Configuring CodeSonar

It is possible to incorporate CodeSonar results in the TICS output for C and/or C++ files. CodeSonar is a source-code analyzer that identifies complex bugs at compile time. The tool is manufactured by GrammaTech.

Which CodeSonar version should be used

The integration of CodeSonar within TICS is based on CodeSonar version 3.3p1.20081121-i686-pc-win32. It is not recommended to use another version than this version.

Prerequisites

For a successful CodeSonar integration, the following prerequisites must be met:

Basic configuration

Since CodeSonar acts during compile time, it needs to be instructed with several options, like the classpath for the project. This information is extracted by TICS from the project's build. For this, the correct BUILDTYPE should be specified. Since a compilation has to be performed, the correct compiler should be configured for the buildtype.

  'C' => {
    ...
    'BUILDTYPE' => [
      { 'name' => 'Make', 'compiler' => [ 'Gcc' ] },
    ],
    ...
  },
  'CPP' => {
    ...
    'BUILDTYPE' => [
      { 'name' => 'VCProj', 'compiler' => [ 'VC' ] },
    ],
    ...
  }

Configuring which rules of CodeSonar should be checked

CodeSonar has the possibility to detect problems of many different classes. All these classes are listed within the CodeSonar installation in the following file: CodeSonar/codesonar/doc/WarningClasses/WarningClasses.html. The user is free to choose any set of classes that should be reported by TICS. As with other codecheckers, this is done by editing the RULES.txt and the IMPL.txt files within the cfg directory on the TICS FileServer. The user is free to choose the rule's identifier, severity level, category and synopsis in the RULES.txt. How TICS invokes CodeSonar is configured in the IMPL.txt. In this file, the "Warning Class" of the class should be used. These "Warning classes" are the strings in the "Warning Class" column in the WarningClasses.html page. Note: all spaces in the "Warning Class" should be replaced by "_"'s. A short example of the IMPL.txt file is given below:

CS#1	CodeSonar	Accept_on_socket_in_wrong_state
CS#2	CodeSonar	Bind_on_socket_in_wrong_state
CS#3	CodeSonar	Buffer_Overrun
CS#4	CodeSonar	Buffer_Underrun
CS#5	CodeSonar	Cast_Alters_Value
CS#6	CodeSonar	Connect_on_socket_in_wrong_state
CS#7	CodeSonar	Dangerous_Function_Cast
CS#8	CodeSonar	Division_By_Zero

A standard CodeSonar rule configuration is available in the form of a IMPL.txt, RULES.txt pair.