Goanna 2.9 released

The Red Lizards team is delighted to announce the release of version 2.9 of the Goanna suite of static analysis tools across all product lines!

This release is a major step forward in terms of:

  • coverage of coding standards such as MISRA C:2004, MISRA C++:2008, and CERT;
  • support for third-party IDE’s such as Atollic TrueSTUDIO, Mentor Code Sourcery, QNX Momentics, and Texas Instruments Code Composer Studio;
  • improvements to the core to increase the coverage of checks, refine accuracy, and eliminate false positives.

Coding Standards

Over 60 new checks have been added in Goanna 2.9, improving Goanna’s coverage of a number of industry coding standards:

  • the Common Weakness Enumeration (CWE),
  • the Computer Emergency Response Team (CERT) Secure Coding Standard,
  • Motor Industry Software Reliability Association (MISRA) C:2004 and MISRA C++:2008.

Many of the new checks are enabled by default as they detect common flaws that are of general interest to everybody.  But if you want to maximize your coverage of these standards, you need to explicitly enable some of the new checks in your project’s settings.

Fortunately, Goanna makes this very easy.  In Goanna Studio (both Eclipse and Visual Studio versions), just go to your Project Properties, select the Checks tab, click Coding Standards, and select your coding standard(s) (e.g., misrac2004).  You can also click Custom and turn on or off each specific check individually.

In Goanna Central, you can accomplish the same thing with a single command line option: ––checks=misrac2004.

There is considerable overlap between all the different standards, so it is not uncommon for one Goanna check to cover several rules.  Data sheets detailing precisely how the rules of each Coding Standard are checked are available on the Red Lizards website here.

Goanna’s internal architecture for defining checks has undergone a considerable overhaul in version 2.9.  This paves the way for later releases of Goanna to improve the coverage of these and other coding standards in the very near future.

Support for third-party IDE’s

Several third-party IDE’s are now fully supported by Goanna Studio for Eclipse:

  • Atollic TrueSTUDIO,
  • Mentor Code Sourcery,
  • QNX Momentics,
  • Texas Instruments Code Composer Studio.

Support for these environments is tightly integrated with the IDE.  Goanna Studio is able to auto-detect your compiler toolchain, target processor, included libraries, and similar settings, so that in the majority of cases your code should analyze correctly first time.  Moreover, whenever you set up a new project or change any of your project’s options, Goanna will auto-detect these settings and reconfigure itself to analyze your project and all of its dependencies correctly.

To enable all this, just go to your Project Properties and check Auto-Detect.

Quick Start Guides for each of the supported vendor IDE’s are available from the Red Lizards website here.

Users of native Eclipse haven’t been forgotten!  Compiler auto-detection works for the built-in GCC, Cygwin, and MinGW compiler profiles as well as vendor toolchains.  In addition Goanna Studio for Eclipse has also undergone numerous other improvements.  Goanna analysis output is now sorted by severity in the Problems view, making navigation and filtering of Warnings a breeze.  Goanna analysis also now runs in the background, allowing you to continue working while Goanna analyses your code.

Improvements to the Core

In our improvements to the Goanna Core for version 2.9, we listened to a lot of customer feedback and took all of it on board.  We sat down and analysed hundreds of thousands of lines of code from many large projects, and came up with a list of major bugs that were missed not only by the compiler but also in countless hours of manual inspection and testing. These we flagged as new, high-value checks. We also flagged a list of situations where previous versions of Goanna issued too many low-probability warnings, and refined these checks to eliminate the false positives.

Many of the new checks relate to common abuses of C++:

  • Violations of encapsulation by returning handles to private class data (CPU-return-ref-to-class-data and CONST-member-ret). This is not only bad practice, but can even lead to badly compiled code as compilers may silently optimize away repeated calls to const member functions if they are unaware of subtle side effects between calls.
  • Exceptions that are thrown but not caught on any path through your code (THROW-unhandled). This one should be enabled together with interprocedural analysis for greatest effect.
  • Unintended type conversions due to constructors declared with a single argument (CPU-ctor-implicit). This one is difficult to detect as the conversion is silent, and can change the behaviour of your code depending on which class declarations are in scope (i.e., in your #include list) when an expression is evaluated.
  • Classes with virtual methods that define a public, non-virtual destructor (CPU-nonvirt-dtor). This can lead to nasty memory corruption if derived classes are ever destroyed via a pointer-to-base, and is easy to miss as the compiler will silently supply a default destructor if you forget to explicitly define one.

Some new checks, common to both C and C++, relate to common coding mistakes such as side effects in the right hand side of short-circuit operators and sizeof (LOGIC-side-effect and SIZEOF-side-effect), and mix-ups of expressions, boolean conditions, and assignments (BOOL-assign, BOOL-arith, IF-non-bool, and others).  These mistakes are easy to make even for experienced C/C++ programmers, and are not always detected by the compiler.

A few checks (like ATH-overflow-cast and ATH-shift-bounds) have been completely re-written to detect issues only where there is a high likelihood of a real problem.  In addition, all Goanna checks now take into account volatile qualifiers, noreturn attributes, and short-circuit evaluation in complex Boolean expressions much more accurately.  This eliminates a large number of false positives about dead code and uninitialized variables in many projects, greatly improving the quality of warnings that remain.  The common practice of writing do … while(0) in macros is also tolerated now as not defining a real loop, greatly reducing unwanted noise in certain projects.

If you have ideas or experiences where Goanna analysis could analyze your projects more accurately, we’re always interested to hear them.

Update 2.9.1, 20 September 2012

Update 2.9.1 is now available from the Download page and the Free Evaluation page.

This update resolves a number of issues, and adds another 70+ new checks on top of the 60+ checks that were added in Goanna 2.9.0. Goanna 2.9.1 now covers the vast majority of MISRA C:2004 rules that are statically verifiable. A majority of MISRA C++:2008 rules are also covered.

Here is a detailed list of the improvements in this update:

  • Over 70 new checks have been added.
  • The following checks have been improved to refine accuracy: CHAR-arith, COP-alloc-ctorFLOAT-implicit-conv, FUNC-implicit-addr, FUNC-varargs, INT-missing-u, ITR-invalidated, ITR-store, ITR-uninit, MEM-lose-assign, PTR-array-indexing, PTR-triple.
  • The following checks have been removed or superseded: DECL-implicit-int, EXPRESSION-bitwise-signed-operand, LANG-asm-mixed-with-code, MEM-free-some, PTR-array-indexing, TYPE-invalid-implicit-integer-cast.
  • About 30 checks have been renamed for conciseness and readability. The old names continue to work at the command line level.
  • For each warning, a list of matching rules from coding standards is now included in the default output.
  • Parse errors due to the TI C6000 compiler’s __cregister keyword are now fixed when using the TI profile.
  • Eclipse 4.2 (Juno) is now supported.
  • Compiler toolchain auto-detection in Eclipse has been improved. On the Compiler tab, the auto-detected predefined macros and include paths are displayed, and it is possible to manually repeat auto-detection after editing the compiler path and/or arguments.
  • Integration with PC Lint in Eclipse has been fixed.
  • Goanna Studio for Visual Studio has better detection and support of project settings in additional props and vsprops files.
  • All checks that apply to particular standard can now be selected in the settings screen in a drop-down menu.
  • In Goanna Central, the --silent-profile option now suppresses the “Opening profile …” output.
  • In Goanna Central, --output-format="... %RULES% ..." now prints a list of matching rules from coding standards.

Update 2.9.2, 31 October 2012

Update 2.9.2 is now available from the Download page and the Free Trial page.

This update is expected to be the final release in the 2.9.x branch, and is focused only on

  • resolving a few critical issues that were the cause of parse errors and failures in some situations, and
  • refining the accuracy of many checks to reduce false positives.

Development on the 2.9.x branch has been occurring in parallel with major work on the Goanna core, which is targeted towards a major release later this year. This release will include some major new capabilities in Goanna, so stay tuned for further announcements in the near future.

Here is a detailed list of the improvements in this update:

All versions

  • Goanna’s C/C++ front-end has been upgraded, supporting many more C++11 features, Microsoft extensions, and GNU extensions.
  • Compiler auto-detection has been improved for GCC and Microsoft Visual C/C++. The expected dialect is now automatically set from the actual version of the compiler installed. (#4138, #4151)
  • An issue parsing classes with a projection of operator delete from a base class (as found in the open source SENF library) has been fixed. (#4168)
  • An issue parsing declarations containing multiple inline specifiers has been fixed.
  • An issue parsing GCC register names and asm constraints when cross compiling has been fixed.
  • False positives due to use of GCC’s __builtin_expect() function have been eliminated.
  • The following checks have been added:
    • [ASM-mixed]
    • [DECL-implicit-int]
    • [FUNC-unprototyped-call]
    • [PTR-array-indexing]
    • [RED-unused-assign]
  • The following check has been greatly improved to catch more cases of array overrun, both within a function and interprocedurally:
    • [ARR-inv-index-ptr]
    • [ARR-inv-index-ptr-pos]
  • The accuracy of the following checks has been improved to suppress false positives resulting from literal addresses in low level embedded code:
    • [PTR-null-literal-pos]
  • The accuracy of the following checks has been improved to suppress false positives resulting from volatile variables and throw statements:
    • [RED-no-effect]
    • [RED-func-no-effect]
  • The accuracy of the following checks has been improved to suppress false positives resulting from complex macro expansions and sizeof expressions:
    • [RED-cmp-always]
    • [RED-cmp-never]
    • [RED-cond-const]
    • [RED-cond-const-expr]
    • [RED-no-effect]
  • The accuracy of the following checks has been improved to suppress false positives resulting from floating-point expressions that cannot be zero:
    • [ATH-div-0-unchk-global]
    • [ATH-div-0-unchk-local]
    • [ATH-div-0-unchk-param]
  • The accuracy of the following check has been improved to suppress false positives resulting from iterators passed in parameters:
    • [ITR-uninit]
  • The accuracy of the following checks have been improved to suppress false positives resulting from assignment to nested class or structure members:
    • [MEM-lose-assign]
    • [RED-no-effect]
    • [RED-func-no-effect]
  • The accuracy of the following check has been improved by handling some simple aliasing:
    • [RED-func-no-effect]
  • The following check has been improved by accounting for various levels of casting:
    • [MEM-lose-assign]
  • The accuracy of the following checks have been improved to correctly interpret the MISRA C:2004 and MISRA C++:2008 standards:
    • [CAST-widening-int-expr]
    • [PTR-arithmetic]
    • [RED-func-no-effect]
    • [RED-unused-param]
    • [RED-unused-val]
    • [SWITCH-fall-through-misra] (previously [SWITCH-fall-through])
  • The following checks have been relaxed to ignore break and return statements
    immediately following a function call that is known never to return:

    • [RED-dead]
  • The accuracy of the following check has been improved to suppress false
    positives resulting from static variables:

    • [LIB-putenv]
  • The accuracy of the following check has been improved by correctly handling
    extern declarations:

    • [RED-local-hides-global]
  • The following checks have been relaxed to ignore zero length arrays in structures (the “struct hack”):
    • [ARR-inv-index]
    • [ARR-inv-index-pos]
  • The following check has been improved to ignore spurious synthesized cases:
    • [COP-member-uninit]
  • The check [SWITCH-fall-through] has been added to handle comments that indicate fall through is desired behaviour.
  • The following checks have been turned off by default:
    • [FUNC-no-prototype]
  • The following checks have been superseded:
    • [RED-unused-val-ptr]

Goanna Studio for Visual Studio

  • Internal error dialogs no longer appear for solutions containing InstallShieldLE projects. (#4181)
  • Extra arguments entered into your Project or Solution Settings appear later on Goanna’s command line, allowing them to override options such as --parse-error-log. (#4133)
  • Goanna[PARSE] errors are no longer reported on the right line number of the wrong source file. (#4188)
  • The preprocessor symbols _IX86_, _M_IX86, _M_IX86_FP, _M_X64, _M_AMD64, _M_IA64, _IX86_, and _AMD64_ are now defined correctly for the project’s Active configuration. (#4188)
  • Suppression Manager is now out of Beta.
  • The old “Warning Summary” feature is no longer available; this has now been
    superseded by the Suppression Manager.
  • The Suppression Manager now displays Severity and Rules from coding standards,
    allowing more powerful sorting and searching.

Goanna Studio for Eclipse

  • Suppression Manager is now out of Beta.
  • The old “Warning Summary” feature is no longer available; this has now been superseded by the Suppression Manager.
  • The Suppression Manager now displays Severity and Rules from coding standards, allowing more powerful sorting and searching.
No Comments

Post a Comment