Goanna 3.2 released

The Red Lizards team is delighted to announce the release of version 3.2 of the Goanna suite of static analysis tools across all product lines!

This release is a major step forward over Goanna 3.1, adding significant new capabilities with pluggable check packages; coverage of the industry MISRA C:2004, MISRA C++:2008, and MISRA C:2012 standards; many new checks including “whole program” checks that leverage Goanna’s link-time analysis, and a host of improvements to accuracy in our core C/C++ analysis engine.

Highlights

  • Pluggable Check Packages: Goanna 3.2 now has the ability to plug in additional Check Packages implementing custom rules or coding standards.¬† In addition to the core “stdchecks” package, Goanna 3.2 also comes with “misrac2004”, “misrac++2008”, and “misrac2012” packages available standard.
  • MISRA C:2012: Goanna 3.2 includes improved industry coding standards coverage by introducing new rules for the MISRA C:2012 coding standard. These are available in the “misrac2012” checks pacakge.
  • Link-time Analysis: Goanna 3.2 includes a new link-time analysis tool to detect “whole program” level problems.
  • New Checks: Goanna 3.2 includes over 100 new checks, including 11 for the new link-time analysis feature.
  • Check Accuracy: Goanna 3.2 also features improved accuracy in many checks, notably through improved data flow analysis and more accurate infeasible path elimination. Check implementations have also received substantial improvements.
  • New and Improved Platform Support: Microsoft Visual Studio 2013, Windows CE 5.0 SDK, and Renesas RX are among the new platforms and toolchains now supported in Goanna 3.2.

Pluggable Check Packages

Goanna is growing in functionality fast with every release, and this includes our support for industry coding standards, such as MISRA. However not all of our users want to have their code conform to these standards, indeed sometimes they even have conflicting rules. So we want to provide a way for users to have the standards conformance checking they want, while providing other users with only the high value checks they have come to expect from the Goanna product.Generate City story metro Money

In order to achieve this separation we have implemented Checks Packages, which are completely isolated groups of checks that will only be available for use if explicitly enabled. This allows us to develop our standards conformance checking independently of our core checks, as well as give us the possibility of delivering custom functionality to users who request it.

Goanna 3.2 ships with:

  • “stdchecks” package, which contains our core checks and is installed by default, and
  • “misrac2004”, “misrac++2008” and “misrac2012” packages, which contain dedicated checks for respective MISRA standards.

MISRA C:2012

Goanna 3.2 improves its support for industry coding standards by introducing 160 new checks for the Motor Industry Software Reliability Association (MISRA) C:2012 standard. These new checks include full coverage for MISRA C:2012 “Mandatory” rules, checks for the MISRA C essential type model as well as numerous other rules.

As part of the implementation of the MISRA C:2012 standard, checks and coverage for MISRA C:2004 and MISRA C++:2008 have also been improved.

A datasheet, detailing Goanna’s coverage of the MISRA C:2012 standard, can be found on “Industry Standards” page of the Red Lizard Software website here.¬†These checks are available by enabling the “misrac2012” checks package, as part of Goanna’s new pluggable checks packages.

Link-time Analysis

Goanna now ships with the new utility goannald to detect “whole program” level problems at the link time. This release also comes with the following 11 new link-time analysis checks:

  • [MISRAC2004-16.2_b], [MISRAC++2008-7-5-4_b], [MISRAC2012-Rule-17.2_b]: Checks for indirect recursion.
  • [MISRAC2012-Rule-5.8]: Checks for duplicate external identifiers in a project.
  • [MISRAC2004-5.3], [MISRAC++2008-2-10-3], [MISRAC2012-Rule-5.6]: Checks for duplicate typedefs in a project.
  • [MISRAC2004-5.4], [MISRAC++2008-2-10-4], [MISRAC2012-Rule-5.7]: Checks for identifier clashes in structs, classes, unions and enums.
  • [MISRAC2012-Rule-5.1]: Check for multiple external identifiers that share the same 31 character prefix.

New Checks

In addition to the 11 new link-time checks, the following 18 new checks were added into the Goanna Core (“stdchecks”) package:

  • [PTR-null-fun-pos]: Check for deference of pointers returned from functions that might return NULL. This is a common cause of NULL pointer crashes especially in C macro expansions and C++ cascaded method calls.
  • [SPC-volatile-reads], [SPC-volatile-writes]: Checks for multiple “volatile” reads or writes in a single sequence point. This is undefined in C/C++ standards and may result in unexpected behavior.
  • [RED-cond-always], [RED-cond-never]: Checks for conditions in if (), while (), etc. are always true or false.
  • [CONST-param]: Check for parameters that should be declared “const” but are not.
  • [PTR-arith-stack]: Check for illegal pointer arithmetic on the addresses of local (stack) variables. This is a common cause of memory corruption on the stack.
  • [LIB-memcpy-overrun], [LIB-memcpy-overrun-pos], [LIB-strncpy-overrun], [LIB-strncpy-overrun-pos]: Checks for overruns with memcpy(), and memmove(), and strncpy().
  • [RED-unused-static-function]: Check for unused static functions.
  • [RESOURCE-deref-file], [RESOURCE-implicit-deref-file]: Checks for dereference of file pointers.
  • [RESOURCE-no-close]: Check for file reference leaks.
  • [RESOURCE-file-use-after-close]: Check for use of file references after they are closed.
  • [RESOURCE-write-ronly-file]: Check for attempts to write to a file reference opened as “read only”.
  • [FUNC-implicit-decl]: Check for use of function without prototypes.

Check Accuracy

Significant number of changes were made for this release of Goanna to improve the accuracy of the existing checks. Notably, Goanna now rules out more infeasible paths, thanks to many improvements which include the following:

  • Improvements in Satisfiability Modulo Theories (SMT) false positive elimination module
  • Improved accuracy of determining infeasible paths when the conditionals (e.g. if statement) involve bitwise arithmetic
  • Improved accuracy of inter-procedural analysis
  • Taking advantage of more information provided by better support of C99 and C++11 features
  • More comprehensive knowledge of widely used C/C++ libraries
  • Improved data flow analysis

In addition, implementation of various existing checks were improved to make these checks more accurate.

New and Improved Platform Support

Goanna 3.2 includes support for two new platforms:

  • Microsoft Visual Studio 2013, and
  • Renesas RXC Toolchain (via “renesas-rx” dialect).

In addition, a host of improvements were made to the C/C++ parser to improve our support for various compilers and toolchains.

Goanna Studio for Visual Studio now also supports mobile SDKs, such as Windows CE 5.0 SDK.

Other Changes

A whole host of other improvements have gone into Goanna 3.2.

Details on general check accuracy improvements

  • Improved check accuracy when an expression involves modulo arithmetic calculations.
  • Internal value interval calculation has been improved to consider bitwise AND arithmetic properly. This eliminates some false warnings by better calculate effect of using bitmasks to restrict the range of a value, thereby disregarding infeasible paths. (e.g. “x & 127” cannot be outside the range of 0 to 127)
  • Goanna now knows information about behavior of more standard library functions, and a number of widely used third-party C/C++ libraries, such as “g_alloc” from GNOME GLib. This eliminates false positives in many checks by taking the special behaviours into account.
  • Checks and traces now take into account more information about the code. In particular this includes:
    • Tracking conditional information related to pointers.
    • Tracking global variable values within functions.
    • Using more information about values of integers, pointers, and other kinds.
    • Using more information from compound assignment operators +=, -=, etc.
    • Using more information from C99 variable length arrays.
    • Using more information from C++ references and member addresses.
    • Using more information from C++11 “for” statements.
    • Using more information from GNU statement expressions.
  • Data flow analysis takes into account more information from the code, in particular:
    • Floating point values.
    • The results of &, |, ^, and ~ operators.
    • Mixed signed and unsigned integer arithmetic.
    • Values returned by functions “atoi”, etc.
    • Sizes of memory allocations returned by functions “alloca”, “g_malloc”, etc.
    • GNU “malloc” function attributes.
    • Unterminated string constants.
    • Casts from unsigned to signed integers of the same size.
    • Calls to functions via function pointer.

Together these provide more accurate paths, as used by checks, and better traces. They also reduce false positives that arise due to logical complexity.

Improved Goanna Core checks (available in “stdchecks” package)

Significant number of improvements were made to various existing checks to improve accuracy.

  • The following checks have been improved to catch more cases of buffer underrun, that is, negative array index:
    • [ARR-inv-index-pos]
    • [LIB-strcpy-overrun]
    • [LIB-strcpy-overrun-pos]
  • The following checks have been improved to catch more cases of division by zero using the % operator:
    • [ATH-div-0]
    • [ATH-div-0-interval]
    • [ATH-div-0-pos]
  • The following checks have been refined to fix false positives where only the address is taken of an array subscript expression:
    • [ARR-inv-index-pos]
    • [ARR-inv-index-ptr-pos]
  • The following checks have been refined to exclude comparison with 0, 1, or -1 that are compile time constants but not constant expressions, and comparisons resulting from complex macro expansions:
    • [ATH-cmp-unsign-neg]
    • [ATH-cmp-unsign-pos]
    • [ATH-div-0-cmp-aft]
    • [ATH-neg-check-nonneg]
    • [ATH-neg-check-pos]
  • The following checks have been improved to more accurately take into account paths which lead to 0 divisors or NULL dereferences:
    • [ATH-div-0-assign]
    • [ATH-div-0-cmp-aft]
    • [ATH-div-0-cmp-bef]
    • [ATH-div-0-unchk-global]
    • [ATH-div-0-unchk-local]
    • [ATH-div-0-unchk-param]
    • [FPT-literal]
    • [LIB-return-null]
    • [MEM-lose-assign]
    • [PTR-null-assign]
    • [PTR-null-assign-fun-pos]
    • [PTR-null-assign-pos]
    • [PTR-null-cmp-aft]
    • [PTR-null-cmp-bef]
    • [PTR-null-cmp-bef-fun]
    • [PTR-null-pos-assign]
    • [PTR-unchk-global]
    • [PTR-unchk-param]
    • [PTR-unchk-param-pos]
    • [PTR-unchk-param-some]
  • The following checks have been improved to exclude false positives from compiler-generated copy constructors and operator=’s where conditions exist that would prevent the successful generation of the implicit definition:
    • [COP-assign-op]
    • [COP-copy-ctor]
  • The following check has been improved to exclude false positives from classes wrapped inside namespaces in “microsoft” dialects in some situations:
    • [COP-dtor]
  • The following check has been refined to exclude assignments inside redundant parentheses:
    • [EXP-cond-assign]
  • The following check has been improved to include all paths and variables in loop conditions, and to suppress false positives due to conditions depending on globals, volatile variables, function calls, and reads from memory:
    • [EXP-loop-var-unmod]
  • The following check has been improved to exclude false positives due to global side effects via aliases:
    • [RED-func-no-effect]
  • The following check has been improved to include all paths:
    • [LIB-return-null]
  • The following check has been refined to exclude false positives where a pointer is assigned via an function’s output argument:
    • [MEM-double-free]
  • The following check has been refined to exclude char *:
    • [MEM-malloc-diff-type]
  • The following checks has been improved to catch more cases of memory being used after freed interprocedurally:
    • [MEM-use-free-all]
    • [MEM-use-free-some]
  • The following checks have been improved to exclude pointer dereferences that dataflow analysis has determined cannot possibly be NULL:
    • [PTR-null-assign]
    • [PTR-null-assign-pos]
    • [PTR-null-cmp-aft]
    • [PTR-null-cmp-bef]
    • [PTR-null-pos-assign]
    • [PTR-unchk-global]
    • [PTR-unchk-param]
    • [PTR-unchk-param-pos]
  • The following check has been improved to exclude false positives due to expansion of the g_assert() macro:
    • [RED-cond-const]
  • The following check has been improved to exclude false positives due to variable declarations in unreachable blocks:
    • [RED-dead]
  • The following checks have been improved to catch more cases where values are returned via function output parameters and not subsequently used, and to suppress false positives from complex macro expansions, nested assignment statements, assignments within conditionals, and abnormal function returns:
    • [RED-unused-assign]
    • [RED-unused-param]
    • [RED-unused-val]
  • The following check has been improved to remove false positives in situations with nested function calls and multiple accesses of a variable inside function calls and with other operators:
    • [SPC-order]
  • The following checks have been improved to catch more cases of uninitialized fields in nested structures and C++, and to suppress false positives when such fields are initialized via “struct assignment” or variations of the “struct hack” in some situations:
    • [SPC-uninit-struct-field]
    • [UNION-type-punning]
  • The following check has been improved to suppress false positives due to some complex implementations of the is_base_of<> type_traits template:
    • [SIZEOF-side-effect]
  • The following checks no longer show traces since they apply to all execution paths:
    • [SPC-uninit-arr-all]
    • [SPC-uninit-var-all]
  • The following check has been improved to consider static variables:
    • [MEM-stack-global]
  • The following checks now check for realloc as a freeing function:
    • [MEM-double-free]
    • [MEM-double-free-some]
  • The following check now accounts for volatile access in subexpressions:
    • [RED-no-effect]
  • Some checks now claim different CWE and MISRA rules to accurately represent the problems these checks detect.
  • Some Goanna Core checks were removed and replaced with specialized checks for MISRA rules. The new, replaced checks are available in the “misrac2004”, “misrac++2008” and “misrac2012” packages.

Performance improvements

  • Stability has been improved when a high number of Goanna jobs are run at once.
  • The performance of data flow analysis on code containing very many function calls has been improved, resulting in five- to ten-fold faster analysis in some extreme situations.
  • The performance of many checks that perform complex pattern matching in large functions has been improved.
  • The performance of the floating license server has been improved.

Other improvements for all product lines

  • (Windows only) Goanna can now track files stored in multiple drives, so that these files can be navigated in the Dashboard.
  • Improved support for non-GNU compilers.

Changes to Goanna Central

  • Added support for compiler switches such as /MD and /MT for “microsoft” dialect.
  • Goanna now fully recognizes “_noreturn” keyword and “0.Nan” and “0.Infinity” tokens in IAR dialects.
  • In “goannaiarbuild” and IAR Embedded Workbench, snapshots are now always recorded automatically after analysis. You can disable this on per-project basis.
  • Example source files are now available as part of the installation. They are available under “examples” directory inside the directory where Goanna Central was installed.

Changes to Goanna Studio for Eclipse

  • By default Goanna now analyses source files within the project and workspace directories only. Files outside these directories can be included manually.
  • Snapshots are now always recorded automatically after analysis. You can disable this on per-project basis.
  • Auto-detection of settings from Wind River image projects has been made more robust.

Changes to Goanna Studio for Visual Studio

  • Goanna now fully supports ARM, SH and MIPS targets. For these targets, appropriate built-in preprocessor variables are automatically recognized.
  • Snapshots are now always recorded automatically after analysis. You can disable this on per-project basis.
  • Example source files are now available as part of the installation. They are available under “examples” directory inside the directory where Goanna Studio was installed.

Changes to the Goanna Dashboard

  • Improved performance of the Report Page.
  • Warnings Browser saw a number of improvements in the interface. Notably, warning notes now appear in its dedicated column, and it is now possible to modify the statuses and notes for multiple warnings with one action via the new “Edit Warnings” dialog. Additionally, in the Warnings Browser, the table header now follows scrolling so that it is always visible.
  • Small styling improvements were made to the Code Browser.
No Comments

Sorry, the comment form is closed at this time.