--- template5.2p0.conf 2020-05-19 09:30:38.315319000 -0400 +++ template5.3p0.conf 2020-05-19 09:31:37.801305600 -0400 @@ -1,7 +1,7 @@ # For emacs: -*- Shell-script -*- # ###################################################################### -# CodeSonar 5.2p0 Configuration File +# CodeSonar 5.3p0 Configuration File ###################################################################### # # CodeSonar will use preferences defined in this file when running @@ -93,7 +93,8 @@ # *_PREPEND, the += operator appends). This means that if you have # two CFLAGS_PREPEND += statements in this file, the CFLAGS in the # second statement will be prepended to the CFLAGS in the first -# statement. CFLAGS_PREPEND += +# statement. +## CFLAGS_PREPEND += # Parameter CFLAGS_APPEND @@ -220,6 +221,7 @@ # COMPILER_MODELS += armcl.exe -> cl6x # COMPILER_MODELS += armcpp.exe -> armcpp # COMPILER_MODELS += bcc32.exe -> borland +# COMPILER_MODELS += c166.exe -> tasking # COMPILER_MODELS += c51.exe -> c51 # COMPILER_MODELS += cc21k.exe -> visualdsp # COMPILER_MODELS += ccblkfn.exe -> visualdsp @@ -233,9 +235,8 @@ # COMPILER_MODELS += cl470.exe -> cl6x # COMPILER_MODELS += cl55.exe -> cl6x # COMPILER_MODELS += cl6x.exe -> cl6x -# COMPILER_MODELS += c166.exe -> tasking -# COMPILER_MODELS += clang.exe -> clang # COMPILER_MODELS += clang++.exe -> clangpp +# COMPILER_MODELS += clang.exe -> clang # COMPILER_MODELS += clarm.exe -> cl # COMPILER_MODELS += clmips.exe -> cl # COMPILER_MODELS += clsh.exe -> cl @@ -266,10 +267,10 @@ # COMPILER_MODELS += gxx.exe -> gpp # COMPILER_MODELS += i686-pc-mingw32-g++.exe -> gpp # COMPILER_MODELS += i686-pc-mingw32-gcc.exe -> gcc -# COMPILER_MODELS += icc430.exe -> iar -# COMPILER_MODELS += iccarm.exe -> iar -# COMPILER_MODELS += iccm32c.exe -> iar -# COMPILER_MODELS += mcpcom.exe -> mcpcom +# COMPILER_MODELS += icc430.exe -> icc430 +# COMPILER_MODELS += iccarm.exe -> iccarm +# COMPILER_MODELS += iccm32c.exe -> iccm32c +# COMPILER_MODELS += iccstm8.exe -> iccstm8 # COMPILER_MODELS += mwccmcf.exe -> mwccmcf # COMPILER_MODELS += null-cc.exe -> xcc # COMPILER_MODELS += picc.exe -> picc @@ -282,7 +283,6 @@ # COMPILER_MODELS += x86_64-pc-mingw32-gcc.exe -> gcc # # POSIX default models: -# COMPILER_MODELS += QCC -> qcc # COMPILER_MODELS += arm-none-eabi-g++ -> gpp # COMPILER_MODELS += arm-none-eabi-gcc -> gcc # COMPILER_MODELS += armcc -> armcc @@ -314,6 +314,9 @@ # COMPILER_MODELS += tcc -> armcc # COMPILER_MODELS += tcpp -> armcpp # +# On all EXCEPT Windows and OS X: +# COMPILER_MODELS += QCC -> qcc +# # On Solaris, in addition to POSIX default models: # COMPILER_MODELS += CC -> acpp # @@ -471,61 +474,97 @@ # Notes # On Windows, always include the file extension of the executable # (which should be .exe or .com). - -# -# A superset of the default compilers appears below. # -# Windows: +# The following compiler executables are recognized by default on +# Windows systems. To ignore invocations of a specific executable, +# use the corresponding DISABLED_COMPILERS rule. +# DISABLED_COMPILERS += arm-none-eabi-g++.exe +# DISABLED_COMPILERS += arm-none-eabi-gcc.exe # DISABLED_COMPILERS += armcc.exe +# DISABLED_COMPILERS += armcl.exe # DISABLED_COMPILERS += armcpp.exe +# DISABLED_COMPILERS += bcc32.exe +# DISABLED_COMPILERS += c166.exe +# DISABLED_COMPILERS += c51.exe +# DISABLED_COMPILERS += cc21k.exe +# DISABLED_COMPILERS += ccblkfn.exe +# DISABLED_COMPILERS += ccrx.exe +# DISABLED_COMPILERS += ccts.exe # DISABLED_COMPILERS += ch38.exe # DISABLED_COMPILERS += cl.exe +# DISABLED_COMPILERS += cl2000.exe # DISABLED_COMPILERS += cl30.exe +# DISABLED_COMPILERS += cl430.exe +# DISABLED_COMPILERS += cl470.exe +# DISABLED_COMPILERS += cl55.exe # DISABLED_COMPILERS += cl6x.exe +# DISABLED_COMPILERS += clang++.exe +# DISABLED_COMPILERS += clang.exe # DISABLED_COMPILERS += clarm.exe # DISABLED_COMPILERS += clmips.exe # DISABLED_COMPILERS += clsh.exe # DISABLED_COMPILERS += clthumb.exe +# DISABLED_COMPILERS += cosmic.exe +# DISABLED_COMPILERS += cp166.exe +# DISABLED_COMPILERS += cpcp.exe +# DISABLED_COMPILERS += cptc.exe +# DISABLED_COMPILERS += ctc.exe +# DISABLED_COMPILERS += cvavr-null.exe # DISABLED_COMPILERS += cw-cc.exe # DISABLED_COMPILERS += dcc.exe # DISABLED_COMPILERS += dplus.exe # DISABLED_COMPILERS += ecom68.exe +# DISABLED_COMPILERS += ecom800.exe # DISABLED_COMPILERS += ecom86.exe # DISABLED_COMPILERS += ecomarm.exe +# DISABLED_COMPILERS += ecommip.exe # DISABLED_COMPILERS += ecomppc.exe # DISABLED_COMPILERS += ecomx86.exe -# DISABLED_COMPILERS += g++.exe # DISABLED_COMPILERS += g++-3.exe # DISABLED_COMPILERS += g++-4.exe -# DISABLED_COMPILERS += gcc.exe +# DISABLED_COMPILERS += g++.exe # DISABLED_COMPILERS += gcc-3.exe # DISABLED_COMPILERS += gcc-4.exe +# DISABLED_COMPILERS += gcc.exe # DISABLED_COMPILERS += gpp.exe # DISABLED_COMPILERS += gxx.exe -# DISABLED_COMPILERS += iccarm.exe +# DISABLED_COMPILERS += i686-pc-mingw32-g++.exe +# DISABLED_COMPILERS += i686-pc-mingw32-gcc.exe # DISABLED_COMPILERS += icc430.exe +# DISABLED_COMPILERS += iccarm.exe # DISABLED_COMPILERS += iccm32c.exe -# DISABLED_COMPILERS += mcpcom.exe +# DISABLED_COMPILERS += iccstm8.exe +# DISABLED_COMPILERS += mwccmcf.exe # DISABLED_COMPILERS += null-cc.exe # DISABLED_COMPILERS += picc.exe +# DISABLED_COMPILERS += qcc.exe # DISABLED_COMPILERS += shc.exe # DISABLED_COMPILERS += shcpp.exe # DISABLED_COMPILERS += tcc.exe # DISABLED_COMPILERS += tcpp.exe +# DISABLED_COMPILERS += x86_64-pc-mingw32-g++.exe +# DISABLED_COMPILERS += x86_64-pc-mingw32-gcc.exe # -# POSIX: +# The following compiler executables are recognized by default on +# Posix systems. To ignore invocations of a specific executable, +# use the corresponding DISABLED_COMPILERS rule. +# DISABLED_COMPILERS += arm-none-eabi-g++ +# DISABLED_COMPILERS += arm-none-eabi-gcc # DISABLED_COMPILERS += armcc # DISABLED_COMPILERS += armcpp # DISABLED_COMPILERS += c++ # DISABLED_COMPILERS += cc -# DISABLED_COMPILERS += ccppc # DISABLED_COMPILERS += ch38 -# DISABLED_COMPILERS += c++ppc +# DISABLED_COMPILERS += clang +# DISABLED_COMPILERS += clang++ +# DISABLED_COMPILERS += cosmic # DISABLED_COMPILERS += dcc # DISABLED_COMPILERS += dplus -# DISABLED_COMPILERS += ecomarm # DISABLED_COMPILERS += ecom68 +# DISABLED_COMPILERS += ecom800 # DISABLED_COMPILERS += ecom86 +# DISABLED_COMPILERS += ecomarm +# DISABLED_COMPILERS += ecommip # DISABLED_COMPILERS += ecomppc # DISABLED_COMPILERS += ecomx86 # DISABLED_COMPILERS += g++ @@ -534,12 +573,11 @@ # DISABLED_COMPILERS += gxx # DISABLED_COMPILERS += mcpcom # DISABLED_COMPILERS += null-cc +# DISABLED_COMPILERS += qcc # DISABLED_COMPILERS += shc # DISABLED_COMPILERS += shcpp -# DISABLED_COMPILERS += armcc # DISABLED_COMPILERS += tcc # DISABLED_COMPILERS += tcpp -# @@ -875,19 +913,40 @@ # - BUILD_BEHAVIOR: Governs the Build/Analysis # # Type -# Boost 'POSIX Extended Regular Expression' -# [http://www.boost.org/doc/libs/1_63_0/libs/regex/doc/html/boost_regex/syntax/basic_extended.html] -# -# Behavior -# If a file in a compilation command has a path that matches the -# regular expression, that compilation will be ignored. -# -# Notes -# This option cannot be used to ignore header files. Only top level -# files (e.g., .c and .cpp) can be ignored. CodeSonar users looking -# to discard warnings in certain include files might be interested -# in the WARNING_FILTER "ignore dir" examples, or the -# SYSTEM_INCLUDE_PATHS setting. +# - C/C++ analyses: Boost 'POSIX Extended Regular Expression' +# [http://www.boost.org/doc/libs/1_63_0/libs/regex/doc/html/boost_regex/syntax/basic_extended.html] +# - Java analyses: Regular expression string for +# java.util.regex.Pattern +# [doc/html/Preferences/https://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html] +# +# Behavior +# For C and C++ analyses: If a file in a compilation command has a +# path that matches the regular expression, that compilation will +# be ignored. +# +# For Java analyses: The regular expression is matched against all +# .class, .java, and Java archive files identified in the cs-bin- +# scan command (primary command argument, -sourcefile values, and +# -auxclasspath values). Matching files are excluded from the +# project, with consequences that depend on the file type as +# follows. +# - .java: The file and its corresponding .class file will not be +# analyzed. However, if the corresponding .class file is not also +# ignored it may still provide information for other classes that +# are analyzed. +# - .class: FindBugs will not analyze the class. If the +# corresponding .java file is not also ignored, it will be +# analyzed with PMD only. +# - archive: Julia will not analyze any part of the archive. Other +# handling for individual .class and .java files inside the +# archive is as described above. +# +# Notes +# For C and C++ analyses, this option cannot be used to ignore +# header files. Only top level files (e.g., .c and .cpp) can be +# ignored. CodeSonar users looking to discard warnings in certain +# include files might be interested in the WARNING_FILTER examples +# for discard path:, or the SYSTEM_INCLUDE_PATHS setting. # # For example, # IGNORED_COMPILATIONS += ^.*foo\.c$ @@ -906,6 +965,9 @@ # do not require escaping: # IGNORED_COMPILATIONS += bar/foo\.c # +# For Java analyses, this option can be used to ignore any +# combination of .class, .java, and Java archive files as described +# in the Behavior section. # Parameter IGNORED_COMPILATION_COMMANDS @@ -1787,7 +1849,7 @@ # If environment variable CS_PREPROCESS_IF_FAIL is set, its value # will override the setting of this parameter. # -PREPROCESS_IF_FAIL = Yes +PREPROCESS_IF_FAIL = No # Parameter PREPROCESS_ALWAYS @@ -1901,6 +1963,10 @@ # file descriptors. Environments with low ulimits may need to # decrease this value. # +# 32-bit builds of CodeSonar set this limit to 2 by default, since +# 32-bit systems generally don't have enough RAM available to +# userland processes for running more than 2 concurrent parsers. +# MAX_CONCURRENT_PARSE_PROCESSES = 582 @@ -3801,6 +3867,7 @@ # WARNING_FILTER += allow class="Addition Overflow of Allocation Size" # WARNING_FILTER += allow class="Addition Overflow of Size" # WARNING_FILTER += allow class="Array Parameter Mismatch" +# WARNING_FILTER += allow class="Assembly Pragma" # WARNING_FILTER += allow class="Assignment Result in Expression" # WARNING_FILTER += allow class="Assignment in Conditional" # WARNING_FILTER += allow class="Backwards goto" @@ -3824,6 +3891,7 @@ # WARNING_FILTER += allow class="Conditional Compilation" # WARNING_FILTER += allow class="Conflicting Lock Order" # WARNING_FILTER += allow class="Confusing Literal Suffix" +# WARNING_FILTER += allow class="Confusing Operator Overload" # WARNING_FILTER += allow class="Continue Statement" # WARNING_FILTER += allow class="Conversion from Function Pointer" # WARNING_FILTER += allow class="Conversion to Function Pointer" @@ -3836,12 +3904,15 @@ # WARNING_FILTER += allow class="Declaration of Reserved Name" # WARNING_FILTER += allow class="Declaration of Variable Length Array" # WARNING_FILTER += allow class="Dynamic Allocation After Initialization" +# WARNING_FILTER += allow class="Ellipsis" +# WARNING_FILTER += allow class="Essential Type Diagnostic" # WARNING_FILTER += allow class="Excessive Stack Depth" # WARNING_FILTER += allow class="Expression Value Widened by Assignment" # WARNING_FILTER += allow class="Expression Value Widened by Other Operand" # WARNING_FILTER += allow class="Extern Array Without Size" # WARNING_FILTER += allow class="FILE* Dereference" # WARNING_FILTER += allow class="Float-typed Loop Counter" +# WARNING_FILTER += allow class="Floating Point Equality" # WARNING_FILTER += allow class="Function Defined in Header File" # WARNING_FILTER += allow class="Function Pointer Conversion" # WARNING_FILTER += allow class="Function Pointer" @@ -3942,6 +4013,7 @@ # WARNING_FILTER += allow class="Over-initialized Element" # WARNING_FILTER += allow class="Partially Uninitialized Aggregate" # WARNING_FILTER += allow class="Partially Uninitialized Array" +# WARNING_FILTER += allow class="Pointed-to Type Could Be const" # WARNING_FILTER += allow class="Pointer Arithmetic" # WARNING_FILTER += allow class="Pointer Before Beginning of Object" # WARNING_FILTER += allow class="Pointer Past End of Object" @@ -4087,6 +4159,9 @@ # WARNING_FILTER += allow class="Use of t_open" # WARNING_FILTER += allow class="Use of ttyname" # WARNING_FILTER += allow class="Use of vfork" +# WARNING_FILTER += allow class="Using Declaration in Header File" +# WARNING_FILTER += allow class="Using Directive in Header File" +# WARNING_FILTER += allow class="Using Directive" # WARNING_FILTER += allow class="Variadic Macro" # WARNING_FILTER += allow class="Warnings Not Treated As Errors" # WARNING_FILTER += allow class="Weak Cryptography" @@ -4573,6 +4648,7 @@ # WARNING_FILTER += discard class="Integer Overflow of Allocation Size" is_sysinclude WARNING_FILTER += discard language="C++" is_sysinclude +WARNING_FILTER += discard class="Cast Alters Value" is_sysinclude WARNING_FILTER += discard class="Undefined Macro in #if" is_sysinclude # Parameter SKIP_ANALYSIS_OF @@ -8132,7 +8208,6 @@ RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^g_error_new_literal$ RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^getaddrinfo$ RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^getc$ -RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^getchar$ RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^GetCurrentProcess$ RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^GetCurrentProcessId$ RETURN_CHECKER_BUILT_IN_CHECKED_FUNCS += ^GetCurrentThread$ @@ -9174,6 +9249,7 @@ RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS += ^png_get_valid$ RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS += ^png_sig_cmp$ RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS += ^poptGetContext$ +RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS += ^posix_memalign$ RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS += ^PQerrorMessage$ RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS += ^PQresultStatus$ RETURN_CHECKER_BUILT_IN_CHECKED_PURE_FUNCS += ^PQstatus$ @@ -9982,6 +10058,7 @@ # NOT be issued when the return value from f() is ignored. RETURN_CHECKER_IGNORED_FUNCS += ^std::basic_ostream::operator<<$ +RETURN_CHECKER_IGNORED_FUNCS += ^getchar$ # Parameter FORMAT_STRING_CHECKER_SAMPLE_SIZE @@ -11168,6 +11245,7 @@ # If "Yes", CodeSonar will issue Unused Value warnings in cases # like: # x = 3; +# x = 4; # # If "No", such cases will not trigger Unused Value warnings. # @@ -14019,6 +14097,44 @@ UNIT_OF_WORK_ISOLATION = No + + +# Parameter TRANSACTION_BUFFER_SIZE_LIMIT +# +# Purpose +# Specifies the maximum amount of memory (in megabytes) to allocate +# in the analysis master for a pending transaction. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# integer +# +# Behavior +# When set to integer N, an N-megabyte transaction buffer will be +# maintained in the analysis master for the analysis of each +# procedure when the analysis is not run in serial mode. When a +# slave analyzes a procedure, any outputs from the analysis of that +# procedure (e.g., warnings and summaries) are accumulated to the +# corresponding transaction buffer in the master. Once analysis of +# the procedure completes, the transaction is committed and the +# buffer freed. If the size limit is exceeded, then the transaction +# is abandoned and rolled back. The offending procedure will in +# effect not be analyzed. +# +# Notes +# This setting was introduced to safeguard against out of memory +# conditions witnessed in certain generated procedures many +# thousands of lines long, which contained dozens of unreachable +# code warnings. Cumulatively, the size of the markup for these +# warnings was enough to make CodeSonar use more memory than would +# be available on a 32-bit system. This configuration variable +# exists to safeguard against such unusual code. + +TRANSACTION_BUFFER_SIZE_LIMIT = 512 + + # Parameter UNINITIALIZED_GLOBALS # # Purpose @@ -14251,6 +14367,66 @@ ## SIGNIFICANCE_LEN_OTHER = -1 +# Parameter MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH +# +# Purpose +# Specifies whether Shift Amount Exceeds Bit Width checks should +# follow MISRA rules (as opposed to the C standards) for +# determining whether an arithmetic-shift operation exceeds the +# number of bits occupied by the left-hand operand of the +# operation. +# +# Tags +# - WC_LANG.ARITH.BIGSHIFT: Used by Shift Amount Exceeds Bit Width +# - WARNING_TUNING: Fine Tuning for Warnings +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : CodeSonar will determine that the width of the left-hand +# operand of an arithmetic-shift operation is the width of the +# type of the operand actually appearing in the source code. +# - No : CodeSonar will determine that the width of the left-hand +# operand of an arithmetic-shift operation is the width of the +# type of the operand, after possible casts have being applied by +# the compiler to the operand actually appearing in the source +# code. +# +# Notes +# According to the C standards, when a value that is smaller than +# an int is used as the left-hand operand of an arithmetic shift, +# then that value is first cast to int before the shift is applied. +# Hence, the following code +# char c; +# c << 10; +# c << 64; +# is equivalent to +# char c; +# ((int)c) << 10; +# ((int)c) << 64; +# +# When checker Shift Amount Exceeds Bit Width is applied to an +# arithmetic shift, the width in bits of the left-hand operand is +# determined by the setting of +# MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH. +# +# Assuming an \int is 64 bits long or less, CodeSonar will produce +# either one or two warnings. +# MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH=Yes (2 warnings): +# char c; +# c << 10; /* Shift Amount Exceeds Bit Width */ +# c << 64; /* Shift Amount Exceeds Bit Width */ +# MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH=No (1 warning): +# char c; +# c << 10; +# c << 64; /* Shift Amount Exceeds Bit Width */ +# +# For further information, see \link +# ../WarningClasses/LANG/LANG.ARITH.BIGSHIFT.html\endlink + +## MISRA_SHIFT_AMOUNT_EXCEEDS_BIT_WIDTH = No + # Parameter UNFINISHED_CODE_TAGS # @@ -14453,7 +14629,7 @@ # [http://www.boost.org/doc/libs/1_63_0/libs/regex/doc/html/boost_regex/syntax/basic_extended.html] # # Behavior -# In checks for the following warning classes,CodeSonar treats all +# In checks for the following warning classes, CodeSonar treats all # function calls as having side effects UNLESS the function name # matches a SIDE_EFFECT_FREE_FUNCTIONS regular expression. # - Side Effects in Expression with Decrement @@ -15191,3 +15367,71 @@ # PARAMETER_EVALUATION_ORDER = RIGHT_TO_LEFT + +# Parameter IMPLICIT_INITIALIZER_ELT_LIMIT +# +# Purpose +# Specifies an upper bound on the number of implicitly-zero- +# initialized array elements from a curly-brace initializer +# CodeSonar will explicitly track, on each end of the implicitly- +# initialized segment of the array. +# +# Tags +# - ANALYSIS_BOUND: Analysis resource/effort limit +# +# Type +# integer +# +# Behavior +# Using a setting of 2, the initialization of elements 0, 1, 2, 3, +# 4, 98, and 99 of this array would be tracked: +# int A[100] = { 42, 42, 42 }; +# +# Notes +# Large values may increase precision in some programs, but will +# slow down the analysis. +# +IMPLICIT_INITIALIZER_ELT_LIMIT = 2 + + +# Parameter ESSENTIAL_TYPE_DIAGNOSTIC_ENABLED +# +# Purpose +# Specifies whether or not to report Essential Type Diagnostic +# warnings (warnings of this class are reported for all +# expressions). +# +# Tags +# - WC_DIAG.MISRA.ETYPE: Used by Essential Type Diagnostic +# +# Type +# { Yes, No } +# +# Behavior +# - Yes : Essential Type Diagnostic warnings are reported, provided +# the class is suitably enabled (see warning class documentation +# for details). Note that warnings of this class are reported for +# every expression. +# - No : Essential Type Diagnostic warnings are not reported, even +# if the other requirements for enabling the class are satisfied. +# +# Notes +# The Essential Type Diagnostic warning class is only only useful +# for debugging purposes. Its use is not recommended unless +# explicitly directed by GrammaTech support. +# +# A Essential Type Diagnostic warning is issued for every +# expression. In all but the most trivial programs, there are a +# great many expressions and consequently there will be a great +# many Essential Type Diagnostic warnings unless the class is +# selectively enabled for only parts of the program. +# +# If you are trying to determine the essential types of only a few +# expressions within your program, use multiple clauses in your +# WARNING_FILTER rule to ensure you only enable warnings that are +# useful to you. For example, suppose that you are only interested +# in the essential types of expressions in source file +# problemfile.c. Then your rule will be: +# WARNING_FILTER += allow class="Essential Type Diagnostic" file=problemfile.c + +ESSENTIAL_TYPE_DIAGNOSTIC_ENABLED = No