Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Scroll Ignore

This release includes new features, as well as enhancements to the existing functionality.

In this release:

Table of Contents
maxLevel2

Support for New Compilers

  • GNU GCC 6.x ( Windows and Linux)
  • IAR Compiler for ARM v.7.8x (Windows)
  • Renesas RX C/C++ Compiler 2.5x (Windows)
  • ARM Compiler 5.0 / ARM Compiler 5.0 for uVision: updated support for C++11 (--cpp11)

Suppress Findings Locally on Your Desktop

When you suppress findings in your IDE, the suppression information can now be stored locally on your desktop - without impacting suppressions that are shared across the team via DTP or your source control system. Locally suppressed findings can be reviewed and unsuppressed right in your IDE. For details, see Suppressing Findings.

Static Analysis Customization with Rule Maps

Enhanced rule mapping facilitates quick and flexible implementation of your organization's development policy. You can create rule maps to change the properties of static analysis rules executed by C/C++test such as severity and category, and associate them with test configurations stored in Development Testing Platform.

Enhancements to Static Analysis

In this release, we've added new rules following the CERT C Coding Standard, as well as modern C++ standards (C++11, C++14, and C++17), see New Code Analysis Rules. The CERT C rules have been added to the CERT C Coding Standard built-in test configuration; see Updated CERT C Configuration for information about the mapping.

Additionally, stability and accuracy of results reported by Static Analysis and Flow Analysis have been improved; see Updated Code Analysis Rules for the list of rules that have been modified in terms of accuracy of results or documentation changes.

 

Severity levels for MISRA C 2012 rules have been updated:

  • Mandatory → Severity 1
  • Required → Severity 2
  • Advisory → Severity 4

 

The RuleWizard Module has been extended with the following nodes and properties:

  • C/C++ Nodes> Expressions> Miscellaneous> Lambda node
  • C/C++ Nodes> General> Lambda Capture node
  • HasDefaultValue property (true for routine parameter with default value)

See RuleWizard 10.3.2 User's Guide for more details.

Other Enhancements

  • Licensing: Calculation of the license machine-ID has been updated to support deployment within AWS and Azure cloud environments.

Anchor
new_rules_1032
new_rules_1032
New Code Analysis Rules

Rule IDHeader
BD-PB-BYTEORDUse the correct byte ordering when transferring data between systems
BD-PB-INVENVDo not rely on an environment pointer following an operation that may invalidate it
BD-PB-PUTENVDonotcallputenv() with a pointer to an automatic variable as the argument
BD-SECURITY-RANDProperly seed pseudorandom number generators
BD-TRS-ARGDeclare objects shared between POSIX threads with appropriate storage durations
BD-TRS-BITLOCKUse locks to prevent race conditions when modifying bit fields
BD-TRS-DSTRLOCKDo not destroy another thread's mutex
BD-TRS-FORKFILEAvoid race conditions when using fork and file descriptors
BD-TRS-REVLOCKDo not release a lock that has not been acquired
BD-TRS-SYMLINKAvoid race conditions while checking for the existence of a symbolic link
CODSTA-127_bA conversion should not be performed between a pointer to object type and an integer type other than 'uintptr_t' or 'intptr_t'
CODSTA-150_cAvoid side effects in arguments to unsafe macros
CODSTA-187_aCast characters to unsigned char before assignment to larger integer sizes
CODSTA-187_bAn expression of the 'signed char' type should not be used as an array index
CODSTA-187_cCast characters to unsigned char before converting to larger integer sizes
CODSTA-188Do not confuse narrow and wide character strings and functions
CODSTA-189Do not add or subtract a scaled integer to a pointer
CODSTA-190Do not use object representations to compare floating-point values
CODSTA-MCPP-10_aPrefer const iterators to iterators
CODSTA-MCPP-10_bPrefertousecbegin(),crbegin,cend(),crend() functions
CODSTA-MCPP-13Use std::move() on rvalue references and std::forward() on forwarding references
CODSTA-MCPP-15_aAvoid default capture modes
CODSTA-MCPP-15_bUse the 'this'pointerexplicitlyinlambdaswithdefaultby-referencecapture
CODSTA-MCPP-16_aPrefer smart pointer members over raw pointer members
CODSTA-MCPP-16_bPrefer smart pointers over raw pointers for arrays or STL containers
CODSTA-MCPP-16_cPrefer 'std::make_shared' to the direct use of new
CODSTA-MCPP-16_dPrefer to use std::unique_ptr instead of std::auto_ptr
CODSTA-MCPP-17Never return lambdas that capture local objects by reference
CODSTA-MCPP-18_aAvoid unnecessary default capture modes in lambda expressions 
CODSTA-MCPP-18_bAvoid unnecessary lambda captures
GLOBAL-CONDMUTEXVARDonotusemorethanonemutexforconcurrentwaitingoperationsonaconditionvariableDo not use more than one mutex for concurrent waiting operations on a condition variable
SECURITY-02_bDo not use the rand() function for generating pseudorandom numbers
SECURITY-43The function 'pthread_setcanceltype()' should not be called with 'PTHREAD_CANCEL_ASYNCHRONOUS' argument
SECURITY-44Observe correct revocation order while relinquishing privileges
SECURITY-45Ensure that privilege relinquishment is successful
SECURITY-46A pointer to a structure should not be passed to a function that can copy data to the user space
SECURITY-47Use correct integer precisions when checking the right-hand operand of the shift operator
SECURITY-48Do not call system()


Anchor
updated_rules_1032
updated_rules_1032
Updated Code Analysis Rules

The verbose mode has been added for the BD-PB-ZERO rule.

The following rules have been modified in terms of accuracy of results or documentation changes:

  • BD-PB-ARRAY, BD-PB-ERRNO, BD-PB-EXCEPT, BD-PB-INTOVERF, BD-PB-NOTINIT, BD-PB-NZTS, BD-PB-SWITCH, BD-TRS-TSHL
  • CODSTA-144*, CODSTA-145*, CODSTA-150*, CODSTA-150_b*, CODSTA-161_a, CODSTA-CPP-04, CODSTA-CPP-28, CODSTA-CPP-53
  • INIT-06, INIT-07, INIT-15
  • JSF-071_b, JSF-118, JSF-174_b, JSF-177_b, JSF-180_f, JSF-180_g, JSF-209_b
  • MISRA-043_c, MISRA-043_d, MISRA-107_b, MISRA2004-6_3_b, MISRA2004-16_7, MISRA2008-7_1_1, MISRA2008-7_1_2_a, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_6_b, MISRA2012-RULE-8_13_a, MISRA2012RULE-10_1_a, MISRA2012-RULE-12_4_a*, MISRA2012-RULE-14_3_zd, MISRA2012-RULE-18_1_a
  • OOP-01
  • PB-66_a*
  • SECURITY-10, SECURITY-12*, SECURITY-25

* documentation changes

Anchor
Updated CERT C Configuration
Updated CERT C Configuration
Updated CERT C Configuration

The CERT C Coding Standard built-in test configuration has been updated with new Parasoft rules according to the following rule mapping:

CERT IDParasoft ID
CERT-ARR39-CCODSTA-189
CERT-CON33-CSECURITY-25
CERT-DCL39-CSECURITY-46
CERT-ENV31-CBD-PB-INVENV
CERT-ENV33-CSECURITY-48
CERT-ERR30-CBD-PB-ERRNO
CERT-FIO42-CBD-RES-LEAKS
CERT-FLP32-CBD-API-VALPARAM
CERT-FLP36-CMISRA-043_c, MISRA-043_d
CERT-FLP37-CCODSTA-190
CERT-INT30-CPB-66_a, BD-PB-INTOVERF
CERT-INT35-CSECURITY-47
CERT-INT36-CCODSTA-127_b
CERT-MSC30-CSECURITY-02_b
CERT-MSC32-CBD-SECURITY-RAND
CERT-POS30-CCODSTA-144, CODSTA-145, BD-PB-OVERFNZT
CERT-POS33-CSECURITY-10
CERT-POS34-CBD-PB-PUTENV
CERT-POS35-CBD-TRS-SYMLINK
CERT-POS36-CSECURITY-44
CERT-POS37-CSECURITY-45
CERT-POS38-CBD-TRS-FORKFILE
CERT-POS39-CBD-PB-BYTEORD
CERT-POS47-CSECURITY-43
CERT-POS48-CBD-TRS-DSTRLOCK, BD-TRS-REVLOCK
CERT-POS49-CBD-TRS-BITLOCK
CERT-POS50-CBD-TRS-ARG
CERT-POS51-CBD-TRS-ORDER
CERT-POS52-CBD-TRS-TSHL
CERT-POS53-CGLOBAL-CONDMUTEXVAR
CERT-PRE31-CCODSTA-150, CODSTA-150_b, CODSTA-150_c
CERT-STR31-CBD-PB-ARRAY, BD-PB-OVERFWR, BD-SECURITY-BUFWRITE, BD-SECURITY-OVERFWR, SECURITY-12
CERT-STR34-CCODSTA-187_a, CODSTA-187_b, CODSTA-187_c
CERT-STR38-C

CODSTA-188

Resolved FRs and PRs

PR/FR IDDescription
CPP-36398Problem with matching function definition with its declaration when using Eigen library
CPP-36850Add support for C++11 inarmcc5.06
CPP-36861Support for Renesas RX 2.05 C/C++ compiler (renrx_2_5)
CPP-36892The rule MISRA-107_b reports false positives when pointer is assigned and checked in the same line
CPP-36896Support for GNU GCC 6 (native/host-based compiler)
CPP-36965CODSTA-CPP-53 false positive, "Declare local variable 'x' as const"
CPP-36966OOP-01 (Sutter Rule 54) false positive: "Base class copy constructor should be protected or public with smart pointer as parameter"
CPP-36967CODSTA-CPP-28 (Sutter Rule 27) false positive: "Whenbinaryarithmeticoperatorsaredefined,assignmentversionsshouldbeprovidedtoo"
CPP-37005DTP Findings tab "Subcategory" show "Unknown" for all C++test findings.
CPP-37009Rule INIT-06 reports violation even if member is initialized directly in class [C++11]
CPP-37011The rule MISRA2004-6_3_b (MISRA2012-DIR-4_6_b, JSF-209_b) does not report violation when implicit signed/unsigned type is used
CPP-37018The rule CODSTA-CPP-04 should not report violations on move constructors [C++11]
CPP-37019Segmentation fault when using cwc.bin (TIOBE)
CPP-37021The rule MISRA2004-16_7 (MISRA2012-RULE-8_13_a) reports false positives
CPP-37022QA: Suppression comment is garbled when the multibyte character is used to suppression comment
CPP-37023[VS2015] Parse problem with _Buffer_descriptor() restrict(amp,cpu)
CPP-37782Source paths not correctly scanned in BDF file

 

 

...