The Red Lizards team is delighted to announce the release of version 3.1 of the Goanna suite of static analysis tools across all product lines!
This release builds on the capabilities of Goanna 3.0, making huge leaps forward in terms of performance, support for C/C++ development environments, warning accuracy and detail, and Web Dashboard functionality. Goanna’s core C/C++ analysis engine is now more streamlined and accurate than ever before, providing more precise and targeted warnings for code requiring complex control and data flow analysis, and performing much better in many common situations such as very large functions and source files. In addition, for each warning there is now much more detailed trace information and a greatly improved Web interface including a full source code browser to help you pinpoint the root causes of bugs in your code.
- Configurable Parallel Analysis: Goanna 3.1 is now fully parallelized, and can take advantage of modern multi-core processors to deliver several times faster analysis than earlier versions.
- Enhanced Incremental Analysis: Goanna 3.1 includes a host of other performance optimizations, including greatly enhanced incremental analysis of a project with only small changes since the last run. Such analysis can be up to 20 times faster than re-analyzing the whole project from scratch.
- Build Specifications: Goanna Central 3.1 now lets you analyze whole projects from a build specification that captures all the analysis commands required to do a complete run of your project. Build specifications can be written and edited manually, or generated automatically with a suite of new and improved tools: goannamake for Makefile projects, goannascons for SCons projects, and goannaiarbuild for IAR Embedded Workbench projects.
- Auto-detection of C/C++ Dialect: Goanna 3.1 has vastly improved support for different C/C++ dialects including more C++11 constructs, GNU extensions, and Microsoft C++ language features than ever before. In most cases, you won’t even need to know precisely which dialect options to use, as the “goanna” suite of utilities can auto-detect all this information directly from your compiler.
- Interprocedural Traces: Traces for most warnings in Goanna 3.1 now show much more detailed information, including across interprocedural (function) boundaries where Goanna has detected that an issue spans multiple functions and files. On Goanna Studio traces are now displayed in a tree-like format for easier navigation.
- Dashboard Improvements: The Goanna Dashboard has a greatly enhanced Web interface, including a complete history of historical warnings and a full code browser with interactive trace highlighting and hyperlinks.
- New and Improved Platform Support: Goanna 3.1 adds support for more IDE’s and Toolchains including Atmel Studio 6.1, IAR 8051, IAR MSP430, ARM CC, Renesas H8, TI Code Composer 3.3, and the Wind River Diab Compiler.
Configurable Parallel Analysis
Goanna analysis is now fully parallelized. This means that Goanna 3.1 can now take advantage of unused cores on modern multi-core CPUs that would be otherwise idle. If your CPU has several cores available, then parallel analysis in Goanna 3.1 can yield 6 or more times speedup over earlier releases of Goanna.
By default, Goanna runs as many parallel processes as you have CPU cores. But you can change the number of parallel processes to any number you like by setting Parallel jobs to any number you like in Preferences for Goanna Studio, or by using the –jobs option in Goanna Central.
This gives you complete control over the amount of resources used by Goanna on your machine.
Enhanced Incremental Analysis
Goanna 3.1 not only parallelizes analysis into multiple threads, but has significantly optimized the performance of each individual thread. The optimizations are too numerous to go into detail here, but address common bottlenecks such as very large source files, functions with very many variables, and very complex expressions.
In particular, the common case where you have only made a few changes in your project since the last analysis run has been significantly optimized. Goanna 3.1 caches analysis information on all the source files in your project in the project database, and only re-analyzes the portions of your project that are actually affected by the change. This provides a performance boost for both individual developers and for build servers that are repeatedly analyzing the same project. Incremental analysis of a project can be up to 20 times faster than re-analyzing the whole project from scratch.
Enhanced incremental analysis is on by default and completely transparent, so you don’t need to do anything to enable it. Underneath, it works by hashing the content of your source files, and does not depend on file timestamps in any way. This means you should never need to force a “clean” analysis run as you sometimes do in build environments that only look at file timestamps.
If you want to experience how much performance improvement is due to Incremental Analysis in Goanna 3.1, try manually turning it off with the –force-analysis flag and experiencing the difference. You’ll never want to go back!
Goanna Central 3.1 now lets you analyze whole projects from a build specification that captures all the analysis commands required to do a complete run of your project.
Build specifications can be created in a variety of ways. They can be automatically generated for a project with the following new and improved tools:
- goannamake, which now also auto-detects the C/C++ compiler(s) used in your Makefiles, and transparently configures Goanna for them without any manual intervention.
- goannascons, which can now record build specifications for SCons-based projects.
- goannaiarbuild, a new utility for IAR Embedded Workbench projects.
- In addition, Goanna build specifications have a very simple, plain text format, so they are easy to edit manually or even write from scratch with an ordinary text editor.
Bringing it all together in Goanna 3.1 is a new, project-level utility called goanna. The goanna command is the one that now drives all the goannacc and goannac++ commands to analyze a whole project, and provides access to all the new features in this release. It provides all the configurable options and features including:
- Analyzing projects from a build specification,
- Configurable parallel analysis,
- Enhanced incremental analysis,
- Auto-detection of C/C++ dialect,
- Automatic publishing of results to the Goanna Dashboard and third-party integrations,
- Running goannacc and goannac++ with optimal analysis settings.
The goanna command is in fact common across all product lines, Goanna Central and Goanna Studio. So all the new features provided in Goanna Central are equally available in Goanna Studio, and you can expect goanna to provide even more powerful analysis capabilities in future releases.
Auto-detection of C/C++ Dialect
Goanna 3.1 has vastly improved support for different C/C++ dialects including more C++11 constructs, GNU extensions, and Microsoft C++ language features than ever before. The number of C/C++ toolchains supported has doubled, with the addition of ARM CC, more IAR targets, Renesas H8, TASKING C166, and Wind River DIAB among others. In addition the existing GNU and Microsoft dialect support has been improved to include the language features in the most up-to-date versions of these toolchains.
Goanna 3.1 also makes configuration and setup much easier than ever before with C/C++ dialect auto-detection. This means that whether you are using Goanna Studio or Goanna Central, and whether you have projects using multiple compilers, the same compiler with different target options, or even projects with any mixture of the above, Goanna 3.1 should auto-detect all your dialect and compiler-specific settings, and automatically configure itself for each target transparently.
This completely eliminates the manual “–configure” commands that were required in previous releases, and all the PARSE errors that resulted from incomplete information when configuring Goanna for each target compiler. The new auto-detection features in Goanna 3.1 greatly simplify the process of setting up Goanna in complex projects, for example, those that must cross compile for several target architectures.
In Goanna Central, the new C/C++ dialect auto-detection support is completely integrated with the “goanna” suite of utilities. So when using the tools to record build specifications and analyze whole projects, dialect auto-detection is enabled transparently. The new C/C++ dialect auto-detection support gives you complete control, so you can manually override the target dialect or tweak it in any way you like. It is also extensible, so that support for new dialects and compiler variants are now much easier to add in. Complete documentation on how Goanna 3.1′s dialect auto-detection works is provided in the User Guide. If you would like help in adding support for a new compiler variant, then please contact us.
Traces in Goanna 3.1 now contain interprocedural information when issues span function boundaries. This gives more detail when trying to track down exactly which execution path in your program causes the issue raised by Goanna and may help in isolating and fixing the issue.
The Trace dialog in Goanna Studio has been updated to show the new interprocedural information provided by Goanna. Traces are now displayed in a tree structure, with collapsible nodes on each function call boundary. This gives the ability to expand out each function and get the details of a trace, or collapse them all and just get an overview of how the trace works. As always, you can step through the trace side-by-side with your code, allowing you to replay the trace like a debugger.
The Goanna Dashboard also gives trace information through its new Source Code Browser. Just like in an IDE, you can step through trace of a warning via the Web interface, even when the trace spans many functions and source files.
In addition to interprocedural traces, we have gone to extensive effort to make the information presented in a trace clearer. When viewing a Goanna trace, each step will now give more details about how it was reached or what is happening at that line of code. This, in conjunction with interprocedural traces, allows you to gain much more insight into issues that Goanna finds.
The Goanna Dashboard has had numerous new features added, including:
Source Code Browser: The Goanna Dashboard now has a fully integrated source code browser across all product lines. The browser shows warning information side-by-side to your source code allowing you to visualize analysis results as easily as if they were in your IDEs. Trace information is also shown when available, so you can step through your code to see how the warning is found.
Historical Warning Data: The Goanna Dashboard now stores the full history of your warnings in past analysis runs, not just a summary. This allows you to track warnings through your development cycle to see when bugs appeared and disappeared.
Bug Statuses and Notes: It is now possible to classify all your warnings in Goanna Dashboard. You can classify your bugs as one of; Unclassified (default), Ignore, Analyse, Fix or Not A Problem. In addition to this, you can also write a note for each of your warnings. This status information will stay attached to your warning for all time.
New and Improved Platform Support
Goanna 3.1 now fully supports the Atmel Studio 6.1 IDE. All the new features of Goanna 3.1 including C/C++ dialect auto-detection are now available in all versions of Atmel Studio 6. Vendor toolchain plug-ins to Atmel Studio are also supported, provided the target dialect is on our supported dialects list.
In addition, IAR Embedded Workbench users can now integrate Goanna into the Workbench IDE much more easily using the new goannaiarbuild project-level utility. This command supports analysis of IAR Embedded Workbench project (.ewp) files natively, eliminating the need to create batch files or manual scripts. Goannaiarbuild also supports recording of build specifications and all the other features of the “goanna” suite of utilities, so you can also automate the analysis of IAR projects in a build server or command line environment. The IAR 8051 and MSP430 targets are now fully supported. Support for the other IAR targets is coming soon, so please contact us for more information.
Wind River Workbench support is greatly improved, including support for the DIAB toolchain and auto-detection of settings for projects using the Wind River Build System instead of the native Eclipse CDT builder.
In addition, toolchain support for the ARM CC, Renesas H8, TASKING C166, and TI Code Composer 3.3 has been added and/or improved. These C/C++ dialects should be auto-detected from Goanna Central and Goanna Studio Eclipse. If you would like to see support for a new platform not on this list, please contact us.
A whole host of other fixes and improvements have gone into Goanna 3.1. Here is a detailed summary:
- Check accuracy improvements: the following checks have had their accuracy improved:
- [MEM-lose-assign] now catches more memory leaks interprocedurally.
- [COP-dtor] no longer warns about certain kinds of class destructors leading to false warnings.
- [COP-dealloc-dtor] has an increased search depth. Freeing the member through other function calls within the same class can be detected.
- [ATH-shift-neg] no longer reporters false positives from complex macros.
- [RED-cond-const-expr] no longer reports false positives for dereference of a constant address declared as volatile.
- [PTR-array-indexing] no longer reporters false positive for class member dereferences in C++.
- [INT-octal] eliminates false positives on compiler synthesized enumeration constants.
- Resolved [PARSE] issues:
- Added support for __int128 type.
- Added support for c++11 final keyword.
- Added support for c++11 range based for loops.
- Added support for MSVC for each loops.
- Added support for GNU binary literals extension.
- Added support for the IAR extended C anonymous union.
- Fixed parsing of <type_traits> with use of __float128 in GNU C++ 4.6+
- Improved parsing of STL.
- Unusual values in the __aligned__() GCC extension are now supported.
- Unusual values in the #pragma pack directive are now supported.
- An illegal redeclaration of std::string::npos that’s accepted by the Microsoft compiler is now also accepted by Goanna.
- Dashboard improvements:
- Substantial improvement has been made to Goanna Dashboard server’s performance.
- Exporting now produces a CSV instead of a tab separated file.
- There is now the ability to log server activity to a file.
- Files analysed that contain no warnings now appear in the directory browser.
- UI has been made more compact.
- Bulk editing for changing bug status and deleting projects and snapshots is now available in the respective tables.
- Goanna Studio for Eclipse:
- A user friendly dialog is now available to send issue reports back to Red Lizards Software.
- Goanna Studio for Visual Studio:
- $(Configure) macro is now expanded correctly.
- Fixed parsing issues with size_t and va_list on x64 targets.
- Rare error dialogs that would occasionally pop up from Microsoft internal software components have been eliminated.
- Goanna Studio for Atmel Studio 6:
- More options are now auto-detected from a project’s toolchain settings.
- All Platforms:
- Template functions that have been automatically instantiated are now fully analyzed.
- A new diagnostic preference is available. This includes internal diagnostic information in issue reports to Red Lizards Software to debug difficult issues.
- Signals that occur due to external causes (such as an overly strict SELinux security policy) no longer cause goannacc to stop.
- Improved false positive elimination algorithm to improve accuracy in [COP-copy-ctor] and [COP-assign-op].
- Improved robustness of Goanna database transactions.
- Dashboard is now fully compatible with Internet Explorer 10.
- Goanna Dashboard’s database is now more resilient in the presence of system failures.