Parameter ASSERT_FAIL_FUNCTIONS
 #
 # Purpose
@@ -20622,7 +20752,6 @@
 #  - WC_JAVA.IO.INJ.DLL: Used by DLL Injection (Java)
 #  - WC_JAVA.IO.INJ.DENIAL: Used by DOS Injection (Java)
 #  - WC_JAVA.INSEC.DTP: Used by Deprecated Transfer Protocol (Java)
-#  - WC_JAVA.INSEC.DIV: Used by Disabled Input Validation (Java)
 #  - WC_JAVA.DEEPNULL.EFIELD: Used by Field Element may be null
 #    (deep) (Java)
 #  - WC_JAVA.DEEPNULL.FIELD: Used by Field may be null (deep) (Java)