C-STAT® Static Analysis Guide
Total Page:16
File Type:pdf, Size:1020Kb
C-STAT® Static Analysis Guide CSTAT-14 COPYRIGHT NOTICE © 2015–2021 IAR Systems AB and Synopsys, Inc. No part of this document may be reproduced without the prior written consent of IAR Systems AB. The software described in this document is furnished under a license and may only be used or copied in accordance with the terms of such a license. This publication incorporates portions of the Technical Report, “SEI CERT C Coding Standard Rules for Developing Safe, Reliable, and Secure Systems 2016 Edition,” by CERT. © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute. DISCLAIMERS The information in this document is subject to change without notice and does not represent a commitment on any part of IAR Systems. While the information contained herein is assumed to be accurate, IAR Systems assumes no responsibility for any errors or omissions. In no event shall IAR Systems, its employees, its contractors, or the authors of this document be liable for special, direct, indirect, or consequential damage, losses, costs, charges, claims, demands, claim for lost profits, fees, or expenses of any nature or kind. Any material of Carnegie Mellon University and/or its software engineering institute contained herein is furnished on an “as-is” basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied, as to any matter including, but not limited to, warranty of fitness for purpose or merchantability, exclusivity, or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. This publication has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute. TRADEMARKS IAR Systems, IAR Embedded Workbench, Embedded Trust, C-Trust, IAR Connect, C-SPY, C-RUN, C-STAT, IAR Visual State, IAR KickStart Kit, I-jet, I-jet Trace, I-scope, IAR Academy, IAR, and the logotype of IAR Systems are trademarks or registered trademarks owned by IAR Systems AB. Carnegie Mellon® and CERT® are registered marks of Carnegie Mellon University. All other product names are trademarks or registered trademarks of their respective owners. EDITION NOTICE Fourteenth edition: May 2021. Part number: CSTAT-14. This guide applies to version 2.3.0 and later of C-STAT. Internal reference: IJOA. 2 C-STAT® Static Analysis Guide AFE1_AFE2-1:1 Contents C-STAT for static analysis ........................................................................... 35 Introduction to C-STAT and static analysis ............................... 35 Briefly about C-STAT and the coding rules ...................................... 35 The checks and their documentation .................................................. 36 The scope of the C-STAT checks ...................................................... 38 Various ways to use C-STAT ............................................................ 38 Using C-STAT .......................................................................................... 39 Getting started analyzing using C-STAT ........................................... 39 Generating an analysis report ............................................................. 42 Performing regression testing ............................................................ 43 Performing an analysis from the command line ................................ 44 Reference information on the graphical environment ........... 47 C-STAT Messages window ............................................................... 47 C-STAT Static Analysis options ....................................................... 49 Extra Options ..................................................................................... 50 Select C-STAT Checks dialog box ................................................... 51 Descriptions of compiler extensions for C-STAT .................... 52 C-STAT directives in comments ........................................................ 52 cstat_disable ....................................................................................... 53 cstat_enable ........................................................................................ 54 cstat_restore ....................................................................................... 54 cstat_suppress ..................................................................................... 55 __CSTAT__ ...................................................................................... 55 Descriptions of C-STAT options ...................................................... 55 Rules for specifying a filename or directory as parameters ............... 56 --all ..................................................................................................... 56 --check ................................................................................................ 56 --checks .............................................................................................. 57 --db ..................................................................................................... 57 --default .............................................................................................. 58 --deterministic .................................................................................... 58 3 AFE1_AFE2-1:1 --exclude ............................................................................................. 59 --fpe .................................................................................................... 60 --full ................................................................................................... 60 --group ................................................................................................ 60 --language_specific_checks ............................................................... 61 --output ............................................................................................... 61 --package ............................................................................................ 62 --parallel ............................................................................................. 62 --project .............................................................................................. 63 --timeout ............................................................................................. 63 --timeout_check ................................................................................. 63 Description of the C-STAT command line tools ...................... 64 The icstat tool ..................................................................................... 64 The ichecks tool ................................................................................. 66 The ireport tool ................................................................................... 67 C-STAT checks ................................................................................................. 69 Summary of checks ................................................................................ 69 This table summarizes the C-STAT checks ..................................... 125 Descriptions of checks ........................................................................ 125 ARR-inv-index-pos ........................................................................ 125 ARR-inv-index-ptr-pos .................................................................. 127 ARR-inv-index-ptr ......................................................................... 129 ARR-inv-index ............................................................................... 131 ARR-neg-index .............................................................................. 132 ARR-uninit-index ........................................................................... 133 ATH-cmp-float ............................................................................... 135 ATH-cmp-unsign-neg .................................................................... 136 ATH-cmp-unsign-pos .................................................................... 137 ATH-div-0-assign .......................................................................... 138 ATH-div-0-cmp-aft ........................................................................ 139 ATH-div-0-cmp-bef ....................................................................... 140 ATH-div-0-interval ........................................................................ 142 ATH-div-0-pos ............................................................................... 143 4 AFE1_AFE2-1:1 Contents ATH-div-0-unchk-global ............................................................... 144 ATH-div-0-unchk-local ................................................................. 145 ATH-div-0-unchk-param ............................................................... 146 ATH-div-0 ...................................................................................... 147 ATH-inc-bool (C++ only) ............................................................... 148 ATH-malloc-overrun ..................................................................... 149 ATH-neg-check-nonneg ................................................................. 150 ATH-neg-check-pos ....................................................................... 151 ATH-new-overrun (C++ only) ........................................................ 152 ATH-overflow-cast .......................................................................