Goanna Studio and Goanna Central 2.4

In the latest round of development we aimed for the most rock solid and sane implementation of C/C++ static analysis that we could. We did this by working on three fronts: consistency, speed and features.

As usual, all current users get the upgrade for free. If you were a trial user in the past and need a trial extension visit: http://redlizards.com/trial-extension.

Whats new in 2.4?

General improvements:

  • We revamped the integer arithmetic interval analysis engine with a new algorithm which affords us increased speed and precision. So much speed that we have also added the ability to track pointer arithmetic as mentioned in the previous blog post.
  • Our interval analysis engine can handle new operations: Casts, Logical operators and shift operators.
  • We have enabled floating licenses in our Studio and Central products; please contact us if you are interested.

Goanna Central improvements:

  • The argument –parse-error=0 is now a default, this will cause Goanna to exit with an exit code of 0 when a parse error is encountered. We have also revamped the way parse errors are handled.
  • The interprocedural analysis in the Goanna Central command line is now even simpler to use and manage by conveniently specifying a user-defined folder with the argument –ipa=<project name>.  All new database files are then stored in ~/.goanna_project_store/<project name>.

Goanna Studio improvements:

  • In Eclipse there is now an option to not run the tool chain compiler during analysis.
  • In Eclipse there is a new menu item to jump to the currently selected projects Goanna Studio Properties page.

Renamed checks for consistency:

  • ATH-div-0-aft-assign -> ATH-div-0-assign
  • ATH-div-0-aft-cmp -> ATH-div-0-cmp-aft
  • ATH-div-0-bef-cmp -> ATH-div-0-cmp-bef
  • ATH-div-0-param-unchk -> ATH-div-0-unchk-param
  • PTR-param-unchk -> PTR-unchk-param
  • PTR-param-unchk-some -> PTR-unchk-param-some
  • RED-const-assign-cond -> RED-cond-const-assign
  • RED-const-expr-cond -> RED-cond-const-expr
  • SPC-ret-stack -> MEM-stack
  • builtin_ctor_dtor_leak -> COP-ctor-dtor-leak

New checks:

  • ARR-inv-index-ptr – A pointer is assigned to an array, static or dynamic, and it is accessed with an index that is out of the array’s bounds.
  • ARR-inv-index-ptr-pos – A pointer is assigned to an array, static or dynamic, and it is accessed with an index that may be out of the array’s bounds.
  • ATH-overflow-cast – An expression is cast to a different type, resulting in an overflow or underflow of its value.
  • ATH-shift-neg – The left-hand side of a right shift operation may be a negative value.
  • COP-dtor-throw – An exception is thrown, or may be thrown, in a class’ destructor.
  • CPU-delete-throw – An exception is thrown, or may be thrown, in an overloaded delete or delete[] operator.
  • FPT-arith-address – Performing pointer arithmetic on the address of a function.
  • FPT-literal – Dereferencing a function pointer that refers to a literal address.
  • FPT-misuse – A function pointer is used in an invalid context.
  • ITR-end-cmp-aft – An iterator is used, then compared with end().
  • ITR-invalidated – An iterator is assigned to point into a container, but subsequent modifications to that container have possibly invalidated the iterator. The iterator is then used or dereferenced, which may be undefined behavior.
  • ITR-mismatch-alg – A pair of iterators passed to an STL algorithm function point to different containers.
  • ITR-store – A container’s begin() or end() iterator is stored and subsequently used.
  • MEM-malloc-diff-type – A call to malloc tries to allocate memory based on a sizeof operator, but the target type of the call is of a different type.
  • MEM-stack-ref – A stack object is returned from a function as a reference.
  • PTR-arith-field – Direct access to a field of a struct using an offset from the address of the struct.
  • PTR-arith-var – Invalid pointer arithmetic with an automatic variable that is neither an array nor a pointer.
  • RED-cond-var-always – The value of the variable used as a condition will always evaluate to non-zero or true. This means the condition will always be met.
  • RED-cond-var-never – The value of the variable used as a condition will always evaluate to zero or false. This means the condition will never be met.
No Comments

Post a Comment