--- codesonar-3.8p0/codesonar/template.conf 2012-11-01 23:30:03.000000000 -0400 +++ codesonar-3.9p0/codesonar/template.conf 2013-04-17 20:27:42.000000000 -0400 @@ -1069,10 +1069,10 @@ # where: # # - The delimiter '/' can be replaced by any character (except # null). -# - is a Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - is a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # describing a pattern that could occur in the source code. The # pattern can match multiple-line substrings in the source file. # Double-quote if you want it to include leading or # trailing spaces. @@ -1082,10 +1082,10 @@ # leading or trailing spaces. # - is a process modifier, corresponding to a Boost regular # expression syntax option or flag as shown below. # -# Boost regular expression syntax_option_type [../third- -# party/boost/libs/regex/doc/html/boost_regex/ref/syntax_option_type.html] +# Boost regular expression syntax_option_type +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/ref/syntax_option_type.html] # correspondences: # # -M no_mod_m # -S no_mod_s @@ -1105,10 +1105,10 @@ # S mod_s # T no_intervals # X mod_x # -# Boost regular expression match_flag_type [../third- -# party/boost/libs/regex/doc/html/boost_regex/ref/match_flag_type.html] +# Boost regular expression match_flag_type +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/ref/match_flag_type.html] # correspondences: # # a match_not_bob # c match_continuous @@ -1187,10 +1187,10 @@ # Tags # - PRE_PREPROC: Operations on Un-Preprocessed Files # # Type -# SOURCE_PATTERN : Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# SOURCE_PATTERN : Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # SOURCE_REPLACEMENT : string # # SOURCE_MODIFIERS : one or modifiers as described in the entry for @@ -1313,11 +1313,11 @@ # Type # file path # # Behavior -# All process invocations inside a \c build, \c analyze, \c hook, -# \c hook-build, \c hook-html, or \c hook-start sub-command will be -# logged to the specified file. +# All process invocations inside a build, analyze, hook, \c hook- +# build, hook-html, or hook-start sub-command will be logged to the +# specified file. # # Notes # For example: # HOOK_LOG = /PATH/TO/log_file @@ -1393,9 +1393,9 @@ # Increasing this value may cause the product to exhaust available # file descriptors. Environments with low ulimits may need to # decrease this value. # -MAX_CONCURRENT_PARSE_PROCESSES = 193 +MAX_CONCURRENT_PARSE_PROCESSES = 582 # Parameter PROCEDURE_METRIC_TIMEOUT # # Purpose @@ -1878,8 +1878,9 @@ # - line= # - path_listing # - procedure # - procedure_typed +# - reachable= # # and is one of: # - : (substring match, type-insensitive) # - = (exact match, type-insensitive) @@ -1923,8 +1924,16 @@ # warning Procedure (including template instantiations, name # qualification, and argument types). If C, specifies a # constraint on the warning Procedure (so has the same behavior # as a procedure rule). +# - reachable= : whether or not the warning location is in a +# procedure that is reachable from one of the roots specified by +# REACHABILITY_ROOTS. Set to zero to specify that the rule +# applies only to unreachable warnings; or non-zero to specify +# that it applies only to reachable warnings. CodeSonar will +# issue an alert [doc/html/GUI/GUI_Alerts.html] if there are one +# or more WARNING_FILTER reachable rules, but no reachability +# roots have been specified. # # Notes # If there are two or more s in a pattern, the pattern # will be applied to warnings that match ALL of the rules. @@ -1991,14 +2000,21 @@ # in a procedure with exactly one, unsigned int, argument. In C # compilation units, this rule will not match anything. # WARNING_FILTER = discard procedure_typed:"(unsigned int)" # +# Example 12: Discard all warnings in procedures that are not +# reachable from main() (this REACHABILITY_ROOTS rule matches any +# function called main occurring in any file in the project). +# REACHABILITY_ROOTS += :main +# WARNING_FILTER = discard reachable=0 +# # The following checks are enabled by default. To discard warnings # of a particular class, use the corresponding "discard" rule. # WARNING_FILTER += discard class="Blocking in Critical Section" # WARNING_FILTER += discard class="Buffer Overrun" # WARNING_FILTER += discard class="Buffer Underrun" # WARNING_FILTER += discard class="Cast Alters Value" +# WARNING_FILTER += discard class="Coercion Alters Value" # WARNING_FILTER += discard class="Dangerous Function" # WARNING_FILTER += discard class="Dangerous Function Cast" # WARNING_FILTER += discard class="Deadlock" # WARNING_FILTER += discard class="Division By Zero" @@ -2046,15 +2062,11 @@ # WARNING_FILTER += discard class="Use After Close" # WARNING_FILTER += discard class="Use After Free" # WARNING_FILTER += discard class="Use of crypt" # WARNING_FILTER += discard class="Use of gets" -# WARNING_FILTER += discard class="Use of getwd" -# WARNING_FILTER += discard class="Use of LoadModule" # WARNING_FILTER += discard class="Use of mktemp" -# WARNING_FILTER += discard class="Use of realpath" # WARNING_FILTER += discard class="Use of tmpfile" # WARNING_FILTER += discard class="Use of tmpnam" -# WARNING_FILTER += discard class="Use of WinExec" # WARNING_FILTER += discard class="Useless Assignment" # WARNING_FILTER += discard class="Varargs Function Cast" # # The following checks are disabled by default. To enable checks @@ -2146,10 +2158,10 @@ # - WARNING_SPECIAL_FUNCTIONS: Designates Specially-Treated # Functions # # Type -# - BAD_FUNCTION_REGEX: Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - BAD_FUNCTION_REGEX: Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # - BAD_FUNCTION_MESSAGE: string # - BAD_FUNCTION_CATEGORIES: string # - BAD_FUNCTION_RANK: number # - BAD_FUNCTION_INFO: string @@ -3480,10 +3492,10 @@ # Functions # - WC_LANG.FUNCS.IRV: Used by Ignored Return Value # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If the name of a called function matches a # RETURN_CHECKER_CHECKED_FUNCS regular expression and the return @@ -3649,10 +3661,10 @@ # Functions # - WC_LANG.FUNCS.IRV: Used by Ignored Return Value # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If the name of a called function matches a # RETURN_CHECKER_IGNORED_FUNCS regular expression and the return @@ -3742,10 +3754,10 @@ # A string of the form # , # where: # - is an argument position (counting from 1) -# - is a Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - is a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # Calling a function whose name matches without a format # string in the 'th parameter position will always trigger a @@ -3765,9 +3777,8 @@ FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^__eprintf$ FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^_cprintf$ FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^_swprintf$ FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^_v?snw?printf$ -FORMAT_STRING_CHECKER_CHECKED_FUNCS += 4, ^_v?snw?printf_s$ FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^fwprintf$ FORMAT_STRING_CHECKER_CHECKED_FUNCS += 3, ^sn?wprintf$ FORMAT_STRING_CHECKER_CHECKED_FUNCS += 1, ^v?w?printf$ FORMAT_STRING_CHECKER_CHECKED_FUNCS += 2, ^v?[fs]printf$ @@ -3808,10 +3819,10 @@ # A string of the form # , # where: # - is an argument position (counting from 1) -# - is a Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - is a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # Calling a function whose name matches without a format # string in the 'th parameter position will not trigger a @@ -3869,10 +3880,10 @@ # Tags # - WC_CONCURRENCY.DATARACE: Used by Data Race # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The data race analysis checks all global variables and procedure # names to see if they match one of the specified patterns. No data @@ -3901,10 +3912,10 @@ # Tags # - WC_CONCURRENCY.DATARACE: Used by Data Race # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The analysis engine checks all procedures and methods to see if # they match one of the specified patterns. Matching procedures are @@ -3932,10 +3943,10 @@ # Functions # - WC_CONCURRENCY.DATARACE: Used by Data Race # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If an object (or object reference) is used in a location where a # thread entry point procedure is expected, CodeSonar will scan the @@ -3975,10 +3986,10 @@ # - WARNING_SPECIAL_FUNCTIONS: Designates Specially-Treated # Functions # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The analysis will treat all functions whose names match patterns # in SEMOPEN_FUNCTIONS as semaphore-opening functions. The analysis @@ -4015,10 +4026,10 @@ # - WC_CONCURRENCY.LOCK.NOLOCK: Used by Missing Lock Acquisition # - WC_CONCURRENCY.LOCK.NOUNLOCK: Used by Missing Lock Release # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The analysis will treat all functions whose names match patterns # in LOCK_FUNCTIONS as lock-acquiring functions. The analysis @@ -4075,10 +4086,10 @@ # - WC_CONCURRENCY.LOCK.NOLOCK: Used by Missing Lock Acquisition # - WC_CONCURRENCY.LOCK.NOUNLOCK: Used by Missing Lock Release # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The analysis will treat all functions whose names match patterns # in UNLOCK_FUNCTIONS as lock-releasing functions. The analysis @@ -4426,10 +4437,10 @@ # Tags # - WC_LANG.STRUCT.PIT: Used by Pointer Type Inside Typedef # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # Pointer Type Inside Typedef warnings will not be issued for # typedefs whose type name matches a regular expression in the @@ -4670,10 +4681,10 @@ # A string of the form # , # where: # - is the maximum allowable depth, in bytes. -# - is a Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - is a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If the stack depth of the module entry point exceeds the module's # threshold, CodeSonar will issue a Excessive Stack Depth warning. @@ -4961,8 +4972,30 @@ # FLOAT_IS_ADVERSARIAL = No +# Parameter PRETEND_FLOAT_IS_INT +# +# Purpose +# Specifies whether the analysis should treat floating point typed +# values as integral typed values. +# +# Type +# {Yes, No} +# +# Behavior +# The analysis normally ignores floating point values in order to +# avoid producing false positives. This setting will cause the +# analysis to treat floating point values as if they are signed +# integers of equivalent size. +# +# Notes +# The "No" setting is recommended. Using this and +# FLOAT_IS_ADVERSARIAL at the same time is probably not useful. +# +PRETEND_FLOAT_IS_INT = No + + # Parameter INFER_CONST # # Purpose # Specifies whether to treat globals and statics as const if they @@ -5642,10 +5675,10 @@ # Tags # - WC_LANG.STRUCT.ULOOP: Used by Potential Unbounded Loop # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If the line the loop condition is at matches this regular # expression, a Potential Unbounded Loop warning will not be @@ -5686,10 +5719,10 @@ # - WC_ALLOC.POSTINIT: Used by Dynamic Allocation After # Initialization # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The Dynamic Allocation After Initialization check will trigger a # warning if there is a call chain from a program entry point to an @@ -5723,10 +5756,10 @@ # - WC_ALLOC.POSTINIT: Used by Dynamic Allocation After # Initialization # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # For the Dynamic Allocation After Initialization check, calls to # functions matching this regular expression are reported unless: @@ -5762,10 +5795,10 @@ # - WC_ALLOC.POSTINIT: Used by Dynamic Allocation After # Initialization # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # No Dynamic Allocation After Initialization warnings are issued # for allocators (as specified by ALLOCATOR_FUNCTIONS) called @@ -5796,10 +5829,10 @@ # Functions # - WC_LANG.FUNCS.ASSERTS: Used by Not Enough Assertions # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # Calls to functions matching this regular expression are counted # as assertions. @@ -5900,8 +5933,9 @@ SYSTEM_INCLUDE_PATHS += /System/Library/ SYSTEM_INCLUDE_PATHS += /opt/local/include/ SYSTEM_INCLUDE_PATHS += /sw/include/ SYSTEM_INCLUDE_PATHS += /usr/llvm-gcc- +SYSTEM_INCLUDE_PATHS += codesonar_classfile_summaries # Parameter VISUALIZATION # @@ -6013,9 +6047,9 @@ # With ASSUME_UNDEFINED_PARAMETERS_MAYBE_FREED=Yes, CodeSonar # assumes that... # - ...the call to g(p) in funcA frees p : no Leak warning, # - ...the call to g(p) in funcB does not free p : no Use After -# Free warning, +# Free warning,e.g. # # With ASSUME_UNDEFINED_PARAMETERS_MAYBE_FREED=No, CodeSonar must # treat both calls to g(p) as if they do not free p. # - funcA has a Leak warning, @@ -6041,8 +6075,61 @@ ASSUME_OTHER_PARAMETERS_MAYBE_FREED = Yes ASSUME_OTHER_PARAMETERS_MAYBE_INITIALIZED = Yes ASSUME_OTHER_PARAMETERS_MAYBE_MODIFIED = Yes + +# Parameter REACHABILITY_ROOTS +# +# Purpose +# Specifies the procedures from which reachability information is +# computed for interpreting WARNING_FILTER reachable rules. +# +# Type +# Procedure, as a string of the form "file:procedure" or +# "file:linenum". +# +# Behavior +# fname:XXXX is interpreted as follows. +# - fname matches every file whose full path name has fname as a +# suffix. Empty fname matches all files in the project. +# - XXXX must be nonempty. If it is an integer, it is treated as a +# line number and matches every procedure whose definition +# includes line XXXX. Otherwise, it matches every procedures +# whose cs_pdg_friendly_name() +# [doc/html/API/CAPI/cs__pdg_8h.html#func_cs_pdg_friendly_name] +# is exactly XXXX. +# +# For example, all of the following will match procedure main() in +# file /home/me/myproject/src/main.c +# REACHABILITY_ROOTS += :main +# REACHABILITY_ROOTS += main.c:main +# REACHABILITY_ROOTS += /main.c:main +# REACHABILITY_ROOTS += myproject/src/main.c:main +# +# CodeSonar will generate +# - an alert [doc/html/GUI/GUI_Alerts.html] for each +# REACHABILITY_ROOTS rule that does not match at least one +# procedure in the project. +# - an alert [doc/html/GUI/GUI_Alerts.html] if there are one or +# more WARNING_FILTER reachable rules, but no reachability roots +# have been specified. This includes the case where +# REACHABILITY_ROOTS rules exist but none of the rules matches a +# procedure. +# - a Analysis Log [doc/html/GUI/GUI_Log_Analysis.html] message for +# each REACHABILITY_ROOTS rule that matches more than one +# procedure (these are permitted, but are logged in case they +# were not have been intentional). +# +# Notes +# By default, the set of REACHABILITY_ROOTS is empty. +# +# For a typical simple C program, we are only interested in +# reachability from main(), and consider any procedure that is not +# [transitively] called by main() to be unreachable. For example: +# REACHABILITY_ROOTS += main.c:main +# + + # Parameter EXTRA_COMPILATION_UNITS # # Purpose # Specifies extra compilation units to be added to every CodeSonar