Versions Compared

Old Version 3

changes.mady.by.user Izabela Jarosz

Saved on

compared with

New Version 4

changes.mady.by.user Izabela Jarosz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Scroll Ignore
scroll-pdftrue
scroll-officetrue
scroll-chmtrue
scroll-docbooktrue
scroll-eclipsehelptrue
scroll-epubtrue
scroll-htmltrue

This release includes the following enhancements:

Table of Contents
maxLevel1

Release date: November  , 2024

Enhanced Security Compliance Pack

Enhanced Static Analysis

In-File Suppressions Enhancements

  • Added the ability to easily customize the location of suppression files in both the CLI and IDE. 
  • Enhancements to suppression definitions:
    • You can now use a file path containing wildcards for the file attribute.
    • You can now specify a rule category, optionally with a severity suffix, for the rule-id attribute.

For details, see Defining Suppressions in Suppression Files.

Support for Compilers

The following compilers are now supported:

Compiler NameCompiler Identifier


The support level for the following compilers has been changed from Extended to Standard:

  • IAR Compiler for MSP430 v. 6.1x (icc430_6_1)
  • QNX GCC 5.x (ARM64) (qccarm_5-64)
  • QNX GCC 5.x (qcc_5)
  • Wind River Clang 8.0.x (wrclang_8_0)
  • Wind River Clang 9.0.x for aarch32 (wrclang_9_0-aarch32)
  • Wind River Diab 5.9.x (diab_5_9)

See Compilers.

Support for IDEs

The following IDEs are now supported:

  • Eclipse version 4.32 (2024-06)
  • Eclipse version 4.33 (2024-09)
  • Texas Instruments Code Composer Studio 12


New and Updated Test Configurations

The Security Compliance Pack has been extended by adding support for the following test configurations:

The following test configuration has been updated with new rules:

Additional Updates

  • On Linux x86_64, the required minimum glibc version is now 2.17.


Deprecated and Removed Support

Deprecated Support for IDEs

Support for the following IDEs is deprecated and will be removed in future releases:

  • Eclipse 4.6 ('Neon') - 4.21 (2021-09)
  • Wind River Workbench 4.0
  • Texas Instruments Code Composer Studio 10
  • ARM DS-5
  • QNX Software Development Platform 7

Removed Support for IDEs

The following IDEs are no longer supported:

  • Texas Instruments Code Composer Studio 7.4
  • Texas Instruments Code Composer Studio 8.0

Compilers to Be Deprecated

Support for the following compilers will be deprecated in future releases:

  • ARM Compiler 6.9
  • Clang C/C++ Compiler v 8.0 (x86_64)
  • Clang C/C++ Compiler v 10.0 (x86_64)
  • Green Hills Software Compiler for ARM v. 2017.5.x
  • Green Hills Software Compiler for ARM64 v. 2017.5.x
  • Green Hills Software Compiler for PPC v. 2017.1.x
  • Hexagon Clang Compiler v. 8.4.x
  • IAR Compiler for ARM v. 8.11.x
  • Microchip MPLAB C32 Compiler for PIC32 v2.0x
  • QNX GCC 5.x
  • QNX GCC 5.x (x86-64)
  • QNX GCC 5.x (ARM)
  • QNX GCC 5.x (ARM64)
  • Renesas RX C/C++ Compiler 2.5x
  • TI ARM C/C++ Compiler v18.1
  • TI ARM C/C++ Compiler GNU GCC 7.x

Deprecated Compilers

Support for the following compilers is deprecated and will be removed in future releases:

  • ARM Compiler 5.0
  • ARM Compiler 5.0 for uVision
  • GNU GCC 6.x
  • GNU GCC 6.x (x86_64)
  • Green Hills Software Compiler for PPC v. 2013.1.x
  • IAR Compiler for MSP430 v. 6.1x
  • Microchip MPLAB C30 Compiler for dsPIC v3.2x
  • National Instruments LabWindows/CVI 2015 Clang C/C++ Compiler v3.3 for Win32

Removed Support for Compilers

The following compilers are no longer supported:

  • GNU GCC 5.x
  • GNU GCC 5.x (x86_64)
  • Green Hills Software Compiler for ARM64 v. 2014.1.x
  • Green Hills Software Compiler for PPC v. 4.2.x
  • Green Hills Software Compiler for PPC v. 5.0.x
  • Green Hills Software Compiler for V850 v. 2014.1.x
  • IAR Compiler for ARM v. 7.4x
  • IAR Compiler for ARM v. 7.8x
  • IAR Compiler for M16C & R8C v. 3.5x
  • Microsoft Visual C++ 14.0
  • Microsoft Visual C++ 14.0 (x64)
  • SH Series C/C++ Compiler V.9.04.xx
  • Vx-toolset for TriCore C/C++ Compiler 6.2
  • Wind River GCC 4.8.x


Deprecated Support for IAR Import

Importing Embedded Workbench .ewp project files is now deprecated and will be removed in future releases.



Resolved Bugs and FRs

Bug/FR ID

Description

CPP-46243

[static] Mapping for CERT FIO01-C and FIO21-C should be improved

CPP-47511

[static] Split MISRA2004-2_4 (AUTOSAR-A2_7_2-a) rule (exclude doxygen comments)

CPP-53074

[static] Optimize scope computation for large workspaces (with C/C++test Pro)

CPP-55517

[compiler] Support for Green Hills compiler 2021.1.5 for TriCore

CPP-55616

[static] The do-while(0) statements (used in macro) should not be counted in cyclomatic complexity

CPP-56180

[static] Remove AUTOSAR-A3_9_1-c rule mapping

CPP-56567

[static] MISRA2004-19_9 (MISRAC2012-RULE_20_6-a) does not report violation when '#' is followed by comment with non-ascii characters

CPP-56606

[ide] Improve support for linker option LinkLibraryDependencies in VS2019 and VS2022.

CPP-56716

[static] MISRACPP2023-28_3_1-a: False positive regarding "persistent side effects" in lambda functions

CPP-56736

[static] Improve mapping for MISRACPP2023-6_4_1 to focus on variable names only

CPP-56779

[static] MISRACPP2023-0_2_1-a does not support an exception from Rule 0.2.1

CPP-56793

[static] Improve output message in CODSTA-CPP-66 (MISRACPP2023-8_2_2-a) rule

CPP-56807

[engine] Parsing fails on a Modern C++ function declaration with "const auto"

CPP-56814

[compiler] Support for HighTec C compiler for ARM 8.1 (runtime analysis)

CPP-56989

[static] Improve support for CERT_C-DCL37

CPP-57005

[static] MISRACPP2023-0_1_2-a (CODSTA-CPP-58) false positives in unevaluated contexts (noexcept, typeid)

CPP-57006

[static] MISRACPP2023-6_4_2-b (OOP-53) false positive when introducing base method through a using declaration (templates)

CPP-57009

[static] AUTOSAR-M3_3_2-a: false positive for static keyword in explicit template specialization

CPP-57033

[static] TEMPL-16 reports false positive when a template forward declaration is used in another file

CPP-57057

[engine] Static inline field parsing error when not initialized explicitly

CPP-57209

[engine] error: no instance of function template "std::construct_at"

CPP-57361

[engine] cpptestcc fails on __c11_atomic_is_lock_free

CPP-57389

[engine] Coverage instrumentation error: Mixing void and non-void results of the functor in for_each is not supported

CPP-57398

[engine] Instrumentation compile error: ambiguous call of overloaded Matrix...

CPP-57399

[engine] Coverage instrumenation error: TFixedBlockAllocator is not a template

CPP-57425

[static] MISRA2004-12_2_f (MISRAC2012-RULE_13_2-f) reports false positive when volatile member of volatile object is used

CPP-57427

[static] PORT-28 reports false positive when integer constants with big values are used

CPP-57428

[static] MISRACPP2023-6_4_1-e (CODSTA-CPP-85) false positives on heavily templated code

CPP-57484

[engine] cpptestcc fails on __c11_atomic_load

CPP-57517

[engine] error: declaration is incompatible with "CInfraComArray<CMasterClass ...

CPP-57524

[static] False positive for MRM-39

CPP-57525

[static] MRM-19 reports false positive when a pointer is cast before delete

CPP-57533

[compiler] Support for powerpc-eabi-gcc 11.2 compiler

CPP-57538

[static] Analysis error due to possible ppro crash if 'CR' line endings are used

CPP-57541

[static] Incorrectly detected typedef declaration (AUTOSAR-A7_1_6-a, CODSTA-MCPP-02, GLOBAL-UNIQUETYPEDEF, GLOBAL-UNIQUETYPEDEFC)

CPP-57553

[engine] Variadic template stubs are ignored

CPP-57594

[engine] error: expected an expression static constexpr bool isComplex = ((QTypeInfo<Ts>::isComplex) || ...);

CPP-57609

[engine] Add option for disabling C/C++test instrumentation for functions with OpenMP code

CPP-57628

[engine] afxpanecontainer.h line 35: error: expected a ")"

CPP-57659

[static] FORMAT-43 reports false positive when the closing brace of a block is in the same line as the last statement

CPP-57673

[static] Improve mapping for AUTOSAR A7-1-2

CPP-57678

[engine] static assertion failed when running SCA, the original code compiles w/o issues

CPP-57679

[engine] Improve compiler configuration for vxtc_6_3 (--fp-model=1)

CPP-57683

[ide] Debugging unit tests does not work in VS 2022 latest update (17.10.3)

CPP-57734

[engine] Improve support for CLA mode of tic2000_18_1 compiler for Static Analysis

CPP-57736

[static] PPRO crash from yylex() in lib/libppro.so

CPP-57738

[ide] Invalid libstdc++ dependency for Rulewizard native libraries

CPP-57739

[static] INIT-12 (CERT_CPP-DCL56-a) reports false positive when template variable is used in initializer

CPP-57744

[engine] xharness crash due to stack overflow during reconstruction

CPP-57748

[static] MISRA-005 reports cwc exit code 1 when very long strings are checked

CPP-57749

[static] cwc exit code 3 - Narrowing in list initialization ignored in non-evaluated context

CPP-57770

[engine] error: incomplete type "A<void>" is not allowed

CPP-57778

[engine] Errors with QT brace-initialization

CPP-57785

[static] Property 'CapturedVariables' detects local variables that are not captured

CPP-57796

[engine] error: expression must have a constant value

CPP-57802

[static] Analysis finished with code 33 - signal 11 in libppro.so

CPP-57834

[static] Improve support for CERT_C-PRE02

CPP-57835

[bazel] Add option to disable symlinks expansion (CPPTEST_COVERAGE_SRC_ROOT_RESOLVE_SYMLINKS)

CPP-57885

[static] CODSTA-CPP-206 (MISRACPP2023-6_8_4) should treat conversion operators differing by cv-qualifiers as function overloads

CPP-57886

[static] CODSTA-CPP-206 (MISRACPP2023-6_8_4-a) reports false positive on const-lvalue-ref-qualified template function

CPP-57892

[static] MISRACPP2023-0_2_3-a false positive: does not consider decltype/template arg to be a use

CPP-57893

[static] Improve mapping for MISRACPP2023 Rule 15.1.3

CPP-57894

[static] OPT-02 (MISRACPP2023-0_2_1-a) reports false positive for a variable used inside 'static_if'

CPP-57899

[engine] Instrumentation parse error: more than one operator "=" matches these operands

CPP-57906

[static] CODSTA-CPP-212 (MISRACPP2023-7_0_2-a) reports false positive when parameter of 'auto' type is used

CPP-57918

[static] MISRA2004-19_16 (MISRAC2012-RULE_20_13-a) reports false positive when line in a comment starts from '#'

CPP-57919

[compiler] Improve support for -c99 option for TI compilers

CPP-57990

[compiler] Inconsistent handling of profiling flags with GNU GCC

CPP-57993

[ide] Corrupted Chinese comments after adding/deleting test cases

CPP-58001

[engine] C++23 literal suffixes for floats cause parse errors

CPP-58011

[static] Improve CERT_C-ERR32 mapping (BD-PB-ERRNO to BD-PB-SIGHAN)

CPP-58012

[static] cannot analyze file (cwc exit code: 4)

CPP-58013

[static] CODSTA-CPP-43 (AUTOSAR-A8_4_9-a) reports false positives on references to array types

CPP-58016

[static] OOP-07 (AUTOSAR-A10_1_1-a) reports false positive, when interface class contains deleted functions

CPP-58017

[static] CODSTA-29 (CERT_C-DCL06-a) reports false positive on enumerations ins[ide] functions

CPP-58053

[engine] 'static constexpr' array init error

CPP-58058

[engine] no instance of function template "printValue" matches the argument list

CPP-58060

[ide] For VS projects with both /std:c17 and /std:c++17 options, it is not possible to run analysis or tests

CPP-58070

[engine] Instrumentation problem when -ignore-const-decisions is enabled

CPP-58072

[engine] Class does not initialize correctly during instrumentation

CPP-58077

[engine] Instrumentation problem due to extra brackets

CPP-58091

[static] CODSTA-CPP-206 (MISRACPP2023-6_8_4-a) reports false positive on ref-to-pointer and pointer-to-ref conversions for members which are not subobjects

CPP-58096

[static] CODSTA-38 works inconsistently for integer and floating constants

CPP-58251

[engine] I\O exception was caught - Unable to read XML file

CPP-58585

[engine] Instrumentation error: cannot deduce "auto" type

FA-4156

BD-PB-NP should report a violation when null is passed to printf-like function as the argument corresponding to "%s" specifier.

FA-9845

MISRACPP2023-11_6_2-a (BD-PB-NOTINIT) False positive - Avoid use before initialization for "*this"?

FA-9901

MISRACPP2023-28_6_3-a false positives on forwarding references and lvalues

FA-9907

BD-PB-VARARGS False Positive with MSVC

FA-9912

MISRAC2012-RULE_14_3-ac (BD-PB-CC) false positive

FA-9937

BD-PB-NOTINIT false positive

FA-9951

BD-PB-OVERFWR false negative with renesas compiler

FA-9953

The default value documented in the rules is not correct

FA-9961

BD-PB-ARRAY false positive

FA-9988

BD-CO-STRMOD false positive

FA-9990

MISRACPP2023-0_2_4-a - false positive, private virtual functions

FA-9991

BD-PB-NOTINIT false positive

FA-9996

BD-PB-NOTINIT false positive due to wrong assumption about the number of fields to initialize

FA-10003

BD-PB-OVERFNZT false positives with two-dimensional char array initialized with string literals.

FA-10007

BD-PB-NOTINIT false positive

FA-10013

BD-PB-NOTINIT false positive when array is initialized starting from non-first element

FA-10028

BD-PB-NOTINIT false positive for Nth loop iteration

FA-10046

Flow Analysis was not able to analyze a source file

Updates to Rules

Anchor
New Rules
New Rules
New Rules

Rule ID

Header

AUTOSAR-A5_2_5-e

Avoid accessing collections out of bounds

AUTOSAR-M0_1_3-f

A project shall not contain unused uninitialized local variables

AUTOSAR-M0_1_3-g

A project should not contain unused uninitialized variables with internal linkage

BD-PB-COOB

Avoid accessing collections out of bounds

CERT_C-DCL37-b

Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared

CERT_C-DCL37-c

Avoid declaring file-scoped objects whose names begin with an underscore

CERT_C-DCL37-d

The names of standard library macros should not be reused (C11 code)

CERT_C-DCL37-e

The names of standard library identifiers with file scope should not be reused (C11 code)

CERT_C-DCL37-f

The standard library identifiers with external linkage should not be reused (C11 code)

CERT_C-DCL37-g

Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined

CERT_C-ERR32-b

Properly define signal handlers

CERT_C-ERR33-e

Provide error handling for file opening errors right next to the call to fopen

CERT_C-FIO01-c

Be careful using functions that use file names for identification

CERT_C-FIO21-b

Use secure temporary file name functions

CODSTA-303

A variable declared in an inner scope shall not hide a variable declared in an outer scope

CODSTA-92_c

The names of standard library macros should not be reused (C11 code)

CODSTA-92_d

The names of standard library identifiers with file scope should not be reused (C11 code)

CODSTA-92_e

The standard library identifiers with external linkage should not be reused (C11 code)

CWE-119-l

Avoid accessing collections out of bounds

CWE-125-f

Avoid accessing collections out of bounds

CWE-787-i

Avoid accessing collections out of bounds

JSF-127_b

Sections of code should not be "commented out" using Doxygen comments

MISRA2004-2_4_b

Sections of code should not be "commented out" using Doxygen comments

MISRA2008-0_1_3_f

A project shall not contain unused uninitialized local variables

MISRA2008-0_1_3_g

A project should not contain unused uninitialized variables with internal linkage

MISRA2008-2_7_2_b

Sections of code shall not be "commented out" using C-style comments

MISRA2008-2_7_3_b

Sections of code should not be "commented out" using C++ comments

MISRA2012-DIR-4_4_b

Sections of code should not be "commented out" using Doxygen comments

MISRAC2012-DIR_4_4-b

Sections of code should not be "commented out" using Doxygen comments

MISRACPP2023-19_2_1-b

Use unique multiple include guards

MISRACPP2023-6_4_1-g

A variable declared in an inner scope shall not hide a variable declared in an outer scope

NAMING-33_c

Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined

NAMING-33_d

Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared

NAMING-33_e

Avoid declaring file-scoped objects whose names begin with an underscore

OPT-02_b

A project shall not contain unused uninitialized local variables

OPT-43_b

A project should not contain unused uninitialized variables with internal linkage

OWASP2019-API3-r

Avoid accessing collections out of bounds

PFO-02_b

Use unique multiple include guards

PREPROC-29

Use angle brackets <> to include standard library headers

SECURITY-55

Be careful using functions that use file names for identification

Anchor
Updated Rules
Updated Rules
Updated Rules

Category ID

Rule IDs



Removed Rules

Rule ID

Notes



...