--- codesonar-3.9p0/codesonar/template.conf 2013-04-10 18:48:12.000000000 -0400 +++ codesonar-4.0p0/codesonar/template.conf 2014-03-20 04:32:20.000000000 -0400 @@ -29,8 +29,7 @@ # file, but continue running. # # A template configuration with default values for all preferences -# is located at $CSONAR/codesonar/template.conf, where $CSONAR is -# the CodeSonar installation. +# is located at $CSONAR/codesonar/template.conf. # # Preferences that come later in this file take precedence over # preferences that come earlier. The += operator will treat its @@ -38,11 +37,12 @@ # value. If the first occurrence of a preference uses the += # operator, then it is treated as an = operator. # -# If a command line flag contradicts a conf file setting (even in -# the template conf file), then behavior is undefined. GrammaTech -# strongly encourages users to use conf files to encode settings -# rather than command line flags, and is in the process of -# deprecating use of command line flags in some contexts. +# If a command line flag contradicts a configuration file setting +# (even in the template configuration file), then behavior is +# undefined. GrammaTech strongly encourages users to use +# configuration files to encode settings rather than command line +# flags, and is in the process of deprecating use of command line +# flags in some contexts. # # CodeSonar reads both the template preference file and the project # preference file. To modify default preferences in a system-wide @@ -51,7 +51,7 @@ # the end of the template preference file. Any options occurring in # the project preference file will take precedence over options # specified in the template preference file. - +# # Parameter CFLAGS_PREPEND # @@ -155,11 +155,17 @@ # COMPILER_MODELS += g++-4.exe -> gpp # COMPILER_MODELS += gpp.exe -> gpp # COMPILER_MODELS += gxx.exe -> gpp +# COMPILER_MODELS += i686-pc-mingw32-gcc.exe -> gcc +# COMPILER_MODELS += i686-pc-mingw32-g++.exe -> gpp +# COMPILER_MODELS += x86_64-pc-mingw32-gcc.exe -> gcc +# COMPILER_MODELS += x86_64-pc-mingw32-g++.exe -> gpp # COMPILER_MODELS += ecomppc.exe -> ecomppc # COMPILER_MODELS += ecomx86.exe -> ecomppc # COMPILER_MODELS += ecomarm.exe -> ecomppc # COMPILER_MODELS += ecom86.exe -> ecomppc # COMPILER_MODELS += ecom68.exe -> ecomppc +# COMPILER_MODELS += ecom800.exe -> ecomppc +# COMPILER_MODELS += ecommip.exe -> ecomppc # COMPILER_MODELS += armcc.exe -> armcc # COMPILER_MODELS += armcpp.exe -> armcpp # COMPILER_MODELS += tcc.exe -> armcc @@ -167,6 +173,10 @@ # COMPILER_MODELS += iccarm.exe -> iccarm # COMPILER_MODELS += icc430.exe -> icc430 # COMPILER_MODELS += iccm32c.exe -> iccm32c +# COMPILER_MODELS += cp166.exe -> tasking +# COMPILER_MODELS += cpcp.exe -> tasking +# COMPILER_MODELS += ctc.exe -> tasking +# COMPILER_MODELS += cptc.exe -> tasking # COMPILER_MODELS += mcpcom.exe -> mcpcom # COMPILER_MODELS += cw-cc.exe -> xcc # COMPILER_MODELS += picc.exe -> picc @@ -176,6 +186,10 @@ # COMPILER_MODELS += dcc.exe -> dcc # COMPILER_MODELS += dplus.exe -> dcc # COMPILER_MODELS += null-cc.exe -> xcc +# COMPILER_MODELS += qcc.exe -> qcc +# COMPILER_MODELS += cc21k.exe -> visualdsp +# COMPILER_MODELS += ccts.exe -> visualdsp +# COMPILER_MODELS += ccblkfn.exe -> visualdsp # # Posix default models: # COMPILER_MODELS += gcc -> gcc @@ -192,6 +206,8 @@ # COMPILER_MODELS += ecom86 -> ecomppc # COMPILER_MODELS += ecom68 -> ecomppc # COMPILER_MODELS += ecomarm -> ecomppc +# COMPILER_MODELS += ecom800 -> ecomppc +# COMPILER_MODELS += ecommip -> ecomppc # COMPILER_MODELS += mcpcom -> mcpcom # COMPILER_MODELS += shc -> shc # COMPILER_MODELS += shcpp -> shcpp @@ -200,6 +216,8 @@ # COMPILER_MODELS += armcpp -> armcpp # COMPILER_MODELS += tcc -> armcc # COMPILER_MODELS += tcpp -> armcpp +# COMPILER_MODELS += qcc -> qcc +# COMPILER_MODELS += QCC -> qcc # # On Solaris, in addition to posix default models: # COMPILER_MODELS += CC -> acpp @@ -213,14 +231,40 @@ # COMPILER_MODELS += iccm32c -> iccm32c # COMPILER_MODELS += icc430 -> icc430 # -# To activate the Ti CodeComposer compiler models for Linux, -# Solaris, and OS X: +# To use the iccgeneric compiler model for other IAR compilers, +# follow the instructions in the manual +# [doc/html/C_Module/CompilerModels/CompilerModelsIAR.html#using_iccgeneric]. +# +# To use the TI CodeComposer cl6x compiler model with one or more +# of armcl, cl430, cl470, cl55, or cl2000 on Windows: +# +# COMPILER_MODELS += armcl.exe -> cl6x +# COMPILER_MODELS += cl430.exe -> cl6x +# COMPILER_MODELS += cl470.exe -> cl6x +# COMPILER_MODELS += cl55.exe -> cl6x +# COMPILER_MODELS += cl2000.exe -> cl6x +# +# To activate the TI CodeComposer compiler models for non-Windows +# systems: # COMPILER_MODELS += cl6x -> cl6x # COMPILER_MODELS += cl30 -> cl30x +# COMPILER_MODELS += armcl -> cl6x +# COMPILER_MODELS += cl430 -> cl6x +# COMPILER_MODELS += cl470 -> cl6x +# COMPILER_MODELS += cl55 -> cl6x +# COMPILER_MODELS += cl2000 -> cl6x # -# To activate Wind River compilers, use the following. This will -# disable recognition of some Green Hills compilers because of an -# executable name conflict. +# To activate the Freescale CodeWarrior for HC12 compiler model for +# Linux, Solaris, and OS X: +# COMPILER_MODELS += chc12 -> chc12 +# +# To activate the Freescale CodeWarrior for HC12 compiler model for +# Windows: +# COMPILER_MODELS += chc12.exe -> chc12 +# +# To activate Wind River compiler models, use the following. This +# will disable recognition of some Green Hills compilers because of +# an executable name conflict. # # (Windows) # COMPILER_MODELS += ccppc.exe -> ccppc @@ -396,7 +440,7 @@ # # Purpose # Specifies whether or not to invoke the real compiler before -# invoking the CodeSurfer or CodeSonar parser. +# invoking the CodeSonar parser. # # Tags # - BUILD_BEHAVIOR: Governs the Build/Analysis @@ -413,6 +457,31 @@ ## INVOKE_COMPILER_FIRST = Yes +# Parameter ALLOW_INCOMPATIBLE_SYMANTEC +# +# Purpose +# Specifies whether CodeSonar should be willing to run beside +# known-incompatible versions of Symantec Endpoint Protection. +# Certain versions of Symantec Endpoint Protection can trigger +# Windows kernel deadlock in the presence of CodeSonar. +# +# Type +# {Yes, No} +# +# Behavior +# - No : CodeSonar will check for the existence of the Symantec +# Endpoint Protection's Application and Device Control component +# (sysplant.sys). If a version between 12.1.3001.165 - +# 12.1.4xxx.xxx is installed, then CodeSonar will refuse to run. +# - Yes : CodeSonar will not perform this check. We do not +# recommend this setting, since it may result in kernel deadlock. +# Either upgrade to SEP 12 RU5 (due out August 2014), or +# uninstall the Application and Device Control component to +# safely work around the issue. Disabling SEP has no effect. + +ALLOW_INCOMPATIBLE_SYMANTEC = No + + # Parameter HOLD_STDIO # # Purpose @@ -431,6 +500,8 @@ # exits. # # Notes +# This setting has no effect on non-Windows operating systems. +# # Setting this to "Yes" can cause deadlock if closing one of these # streams signals something to another process. # @@ -445,10 +516,50 @@ ## HOLD_STDIO = No +# Parameter CREATE_CONSOLE +# +# Purpose +# Specifies whether or not to always create a hidden conhost.exe +# process when one does not already exist when launching compiler +# processes. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# {Yes, No} +# +# Behavior +# By default, when creating a new compiler process after +# intercepting a compiler invocation, CodeSonar will use the +# DETACHED_PROCESS Windows API flag if it detects that the current +# process has no associated console. This prevents CodeSonar from +# creating many unecessary conhost.exe processes in most cases. +# However, in some cases this can cause compilers that launch their +# own subprocesses to unintentionally create new console processes +# of their own. +# +# If you observe console windows popping up when running CodeSonar +# that do not normally show up during the build, then setting this +# option to Yes can help. +# +# Notes +# This setting has no effect on non-Windows operating systems. +# +# The only observed case where this option helps is when doing a +# GUI build under Microsoft Visual Studio 10 where the compiler has +# been passed the /MP flag. +# +## CREATE_CONSOLE = No + + # Parameter CODEWARRIOR_INSTALLS # # Purpose -# Specifies CodeWarrior install directories so that compiler IDE +# For use with CodeWarrior installations that use DLLs (see +# CodeSonar with CodeWarrior: DLL Approach +# [doc/html/C_Module/CompilerModels/CompilerModelsCodeWarriorPlugin.html]): +# specifies CodeWarrior install directories so that compiler IDE # plug-ins can be identified for interception. # # Tags @@ -462,10 +573,9 @@ # directories in this list will be intercepted. # # Notes -# Set up CodeWarrior Support +# Read about using CodeSonar with CodeWarrior # [doc/html/C_Module/CompilerModels/CompilerModelsCodeWarrior.html] -# before basing a project on a CodeWarrior build. CodeWarrior is -# supported for Windows systems only. +# before basing a project on a CodeWarrior build. # # This parameter is ignored by the Windows project builder GUI and # on non-Windows systems. @@ -484,7 +594,10 @@ # Parameter CODEWARRIOR_PLUGINS # # Purpose -# Specifies individual CodeWarrior compiler IDE plug-ins for +# For use with CodeWarrior installations that use DLLs (see +# CodeSonar with CodeWarrior: DLL Approach +# [doc/html/C_Module/CompilerModels/CompilerModelsCodeWarriorPlugin.html]): +# specifies individual CodeWarrior compiler IDE plug-ins for # interception. # # Tags @@ -498,10 +611,9 @@ # parameter will be intercepted. # # Notes -# Set up CodeWarrior Support +# Read about using CodeSonar with CodeWarrior # [doc/html/C_Module/CompilerModels/CompilerModelsCodeWarrior.html] -# before basing a project on a CodeWarrior build. CodeWarrior is -# supported for Windows systems only. +# before basing a project on a CodeWarrior build. # # This parameter is ignored by the Windows project builder GUI and # on non-Windows systems. @@ -584,7 +696,7 @@ # compilation before the compilation is excluded from the analysis. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -605,7 +717,7 @@ # than the limit specified by ERROR_LIMIT_PER_COMPILATION. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer between 0 and 100, inclusive @@ -707,7 +819,7 @@ # to fail # # Notes -# It is dangerous to choose DOESNT_FAIL, when using an API (such as +# It is dangerous to choose DOESNT_FAIL when using an API (such as # POSIX threads) that allows lock acquire/release functions to fail # spuriously. # @@ -730,7 +842,7 @@ # initializer. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -754,7 +866,7 @@ # [doc/html/API/Descriptions/API_AST.html]. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -804,14 +916,14 @@ # source replacement, we recommend doing the build and analysis in # separate phases: # - Set VERBOSITY to 6 and build the project with codesonar build -# [doc/html/C_Module/Building/HookCommands.html#build]. +# [doc/html/Building/HookCommands.html#build]. # - Use the trace information in the Native Compilation Details Log # to perform any necessary debugging, repeating the project build # as necessary. # - Once you are satisfied that the project has built correctly, # set VERBOSITY to a lower value and analyze the project with # codesonar analyze -# [doc/html/C_Module/Building/HookCommands.html#analyze]. +# [doc/html/Building/HookCommands.html#analyze]. VERBOSITY = 2 @@ -905,7 +1017,7 @@ # managed IR objects. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -934,7 +1046,7 @@ # buffering. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -987,7 +1099,7 @@ # for defragmentable allocations. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -1011,7 +1123,7 @@ # degramentable memory will not be used. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -1039,7 +1151,7 @@ # undergoing matching. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # - PRE_PREPROC: Operations on Un-Preprocessed Files # # Type @@ -1070,8 +1182,8 @@ # # - The delimiter '/' can be replaced by any character (except # null). -# - is a Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - is a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # describing a pattern that could occur in the source code. The # pattern can match multiple-line substrings in the source file. # Double-quote if you want it to include leading or @@ -1083,8 +1195,8 @@ # - is a process modifier, corresponding to a Boost regular # expression syntax option or flag as shown below. # -# Boost regular expression syntax_option_type [../third- -# party/boost/libs/regex/doc/html/boost_regex/ref/syntax_option_type.html] +# Boost regular expression syntax_option_type +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/ref/syntax_option_type.html] # correspondences: # # -M no_mod_m @@ -1106,8 +1218,8 @@ # T no_intervals # X mod_x # -# Boost regular expression match_flag_type [../third- -# party/boost/libs/regex/doc/html/boost_regex/ref/match_flag_type.html] +# Boost regular expression match_flag_type +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/ref/match_flag_type.html] # correspondences: # # a match_not_bob @@ -1188,8 +1300,8 @@ # - PRE_PREPROC: Operations on Un-Preprocessed Files # # Type -# SOURCE_PATTERN : Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# SOURCE_PATTERN : Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # SOURCE_REPLACEMENT : string # @@ -1314,7 +1426,7 @@ # file path # # Behavior -# All process invocations inside a build, analyze, hook, \c hook- +# All process invocations inside a build, analyze, hook, hook- # build, hook-html, or hook-start sub-command will be logged to the # specified file. # @@ -1370,7 +1482,7 @@ # Parameter MAX_CONCURRENT_PARSE_PROCESSES # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Purpose # Limits the number of concurrent parse processes. Note that @@ -1657,9 +1769,9 @@ # - Auto : CodeSonar will determine the appropriate maximum number # of slaves based on the total number of logical cores (Cores) on # the machine and the amount of free physical memory (Mem) using -# the following formula: min(Cores, (Mem / 512MB) - 1). If the -# result is less than or equal to 1, a serial analysis is -# performed. +# the following formula: min(Cores, (Mem / +# MEMORY_PER_ANALYSIS_PROCESS ) - 1). If the result is less than +# or equal to 1, a serial analysis is performed. # - integer: CodeSonar will spawn up to the specified number of # slaves, in addition to the master process. Empirically, each # process might use up to about 512MB of memory. @@ -1723,9 +1835,9 @@ # - Auto : CodeSonar will determine the appropriate maximum number # of slaves based on the total number of logical cores (Cores) on # the machine and the amount of free physical memory (Mem) using -# the following formula: min(Cores, (Mem / 512MB) - 1). If the -# result is less than or equal to 1, web requests are serviced by -# a single process. +# the following formula: min(Cores, (Mem / +# MEMORY_PER_ANALYSIS_PROCESS) - 1). If the result is less than +# or equal to 1, web requests are serviced by a single process. # - integer: CodeSonar will spawn up to the specified number of # slaves, in addition to the master process. # @@ -1775,6 +1887,46 @@ MAX_DAEMON_SLAVES = 62 +# Parameter MEMORY_PER_ANALYSIS_PROCESS +# +# Purpose +# An estimate of how much physical memory (in megabytes) each +# analysis process will use. +# +# Type +# integer +# +# Behavior +# When ANALYSIS_SLAVES or DAEMON_SLAVES is set to Auto, the slave +# count is estimated by measuring the available memory (in MB) then +# dividing by this number. +# +# Notes +# Has no effect if neither ANALYSIS_SLAVES nor DAEMON_SLAVES is set +# to Auto. + + +MEMORY_PER_ANALYSIS_PROCESS = 512 + + +# Parameter MAX_FAILED_UNITS_OF_WORK +# +# Purpose +# Specifies how many units of work may be failed before the master +# should terminate the analysis. +# +# Type +# integer +# +# Behavior +# - negative N: keep going no matter how many units of work fail. +# UNIT_OF_WORK_RETRIES will still limit the number of times any +# individual unit of work is retried +# - non-negative N: Fail after N units of work fail. +# + +MAX_FAILED_UNITS_OF_WORK = -1 + # Parameter UNIT_OF_WORK_RETRIES # @@ -1876,14 +2028,19 @@ # - is_sysinclude # - language # - line= -# - path_listing +# - line_contents +# - listing_xml +# - path_start_procedure +# - path # - procedure # - procedure_typed # - reachable= # # and is one of: -# - : (substring match, type-insensitive) -# - = (exact match, type-insensitive) +# - : (substring match, case-insensitive) +# - = (exact match, case-insensitive) +# - =~ (regular expression match against a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html]) # # Behavior # Depends on the and the s. @@ -1914,17 +2071,27 @@ # - categories : Categories # - class : Class # - compilation_unit : Compilation Unit -# - file : the full path name of Warning File +# - file : the basename of Warning File # - language : Language # - line= : Line -# - path_listing : Listing XML -# - procedure : Procedure -# - procedure_typed : depends on the warning Language. If C++, -# rules specify constraints on the fully typed rendering of the -# warning Procedure (including template instantiations, name -# qualification, and argument types). If C, specifies a -# constraint on the warning Procedure (so has the same behavior -# as a procedure rule). +# - line_contents : the contents of the source line on which the +# warning was issued (that is, the Line'th line of Warning File) +# - listing_xml : Listing XML +# - path : the full path name of Warning File. Use system- +# appropriate path separators; escape special characters +# (including backslashes) if enclosing the path in quotes "". +# - path_start_procedure : the first procedure in Listing +# - procedure : Procedure (cs_pdg_friendly_name() +# [doc/html/API/CAPI/cs__pdg_8h.html#func_cs_pdg_friendly_name]) +# - procedure_typed : The cs_pdg_procedure_name() +# [doc/html/API/CAPI/cs__pdg_8h.html#func_cs_pdg_procedure_name]. +# This depends on the warning Language. If C++, rules specify +# constraints on the fully typed rendering of the warning +# Procedure (including template instantiations, name +# qualification, and argument types; the rendering is also +# whitespace-sensitive). If C, specifies a constraint on the +# warning Procedure (so has the same behavior as a procedure +# rule). # - reachable= : whether or not the warning location is in a # procedure that is reachable from one of the roots specified by # REACHABILITY_ROOTS. Set to zero to specify that the rule @@ -1974,17 +2141,17 @@ # # Example 8: Discard all warnings whose associated Listing XML # contains substring 'callPrinter'. -# WARNING_FILTER = discard path_listing:callPrinter +# WARNING_FILTER = discard listing_xml:callPrinter # # Example 9: For all warnings issued in procedure writeThis(), set -# Priority to "Maximum". For all warnings issued in any other +# Priority to "Incredible". For all warnings issued in any other # procedure whose name contains substring 'write', set priority to # "P0: High" # - procedure writeThis() will match both rules, so the rule order # is important. -# - if "Maximum" was not already a candidate Priority value on the -# hub, it will be added to the list of candidates once a warning -# with "Maximum" Priority is submitted. +# - if "Incredible" was not already a candidate Priority value on +# the hub, it will be added to the list of candidates once a +# warning with "Incredible" Priority is submitted. # WARNING_FILTER = priority:="P0: High" procedure:write # WARNING_FILTER += priority:="Incredible" procedure=writeThis # @@ -1997,16 +2164,46 @@ # WARNING_FILTER = discard procedure_typed:gridproc # # Example 11: In C++ compilation units, discard all warnings issued -# in a procedure with exactly one, unsigned int, argument. In C -# compilation units, this rule will not match anything. +# in a procedure with exactly one, unsigned int, argument. +# Procedures with more complex types may also have "(unsigned int)" +# as a substring of their fully-typed name (for example, because of +# templating): warnings issued in those procedures will also be +# discarded. In C compilation units, this rule will not match +# anything. # WARNING_FILTER = discard procedure_typed:"(unsigned int)" # -# Example 12: Discard all warnings in procedures that are not +# Example 12: In C++ compilation units, discard all warnings issued +# inside the procedures with the specified (fully-qualified) names. +# If you are specifying a complicated procedure_typed argument +# (like these ones), it can be useful to check the exact rendering +# of the procedure name with cs_pdg_procedure_name() +# [doc/html/API/CAPI/cs__pdg_8h.html#func_cs_pdg_procedure_name] +# before creating the WARNING_FILTER rule. +# WARNING_FILTER = discard procedure_typed:"std::vector>::operator [](unsigned long)" +# WARNING_FILTER = discard procedure_typed:"only_param::return_S(int *)" +# +# Example 13: Discard all warnings in procedures that are not # reachable from main() (this REACHABILITY_ROOTS rule matches any # function called main occurring in any file in the project). # REACHABILITY_ROOTS += :main # WARNING_FILTER = discard reachable=0 # +# Example 14: Discard all warnings whose Listing begins with a +# procedure whose name is "ignoreme" followed by one or more digits +# (eg ignoreme1(), ignoreme275(), ...). +# WARNING_FILTER = discard path_start_procedure=~ignoreme\d+ +# +# Example 15: Discard all warnings in files whose path includes +# directory ignoredir. Using two rules with different path +# separators provides (some) portability. +# WARNING_FILTER = discard path:/ignoredir/ +# WARNING_FILTER = discard path:\ignoredir\ +# +# Example 16: Discard all warnings occurring on a source line that +# contains the text "do not issue a warning here" (presumably in a +# comment). +# WARNING_FILTER = discard line_contents:"do not issue a warning here" +# # The following checks are enabled by default. To discard warnings # of a particular class, use the corresponding "discard" rule. # WARNING_FILTER += discard class="Blocking in Critical Section" @@ -2014,48 +2211,69 @@ # WARNING_FILTER += discard class="Buffer Underrun" # WARNING_FILTER += discard class="Cast Alters Value" # WARNING_FILTER += discard class="Coercion Alters Value" -# WARNING_FILTER += discard class="Dangerous Function" +# WARNING_FILTER += discard class="Command Injection" # WARNING_FILTER += discard class="Dangerous Function Cast" # WARNING_FILTER += discard class="Deadlock" # WARNING_FILTER += discard class="Division By Zero" # WARNING_FILTER += discard class="Double Close" # WARNING_FILTER += discard class="Double Free" +# WARNING_FILTER += discard class="Double Initialization" # WARNING_FILTER += discard class="Double Lock" # WARNING_FILTER += discard class="Double Unlock" # WARNING_FILTER += discard class="Empty Branch Statement" +# WARNING_FILTER += discard class="Empty for Statement" # WARNING_FILTER += discard class="Empty if Statement" # WARNING_FILTER += discard class="Empty switch Statement" # WARNING_FILTER += discard class="Empty while Statement" +# WARNING_FILTER += discard class="Encryption without Padding" # WARNING_FILTER += discard class="File System Race Condition" # WARNING_FILTER += discard class="Format String" +# WARNING_FILTER += discard class="Format String Injection" # WARNING_FILTER += discard class="Free Non-Heap Variable" # WARNING_FILTER += discard class="Free Null Pointer" # WARNING_FILTER += discard class="Function Call Has No Effect" +# WARNING_FILTER += discard class="GlobalLock on GMEM_FIXED Memory" +# WARNING_FILTER += discard class="GlobalHandle on GMEM_FIXED Memory" +# WARNING_FILTER += discard class="GlobalUnlock on GMEM_FIXED Memory" +# WARNING_FILTER += discard class="Hardcoded Authentication" +# WARNING_FILTER += discard class="Hardcoded Crypto Key" +# WARNING_FILTER += discard class="Hardcoded Crypto Salt" # WARNING_FILTER += discard class="Ignored Return Value" # WARNING_FILTER += discard class="Integer Overflow of Allocation Size" +# WARNING_FILTER += discard class="LDAP Injection" # WARNING_FILTER += discard class="Leak" +# WARNING_FILTER += discard class="Library Injection" +# WARNING_FILTER += discard class="LocalLock on LMEM_FIXED Memory" +# WARNING_FILTER += discard class="LocalHandle on LMEM_FIXED Memory" +# WARNING_FILTER += discard class="LocalUnlock on LMEM_FIXED Memory" +# WARNING_FILTER += discard class="MAX_PATH Exceeded" # WARNING_FILTER += discard class="Misaligned Object" # WARNING_FILTER += discard class="Missing Return Statement" +# WARNING_FILTER += discard class="Missing Return Value" # WARNING_FILTER += discard class="Negative Character Value" +# WARNING_FILTER += discard class="Negative file descriptor" # WARNING_FILTER += discard class="Negative Shift Amount" -# WARNING_FILTER += discard class="Negative File Descriptor" # WARNING_FILTER += discard class="No Space For Null Terminator" # WARNING_FILTER += discard class="Null Pointer Dereference" +# WARNING_FILTER += discard class="Null Security Descriptor" # WARNING_FILTER += discard class="Null Test After Dereference" # WARNING_FILTER += discard class="Overlapping Memory Regions" +# WARNING_FILTER += discard class="Plaintext Storage of Password" +# WARNING_FILTER += discard class="Pool Mismatch" # WARNING_FILTER += discard class="Redundant Condition" # WARNING_FILTER += discard class="Return Pointer to Freed" # WARNING_FILTER += discard class="Return Pointer to Local" # WARNING_FILTER += discard class="Shift Amount Exceeds Bit Width" # WARNING_FILTER += discard class="Socket In Wrong State" +# WARNING_FILTER += discard class="SQL Injection" # WARNING_FILTER += discard class="Try-lock that will never succeed" +# WARNING_FILTER += discard class="Type Mismatch" # WARNING_FILTER += discard class="Type Overrun" # WARNING_FILTER += discard class="Type Underrun" # WARNING_FILTER += discard class="Uninitialized Variable" # WARNING_FILTER += discard class="Unreachable Call" # WARNING_FILTER += discard class="Unreachable Computation" # WARNING_FILTER += discard class="Unreachable Conditional" -# WARNING_FILTER += discard class="Unreachable Control Flow" # WARNING_FILTER += discard class="Unreachable Data Flow" # WARNING_FILTER += discard class="Unreasonable Size Argument" # WARNING_FILTER += discard class="Unused Value" @@ -2063,7 +2281,9 @@ # WARNING_FILTER += discard class="Use After Free" # WARNING_FILTER += discard class="Use of crypt" # WARNING_FILTER += discard class="Use of gets" +# WARNING_FILTER += discard class="Use of GetTempFileName" # WARNING_FILTER += discard class="Use of mktemp" +# WARNING_FILTER += discard class="Use of SO_REUSEADDR" # WARNING_FILTER += discard class="Use of tmpfile" # WARNING_FILTER += discard class="Use of tmpnam" # WARNING_FILTER += discard class="Useless Assignment" @@ -2074,7 +2294,11 @@ # (Checks for some classes may require additional settings in order # to work correctly. See the individual warning class documentation # in the manual for full information.) +# WARNING_FILTER += allow class="Addition Overflow of Allocation Size" +# WARNING_FILTER += allow class="Addition Overflow of Size" +# WARNING_FILTER += allow class="Assignment in Conditional" # WARNING_FILTER += allow class="Basic Numerical Type Used" +# WARNING_FILTER += allow class="2$Buffer Overrun" # WARNING_FILTER += allow class="Code Before #include" # WARNING_FILTER += allow class="Condition Contains Side Effects" # WARNING_FILTER += allow class="Conditional Compilation" @@ -2082,29 +2306,37 @@ # WARNING_FILTER += allow class="Data Race" # WARNING_FILTER += allow class="Dynamic Allocation After Initialization" # WARNING_FILTER += allow class="Excessive Stack Depth" -# WARNING_FILTER += allow class="Function Too Long" # WARNING_FILTER += allow class="Function Pointer" # WARNING_FILTER += allow class="Function Pointer Conversion" +# WARNING_FILTER += allow class="Function Too Long" +# WARNING_FILTER += allow class="Global Variable Declared with Different Types" # WARNING_FILTER += allow class="Goto Statement" +# WARNING_FILTER += allow class="Hardcoded DNS Name" # WARNING_FILTER += allow class="High Risk Loop" # WARNING_FILTER += allow class="Inconsistent Enumerator Initialization" +# WARNING_FILTER += allow class="Leftover Debug Code" # WARNING_FILTER += allow class="Lock/Unlock Mismatch" # WARNING_FILTER += allow class="Locked Twice" # WARNING_FILTER += allow class="Macro Defined in Function Body" -# WARNING_FILTER += allow class="Macro Does Not End With ) or }" -# WARNING_FILTER += allow class="Macro Does Not Start With ( or {" +# WARNING_FILTER += allow class="Macro Does Not End With } or )" +# WARNING_FILTER += allow class="Macro Does Not Start With { or (" # WARNING_FILTER += allow class="Macro Undefined in Function Body" # WARNING_FILTER += allow class="Macro Uses -> Operator" # WARNING_FILTER += allow class="Macro Uses [] Operator" # WARNING_FILTER += allow class="Macro Uses ## Operator" # WARNING_FILTER += allow class="Macro Uses Unary * Operator" +# WARNING_FILTER += allow class="Memory Protection Removal" # WARNING_FILTER += allow class="Missing Lock Acquisition" # WARNING_FILTER += allow class="Missing Lock Release" -# WARNING_FILTER += allow class="Multiple Statements On Line" +# WARNING_FILTER += allow class="Multiple Declarations of a Global" # WARNING_FILTER += allow class="Multiple Declarations On Line" +# WARNING_FILTER += allow class="Multiple Statements On Line" +# WARNING_FILTER += allow class="Multiplication Overflow of Allocation Size" +# WARNING_FILTER += allow class="Multiplication Overflow of Size" # WARNING_FILTER += allow class="Nested Locks" # WARNING_FILTER += allow class="No Matching #if" # WARNING_FILTER += allow class="No Matching #endif" +# WARNING_FILTER += allow class="Not All Warnings Are Enabled" # WARNING_FILTER += allow class="Not Enough Assertions" # WARNING_FILTER += allow class="Pointer Before Beginning of Object" # WARNING_FILTER += allow class="Pointer Past End of Object" @@ -2114,17 +2346,29 @@ # WARNING_FILTER += allow class="Recursive Macro" # WARNING_FILTER += allow class="Scope Could Be File Static" # WARNING_FILTER += allow class="Scope Could Be Local Static" +# WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" +# WARNING_FILTER += allow class="Subtraction Underflow of Size" +# WARNING_FILTER += allow class="Tainted Allocation Size" +# WARNING_FILTER += allow class="Tainted Configuration Setting" +# WARNING_FILTER += allow class="Tainted Filename" +# WARNING_FILTER += allow class="Tainted Network Address" +# WARNING_FILTER += allow class="Tainted Write" # WARNING_FILTER += allow class="Task Delay Function" +# WARNING_FILTER += allow class="Thread Entry Point" # WARNING_FILTER += allow class="Too Many Dereferences" # WARNING_FILTER += allow class="Too Much Indirection in Declaration" +# WARNING_FILTER += allow class="Too Many Parameters" +# WARNING_FILTER += allow class="Truncation of Allocation Size" +# WARNING_FILTER += allow class="Truncation of Size" # WARNING_FILTER += allow class="Unbalanced Parenthesis" # WARNING_FILTER += allow class="Unchecked Parameter Dereference" -# WARNING_FILTER += allow class="Too Many Parameters" # WARNING_FILTER += allow class="Unknown Lock" +# WARNING_FILTER += allow class="Unreachable Control Flow" # WARNING_FILTER += allow class="Use of #undef" # WARNING_FILTER += allow class="Use of longjmp" # WARNING_FILTER += allow class="Use of setjmp" # WARNING_FILTER += allow class="Variadic Macro" +# WARNING_FILTER += allow class="Warnings Not Treated As Errors" # # To enable all Power of Ten # [doc/html/WarningClasses/Pow10Checks.html] checks: @@ -2146,9 +2390,10 @@ # Parameter BAD_FUNCTION_REGEX # Parameter BAD_FUNCTION_MESSAGE # Parameter BAD_FUNCTION_CATEGORIES -# Parameter BAD_FUNCTION_RANK +# Parameter BAD_FUNCTION_BASE_RANK # Parameter BAD_FUNCTION_INFO # Parameter BAD_FUNCTION_LINK +# Parameter BAD_FUNCTION_RANK # # Purpose # Use the BAD_FUNCTION_* family of parameters to define warning @@ -2159,11 +2404,11 @@ # Functions # # Type -# - BAD_FUNCTION_REGEX: Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - BAD_FUNCTION_REGEX: Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # - BAD_FUNCTION_MESSAGE: string # - BAD_FUNCTION_CATEGORIES: string -# - BAD_FUNCTION_RANK: number +# - BAD_FUNCTION_BASE_RANK: number # - BAD_FUNCTION_INFO: string # - BAD_FUNCTION_LINK: string representing a URL # @@ -2173,12 +2418,14 @@ # - BAD_FUNCTION_REGEX is a regular expression. If a reference to a # function that matches this is found, then a warning is issued. # - BAD_FUNCTION_MESSAGE will be used as the warning class name. It -# defaults to "Bad Function". +# defaults to "Bad Function". If the message contains any +# characters that are special to HTML, they must be HTML-encoded. # - BAD_FUNCTION_CATEGORIES is the set of categories for the # warning, as a semicolon-separated list. This defaults to the # empty string. -# - BAD_FUNCTION_RANK is the rank assigned to the warning, with -# default 15.0. +# - BAD_FUNCTION_BASE_RANK is the base rank +# [doc/html/Elements/PROPERTIES_Warning.html#base_rank] assigned +# to the warning, with default 15.0. # - BAD_FUNCTION_INFO will be used in the warning description box # [doc/html/GUI/GUI_Warning_Report.html#endbox] sentence 'Use of # [funcname()] is not recommended because ...'. The default value @@ -2199,24 +2446,28 @@ # # Notes # +# Parameter BAD_FUNCTION_RANK is deprecated in favor of +# BAD_FUNCTION_BASE_RANK; the two currently have identical +# behavior. +# # If two or more sets of BAD_FUNCTION_* rules have the same # BAD_FUNCTION_MESSAGE value, the same warning class will be used # to cover all cases. Therefore, sets of rules with the same # BAD_FUNCTION_MESSAGE should also have the same -# BAD_FUNCTION_CATEGORIES and BAD_FUNCTION_RANK values (that is, -# they should only differ in the BAD_FUNCTION_REGEX setting). +# BAD_FUNCTION_CATEGORIES and BAD_FUNCTION_BASE_RANK values (that +# is, they should only differ in the BAD_FUNCTION_REGEX setting). # # Similarly, if a set of BAD_FUNCTION_* rules has a # BAD_FUNCTION_MESSAGE that is the same as the name of a standard -# CodeSonar warning class, the category and rank settings of the -# standard class will apply and any BAD_FUNCTION_CATEGORIES or -# BAD_FUNCTION_RANK specified in the set will not be used. +# CodeSonar warning class, the category and base rank settings of +# the standard class will apply and any BAD_FUNCTION_CATEGORIES or +# BAD_FUNCTION_BASE_RANK specified in the set will not be used. # # Examples: # BAD_FUNCTION_REGEX = ^gets$ # BAD_FUNCTION_MESSAGE = Use of gets # BAD_FUNCTION_CATEGORIES = BADFUNC.BO.GETS;CWE:242 -# BAD_FUNCTION_RANK = 1.0 +# BAD_FUNCTION_BASE_RANK = 1.0 # specifies that uses of the function "gets" should be flagged as # warnings. # @@ -2227,7 +2478,7 @@ # BAD_FUNCTION_REGEX = ^memset$ # BAD_FUNCTION_MESSAGE = Use of memset # BAD_FUNCTION_CATEGORIES = BADFUNC.MEMSET;CWE:14 -# BAD_FUNCTION_RANK = 10.0 +# BAD_FUNCTION_BASE_RANK = 10.0 # # For functions in C++ compilation units with C++ linkage, the # regular expression will be matched against the fully qualified @@ -2262,48 +2513,48 @@ BAD_FUNCTION_REGEX = ^crypt$ BAD_FUNCTION_MESSAGE = $Insecure Randomness$Use of crypt BAD_FUNCTION_CATEGORIES = BADFUNC.CRYPT;BSI:CRYPT-01;BSI:CRYPT-02;CWE:326;CWE:330 -BAD_FUNCTION_RANK = 40.0 +BAD_FUNCTION_BASE_RANK = 40.0 BAD_FUNCTION_REGEX = ^gets$|^_get(t|w)s$ BAD_FUNCTION_MESSAGE = $Dangerous Function$Use of gets BAD_FUNCTION_CATEGORIES = BADFUNC.BO.GETS;BSI:GETS;CWE:120;CWE:242 -BAD_FUNCTION_RANK = 1.0 +BAD_FUNCTION_BASE_RANK = 1.0 BAD_FUNCTION_REGEX = ^_?tmpfile$ BAD_FUNCTION_MESSAGE = $Insecure Temporary File$Use of tmpfile BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.TMPFILE;BSI:TMPNAM-TMPFILE;BSI:Truncate;CWE:377 -BAD_FUNCTION_RANK = 42.0 +BAD_FUNCTION_BASE_RANK = 42.0 BAD_FUNCTION_REGEX = ^tmpnam(_r)?$|^_(t|w)tmpnam$ BAD_FUNCTION_MESSAGE = $Insecure Temporary File$Use of tmpnam BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.TMPNAM;BSI:TMPNAM-TMPFILE;BSI:Truncate;CWE:377 -BAD_FUNCTION_RANK = 43.0 +BAD_FUNCTION_BASE_RANK = 43.0 BAD_FUNCTION_REGEX = ^tempnam$|^_(t|w)?tempnam$ BAD_FUNCTION_MESSAGE = $Insecure Temporary File$Use of tmpnam BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.TMPNAM;BSI:TMPNAM-TMPFILE;BSI:Truncate;CWE:377 -BAD_FUNCTION_RANK = 43.0 +BAD_FUNCTION_BASE_RANK = 43.0 BAD_FUNCTION_REGEX = ^GetTempFileName(A|W)?$ BAD_FUNCTION_MESSAGE= Use of GetTempFileName BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.GETTEMPFILENAME;BSI:GetTempFileName;CWE:377 -BAD_FUNCTION_RANK = 43.0 +BAD_FUNCTION_BASE_RANK = 43.0 BAD_FUNCTION_REGEX = ^setjmp$ BAD_FUNCTION_MESSAGE = $Call to setjmp$Use of setjmp BAD_FUNCTION_CATEGORIES = BADFUNC.SETJMP;CWE:691;CWE:710;POW10:1;JPL:11 -BAD_FUNCTION_RANK = 1.0 +BAD_FUNCTION_BASE_RANK = 1.0 BAD_FUNCTION_REGEX = ^longjmp$ BAD_FUNCTION_MESSAGE = $Call to longjmp$Use of longjmp BAD_FUNCTION_CATEGORIES = BADFUNC.LONGJMP;CWE:691;CWE:710;POW10:1;JPL:11 -BAD_FUNCTION_RANK = 12.0 +BAD_FUNCTION_BASE_RANK = 12.0 BAD_FUNCTION_REGEX = ^mktemp$|^_(t|w)?mktemp$ BAD_FUNCTION_MESSAGE = $Insecure Temporary File$Use of mktemp BAD_FUNCTION_INFO = it creates filenames that are easily guessed, so the resulting files can be manipulated by other processes. Its use is therefore a security risk. BAD_FUNCTION_CATEGORIES = BADFUNC.TEMP.MKTEMP;BSI:MKTEMP;CWE:377 -BAD_FUNCTION_RANK = 47.0 +BAD_FUNCTION_BASE_RANK = 47.0 ## For "Task Delay Function" check. ## As with other JPL classes, this warning class is disabled by default. @@ -2318,11 +2569,19 @@ BAD_FUNCTION_INFO = it is considered to be a task delay function. The use of task delay functions for synchronization can cause problems such as race conditions. BAD_FUNCTION_CATEGORIES = CONCURRENCY.BADFUNC.DELAY;JPL:7 +## For "Leftover Debug Code" check. +## This warning class is disabled by default. + +BAD_FUNCTION_REGEX = ^puts|printf|vprintf$ +BAD_FUNCTION_MESSAGE = Leftover Debug Code +BAD_FUNCTION_INFO = it may be a debugging trace statement unintentionally left in the code +BAD_FUNCTION_CATEGORIES = CWE:489 + # Parameter PLUGINS # # Purpose -# Specifies filenames of Scheme and C plug-ins to load. +# Specifies filenames of Scheme, Python, and C plug-ins to load. # # Tags # - BUILD_BEHAVIOR: Governs the Build/Analysis @@ -2336,6 +2595,8 @@ # Notes # For example: # PLUGINS += /tmp/fname.stk +# PLUGINS += /tmp/fname.py +# PLUGINS += /tmp/fname.pyc # PLUGINS += /tmp/fname.so # PLUGINS += /tmp/fname.dll # PLUGINS += /tmp/fname.bundle @@ -2343,6 +2604,213 @@ # # For more information about CodeSonar plug-ins, see CodeSonar # Plug-In API [doc/html/API/CodeSonarPlugins/PluginAPI.html]. +# +# The Python API for CodeSonar currently has beta-level support. +# For more information, see the notes on API Languages +# [doc/html/API/Api.html#languages]. +# +# For plug-ins using other languages: +# - Java: use JAVA_PLUGIN_CLASSES, JAVA_PLUGIN_JVM, and +# JAVA_PLUGIN_CLASSPATH to load. +# - C#: use CSHARP_PLUGINS and CSHARP_PLUGIN_DOTNET_VERSION to +# load. +# - C++ (using the csonar_plugin.hpp interface and names in the cs +# namespace): #define the preprocessor symbol CS_CPP_IMPL in +# exactly one compilation unit before including any CodeSonar +# header files. This will define some global variables that would +# otherwise cause link errors. + + +# Parameter JAVA_PLUGIN_JVM +# +# Purpose +# Specifies the JVM DLL or shared object to use for all Java plug- +# ins. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# string +# +# Behavior +# The specified string will be treated as the absolute path to the +# Java DLL or shared object. +# +# Notes +# The Java API for CodeSonar currently has beta-level support. For +# more information, see the notes on API Languages +# [doc/html/API/Api.html#languages]. +# +## JAVA_PLUGIN_JVM = C:\Program Files\Java\jre6\bin\server\jvm.dll +## JAVA_PLUGIN_JVM = /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/server/libjvm.so + + + +# Parameter JAVA_PLUGIN_CLASSPATH +# +# Purpose +# Specifies the Java classpath for all Java plug-ins. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# string +# +# Behavior +# Multiple directories can be placed in the classpath by using the +# += operator. +# +# Notes +# The Java API for CodeSonar currently has beta-level support. For +# more information, see the notes on API Languages +# [doc/html/API/Api.html#languages]. +# +## JAVA_PLUGIN_CLASSPATH += c:\pluginclasspath + + + +# Parameter JAVA_PLUGIN_CLASSES +# +# Purpose +# Specifies the Java class whose main function should be invoked. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# string +# +# Behavior +# Use / as the package separator if the class is in a package. +# +# Notes +# The Java API for CodeSonar currently has beta-level support. For +# more information, see the notes on API Languages +# [doc/html/API/Api.html#languages]. +# +# Below is a small sample plug-in. +# import com.grammatech.cs.*; +# import java.lang.*; +# +# class echo_point_visitor extends point_visitor{ +# public echo_point_visitor() throws result{} +# +# public void visit(point p) +# { +# System.out.println("Java visits " + p); +# } +# }; +# +# public class Test{ +# public static void main() { +# try{ +# analysis.add_point_visitor(new echo_point_visitor()); +# }catch(result r){ +# System.out.println(r); +# } +# } +# } +# +## JAVA_PLUGIN_CLASSES += Test +## JAVA_PLUGIN_CLASSES += com/example/csplugin/Test + + + +# Parameter CSHARP_PLUGIN_DOTNET_VERSION +# +# Purpose +# The version of the .NET framework used to build the assemblies +# specified by CSHARP_PLUGINS (if any). +# +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# string +# +# Behavior +# This string is passed to the Microsoft function +# CorBindToRuntimeEx as the first argument. It must be exactly +# correct, or the assembly will not load. This value can be +# obtained by running csc /? and inspecting the first line of +# output. +# +# Notes +# The C# API for CodeSonar currently has beta-level support. For +# more information, see the notes on API Languages +# [doc/html/API/Api.html#languages]. +# +## CSHARP_PLUGIN_DOTNET_VERSION = v4.0.30319 + + +# Parameter CSHARP_PLUGINS +# +# Purpose +# A list of plug-in .NET assemblies. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# string +# +# Behavior +# The += operator can be used to load multiple plug-ins. Each +# assembly should contain all the .cs files in +# codesonar\src\api\csharp\*.cs. +# +# Each assembly must contain a class named Main with a public +# static method named main, with signature: +# public static int main(String dummy) +# +# Notes +# The C# API for CodeSonar currently has beta-level support. For +# more information, see the notes on API Languages +# [doc/html/API/Api.html#languages]. +# +# Below is a small sample plug-in. +# using System; +# +# class echo_point_visitor: point_visitor{ +# public echo_point_visitor(){} +# +# public override void visit(point p) +# { +# /* Always wrap visitors in exception handlers. If an +# * exception isn't caught, behavior is undefined. +# */ +# try{ +# Console.WriteLine("csharp visits " + p); +# } +# catch( Exception e ) +# { +# Console.WriteLine(e); +# } +# } +# }; +# +# public class Main +# { +# public static int main(String dummy) +# { +# /* Always wrap everything in an exception handler. If an +# * exception isn't caught, behavior is undefined. +# */ +# try{ +# analysis.add_point_visitor(new echo_point_visitor()); +# } +# catch( Exception e ) +# { +# Console.WriteLine(e); +# } +# return 0; // ignored +# } +# } +# +## CSHARP_PLUGINS += h:\pluginassembly.dll # Parameter REPORT_IMPLIED_EQUALITY @@ -2448,7 +2916,7 @@ # conserve system resources. # # Tags -# - ANALYSIS_PROPERTY: Analysis Properties +# - TIME_LIMIT: Analysis Time Limits # # Type # integer @@ -2485,7 +2953,7 @@ # analysis daemon shuts down to conserve system resources. # # Tags -# - ANALYSIS_PROPERTY: Analysis Properties +# - TIME_LIMIT: Analysis Time Limits # # Type # integer @@ -3001,12 +3469,40 @@ # reported for the relevant thread pair and memory location. # # Notes -# This specifies elapsed time. The default limit is unlikely to be -# exceeded and exists to guard against pathological behavior. +# This specifies elapsed time. # TIME_LIMIT_DATA_RACE_PATH_SEARCH = 600 +# Parameter TIME_LIMIT_DATA_RACE_PATH_SEARCH_PER_PROCEDURE +# +# Purpose +# Milliseconds the analysis may spend per procedure (amortized) on +# data race search. +# +# Tags +# - TIME_LIMIT: Analysis Time Limits +# +# Type +# integer +# +# Behavior +# The analysis computes a total budget for data race search by +# multiplying the number of procedures by the value specified here. +# The total budget will not be exceeded. The analysis will start +# sampling only some (thread, thread, memory location) triples if +# the overall pace seems insufficient for finishing the entire +# analysis on time. +# +# Notes +# This specifies time per procedure in milliseconds. The default +# setting of 100 would allow the entire data race phase to run for +# almost 30 hours on a program with a million procedures (very +# large program). +# +TIME_LIMIT_DATA_RACE_PATH_SEARCH_PER_PROCEDURE = 100 + + # Parameter DATA_RACE_MAX_MEM_ACCESSES # # Purpose @@ -3062,7 +3558,7 @@ # procedure. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3086,7 +3582,7 @@ # set of loop execution scenarios. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # {Yes, No} @@ -3111,6 +3607,69 @@ EXPLORE_MORE_LOOP_PATHS = No +# Parameter LOOP_COUNTER_DISTRUST +# +# Purpose +# Specifies how suspicious CodeSonar should be about the value of +# loop counters in loops whose exact iteration counts are not +# known. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# {0, 1, 2, 3, 4, 5} +# +# Behavior +# - 0 : Never treat loop counters as adversarial +# - 1 : Treat loop counters in infinite loops as adversarial +# - 2 : Also treat loop counters in loops reading input as +# adversarial +# - 3 : Also treat loop counters in loops whose iteration counts +# can, but may not reach some constant bound as adversarial +# - 4 : Also treat loop counters in loops whose iteration counts +# can, but may not reach some symbolic bound as adversarial +# - 5 : All loop counters treated as adversarial +# +# Notes +# The following overruns can only be detected with sufficient +# values of this setting. +# +# Requires >=1: +# void x1(){ +# int i = 0; int A[10]; +# for(;;){ i++; A[i] = 10; } +# } +# +# Requires >=2: +# void x2(){ +# int i = 0; +# int A[10]; +# while(getchar() != 'c'){ i++; A[i] = 10; } +# } +# +# Requires >=3: +# void x3(){ +# int i = 0; +# int A[10]; +# for(i = 0; i < 20; i++ ){ if( inscrutible_condition() ) break; A[i] = 10; } +# } +# +# Requires >=4: +# void x4(){ +# int i = 0; int A[10]; int j = inscrutible_number(); +# for(i = 0; i < j; i++ ){ if( inscrutible_condition() ) break; A[i] = 10; } +# } +# +# Requires >=5: +# void x5(){ +# int i = 0; int A[10]; +# for(i = 0; inscrutible_condition(); i++ ){ A[i] = 10; } +# } + +LOOP_COUNTER_DISTRUST = 2 + + # Parameter PATH_FINDING_EFFORT # # Purpose @@ -3119,7 +3678,7 @@ # searched before moving on. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3148,7 +3707,7 @@ # (interprocedural) contract. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3200,7 +3759,7 @@ # will be generated for a single warning. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3234,7 +3793,7 @@ # dismissed warnings count against this limit. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3254,7 +3813,7 @@ # sites. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3275,6 +3834,9 @@ # pointer are counted as inputs to strlen(). Global variables # transitively used by a procedure also qualify. # +# For the taint analysis, the number of checked inputs is bounded +# instead by TAINT_MAX_CHECKED_INPUTS_PER_PROCEDURE. + MAX_CHECKED_INPUTS_PER_PROCEDURE = 100 @@ -3287,7 +3849,7 @@ # in order to flag interprocedural vulnerabilities. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3313,7 +3875,7 @@ # checks on global variables can be propagated. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3333,6 +3895,7 @@ # of 2 is recommended for users who want to check for bad values in # global variables crossing procedure boundaries. # + MAX_GLOBAL_CHECK_AGE = 0 @@ -3342,7 +3905,7 @@ # Maximum complexity of an expression in an interprocedural check. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3355,7 +3918,7 @@ # Expressions with more pointer dereferences and field/array # accesses have a higher complexity. # -MAX_CHECK_COMPLEXITY = 5 +MAX_CHECK_COMPLEXITY = 10 # Parameter MAX_EXPRESSION_COMPLEXITY @@ -3364,7 +3927,7 @@ # A threshold for expression complexity. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3377,7 +3940,10 @@ # Expressions with more pointer dereferences and field/array # accesses have a higher complexity. # -MAX_EXPRESSION_COMPLEXITY = 12 +# For the taint analysis, expression complexity is bounded instead +# by TAINT_MAX_EXPRESSION_COMPLEXITY. +# +MAX_EXPRESSION_COMPLEXITY = 24 # Parameter MAX_SUMMARIES_PER_PROCEDURE @@ -3387,7 +3953,7 @@ # memory. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3417,7 +3983,7 @@ # summaries. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -3435,9 +4001,287 @@ # parameters and values from its calling environment, and values # derived from these. # +# For the taint analysis, the number of modified values is bounded +# instead by TAINT_MAX_MODIFIED_VALUES. +# MAX_MODIFIED_VALUES = 100 +# Parameter DP_REFINEMENT_EXACT +# +# Purpose +# Specifies whether or not the analysis will apply "exact" decision +# procedure refinement to warning paths. Decision procedure +# refinement aims to filter out some warnings that cannot occur in +# practice. +# +# Behavior +# If set to Yes, the analysis will perform exact refinement: this +# means that the analysis runs the decision procedure on each +# warning path, handling procedures and loops by splitting the path +# into separate segments and checking them independently. +# - The CodeSonar analysis will perform exact refinement on the +# core path [doc/html/Elements/PROPERTIES_Warning.html#core_path] +# for each warning. Warnings determined to be unfeasible are +# handled as specified by the setting of +# DP_REFINEMENT_EXACT_DISMISS. Warnings for which the decision +# procedure times out are handled as specified by the setting of +# DP_REFINEMENT_EXACT_DISMISS_TIMEOUT. +# - On-demand extended path checking +# [doc/html/GUI/GUI_Path_Checking.html] will also use exact +# refinement. +# +# Tags +# - WARNING_TUNING: Fine Tuning for Warnings +# +# Type +# {Yes, No} +# +# Notes +# The effects of exact refinement differ from those of approximate +# refinement. +# - Exact refinement is less likely to produce false negatives than +# approximate refinement. +# - If timeouts are disabled (via DP_REFINEMENT_EXACT_TIMEOUT=0 and +# DP_REFINEMENT_APPROXIMATE_TIMEOUT=0 ), exact refinement is more +# likely to produce false positives than approximate refinement. +# If they are not disabled, there is no predictable relationship +# between false positive rates for the two. +# - Approximate refinement typically entails larger decision +# problems, and with more free variables, than exact refinement. +# The approximate refinement problems can therefore be +# significantly more expensive to solve than the exact ones. +# +# It can be beneficial to enable both exact and approximate +# refinement, because the sets of warnings that each can dismiss +# are incomparable. In this case, the two refinement phases are +# carried out in sequence. +# +# See DP_REFINEMENT_APPROXIMATE for more information about +# approximate refinement. +# +# Parameters DP_REFINEMENT_EXACT_TIMEOUT, +# DP_REFINEMENT_EXACT_DISMISS, and +# DP_REFINEMENT_EXACT_DISMISS_TIMEOUT control various aspects of +# exact refinement. + +DP_REFINEMENT_EXACT = No + + +# Parameter DP_REFINEMENT_EXACT_TIMEOUT +# +# Purpose +# Specifies the timeout for the decision procedure when performing +# exact refinement. +# +# Behavior +# - 0 : There is no timeout for exact refinement. +# - N (for N>0) : The decision procedure will spend N seconds on +# each path (or path segment, if the path has multiple segments) +# before giving up. +# +# Tags +# - TIME_LIMIT: Analysis Time Limits +# +# Type +# non-negative integer +# +# Notes +# If this timeout is exceeded when checking a particular warning, +# the warning is handled as specified by +# DP_REFINEMENT_EXACT_DISMISS_TIMEOUT. +# +# To enable exact refinement, set DP_REFINEMENT_EXACT=Yes. + +DP_REFINEMENT_EXACT_TIMEOUT = 2 + + +# Parameter DP_REFINEMENT_EXACT_DISMISS +# +# Purpose +# Specifies whether or not warnings will be dismissed outright if +# exact refinement determines that they cannot occur. +# +# Behavior +# - Yes : warnings will be dismissed outright if exact refinement +# determines that they cannot occur. +# - No : warnings will not be dismissed in this situation, but they +# will incur a small rank +# [doc/html/Elements/PROPERTIES_Warning.html#rank] penalty. +# +# Tags +# - WARNING_TUNING: Fine Tuning for Warnings +# +# Type +# {Yes, No} +# +# Notes +# To enable exact refinement, set DP_REFINEMENT_EXACT=Yes. + +DP_REFINEMENT_EXACT_DISMISS = Yes + + +# Parameter DP_REFINEMENT_EXACT_DISMISS_TIMEOUT +# +# Purpose +# Specifies whether or not warnings will be dismissed if the +# decision procedure times out during exact refinement. +# +# Behavior +# - Yes : warnings will be dismissed outright if the decision +# procedure times out during exact refinement. +# - No : warnings will not be dismissed in this situation, but they +# will incur a small rank +# [doc/html/Elements/PROPERTIES_Warning.html#rank] penalty. +# +# Tags +# - WARNING_TUNING: Fine Tuning for Warnings +# +# Type +# {Yes, No} +# +# Notes +# Setting this to Yes can cause true positive warnings to be +# dismissed. +# +# To enable exact refinement, set DP_REFINEMENT_EXACT=Yes. +# +# The timeout for exact refinement is controlled by +# DP_REFINEMENT_EXACT_TIMEOUT. + +DP_REFINEMENT_EXACT_DISMISS_TIMEOUT = No + + +# Parameter DP_REFINEMENT_APPROXIMATE +# +# Purpose +# Specifies whether or not the analysis will apply "approximate" +# decision procedure refinement to warning paths. Decision +# procedure refinement aims to filter out some warnings that cannot +# occur in practice. +# +# Behavior +# If set to Yes, the analysis will perform approximate refinement: +# this means that the analysis runs the decision procedure on each +# warning path, handling procedures and loops by converting their +# summaries into SMT formulas. +# - The CodeSonar analysis will perform approximate refinement on +# the core path +# [doc/html/Elements/PROPERTIES_Warning.html#core_path] for each +# warning. Warnings determined to be unfeasible are handled as +# specified by the setting of DP_REFINEMENT_APPROXIMATE_DISMISS. +# Warnings for which the decision procedure times out are handled +# as specified by the setting of +# DP_REFINEMENT_APPROXIMATE_DISMISS_TIMEOUT. +# - On-demand extended path checking +# [doc/html/GUI/GUI_Path_Checking.html] will also use approximate +# refinement. Tags WARNING_TUNING +# +# Type +# {Yes, No} +# +# Notes +# It is possible for approximate refinement to incorrectly conclude +# that a warning cannot occur, but this does not happen often in +# practice. +# +# See DP_REFINEMENT_EXACT for information about the differences +# between exact and approximate refinement. +# +# It can be beneficial to enable both forms of refinement, because +# the sets of warnings that each can dismiss are incomparable. In +# this case, the two refinement phases are carried out in sequence. +# +# Parameters DP_REFINEMENT_APPROXIMATE_TIMEOUT, +# DP_REFINEMENT_APPROXIMATE_DISMISS, and +# DP_REFINEMENT_APPROXIMATE_DISMISS_TIMEOUT control various aspects +# of exact refinement. + +DP_REFINEMENT_APPROXIMATE = Yes + + +# Parameter DP_REFINEMENT_APPROXIMATE_TIMEOUT +# +# Purpose +# Specifies the timeout for the decision procedure when performing +# approximate refinement. +# +# Behavior +# - 0 : There is no timeout for approximate refinement. +# - N (for N>0) : The decision procedure will spend N seconds on +# each path before giving up. +# +# Tags +# - TIME_LIMIT: Analysis Time Limits +# +# Type +# non-negative integer +# +# Notes +# If this timeout is exceeded when checking a particular warning, +# the warning is handled as specified by +# DP_REFINEMENT_APPROXIMATE_DISMISS_TIMEOUT. +# +# To enable approximate refinement, set +# DP_REFINEMENT_APPROXIMATE=Yes. + +DP_REFINEMENT_APPROXIMATE_TIMEOUT = 2 + + +# Parameter DP_REFINEMENT_APPROXIMATE_DISMISS +# +# Purpose +# Specifies whether or not warnings will be dismissed outright if +# approximate refinement determines that they cannot occur. +# +# Behavior +# - Yes : warnings will be dismissed outright if approximate +# refinement determines that they cannot occur. +# - No : warnings will not be dismissed in this situation, but they +# will incur a significant rank penalty. +# +# Tags +# - WARNING_TUNING: Fine Tuning for Warnings +# +# Type +# {Yes, No} +# +# Notes +# To enable approximate refinement, set +# DP_REFINEMENT_APPROXIMATE=Yes. + +DP_REFINEMENT_APPROXIMATE_DISMISS = Yes + + +# Parameter DP_REFINEMENT_APPROXIMATE_DISMISS_TIMEOUT +# +# Purpose +# Specifies whether or not warnings will be dismissed if the +# decision procedure times out during approximate refinement. +# +# Behavior +# - Yes : warnings will be dismissed outright if the decision +# procedure times out during approximate refinement. +# - No : warnings will not be dismissed in this situation, but they +# will incur a significant rank penalty. +# +# Tags +# - WARNING_TUNING: Fine Tuning for Warnings +# +# Type +# {Yes, No} +# +# Notes +# Setting this to Yes can cause true positive warnings to be +# dismissed. +# +# - To enable exact refinement, set DP_REFINEMENT_APPROXIMATE=Yes. +# - The timeout for exact refinement is controlled by +# DP_REFINEMENT_APPROXIMATE_TIMEOUT. + +DP_REFINEMENT_APPROXIMATE_DISMISS_TIMEOUT = No + + # Parameter RETURN_CHECKER_SAMPLE_SIZE # # Purpose @@ -3493,8 +4337,8 @@ # - WC_LANG.FUNCS.IRV: Used by Ignored Return Value # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If the name of a called function matches a @@ -3662,8 +4506,8 @@ # - WC_LANG.FUNCS.IRV: Used by Ignored Return Value # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If the name of a called function matches a @@ -3755,8 +4599,8 @@ # , # where: # - is an argument position (counting from 1) -# - is a Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - is a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # Calling a function whose name matches without a format @@ -3820,8 +4664,8 @@ # , # where: # - is an argument position (counting from 1) -# - is a Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - is a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # Calling a function whose name matches without a format @@ -3881,8 +4725,8 @@ # - WC_CONCURRENCY.DATARACE: Used by Data Race # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The data race analysis checks all global variables and procedure @@ -3913,8 +4757,8 @@ # - WC_CONCURRENCY.DATARACE: Used by Data Race # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The analysis engine checks all procedures and methods to see if @@ -3944,8 +4788,8 @@ # - WC_CONCURRENCY.DATARACE: Used by Data Race # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If an object (or object reference) is used in a location where a @@ -3987,8 +4831,8 @@ # Functions # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The analysis will treat all functions whose names match patterns @@ -4027,8 +4871,8 @@ # - WC_CONCURRENCY.LOCK.NOUNLOCK: Used by Missing Lock Release # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The analysis will treat all functions whose names match patterns @@ -4087,8 +4931,8 @@ # - WC_CONCURRENCY.LOCK.NOUNLOCK: Used by Missing Lock Release # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The analysis will treat all functions whose names match patterns @@ -4169,7 +5013,7 @@ # approximate the behavior of the call. # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # {None, Some, More, Most} @@ -4201,7 +5045,7 @@ # (nested "+" widgets in warning reports). # # Tags -# - ANALYSIS_BOUND: Analysis time/effort limit +# - ANALYSIS_BOUND: Analysis resource/effort limit # # Type # integer @@ -4438,8 +5282,8 @@ # - WC_LANG.STRUCT.PIT: Used by Pointer Type Inside Typedef # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # Pointer Type Inside Typedef warnings will not be issued for @@ -4486,8 +5330,7 @@ # # Specifically, the depth-first search will terminate after # visiting a number of procedures equal to: -# \tt DFS_MAX_VISITED_COEFFICIENT * (# of procedures changed) -# + \tt DFS_MAX_VISITED_CONSTANT +# DFS_MAX_VISITED_COEFFICIENT * (# of procedures changed) + DFS_MAX_VISITED_CONSTANT # # Notes # Note that the Recursion and Dynamic Allocation After @@ -4682,8 +5525,8 @@ # , # where: # - is the maximum allowable depth, in bytes. -# - is a Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# - is a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # If the stack depth of the module entry point exceeds the module's @@ -5166,8 +6009,11 @@ # - language # # and is one of: -# - : (substring match) -# - = (exact match) +# - : (substring match, case-insensitive) +# - = (exact match, case-insensitive) +# - =~ (regular expression match against a Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html]) + # # Behavior # Depends on the : @@ -5191,10 +6037,10 @@ # BUILD_OPTIONS += -retain-unnormalized-c-ast yes # # Metrics of an individual granularity can be allowed/discarded if -# the string pattern is of the form "name[granularity]". For +# the string pattern is of the form "tag[granularity]". For # example, to discard the "Total Lines" (TL) metric only for file -# granularity (not the analysis or procedure granularity metrics of -# the same name), the following rule will work: +# granularity (not the analysis or procedure granularity metrics +# with the same tag), the following rule will work: # METRIC_FILTER += discard metric="TL[FILE]" # # The following metrics are enabled by default. To discard a @@ -5241,22 +6087,24 @@ # - METRIC: metric-related # # Type -# A string of the form , , +# A string of the form , , # , # -# where: is the quoted short name to give the new -# metric, and must: +# where: +# +# is the quoted tag for the new metric. Metric tags +# are case-sensitive; the metrics [doc/html/Metrics/Metrics.html] +# page has a table showing the tags for all built-in metrics. The +# must: # - start with characters matching: [a-zA-Z] # - only contain characters matching: [a-zA-Z][0-9] _- # - have string length <= 15 characters -# - be unique (in combination with a granularity), case -# insensitively +# - be unique (in combination with a granularity). # - not match any function name in the expression grammar # -# is the quoted description to give the new +# is the quoted description for the new # metric, and must: # - only contain characters matching: [a-zA-Z][0-9] _- -# - have string length <= 35 characters # # is the granularity of the new metric, and is one of # {ANALYSIS, COMPUNIT, FILE, PROCEDURE} @@ -5270,11 +6118,13 @@ # expr -> expr + expr | expr - expr | expr * expr | expr / expr | # const | metric | function(expr, ...) # function -> cos | sin | tan | acos | asin | atan | atan2 | cosh | sinh | -# tanh | exp | frexp | ldexp | log | log10 | pow | sqrt | +# tanh | exp | ldexp | log | log10 | pow | sqrt | # ceil | fabs | floor | fmod | sum | prod | avg | min | max -# metric -> "[a-zA-Z0-9]+\[granularity\]" (must match existing metric, case-insensitive) +# metric -> "[a-zA-Z0-9]+\[granularity\]" # granularity -> PROJECT | COMPUNIT | FILE | PROCEDURE # +# - All metric values must match an existing metric; metric tags +# are case-sensitive. # - All functions return a single floating point value. # - All math operations are floating point. # - Functions sum, prod, avg, min, and max are summarizing @@ -5394,6 +6244,7 @@ # Parameter METRIC_WARNING_CONDITION # Parameter METRIC_WARNING_CLASS_NAME # Parameter METRIC_WARNING_CATEGORIES +# Parameter METRIC_WARNING_BASE_RANK # Parameter METRIC_WARNING_RANK # # Purpose @@ -5406,11 +6257,11 @@ # # Type # - METRIC_WARNING_CONDITION: metric number where the metric -# is specified by name[granularity], and is one of >, <, >=, +# is specified by tag[granularity], and is one of >, <, >=, # <= # - METRIC_WARNING_CLASS_NAME: string # - METRIC_WARNING_CATEGORIES: string -# - METRIC_WARNING_RANK: number +# - METRIC_WARNING_BASE_RANK: number # # Behavior # These parameters are used together to specify conditions on @@ -5426,13 +6277,17 @@ # - METRIC_WARNING_CATEGORIES is the set of categories for the # warning, as a semicolon-separated list. This defaults to # "METRIC.CUSTOM". -# - METRIC_WARNING_RANK is the rank assigned to the warning, with -# default 25.0. +# - METRIC_WARNING_BASE_RANK is the base rank +# [doc/html/Elements/PROPERTIES_Warning.html#representative_def] +# assigned to the warning, with default 25.0. # # Notes +# Parameter METRIC_WARNING_RANK is deprecated in favor of +# METRIC_WARNING_BASE_RANK; the two currently have identical +# behavior. # -# The METRIC_WARNING_CATEGORIES and METRIC_WARNING_RANK settings -# are optional, but both METRIC_WARNING_CONDITION and +# The METRIC_WARNING_CATEGORIES and METRIC_WARNING_BASE_RANK +# settings are optional, but both METRIC_WARNING_CONDITION and # METRIC_WARNING_CLASS_NAME must be fully specified. The # METRIC_WARNING_CONDITION message must come first, and the # METRIC_WARNING_CLASS_NAME second. @@ -5441,16 +6296,16 @@ # METRIC_WARNING_CLASS_NAME value, the same warning class will be # used to cover all cases. Therefore, sets of rules with the same # METRIC_WARNING_CLASS_NAME should also have the same -# METRIC_WARNING_CATEGORIES and METRIC_WARNING_RANK values (that -# is, they should only differ in the METRIC_WARNING_CONDITION +# METRIC_WARNING_CATEGORIES and METRIC_WARNING_BASE_RANK values +# (that is, they should only differ in the METRIC_WARNING_CONDITION # setting). # # Similarly, if a set of METRIC_WARNING_* rules has a # METRIC_WARNING_CLASS_NAME that is the same as the name of a # standard CodeSonar warning class, the category and rank settings # of the standard class will apply and any -# METRIC_WARNING_CATEGORIES or METRIC_WARNING_RANK specified in the -# set will not be used. +# METRIC_WARNING_CATEGORIES or METRIC_WARNING_BASE_RANK specified +# in the set will not be used. # # Examples: # @@ -5460,14 +6315,14 @@ # METRIC_WARNING_CONDITION = vG[PROCEDURE] >= 20 # METRIC_WARNING_CLASS_NAME = High Cyclomatic Complexity # METRIC_WARNING_CATEGORIES = METRIC.VG -# METRIC_WARNING_RANK = 5.0 +# METRIC_WARNING_BASE_RANK = 5.0 # # Instruct CodeSonar to issue a warning of class "Large procedure" # for any function containing more than 100 lines with code: # METRIC_WARNING_CONDITION = LCode[PROCEDURE] > 100 # METRIC_WARNING_CLASS_NAME = Large procedure # METRIC_WARNING_CATEGORIES = METRIC.LCODE -# METRIC_WARNING_RANK = 1.0 +# METRIC_WARNING_BASE_RANK = 1.0 # # Instruct CodeSonar to issue a warning of class "Too few comments" # for any insufficiently commented function (defined here as a @@ -5475,7 +6330,7 @@ # METRIC_WARNING_CONDITION = LCom[PROCEDURE] < 5 # METRIC_WARNING_CLASS_NAME = Too few comments # METRIC_WARNING_CATEGORIES = METRIC.LCOM -# METRIC_WARNING_RANK = 2.0 +# METRIC_WARNING_BASE_RANK = 2.0 # # Note that the categories in these examples are arbitrary text. # @@ -5676,11 +6531,11 @@ # - WC_LANG.STRUCT.ULOOP: Used by Potential Unbounded Loop # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior -# If the line the loop condition is at matches this regular +# If the line containing the loop condition matches this regular # expression, a Potential Unbounded Loop warning will not be # issued. # @@ -5702,8 +6557,8 @@ # Note that the Potential Unbounded Loop check is disabled by # default: use a WARNING_FILTER rule to enable it. -NON_TERMINATING_LOOP_MARK += for *[(] *; *; *[)] -NON_TERMINATING_LOOP_MARK += while *[(] *1 *[)] +# NON_TERMINATING_LOOP_MARK += for *[(] *; *; *[)] +# NON_TERMINATING_LOOP_MARK += while *[(] *1 *[)] # Parameter PROGRAM_ENTRY_POINTS @@ -5720,8 +6575,8 @@ # Initialization # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # The Dynamic Allocation After Initialization check will trigger a @@ -5757,8 +6612,8 @@ # Initialization # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # For the Dynamic Allocation After Initialization check, calls to @@ -5796,8 +6651,8 @@ # Initialization # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # No Dynamic Allocation After Initialization warnings are issued @@ -5830,8 +6685,8 @@ # - WC_LANG.FUNCS.ASSERTS: Used by Not Enough Assertions # # Type -# Boost regular expression [../third- -# party/boost/libs/regex/doc/html/boost_regex/syntax.html] +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] # # Behavior # Calls to functions matching this regular expression are counted @@ -5860,22 +6715,23 @@ # Specifies file system paths which contain system include headers. # # Tags -# - BUILD_BEHAVIOR: Governs the Build/Analysis +# - ANALYSIS_FILTER: Analysis-Side Filtering # # Type # string # # Behavior -# Any file matching the paths added via SYSTEM_INCLUDE_PATHS are -# excluded from computation of metrics and certain warning classes. -# Substring match is used to match files to the specified system -# include paths. +# Any file matching any of these paths is excluded from computation +# of metrics and checks for certain warning classes. Substring +# match is used to match files to the specified system include +# paths. # -# NOTE: Any line ending with a "\" is treated as a continuation - -# meaning that the subsequent line will be concatenated with the -# current line. To avoid this situation (e.g. for paths that -# actually end in "\"), add whitespace after the "\" before the -# newline character. +# Notes +# Any line ending with a "\" is treated as a continuation - meaning +# that the subsequent line will be concatenated with the current +# line. To avoid this situation (e.g. for paths that actually end +# in "\"), add whitespace after the "\" before the newline +# character. # @@ -5952,6 +6808,16 @@ # the hub. # - No : additional data is not generated, and visualization is not # enabled for this analysis of the project. +# +# Notes +# Changing from No to Yes between incremental analyses will have no +# effect: visualization will remain unavailable. Run a new base +# analysis to enable visualization. +# +# Changing from Yes to No between incremental analyses will disable +# the collection of visualization information. The visualization +# tool will remain available, using information from the last +# analysis for which VISUALIZATION was set to Yes. VISUALIZATION = Yes @@ -6048,7 +6914,7 @@ # assumes that... # - ...the call to g(p) in funcA frees p : no Leak warning, # - ...the call to g(p) in funcB does not free p : no Use After -# Free warning,e.g. +# Free warning (for example). # # With ASSUME_UNDEFINED_PARAMETERS_MAYBE_FREED=No, CodeSonar must # treat both calls to g(p) as if they do not free p. @@ -6129,6 +6995,708 @@ # +# Parameter HARDCODED_ARGS_REGEX +# Parameter HARDCODED_ARGS_LIST +# Parameter HARDCODED_ARGS_CLASS_NAME +# Parameter HARDCODED_ARGS_CATEGORIES +# Parameter HARDCODED_ARGS_BASE_RANK +# +# Purpose +# Use the HARDCODED_ARGS_* family of parameters to define warning +# classes that indicate the use of hardcoded arguments to functions +# whose arguments should not be hardcoded. +# +# Type +# - HARDCODED_ARGS_REGEX: Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] +# - HARDCODED_ARGS_LIST: comma-separated list of numbers +# - HARDCODED_ARGS_CLASS_NAME: string +# - HARDCODED_ARGS_CATEGORIES: string +# - HARDCODED_ARGS_BASE_RANK: number +# +# Behavior +# These parameters are used together to specify functions with +# arguments that should never be hardcoded, and warnings to issue +# if hardcoded arguments are used. +# +# - HARDCODED_ARGS_REGEX is a regular expression. Functions whose +# name matches this expression will be included in the check. +# - HARDCODED_ARGS_LIST are the positions (counting from 1) of the +# arguments whose values should never be hardcoded. +# - HARDCODED_ARGS_CLASS_NAME will be used as the warning class +# name. If the message contains any characters that are special +# to HTML, they must be HTML-encoded. +# - HARDCODED_ARGS_CATEGORIES is the set of categories for the +# warning, as a semicolon-separated list. This defaults to the +# empty string. +# - HARDCODED_ARGS_BASE_RANK is the base rank +# [doc/html/Elements/PROPERTIES_Warning.html#base_rank] assigned +# to the warning, with default 25.0. +# +# Notes +# The HARDCODED_ARGS_CATEGORIES and HARDCODED_ARGS_BASE_RANK +# settings are optional, but both HARDCODED_ARGS_REGEX and +# HARDCODED_ARGS_CLASS_NAME must be fully specified. The +# HARDCODED_ARGS_REGEX message must come first, and the +# HARDCODED_ARGS_CLASS_NAME second. +# +# If two or more sets of HARDCODED_ARGS_* rules have the same +# HARDCODED_ARGS_CLASS_NAME value, the same warning class will be +# used to cover all cases. Therefore, sets of rules with the same +# HARDCODED_ARGS_CLASS_NAME should also have the same +# HARDCODED_ARGS_CATEGORIES and HARDCODED_ARGS_BASE_RANK values +# (that is, they should only differ in the HARDCODED_ARGS_REGEX or +# HARDCODED_ARGS_LIST settings). +# +# Similarly, if a set of HARDCODED_ARGS_* rules has a +# HARDCODED_ARGS_CLASS_NAME that is the same as the name of a +# standard CodeSonar warning class, the category and rank settings +# of the standard class will apply and any +# HARDCODED_ARGS_CATEGORIES or HARDCODED_ARGS_BASE_RANK specified +# in the set will not be used. +# +# Example: +# HARDCODED_ARGS_REGEX = ^crypt(_r)?$ +# HARDCODED_ARGS_LIST = 2 +# HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Salt +# specifies that the second argument to crypt() and crypt_r() +# should not be hardcoded, and that warnings of class "Hardcoded +# Crypto Salt" should be issued at locations where this constraint +# is violated. +# + +HARDCODED_ARGS_REGEX = ^CreateProcessWithLogon(A|W)?$ +HARDCODED_ARGS_LIST = 1, 3 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^LogonUser(Ex|ExEx)?(A|W)?$ +HARDCODED_ARGS_LIST = 1, 3 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^CredUIPromptForCredentials(A|W)?$ +HARDCODED_ARGS_LIST = 5, 7 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^WNetAddConnection(A|W)?$ +HARDCODED_ARGS_LIST = 2 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^WNetAddConnection2?(A|W)?$ +HARDCODED_ARGS_LIST = 2, 3 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^WNetAddConnection3(A|W)?$ +HARDCODED_ARGS_LIST = 3, 4 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^ChangeAccountPassword(A|W)?$ +HARDCODED_ARGS_LIST = 3, 4, 5 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^SQLConnect(A|W|UNIX)?$ +HARDCODED_ARGS_LIST = 4, 6 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^WTSConnectSession(A|W)?$ +HARDCODED_ARGS_LIST = 3 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Authentication +HARDCODED_ARGS_CATEGORIES = HARDCODED.AUTH;CWE:547 + +HARDCODED_ARGS_REGEX = ^(ecb_|cbc_)?crypt(_r)?$ +HARDCODED_ARGS_LIST = 1 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^passwd2des$ +HARDCODED_ARGS_LIST = 1 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^x(en|de)crypt$ +HARDCODED_ARGS_LIST = 2 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^krb5_c_(en|de)crypt$ +HARDCODED_ARGS_LIST = 2 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^BF_set_key$ +HARDCODED_ARGS_LIST = 3 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^DES_set_key(_unchecked|_checked)?$ +HARDCODED_ARGS_LIST = 1 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^DES_string_to_key$ +HARDCODED_ARGS_LIST = 1 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^DES_string_to_2keys$ +HARDCODED_ARGS_LIST = 1 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^krb5_c_string_to_key$ +HARDCODED_ARGS_LIST = 3 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Key +HARDCODED_ARGS_CATEGORIES = HARDCODED.KEY;CWE:547 + +HARDCODED_ARGS_REGEX = ^DES_(f)?crypt$ +HARDCODED_ARGS_LIST = 2 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Salt +HARDCODED_ARGS_CATEGORIES = HARDCODED.SALT;CWE:547 + +HARDCODED_ARGS_REGEX = ^crypt(_r)?$ +HARDCODED_ARGS_LIST = 2 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Salt +HARDCODED_ARGS_CATEGORIES = HARDCODED.SALT;CWE:547 + +HARDCODED_ARGS_REGEX = ^krb5_c_string_to_key$ +HARDCODED_ARGS_LIST = 4 +HARDCODED_ARGS_CLASS_NAME = Hardcoded Crypto Salt +HARDCODED_ARGS_CATEGORIES = HARDCODED.SALT;CWE:547 + + +# Parameter TRACK_TAINTED_VALUES +# +# Purpose +# For the taint analysis, specifies the level of tainted-value +# tracking performed. +# +# Behavior +# - More : enables taint warnings such as Command Injection. +# - Most : enables taint warnings and code highlighting. +# +# Type +# {Some, More, Most} +# + +TRACK_TAINTED_VALUES = Most +##TRACK_TAINTED_VALUES = More +##TRACK_TAINTED_VALUES = Some + + +# Parameter TAINT_TRIGGER_ON_GLOBALS +# +# Purpose +# For the taint analysis, specifies whether to track global +# variables interprocedurally. +# +# Type +# {Yes, No} +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Behavior +# - Yes : the taint analysis will track global variables +# interprocedurally. +# - No : the taint analysis will not track global variables +# interprocedurally. +# +# Notes +# Setting this to Yes can lead to scalability issues on large +# projects. + +TAINT_TRIGGER_ON_GLOBALS = No + + +# Parameter TAINT_MAX_EXPRESSION_COMPLEXITY +# +# Purpose +# For the taint analysis, a threshold for expression complexity. +# +# Type +# integer +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Behavior +# Information about expressions whose complexity exceeds this limit +# is discarded. +# +# Notes +# Expressions with more pointer dereferences and field/array +# accesses have a higher complexity. +# +# For the remainder of the analysis, expression complexity is +# bounded instead by MAX_EXPRESSION_COMPLEXITY. +# + +TAINT_MAX_EXPRESSION_COMPLEXITY = 40 + + +# Parameter TAINT_MAX_SET_CARDINALITY +# +# Purpose +# For the taint analysis, specifies the maximum size of a points-to +# set. +# +# Type +# integer +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit + +TAINT_MAX_SET_CARDINALITY = 10 + + +# Parameter TAINT_MAX_MODIFIED_VALUES +# +# Purpose +# For the taint analysis, specifies a per-procedure bound on the +# number of modified values (outputs) that CodeSonar will keep +# track of in procedure summaries. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# integer +# +# Behavior +# If a procedure modifies more values than this maximum, CodeSonar +# will select values to discard from the summaries for the +# procedure to bring the total number of values tracked down to the +# maximum. Increasing the value for this preference may allow more +# precise analysis, at the cost of longer analysis time and higher +# memory usage. +# +# Notes +# The values modified by a procedure may include its return value, +# parameters and values from its calling environment, and values +# derived from these. +# +# For the remainder of the analysis, the number of modified values +# is bounded instead by MAX_MODIFIED_VALUES. +# + +TAINT_MAX_MODIFIED_VALUES = 100 + + +# Parameter TAINT_MAX_CHECKED_INPUTS_PER_PROCEDURE +# +# Purpose +# For the taint analysis, specifies how many inputs to a procedure +# can be checked at call sites. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# integer +# +# Behavior +# A negative value indicates no limit. Lower (positive) values will +# conserve disk space and time, but can cause false negatives. +# +# Notes +# This bound may be useful for projects containing millions of +# lines of code. +# +# Checks for code nearer to the beginning of procedures receive +# preferential treatment. +# +# Both implicit and explicit inputs are counted. For example, both +# the pointer passed to strlen() and the value pointed to by that +# pointer are counted as inputs to strlen(). Global variables +# transitively used by a procedure also qualify. +# +# For the remainder of the analysis, the number of checked inputs +# is bounded instead by MAX_CHECKED_INPUTS_PER_PROCEDURE. + +TAINT_MAX_CHECKED_INPUTS_PER_PROCEDURE = 100 + + +# Parameter TAINT_MAX_CHECKED_TAINT_KINDS_PER_PROCEDURE +# +# Purpose +# For the taint analysis, specifies the maximum number of taint +# kinds for which there can be checks against a single procedure's +# inputs. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# integer +# +# Behavior +# If a single procedure's inputs are checked against more than this +# many individual taint kinds +# [doc/html/C_Module/LibraryModels/TaintKinds.html] - either +# directly in the procedure, or in its (transitive) callees - +# CodeSonar will select taint sinks to discard in order to bring +# the total number of taint kinds down to the specified limit. +# +# Special values csonar_taint_source_any() +# [doc/html/Extensions/Prototypes.html#csonar_taint_source_any] and +# csonar_taint_source_any_no_kind() +# [doc/html/Extensions/Prototypes.html#csonar_taint_source_any] are +# each counted as one taint kind. +# +# Setting TAINT_MAX_CHECKED_TAINT_KINDS_PER_PROCEDURE=0 will +# discard all taint sinks, except for intraprocedural ones (which +# do not typically exist). +# +# Notes +# CodeSonar ships with 13 predefined taint kinds, plus special +# values csonar_taint_source_any() +# [doc/html/Extensions/Prototypes.html#csonar_taint_source_any] and +# csonar_taint_source_any_no_kind() +# [doc/html/Extensions/Prototypes.html#csonar_taint_source_any]. +# Any TAINT_MAX_CHECKED_TAINT_KINDS_PER_PROCEDURE setting higher +# than 15 will therefore impose no restrictions on taint checking +# (unless you have implemented additional custom taint kinds). + +TAINT_MAX_CHECKED_TAINT_KINDS_PER_PROCEDURE = 100 + + +# Parameter DISABLED_TAINT_KINDS +# +# Purpose +# Specifies a set of taint kinds that should be ignored by the +# taint analysis. +# +# Type +# string +# +# Tags +# - WARNING_TUNING: Fine Tuning for Warnings +# +# Behavior +# A whitespace separated list of taint kinds that should be +# ignored. This setting might be used to disable taint kinds that +# are trusted in the context of the subject software. For example, +# suppose we have this code: +# system(getenv("FOO")); +# +# CodeSonar would, by default, issue a Command Injection warning. +# However, perhaps this warning is undesirable because, in this +# context, the environment is trusted. You can disable environment +# taint to suppress this and other similar warnings: +# DISABLED_TAINT_KINDS += environment +# +# Notes +# Taint sinks can be enabled and disabled by using a WARNING_FILTER +# rule, for example, to disable specific warning classes or +# warnings reported at certain locations. DISABLED_TAINT_KINDS can +# be used to control which taint sources are enabled, at a coarse +# granularity. +# +## Below is a menu of built-in taint kinds that might be disabled. +## They are disabled because many users do not consider these sorts of +## taint dangerous. +DISABLED_TAINT_KINDS += time +## DISABLED_TAINT_KINDS += add_overflow +## DISABLED_TAINT_KINDS += mult_overflow +## DISABLED_TAINT_KINDS += sub_underflow +## DISABLED_TAINT_KINDS += truncation_overflow +## DISABLED_TAINT_KINDS += dns +## DISABLED_TAINT_KINDS += environment +## DISABLED_TAINT_KINDS += fd +## DISABLED_TAINT_KINDS += file +## DISABLED_TAINT_KINDS += file_metadata +## DISABLED_TAINT_KINDS += network +## DISABLED_TAINT_KINDS += registry + + +# Parameter MAX_ALLOCATION_SIZE +# +# Purpose +# Specifies the largest allocation size that can be successfully +# satisfied on the target platform. +# +# Tags +# - WARNING_THRESHOLD: Warning-Class-Specific Thresholds +# +# Type +# non-negative integer +# +# Behavior +# The CodeSonar analysis will assume that no heap allocation +# requests for more than this number of bytes can succeed. +# +# Specifying 0, or values larger than 2^31-1, has no effect. +# +# Notes +# An additional consequence of setting MAX_ALLOCATION_SIZE=X (for +# some non-negative integer X) is that strlen() cannot return +# values larger than X. +# +# Setting MAX_ALLOCATION_SIZE to a suitable non-zero value can be +# useful to suppress some warnings that might only be possible if +# the program has already run out of memory. + +MAX_ALLOCATION_SIZE = 0 + + +# Parameter OVERFLOWN_SIZE_UPPER_BOUND +# +# Purpose +# Specifies an upper bound on the allowed "size" in some integer +# overflow warning classes. If the resulting "size" will always +# exceed the upper bound, then the warning will be dropped. +# +# Tags +# - WARNING_THRESHOLD: Warning-Class-Specific Thresholds +# - WC_ALLOC.SIZE.ADDOFLOW: Used by Addition Overflow of Allocation +# Size +# - WC_ALLOC.SIZE.MULOFLOW: Used by Multiplication Overflow of +# Allocation Size +# - WC_ALLOC.SIZE.SUBUFLOW: Used by Subtraction Underflow of +# Allocation Size +# - WC_ALLOC.SIZE.TRUNC: Used by Truncation of Allocation Size +# - WC_MISC.MEM.SIZE.ADDOFLOW: Used by Addition Overflow of Size +# - WC_MISC.MEM.SIZE.MULOFLOW: Used by Multiplication Overflow of +# Size +# - WC_MISC.MEM.SIZE.SUBUFLOW: Used by Subtraction Underflow of +# Size +# - WC_MISC.MEM.SIZE.TRUNC: Used by Truncation of Size +# +# Type +# non-negative integer +# +# Behavior +# Can be useful if reviewers are not interested in overflow +# warnings that would always result in very large (e.g., +# unsatisfiable) allocation requests, for example. +# +# Notes +# Due to analysis engine limitations, values larger than 2^31-1 +# will be ignored. Furthermore, values less than (2^31-1)/8 are not +# effective w.r.t. strlen and similar. These limitations may be +# addressed in the future. +# +# This check is always performed against the least significant 32 +# bits of the size using an unsigned interpretation. This +# shortcoming may be fixed in the future, and probably means the +# feature will only work well with 32-bit targets for now. +# +## OVERFLOWN_SIZE_UPPER_BOUND = 1073741824 # 1GB + + +# Parameter DIV_OVERFLOW_CRASHES +# +# Purpose +# Specifies whether signed integer division overflow (e.g., -1 / +# MIN_INT) should be treated as if it terminates execution, when +# using 32-bit or wider division. +# +# Tags +# - WARNING_THRESHOLD: Warning-Class-Specific Thresholds +# +# Type +# {Yes, No} +# +# Behavior +# Setting this to Yes can allow CodeSonar to rule out certain +# warnings that might only be possible in the presence of division +# overflow. This setting rarely matters. +# +# Notes +# The C language leaves behavior undefined. In practice, Intel +# hardware raises an exception similar to a division by zero. sparc +# hardware will silently evaluate to -1/MIN_INT to 0x80000001. +# Other hardware may behave differently. +# +DIV_OVERFLOW_CRASHES = Yes + + +# Parameter DIV_BY_ZERO_CRASHES +# +# Purpose +# Specifies whether integer division by zero terminates execution +# or merely results in an unknown value. +# +# Tags +# - WARNING_THRESHOLD: Warning-Class-Specific Thresholds +# +# Type +# {Yes, No} +# +# Behavior +# - Yes : CodeSonar will treat division by zero as a crashing bug. +# In particular, the analysis will deduce that if execution +# continues after a division operation, the divisor cannot have +# been zero. This can eliminate some false positives. +# - No : CodeSonar will treat division by zero as an operation that +# results in an unknown value. +# +# Notes +# The vast majority of environments will terminate execution on +# division by zero. +# +DIV_BY_ZERO_CRASHES = Yes + + +# Parameter NULL_POINTER_DEREF_CRASHES +# +# Purpose +# Specifies whether dereferences of addresses below the +# NULL_POINTER_THRESHOLD will terminate execution. +# +# Tags +# - WARNING_THRESHOLD: Warning-Class-Specific Thresholds +# +# Type +# {Yes, No} +# +# Behavior +# - Yes : CodeSonar will treat null pointer dereferences (defined +# as dereferences of addresses below the NULL_POINTER_THRESHOLD) +# as crashing bugs. In particular, the analysis will deduce that +# if execution continues after a pointer dereference, the pointer +# cannot have been NULL. This can eliminate some false positives. +# - No : CodeSonar will treat null pointer dereferences like any +# other pointer dereferences. +# +# Notes +# Some embedded environments may allow dereferencing of NULL. +# +# We do not recomment setting this to No as it may produce +# confusing results or false positives. + +NULL_POINTER_DEREF_CRASHES = Yes + + +# Parameter JAVA_FLAGS_PREPEND +# +# Purpose +# Modify the set of options being passed to the Java build/analysis +# [doc/html/Java_Module/Building/Building.html]. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# a list of Java build options +# [doc/html/Java_Module/Building/JavaBuildOptions.html] +# +# Behavior +# The specified options will be prepended to the set of options +# passed to the Java build/analysis +# [doc/html/Java_Module/Building/Building.html]. +# +# Notes +# The += operator will actually prepend to this preference (in all +# other cases except EDG_FRONTEND_OPTIONS_PREPEND and +# CFLAGS_PREPEND, the += operator appends). This means that if you +# specify two JAVA_FLAGS_PREPEND+= settings, the options in the +# second rule will be prepended to the options in the first +# setting. + +JAVA_FLAGS_PREPEND += + + +# Parameter JAVA_FLAGS_APPEND +# +# Purpose +# Modify the set of options being passed to the Java build/analysis +# [doc/html/Java_Module/Building/Building.html]. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# a list of Java build options +# [doc/html/Java_Module/Building/JavaBuildOptions.html] +# +# Behavior +# The specified options will be appended to the set of options +# passed to the Java build/analysis +# [doc/html/Java_Module/Building/Building.html]. + +JAVA_FLAGS_APPEND += + + +# Parameter JAVA_ENABLE_FINDBUGS +# +# Purpose +# Specifies whether or not FindBugs will be run by default during +# Java analyses. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# {Yes, No} +# +# Behavior +# - Yes : FindBugs will be run during Java analyses, unless +# build option -disable-findbugs is specified (through +# JAVA_FLAGS_APPEND or JAVA_FLAGS_PREPEND). +# - No : FindBugs will not be run during Java analyses. +# - no setting : FindBugs will not be run during Java analyses. + +JAVA_ENABLE_FINDBUGS = Yes + + +# Parameter JAVA_ENABLE_PMD +# +# Purpose +# Specifies whether or not PMD will be run by default during Java +# analyses. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# {Yes, No} +# +# Behavior +# - Yes : PMD will be run during Java analyses, unless build option +# -disable-pmd is specified (through JAVA_FLAGS_APPEND or +# JAVA_FLAGS_PREPEND). +# - No : PMD will not be run during Java analyses. +# - no setting : PMD will not be run during Java analyses. + +JAVA_ENABLE_PMD = Yes + + +# Parameter JAVA_ENABLE_THREADSAFE +# +# Purpose +# Specifies whether or not Contemplate ThreadSafe will be run by +# default during Java analyses. + +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# {Yes, No} +# +# Behavior +# - Yes : ThreadSafe will be run during Java analyses. +# - No : ThreadSafe will not be run during Java analyses, unless +# build option -enable_threadsafe is specified (through +# JAVA_FLAGS_APPEND or JAVA_FLAGS_PREPEND). +# - no setting : ThreadSafe will not be run during Java analyses, +# unless build option -enable_threadsafe is specified. +# +# Notes +# Contemplate ThreadSafe has special licensing requirements. See +# the documentation for details +# [doc/html/WarningClasses/JavaWarningClasses.html#cts_lic]. + +JAVA_ENABLE_THREADSAFE = No + # Parameter EXTRA_COMPILATION_UNITS # # Purpose @@ -6156,5 +7724,6 @@ # # (Otherwise) # codesonar -w xcc -I/codesonar/libmodels -c +# EXTRA_COMPILATION_UNITS += $GTHOME\codesonar\smel\socket_state.c