--- template4.1p0.conf 2016-04-21 17:35:36.344766500 +0000 +++ template4.2p0.conf 2016-04-21 17:35:52.738766500 +0000 @@ -135,7 +135,7 @@ # # If [path/to/] is provided, the mapping only applies to # executables with matching paths or subpaths. For example, -# bin\mycc.exe -> cl +# COMPILER_MODELS += bin\mycc.exe -> cl # will match invocations of c:\bin\mycc.exe and # c:\very\long\path\to\bin\mycc.exe, but not c:\mybin\mycc.exe or # c:\usr\lib\mycc.exe. @@ -150,8 +150,9 @@ # such a mechanism). # # If [:ABIkey] is provided, CodeSonar will associate the specified -# ABI key with all compilation units compiled by the specified -# executable. +# ABI key +# [doc/html/C_Module/CompilerModels/CompilerModels.html#abi_keys] +# with all compilation units compiled by the specified executable. # - The project-compiler configuration file # [doc/html/Preferences/PreferencesIndex.html#project_compiler] # loaded during the parse phase will include the ABI key in its @@ -159,19 +160,25 @@ # settings for different ABIs. # - CodeSonar will prefer to link compilation units with the same # ABI key when constructing the CodeSonar project. -# - Keys are user-specified, and will only be used within -# CodeSonar. To maximize clarity, we recommend using keys that do -# not conflict with compiler model names -# [doc/html/C_Module/CompilerModels/CompilerModels.html#preinstalled]. # - When a single source file is compiled multiple times with # different ABI keys, one instance will be kept for each key. +# - Keys are only used within CodeSonar. +# - Keys can be arbitrary, user-selected strings; some compiler +# models also provide special model-specific formats that can be +# used to convey additional information to the compiler model +# (see individual compiler model documentation pages for +# details). If you specify arbitrary ABI keys, we recommend that +# you select them so that they don't conflict with compiler model +# names +# [doc/html/C_Module/CompilerModels/CompilerModels.html#preinstalled] +# or with the special model-specific formats. # # Later COMPILER_MODELS rules can supersede earlier ones. For # example, if the configuration file contains the following rule # sequence: -# a/b/mycc -> cl:AB -# c/d/mycc -> cl:CD -# mycc -> cl:EF +# COMPILER_MODELS += a/b/mycc -> cl:AB +# COMPILER_MODELS += c/d/mycc -> cl:CD +# COMPILER_MODELS += mycc -> cl:EF # then all compilations with mycc, including compilations with # a/b/mycc and c/d/mycc, will be associated with compiler model cl # and ABI key EF. @@ -182,10 +189,11 @@ # The range of the map is the list of 'model used' entries in the # appropriate Compilers Recognized # [doc/html/C_Module/CompilerModels/CompilersRecognized.html] -# table. Users can also author new compiler models in Scheme, -# thereby expanding the range. +# table. Users can also author new compiler models in C++, thereby +# expanding the range. # # Windows default models: +# COMPILER_MODELS += bcc32.exe -> borland # COMPILER_MODELS += cl.exe -> cl # COMPILER_MODELS += cl30.exe -> cl30 # COMPILER_MODELS += cl6x.exe -> cl6x @@ -222,9 +230,9 @@ # COMPILER_MODELS += armcpp.exe -> armcpp # COMPILER_MODELS += tcc.exe -> armcc # COMPILER_MODELS += tcpp.exe -> armcpp -# COMPILER_MODELS += iccarm.exe -> iccarm -# COMPILER_MODELS += icc430.exe -> icc430 -# COMPILER_MODELS += iccm32c.exe -> iccm32c +# COMPILER_MODELS += iccarm.exe -> iar +# COMPILER_MODELS += icc430.exe -> iar +# COMPILER_MODELS += iccm32c.exe -> iar # COMPILER_MODELS += cp166.exe -> tasking # COMPILER_MODELS += cpcp.exe -> tasking # COMPILER_MODELS += ctc.exe -> tasking @@ -280,13 +288,14 @@ # COMPILER_MODELS += picc -> picc # # To activate the IAR compiler models for Linux, Solaris, and OS X: -# COMPILER_MODELS += iccarm -> iccarm -# COMPILER_MODELS += iccm32c -> iccm32c -# COMPILER_MODELS += icc430 -> icc430 -# -# To use the iccgeneric compiler model for other IAR compilers, -# follow the instructions in the manual -# [doc/html/C_Module/CompilerModels/CompilerModelsIAR.html#using_iccgeneric]. +# COMPILER_MODELS += iccarm -> iar +# COMPILER_MODELS += iccm32c -> iar +# COMPILER_MODELS += icc430 -> iar +# +# To use the IAR compiler model for other IAR compilers, specify a +# similar COMPILER_MODELS rule for your compiler executable name. +# For example, if you are using icc8051 on Linux, Solaris, or OS X: +# COMPILER_MODELS += icc8051 -> iar # # To activate the TI CodeComposer compiler models for non-Windows # systems: @@ -317,54 +326,82 @@ # COMPILER_MODELS += ccppc -> ccppc # COMPILER_MODELS += c++ppc -> c++ppc # +# [Windows only] To activate the Cosmic compiler models, use the +# following. +# +# COMPILER_MODELS += cpcorm0.exe -> cosmic +# COMPILER_MODELS += cpppc.exe -> cosmic +# COMPILER_MODELS += cpstm8.exe -> cosmic +# COMPILER_MODELS += cpst7.exe -> cosmic +# # Custom Usage Examples # # [Windows] Treat anything named mycc.exe like cl. -# mycc.exe -> cl +# COMPILER_MODELS += mycc.exe -> cl # # [Windows] Treat c:\compilers\mycc.exe (but not, eg, # c:\usr\local\mycc.exe) like cl. -# c:\compilers\mycc.exe -> cl +# COMPILER_MODELS += c:\compilers\mycc.exe -> cl # # [Windows] Treat C:\Program Files (x86)\My IDE v8\bin\mycc.exe # like cl. Note that the path must be quoted because it contains # spaces. -# "C:\Program Files (x86)\My IDE v8\bin\mycc.exe" -> cl +# COMPILER_MODELS += "C:\Program Files (x86)\My IDE v8\bin\mycc.exe" -> cl # # [Windows] Treat any executable with path suffix bin\mycc.exe like # cl. Note that this will match the path in the previous example, # but not (for example) C:\mybin\mycc.exe. -# bin\mycc.exe -> cl +# COMPILER_MODELS += bin\mycc.exe -> cl # # [Windows] Treat anything named mycc.exe like cl. Associate ABI -# key ABC with any translation units compiled by this compiler. -# mycc.exe -> cl:ABC +# key ABC with any translation units compiled by this compiler. \c +# ode COMPILER_MODELS += mycc.exe -> cl:ABC # # [Windows] Handle all compilations with any cl.exe executable # using the cl compiler model, using ABI keys to distinguish # compilations from certain cl.exe installations. -# cl.exe -> cl:default -# C:\bin\a\b\cl.exe -> cl:AB -# C:\bin\c\d\cl.exe -> cl:CD +# COMPILER_MODELS += cl.exe -> cl:default +# COMPILER_MODELS += C:\bin\a\b\cl.exe -> cl:AB +# COMPILER_MODELS += C:\bin\c\d\cl.exe -> cl:CD # # [Posix] Treat anything named mycc like gcc. -# mycc -> gcc +# COMPILER_MODELS += mycc -> gcc # # [Posix] Treat /tmp/mycc (an absolute path) like gcc. -# /tmp/mycc -> gcc +# COMPILER_MODELS += /tmp/mycc -> gcc # # [Posix] Treat any executable with path suffix tmp/mycc like gcc. # Note that this will match the path in the previous example, but # not (for example) /u/mytmp/mycc. -# tmp/mycc -> gcc +# COMPILER_MODELS += tmp/mycc -> gcc # -# [Windows] Handle all compilations with any gcc executable using -# the gcc compiler model, using ABI keys to distinguish -# compilations from certain gcc installations. -# gcc -> gcc:default -# /a/b/gcc -> gcc:AB -# /c/d/gcc -> gcc:CD - +# [Posix] Handle all compilations with any gcc executable using the +# gcc compiler model, using ABI keys to distinguish compilations +# from certain gcc installations. +# COMPILER_MODELS += gcc -> gcc:default +# COMPILER_MODELS += /a/b/gcc -> gcc:AB +# COMPILER_MODELS += /c/d/gcc -> gcc:CD +# +# [#random_filename] If your build system generates randomly-named +# files each time it runs, you may be able to use a combination of +# COMPILER_MODELS and DISABLED_COMPILERS to model compilation +# without incurring a separate license cost for each randomly-named +# file. +# +# For example, suppose your regular software built uses a tool +# called mybuild, whose behavior is such that +# mybuild gcc [options] -c A.c +# creates a randomly-named copy .c of A.c and then invokes +# gcc [options] -c .c +# Then you can model the compilation as taking place on A.c rather +# than a succession of .c using the following pair of rules. +# +# [Posix] +# COMPILER_MODELS += mybuild -> gcc +# DISABLED_COMPILERS += gcc +# [Windows] +# COMPILER_MODELS += mybuild.exe -> gcc +# DISABLED_COMPILERS += gcc.exe # Parameter DISABLED_COMPILERS @@ -729,6 +766,12 @@ # regular expression, that compilation will be ignored. # # Notes +# This option cannot be used to ignore header files. Only top level +# files (e.g., .c and .cpp) can be ignored. CodeSonar users looking +# to discard warnings in certain include files might be interested +# in the WARNING_FILTER "ignore dir" examples, or the +# SYSTEM_INCLUDE_PATHS setting. +# # For example, # IGNORED_COMPILATIONS += ^.*foo\.c$ # specifies that compilations of files whose paths end in "foo.c" @@ -972,6 +1015,40 @@ AST_DEPTH_LIMIT = 256 +# Parameter NO_IMPLICIT_DEFAULT_FOR_ENUM_SWITCH +# +# Purpose +# States that an implicit default clause should not be generated +# when a switch statement is being parsed. +# +# Tags +# - LANGUAGE_TREATMENT: Treatment of Language Constructs +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : When a switch statement is being parsed, and there is no +# default clause in that statement, the switch expression is an +# enum type, and all of the values of all of the enumerants of +# that enum type are arguments of cases inside that switch +# statement, then no implicit default clause is to be generated +# for that switch statement. +# - No : When a switch statement is being parsed, and there is no +# default clause in that statement, then an implicit default +# clause is to be generated for that switch statement. +# +# Notes +# This is to prevent the generation of false positives for a +# missing default clause when it has been demonstrated that the +# default situation can never occur. +# +# This code only works for enum types whose values of enumerants +# are valid signed 64-bit integers. + +NO_IMPLICIT_DEFAULT_FOR_ENUM_SWITCH = No + + # Parameter MAX_CFG_NODES # # Purpose @@ -1241,6 +1318,25 @@ MANAGED_OBJECTS_IO_CHECKSUMS = No +# Parameter MANAGED_OBJECTS_PROTECT_PAGES +# +# Purpose +# Specifies whether in-memory pages of managed objects should be +# protected when not in immediate use. +# +# Tags +# - ANALYSIS_PROPERTY: Analysis Properties +# +# Type +# { Yes, No } +# +# Notes +# This parameter only has an effect on Unix-like operating systems, +# not Windows. +# +MANAGED_OBJECTS_PROTECT_PAGES = No + + # Parameter ZFRAG_POOL_MINIMUM_CAPACITY # # Purpose @@ -1699,6 +1795,78 @@ # COMPILER_MODEL_PLUGINS += /PATH/TO/libsamplecm.so # Will add the compiler model samplecm. +# Parameter SEND_HOOK_LOG_TO_HUB +# +# Purpose +# Specifies whether or not native compilation log information will +# be sent to the hub. +# +# Tags +# - BUILD_OUTPUT: Additional Outputs from the Build/Analysis +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : Native compilation log information will be sent to the +# hub. Parse Logs/Parse Error Log +# [doc/html/GUI/GUI_Log_Parse.html] pages will show compilation +# counts, and provide links to Native Compilation Details Logs +# [doc/html/GUI/GUI_Log_Native_Compilation_Details.html]. If +# SEND_PARSE_LOG_TO_HUB=Yes, they will also provide links to +# Parse Details Logs [doc/html/GUI/GUI_Log_Parse_Details.html]. +# - No : Native compilation log information will not be sent to the +# hub. The parse phase summary in Parse Logs/Parse Error Log +# [doc/html/GUI/GUI_Log_Parse.html] pages will show zero counts +# for all result types, regardless of the actual number of +# compilations and their outcomes, and will contain no logging +# information or links to Native Compilation Details Logs +# [doc/html/GUI/GUI_Log_Native_Compilation_Details.html] or Parse +# Details Logs [doc/html/GUI/GUI_Log_Parse_Details.html]. +# +# Notes +# Setting this to No will speed up the parse phase. +# +# If set to No, SEND_PARSE_LOG_TO_HUB will be disabled, too. + +SEND_HOOK_LOG_TO_HUB = Yes + + +# Parameter SEND_PARSE_LOG_TO_HUB +# +# Purpose +# Specifies whether or not Parse Details Logs +# [doc/html/GUI/GUI_Log_Parse_Details.html] will be sent to the +# hub. +# +# Tags +# - BUILD_OUTPUT: Additional Outputs from the Build/Analysis +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : (provided SEND_HOOK_LOG_TO_HUB=Yes) Parse Details Logs +# [doc/html/GUI/GUI_Log_Parse_Details.html] will be sent to the +# hub and linked from the corresponding Parse Logs/Parse Error +# Logs [doc/html/GUI/GUI_Log_Parse.html]. +# - No : Parse details logs will not be sent to the hub. Parse +# Logs/Parse Error Logs [doc/html/GUI/GUI_Log_Parse.html] will +# not provide links to Parse Details Logs +# [doc/html/GUI/GUI_Log_Parse_Details.html]; they will still +# provide links to Native Compilation Details Logs +# [doc/html/GUI/GUI_Log_Native_Compilation_Details.html] if +# SEND_HOOK_LOG_TO_HUB=Yes. +# +# Notes +# Setting this to No will speed up the parse phase. +# +# If SEND_HOOK_LOG_TO_HUB=No, CodeSonar behaves as if +# SEND_PARSE_LOG_TO_HUB=No (regardless of its actual setting). + +SEND_PARSE_LOG_TO_HUB = Yes + + # Parameter SOURCE_PATCH_DIRECTORIES # # Purpose @@ -1710,7 +1878,7 @@ # Type # string # -# Notes +# Behavior # For every directory D specified with SOURCE_PATCH_DIRECTORIES, # patch files in subdirectory D/fname.x/ are applied to the source # file named fname.x, where fname.x is the source file name as @@ -1719,13 +1887,15 @@ # fname.x/ must be a direct subdirectory of D - it cannot be more # deeply nested. # +# If any part of a patch file fails, no part of that file is +# applied. +# +# Notes # This process is independent of the names of the patch files # themselves - only the subdirectory name matters. Similarly, any # from-file and to-file filenames specified in a patch file are # ignored. # -# If any part of a patch file fails, no part of that file is -# applied. SOURCE_PATCH_DIRECTORIES += $GTHOME/codesonar/libmodels/header_patches @@ -1819,16 +1989,20 @@ # precedence. # - The HUB_ADDRESS setting takes precedence over the CODESONAR_HUB # environment variable. -# - Setting HUB_ADDRESS in template.conf affects the hub-start, -# hub-stop, hub-info, build, and analyze commands. Setting it in -# any other configuration file will affect only build and analyze -# commands using that file. +# - Setting HUB_ADDRESS in template.conf affects the following +# codesonar commands [doc/html/Workings/codesonar_Command.html]: +# analyze, build, generate-hub-cert, hub-info, hub-start, hub- +# stop, relocate. +# - Setting HUB_ADDRESS in any other configuration file +# [doc/html/Preferences/PreferencesIndex.html#overview] affects +# only the following commands, and only if they are using that +# file: analyze, build, relocate. # # Notes # For example: # HUB_ADDRESS = 127.0.0.1:7340 # -# This parameter is ignored by the Windows project builder GUI. +# This parameter is ignored by the CodeSonar Windows build wizard. # ## HUB_ADDRESS = 127.0.0.1:7340 @@ -1884,8 +2058,8 @@ # another Windows service. # # Notes -# This parameter is ignored by the Windows project builder GUI and -# by the "codesonar install-launchd" command. +# This parameter is ignored by the CodeSonar Windows build wizard +# and by the "codesonar install-launchd" command. # # This parameter has no effect on non-Windows systems. # @@ -1913,7 +2087,7 @@ # control returns to the shell. # # Notes -# This parameter is ignored by the Windows project builder GUI. +# This parameter is ignored by the CodeSonar Windows build wizard. # # The "CodeSonar Analysis Log" in the web GUI will not be populated # when this is set to "Yes". Instead, the log will show up on the @@ -2015,6 +2189,145 @@ REQUEST_REMOTE_SLAVES = No +# Parameter REMOTE_SLAVES_LAUNCHDS +# +# Purpose +# Specifies the launch daemon or daemons from which analysis slaves +# may be requested. +# +# Type +# string or integer +# +# Behavior +# Analysis slaves for remote-requesting analyses will only be +# requested from launch daemons that match the specified value, +# which can take any of the following forms. +# - Positive Integer N : Matches all launch daemons that are +# transitive descendants of the launchd group whose LDGroup ID +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_id] is +# N. +# - Negative Integer -M : Matches the single launch daemon whose +# Launch Daemon ID +# [doc/html/Workings/LaunchDaemon.html#launchd_id] is M. +# - (Integer 0 is not a valid setting.) +# - /Foo/Bar/* : Matches all launch daemons that are transitive +# descendants of the launch daemon group(s) whose LDGroup Path +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_path] +# is /Foo/Bar. Case sensitive. +# - /Foo/Bar/user@machine : Matches all launch laemon(s) whose +# Parent LDGroup +# [doc/html/Workings/LaunchDaemon.html#parent_ldgroup] is +# /Foo/Bar, System User +# [doc/html/Workings/LaunchDaemon.html#pretty_username] is user, +# and Machine [doc/html/Workings/LaunchDaemon.html#machine] is +# machine. Case sensitive. +# +# Notes +# If security is a concern, then it is safer to use the positive +# integer and negative integer forms, since IDs are never reused, +# whereas multiple launch daemon groups can have the same path, and +# the truthfulness of the human readable launch daemon names +# (user@machine) cannot be verified by the hub. +# +# It is advisable to only use trusted launch daemons. For best +# performance, it is advisable to only use launch daemons with +# reasonable performance and an ethernet quality network connection +# to the analysis master. +# +# By default, all launch daemons on the hub will be used. +# +# This setting has no effect if REQUEST_REMOTE_SLAVES=No. +# +# Examples: +# REMOTE_SLAVES_LAUNCHDS += /siteA/* +# REMOTE_SLAVES_LAUNCHDS += /siteA/alex@sparky +# REMOTE_SLAVES_LAUNCHDS += 123 +# REMOTE_SLAVES_LAUNCHDS += -123 +# +# For more information, see the manual section on Distributed +# Analysis [doc/html/Workings/DistributedAnalysis.html]. + + +# Parameter LAUNCHD_GROUP +# +# Purpose +# Specifies the parent launchd group for new CodeSonar launch +# daemons [doc/html/Workings/LaunchDaemon.html]. +# +# Type +# string or integer +# +# Behavior +# If a parent launchd group +# [doc/html/Workings/LaunchDaemon.html#parent_ldgroup] is not +# specified in a command that creates a launch daemon, this value +# will be used. If neither is specified, the root launchd group +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#root_ldgroup] +# will be used. (In all cases, the command will fail if the +# authorizing user does not have LAUNCHDGROUP_ADD_CHILD +# [doc/html/Elements/PROPERTIES_RBAC_Permissions.html#LAUNCHDGROUP_ADD_CHILD] +# permission for the launchd group in question.) +# +# The parent launchd group G can be specified as either an integer +# or a string. +# - integer: the LDGroup ID +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_id] +# for G +# - string: the LDGroup path +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_path] +# for G, as a /-separated sequence of LDGroup Name +# [doc/html/Elements/PROPERTIES_Launchd_Group.html#ldgroup_name] +# with leading / corresponding to the root launchd group. +# +# Notes +# This parameter is only used in creating new launch daemons: those +# whose identifying property tuples +# [doc/html/Workings/LaunchDaemon.html#tuple] are not already +# present in the analysis cloud register +# [doc/html/Workings/DistributedAnalysis.html#analysis_cloud_register]). +# You can change the parent launchd group for an existing launch +# daemon from the corresponding Launchd Group +# [doc/html/GUI/GUI_Analysis_Cloud.html] page. + + +# Parameter LAUNCHD_KEY +# +# Purpose +# Specifies extra key data for CodeSonar launch daemon +# [doc/html/Workings/LaunchDaemon.html] identification. +# +# Type +# string +# +# Behavior +# If a launch daemon key [doc/html/Workings/LaunchDaemon.html#key] +# is not specified in a command that creates or specifies a launch +# daemon, this value will be used. If neither are specified, the +# empty string will be used. +# +# Notes +# Usually, specifying a launchd key is unnecessary and CodeSonar +# can distinguish launch daemons by the other members of the launch +# daemon's identifying property tuple +# [doc/html/Workings/LaunchDaemon.html#tuple] [Machine, System +# User, Hub User, Installation, Key]. +# +# However, in some circumstances, the other elements of the +# identifying tuple may not be sufficient to distinguish two launch +# daemons that should be handled separately. +# - If two machines A and B have the same name and CodeSonar +# installation location, a user who is running analyses on both A +# and B should specify distinct launch daemon keys for each so +# that the hub can distinguish the launch daemons. +# - If CodeSonar is being used from multiple chroot environments on +# the same machine, each chroot should specify a distinct launchd +# key to identify itself. +# - The situation is similar for tools like clearcase. If the +# .prj_files directory is being stored inside a view (not +# recommended for performance reasons), then each view should +# identify itself using a distinct launchd key. + + # Parameter MAX_ANALYSIS_SLAVES # # Purpose @@ -2067,7 +2380,6 @@ # { Auto, Serial } or integer # # Behavior - # - Serial with REQUEST_REMOTE_SLAVES=No : web requests are # serviced by a single process. # - Auto with REQUEST_REMOTE_SLAVES=No : CodeSonar will determine @@ -2275,6 +2587,38 @@ # - 127.0.0.1 if REQUEST_REMOTE_SLAVES=No +# Parameter MASTER_USE_TLS +# +# Purpose +# Specifies whether analysis master<->slave sockets should use TLS. +# +# Type +# {Yes, No} +# +# Behavior +# - Yes : TLS sockets will be used for communications between +# analysis masters and slaves. This imposes some additional +# computational cost. +# - No : Plain TCP sockets will be used for communications between +# analysis masters and slaves. +# - unspecified : TLS sockets will be used if and only if HTTPS is +# enabled on the hub and MASTER_LISTEN_INTERFACE is not +# 127.0.0.1. (Visit the hub's Configure HTTPS +# [doc/html/GUI/GUI_Configure_HTTPS.html] page to view or modify +# its HTTPS enabling status.) +# +# Notes +# Set this to Yes if secrecy is desired. +# +# Two way authentication takes place regardless of the +# MASTER_USE_TLS setting, but is vulnerable to snooping when TLS is +# not used. +# +# The master will generate a fresh 2048 bit RSA private key for +# each master analysis process. The corresponding certificate is +# provided to all slaves on startup. + + # Parameter SLAVE_TIMEOUT # # Purpose @@ -2302,8 +2646,8 @@ # - The slave has asked the master to do work that takes longer # than the timeout. # -# The latter two situations are unlikely to occur with the default -# value. +# The latter two situations are unlikely to occur with the factory +# setting. # # This setting can be important to prevent orphaned slaves from # waiting indefinitely on a master that no longer exists. @@ -2339,8 +2683,8 @@ # - The slave process got busy doing something for longer than this # period. # -# The latter two situations are unlikely to occur with the default -# value. +# The latter two situations are unlikely to occur with the factory +# setting. # # This setting can be important to prevent the master from starving # because it is waiting on slaves that no longer exist. @@ -2661,6 +3005,7 @@ # WARNING_FILTER += discard class="Unreachable Conditional" # WARNING_FILTER += discard class="Unreachable Data Flow" # WARNING_FILTER += discard class="Unreasonable Size Argument" +# WARNING_FILTER += discard class="Unterminated C String" # WARNING_FILTER += discard class="Unused Value" # WARNING_FILTER += discard class="Use After Close" # WARNING_FILTER += discard class="Use After Free" @@ -2715,12 +3060,12 @@ # WARNING_FILTER += allow class="Data Race" # WARNING_FILTER += allow class="Declaration of Flexible Array Member" # WARNING_FILTER += allow class="Declaration of Variable Length Array" -# WARNING_FILTER += allow class="Disallowed Macro Name" # WARNING_FILTER += allow class="Dynamic Allocation After Initialization" # WARNING_FILTER += allow class="Excessive Stack Depth" # WARNING_FILTER += allow class="Expression Value Widened by Assignment" # WARNING_FILTER += allow class="Expression Value Widened by Other Operand" # WARNING_FILTER += allow class="Extern Array Without Size" +# WARNING_FILTER += allow class="FILE* Dereference" # WARNING_FILTER += allow class="Float-typed Loop Counter" # WARNING_FILTER += allow class="Function Defined in Header File" # WARNING_FILTER += allow class="Function Pointer Conversion" @@ -2733,6 +3078,7 @@ # WARNING_FILTER += allow class="Hardcoded DNS Name" # WARNING_FILTER += allow class="High Risk Loop" # WARNING_FILTER += allow class="Implicit Address of Function" +# WARNING_FILTER += allow class="Implicit Function Declaration" # WARNING_FILTER += allow class="Inappropriate Assignment Type" # WARNING_FILTER += allow class="Inappropriate Bit-field Type" # WARNING_FILTER += allow class="Inappropriate Cast Type" @@ -2744,16 +3090,20 @@ # WARNING_FILTER += allow class="Inconsistent Function Declarations" # WARNING_FILTER += allow class="Inconsistent Object Declarations" # WARNING_FILTER += allow class="Inline Function Not static" +# WARNING_FILTER += allow class="Invalid Preprocessor Directive" # WARNING_FILTER += allow class="Label Not In Enclosing Block" # WARNING_FILTER += allow class="Leftover Debug Code" # WARNING_FILTER += allow class="Line Splicing in Comment" # WARNING_FILTER += allow class="Lock/Unlock Mismatch" # WARNING_FILTER += allow class="Locked Twice" # WARNING_FILTER += allow class="Macro Defined in Function Body" +# WARNING_FILTER += allow class="Macro Definition of Reserved Name" # WARNING_FILTER += allow class="Macro Does Not End With } or )" # WARNING_FILTER += allow class="Macro Does Not Start With { or (" # WARNING_FILTER += allow class="Macro Name is C Keyword" +# WARNING_FILTER += allow class="Macro Parameter Not Parenthesized" # WARNING_FILTER += allow class="Macro Undefined in Function Body" +# WARNING_FILTER += allow class="Macro Undefinition of Reserved Name" # WARNING_FILTER += allow class="Macro Uses ## Operator" # WARNING_FILTER += allow class="Macro Uses -> Operator" # WARNING_FILTER += allow class="Macro Uses Unary * Operator" @@ -2780,6 +3130,7 @@ # WARNING_FILTER += allow class="Missing for-loop Step" # WARNING_FILTER += allow class="Missing for-loop Termination" # WARNING_FILTER += allow class="Mixed Assembly and Code" +# WARNING_FILTER += allow class="Modified Parameter" # WARNING_FILTER += allow class="Multiple Abnormal Loop Exits" # WARNING_FILTER += allow class="Multiple Declarations On Line" # WARNING_FILTER += allow class="Multiple Declarations of a Global" @@ -2826,6 +3177,7 @@ # WARNING_FILTER += allow class="Side Effects in sizeof" # WARNING_FILTER += allow class="Signal Handler Entry Point" # WARNING_FILTER += allow class="Socket In Wrong State" +# WARNING_FILTER += allow class="Static Array Parameter" # WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" # WARNING_FILTER += allow class="Subtraction Underflow of Size" # WARNING_FILTER += allow class="Tainted Allocation Size" @@ -2839,6 +3191,7 @@ # WARNING_FILTER += allow class="Too Many Dereferences" # WARNING_FILTER += allow class="Too Many Parameters" # WARNING_FILTER += allow class="Too Much Indirection in Declaration" +# WARNING_FILTER += allow class="Trigraph" # WARNING_FILTER += allow class="Truncation of Allocation Size" # WARNING_FILTER += allow class="Truncation of Size" # WARNING_FILTER += allow class="Typographically Ambiguous Identifiers" @@ -2902,6 +3255,7 @@ # WARNING_FILTER += allow class="Use of longjmp" # WARNING_FILTER += allow class="Use of memset" # WARNING_FILTER += allow class="Use of mkstemp" +# WARNING_FILTER += allow class="Use of offsetof" # WARNING_FILTER += allow class="Use of popen" # WARNING_FILTER += allow class="Use of qsort" # WARNING_FILTER += allow class="Use of rand" @@ -2924,6 +3278,7 @@ # WARNING_FILTER += allow class="Use of vfork" # WARNING_FILTER += allow class="Variadic Macro" # WARNING_FILTER += allow class="Warnings Not Treated As Errors" +# WARNING_FILTER += allow class="Write to Read Only File" # # To enable additional buffer overrun checking, which can best be # described as better at finding buffer overruns involving pointer @@ -2934,8 +3289,7 @@ # system headers: # WARNING_FILTER += discard class="Integer Overflow of Allocation Size" is_sysinclude -WARNING_FILTER += discard class="Integer Overflow of Allocation Size" language="C++" is_sysinclude -WARNING_FILTER += discard class="Unreasonable Size Argument" language="C++" is_sysinclude +WARNING_FILTER += discard language="C++" is_sysinclude # Parameter SKIP_ANALYSIS_OF @@ -3751,6 +4105,36 @@ # JAVA_PLUGIN_CLASSPATH += c:\pluginclasspath +# Parameter JAVA_PLUGIN_JVM_FLAGS +# +# Purpose +# Specifies additional flags passed to the JVM. +# +# Tags +# - BUILD_BEHAVIOR: Governs the Build/Analysis +# +# Type +# string +# +# Behavior +# Multiple flags can be specified by using the += operator. Place +# one flag on each line. +# +# The flags are forwarded to JNI_CreateJavaVM in the options field +# of the JavaVMInitArgs parameter. +# +# Notes +# The Java API for CodeSonar currently has beta-level support. For +# more information, see the notes on API Languages +# [doc/html/API/Api.html#languages]. +# +# For example: +# JAVA_PLUGIN_JVM_FLAGS += -Xmx2g +# JAVA_PLUGIN_JVM_FLAGS += -Djava.compiler=NONE +# JAVA_PLUGIN_JVM_FLAGS += -Djava.library.path=c:\mylibs +# JAVA_PLUGIN_JVM_FLAGS += -verbose:jni + + # Parameter JAVA_PLUGIN_CLASSES # # Purpose @@ -4552,6 +4936,7 @@ # # Tags # - TIME_LIMIT: Analysis Time Limits +# - WC_CONCURRENCY.DATARACE: Used by Data Race # # Type # integer @@ -4674,7 +5059,7 @@ # procedure for detecting data races. # # Type -# non-negative integer +# non-negative integer WC_CONCURRENCY.DATARACE # # Behavior # If a procedure accesses more than this many shared variables, @@ -4690,6 +5075,29 @@ DATA_RACE_MAX_MEM_ACCESSES = 1000 +# Parameter DATA_RACE_MAX_LOCKSETS_PER_MEM_ACCESS +# +# Purpose +# Bounds the number of sets held of locks that are tracked for any +# given (transitive) memory access. +# +# Type +# non-negative integer WC_CONCURRENCY.DATARACE +# +# Behavior +# If a procedure accesses more than this many shared variables, +# some variables will not be checked for data races. Raising this +# will result in a more thorough analysis, but will increase the +# time and memory used by the analysis. +# +# Notes +# This only affects the analysis for Data Race warnings. It is +# expected that this value will rarely be exceeded with its default +# value (1000). +# +DATA_RACE_MAX_LOCKSETS_PER_MEM_ACCESS = 1000 + + # Parameter ROLLBACK_SUMMARIES_ON_ABORT # # Purpose @@ -4921,8 +5329,8 @@ # Parameter MAX_SIMILAR_PATHS # # Purpose -# Can influence the number of instances with similar paths that -# will be generated for a single warning. +# Bounds the number of similar warnings that CodeSonar will report. +# Only successfully refined warnings count against this limit. # # Tags # - ANALYSIS_BOUND: Analysis resource/effort limit @@ -5256,12 +5664,19 @@ # The approximate refinement problems can therefore be # significantly more expensive to solve than the exact ones. # -# It can be beneficial to enable both exact and approximate -# refinement, because the sets of warnings that each can dismiss -# are incomparable. In this case, the two refinement phases are -# carried out in sequence. Taint+dp warnings [#taint_dp] are not -# included in exact or approximate refinement, but instead have -# their own refinement stage. +# If exact refinement and approximate refinement are both ENABLED, +# the two refinement phases are carried out in sequence. It can be +# beneficial to enable both kinds of refinement because the sets of +# warnings that each can dismiss are incomparable. +# +# If exact refinement and approximate refinement are both DISABLED, +# the analysis will take less time and have reduced risk of +# dismissing true positives, but will generally produce more false +# positives. +# +# Taint+dp warnings [#taint_dp] are not included in exact or +# approximate refinement, but instead have their own refinement +# stage. # # See DP_REFINEMENT_APPROXIMATE for more information about # approximate refinement. @@ -5388,6 +5803,9 @@ # Taint+dp warnings [#taint_dp] are always excluded from # approximate refinement. # +# If set to No, the analysis will not perform approximate +# refinement. +# # Tags # - WARNING_TUNING: Fine Tuning for Warnings # @@ -6411,14 +6829,14 @@ # {None, Some, More, Most} # # Behavior -# A call site will only be expanded if it is on a path and is -# especially relevant. +# For a particular warning, a call site will only be expanded if it +# is on the warning path and is especially relevant. # # A higher value for this preference can reduce the number of false # positive results, but will make the analysis take longer. # # Notes -# If a call site on some path is expanded in the CodeSonar +# If a call site on some warning path is expanded in the CodeSonar # analysis, the corresponding HTML warning report will allow # navigation into the call site. This provides a more complete # depiction of program behavior, but increases the size of the @@ -6515,7 +6933,7 @@ # Notes # Note that the Too Many Parameters check is disabled by default: # use a WARNING_FILTER rule to enable it. -# + MAX_NUM_PARAMS = 6 @@ -6541,7 +6959,7 @@ # Notes # Note that the Not Enough Assertions check is disabled by default: # use a WARNING_FILTER rule to enable it. -# + MIN_ASSERTS = 2 @@ -6566,7 +6984,7 @@ # Notes # Note that the Not Enough Assertions check is disabled by default: # use a WARNING_FILTER rule to enable it. -# + MIN_ASSERTS_FUNCTION_LENGTH = 0 @@ -8226,6 +8644,7 @@ # use a WARNING_FILTER rule to enable it. ASSERT_FAIL_FUNCTIONS += ^__assert_fail$ +ASSERT_FAIL_FUNCTIONS += ^__assert_func$ ASSERT_FAIL_FUNCTIONS += ^__assert$ ASSERT_FAIL_FUNCTIONS += ^_assert$ ASSERT_FAIL_FUNCTIONS += ^assert$ @@ -8479,8 +8898,7 @@ # # Purpose # Specifies the procedures from which reachability information is -# computed for interpreting WARNING_FILTER reachable rules and the -# SKIP_ANALYSIS_OF UNREACHABLE_FUNCTIONS setting. +# computed. # # Type # Procedure, as a string of the form "file:procedure" or @@ -8498,6 +8916,20 @@ # [doc/html/API/CAPI/cs__pdg_8h.html#func_cs_pdg_friendly_name] # is exactly XXXX. # +# If no reachability roots are specified, CodeSonar treats all +# procedures as reachable. +# +# Reachability analysis results are used in the following contexts. +# - WARNING_FILTER reachable rules +# - the SKIP_ANALYSIS_OF UNREACHABLE_FUNCTIONS setting +# - the procedures included in the GUI Explore Callers +# [doc/html/GUI/GUI_Explore_Callers.html] display when "Show +# Unreachable" is deselected +# - C and C++ source coloring +# [doc/html/GUI/SourceHyperlinking.html#c_col] in the CodeSonar +# GUI +# +# # Notes # By default, the set of reachability roots is empty. # @@ -8938,6 +9370,31 @@ TAINT_MAX_CHECKED_INPUTS_PER_PROCEDURE = 100 +# Parameter TAINT_MAX_CHECKED_LOCATIONS_PER_INPUT +# +# Purpose +# For the taint analysis, specifies how many usages of a particular +# input to a procedure can be checked at call sites. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# integer +# +# Behavior +# A negative value indicates no limit. Lower (positive) values will +# conserve disk space and time, but can cause false negatives. +# +# Notes +# This bound may be useful for projects containing millions of +# lines of code. + +TAINT_MAX_CHECKED_LOCATIONS_PER_INPUT = 50 + + + + # Parameter TAINT_MAX_CHECKED_TAINT_KINDS_PER_PROCEDURE # # Purpose @@ -9003,6 +9460,49 @@ TAINT_MAX_WARNING_PATH_LENGTH = 10000 +# Parameter TAINT_MAX_SIMILAR_PATHS +# +# Purpose +# Bounds the number of similar taint warnings that CodeSonar will +# report. Only successfully refined warnings count against this +# limit. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# integer +# +# Notes +# Most users will never need a setting higher than 1 +# +# This parameter can significantly affect performance. +# +TAINT_MAX_SIMILAR_PATHS = 1 + + +# Parameter TAINT_MAX_ATTEMPTED_SIMILAR_PATHS +# +# Purpose +# Bounds the number of potentially similar taint warnings that +# CodeSonar will attempt to refine. Both successfully refined +# warnings and dismissed warnings count against this limit. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# integer +# +# Notes +# TAINT_MAX_SIMILAR_PATHS is similar to this except that it bounds +# the number of reported taint warnings. +# TAINT_MAX_ATTEMPTED_SIMILAR_PATHS should always be at least as +# large as TAINT_MAX_SIMILAR_PATHS. +# +TAINT_MAX_ATTEMPTED_SIMILAR_PATHS = 1 + + # Parameter DISABLED_TAINT_KINDS # # Purpose @@ -9286,7 +9786,7 @@ # option -disable-findbugs is specified (through # JAVA_FLAGS_APPEND or JAVA_FLAGS_PREPEND). # - No : FindBugs will not be run during Java analyses. -# - no setting : FindBugs will not be run during Java analyses. +# - unspecified : FindBugs will not be run during Java analyses. JAVA_ENABLE_FINDBUGS = Yes @@ -9308,7 +9808,7 @@ # -disable-pmd is specified (through JAVA_FLAGS_APPEND or # JAVA_FLAGS_PREPEND). # - No : PMD will not be run during Java analyses. -# - no setting : PMD will not be run during Java analyses. +# - unspecified : PMD will not be run during Java analyses. JAVA_ENABLE_PMD = Yes @@ -9331,7 +9831,7 @@ # - No : ThreadSafe will not be run during Java analyses, unless # build option -enable_threadsafe is specified (through # JAVA_FLAGS_APPEND or JAVA_FLAGS_PREPEND). -# - no setting : ThreadSafe will not be run during Java analyses, +# - unspecified : ThreadSafe will not be run during Java analyses, # unless build option -enable_threadsafe is specified. # # Notes @@ -9819,3 +10319,152 @@ # See also SIGNIFICANCE_LEN_EXTERN, SIGNIFICANCE_LEN_MACRO. ## SIGNIFICANCE_LEN_OTHER = -1 + + +# Parameter UNFINISHED_CODE_TAGS +# +# Tags +# - WC_LANG.COMM.TODO: Used by Comment Suggests Code Unfinished +# +# Purpose +# Specifies tags that are considered indicators that the code is +# incomplete. +# +# Type +# Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] +# +# Behavior +# If any line of a comment contains text that matches any of these +# regular expressions, a Comment Suggests Code Unfinished warning +# will be issued. The pattern matches are attempted in order of +# occurrence and only the first successful match is reported. +# +# Notes +# For example, Comment Suggests Code Unfinished warnings will be +# reported on lines 1 and 4 of the following code fragment. +# +# /* 1 */ /* TODO: complete before release */ +# /* 2 */ void incomplete(void) +# /* 3 */ { +# /* 4 */ // FIXME: to be implemented later +# /* 5 */ } + +UNFINISHED_CODE_TAGS += FIXME +UNFINISHED_CODE_TAGS += TODO +UNFINISHED_CODE_TAGS += \\todo +UNFINISHED_CODE_TAGS += @todo +UNFINISHED_CODE_TAGS += \\bug +UNFINISHED_CODE_TAGS += @bug +UNFINISHED_CODE_TAGS += XXX + +# Parameter BAD_MACRO_CLASS +# Parameter BAD_MACRO_NAME +# Parameter BAD_MACRO_FILENAME +# Parameter BAD_MACRO_CATEGORIES +# Parameter BAD_MACRO_BASE_RANK +# Parameter BAD_MACRO_INFO +# Parameter BAD_MACRO_LINK +# Parameter BAD_MACRO_SIGNIFICANCE +# +# Purpose +# Use the BAD_MACRO_* family of parameters to define warning +# classes that indicate the use of specific (prohibited) macros. +# +# Tags +# - WARNING_SPECIAL_MACROS: Designates Specially-Treated Macros +# +# Type +# - BAD_MACRO_CLASS: string +# - BAD_MACRO_NAME: Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] +# - BAD_MACRO_FILENAME: Boost regular expression +# [http://www.boost.org/doc/libs/1_51_0/libs/regex/doc/html/boost_regex/syntax.html] +# - BAD_MACRO_CATEGORIES: string +# - BAD_MACRO_BASE_RANK: number +# - BAD_MACRO_INFO: string +# - BAD_MACRO_LINK: string representing a URL +# - BAD_MACRO_SIGNIFICANCE: { UNSPECIFIED, SECURITY, RELIABILITY, +# REDUNDANCY, STYLE, DIAGNOSTIC } +# +# Behavior +# These parameters are used together to specify bad macros to check +# for and warnings to issue when those macros occur. +# - BAD_MACRO_CLASS will be used as the warning class name. If the +# message contains any characters that are special to HTML, they +# must be HTML-encoded. +# - BAD_MACRO_NAME is a regular expression. If a macro that matches +# this is used, then the warning may be issued. If unspecified, +# any macro name will match. At least one of BAD_MACRO_NAME and +# BAD_MACRO_FILENAME must be specified. +# - BAD_MACRO_FILENAME is a regular expression. If the macro is +# defined in a file that matches this, then the warning may be +# issued. If unspecified, any file name will match. At least one +# of BAD_MACRO_NAME and BAD_MACRO_FILENAME must be specified. +# - BAD_MACRO_CATEGORIES is the set of categories for the warning, +# as a semicolon-separated list. This defaults to the empty +# string. +# - BAD_MACRO_BASE_RANK is the base rank +# [doc/html/Elements/PROPERTIES_Warning.html#base_rank] assigned +# to the warning, with default 15.0. +# - BAD_MACRO_INFO will be used in the warning description box +# [doc/html/GUI/GUI_Warning_Report_Annotations.html#endbox] +# sentence, where occurrences of are replaced by the +# name of the macro, and is replaced by the name of +# the file in which the macro was defined. The default value is +# "'Use of macro is not recommended because it is +# correlated with security or safety defects." Use +# to delimit paragraphs. Use linktext to link "linktext" to linkURL. +# - BAD_MACRO_LINK specifies a URL for further information. Values +# beginning with "#' are interpreted relative to the CodeSonar +# manual root. If a value is specified, CodeSonar will append +# 'See here for more information.' to the text +# in the warning description box +# [doc/html/GUI/GUI_Warning_Report_Annotations.html#endbox]. If +# no value is specified, and BAD_MACRO_INFO is also not +# specified, CodeSonar will look for a category beginning with +# "BADMACRO" in the BAD_MACRO_CATEGORIES list. If there is such a +# category, CodeSonar will add the "See here..." sentence with a +# link to the corresponding warning class page. +# - BAD_MACRO_SIGNIFICANCE is a string representing the +# Significance [doc/html/WarningClasses/Significance.html] +# classification for this warning class. +# +# Notes +# +# If two or more sets of BAD_MACRO_* rules have the same +# BAD_MACRO_CLASS value, the same warning class will be used to +# cover all cases. Therefore, sets of rules with the same +# BAD_MACRO_CLASS should also have the same BAD_MACRO_CATEGORIES, +# BAD_MACRO_INFO, and BAD_MACRO_BASE_RANK values (that is, they +# should only differ in the BAD_MACRO_NAME and BAD_MACRO_FILENAME +# setting). +# +# Similarly, if a set of BAD_MACRO_* rules has a BAD_MACRO_CLASS +# that is the same as the name of a standard CodeSonar warning +# class, the category and base rank settings of the standard class +# will apply and any BAD_MACRO_CATEGORIES or BAD_MACRO_BASE_RANK +# specified in the set will not be used. +# +# Examples: +# BAD_MACRO_CLASS = Use of Forbidden Macro +# BAD_MACRO_NAME = ^MAX$ +# BAD_MACRO_INFO = MAX is bad +# BAD_MACRO_NAME = ^MIN$ +# BAD_MACRO_INFO = MIN is bad +# BAD_MACRO_BASE_RANK = 1.0 +# BAD_MACRO_SIGNIFICANCE = RELIABILITY +# +# specifies a single warning class that will trigger if a macro +# named either MAX or MIN defined in any file are used. +# + +BAD_MACRO_CLASS = Use of offsetof +BAD_MACRO_NAME = ^(offsetof)$ +BAD_MACRO_INFO = offsetof is disallowed because it has portability problems +BAD_MACRO_FILENAME = stddef.h$ +BAD_MACRO_CATEGORIES = BADMACRO.OFFSETOFF;Misra2004:20.6;MisraC++2008:18-2-1 +BAD_MACRO_BASE_RANK = 12.0 +BAD_MACRO_SIGNIFICANCE = RELIABILITY +