- Important information
- New features
- Known problems
- Program corrections
- User guide corrections
- Miscellaneous
- Release history
Important information
- None.
New features
- None.
Known Problems
-
[EWARM-5208, EW25597] An implicit conversion from an unsigned variable to a smaller unsigned variable results in C-STAT message regarding ATH-overflow. If the unsigned variable had previously overflowed due to subtraction (rolled over to MAX) the message will state that the range of the unsigned variable is negative. Workaround: Adding a cast to create an explicit conversion resolves the message and therefore the bug is not induced.
-
[EWARM-5201, EW25582] A while or for loop that does not terminate causes C-STAT to not check for an array index becoming out-of-bounds properly.
Program Corrections
-
In EWARM 8.32.3 [CSTAT-399, EWARM-6662] C-STAT considers accessing a volatile object through the -> (arrow) or . (dot) operators as a volatile write operation.
-
In EWARM 8.32.3 [CSTAT-398, EWARM-6658] It is not possible to suppress link analysis messages in C-STAT.
-
In EWARM 8.32.3 [CSTAT-396, EWARM-6595] Using a section operator, for example __segment_begin, as a function parameter causes an internal error in C-STAT.
-
In EWARM 8.32.3 [CSTAT-393, EWARM-6575] Running an analysis on an unchanged file with the check MISRAC2012-Dir-4.6_a enabled can in rare cases cause C-STAT to report an internal error.
-
In EWARM 8.32.3 [CSTAT-391, EWARM-6526] In some rare cases, C-STAT can misidentify how function parameters are used.
-
In EWARM 8.32.3 [CSTAT-389, EWARM-6514] Arrays with more than 100 elements can cause C-STAT to crash if the check MISRAC2012-Rule-10.3 is enabled.
-
In EWARM 8.32.3 [CSTAT-387, EWARM-6507] C-STAT does incorrectly not consider returning a struct from a function to be a use of the struct.
-
In EWARM 8.32.3 [CSTAT-386, EWARM-6411] Source files larger than 16 MBytes can cause C-STAT to crash.
-
[CSTAT-377, EWARM-6373] Saving a function address is considered as a function call. This can lead to false positives for checks which look for recursion, such as MISRAC2012-Rule-17.2_b.
User guide corrections
- None.
Miscellaneous
- None.
Release history
V8.30 2018-06-15
Program corrections-
In 8.30.2
[CSTAT-375, EWARM-6345] If an analysis of a source file only consists of suppressed messages, IAR Embedded Workbench will not output "Analyzing xxxx" in the Build window. -
In 8.30.2
[CSTAT-372, EWARM-6289] Array indices are calculated incorrectly when the array is a field (but not the first field) of a struct. -
[CSTAT-368, EWARM-6189] MISRAC2012-Rule-17.5 might report false positives if the parameter is a global array.
-
[CSTAT-364, EWARM-6161] The severity level for the checks MISRAC2012-Rule-8.9_a and MISRAC2012-Rule-8.9_b is incorrect. It should be Low, not Medium.
-
[CSTAT-363, EWARM-6151] if (++foo != 0) or if (--foo != 0) does not count as a comparison of foo against 0.
-
[CSTAT-360, EWARM-6142] MISRAC2012-Rule-8.3_b generates a message for inconsistent types between global variables with the same name even if the variables are declared as static.
-
[CSTAT-359, EWARM-6141] There are no link analysis messages when the paths to the source files contain white spaces. This occurs both when running icstat with the commands command and when performing an analysis in IAR Embedded Workbench.
-
[CSTAT-357, EWARM-6137] Access ranges of arrays inside structs are not calculated correctly. This can for example generate false positives for the check ARR-inv-index-ptr-pos.
-
[CSTAT-353, EWARM-6081] Function parameters for non-static functions are given an estimated value range based on an analysis of all function calls inside the module where the function is defined. This might introduce false positives when the function is called from another module.
- None.
V8.22 2018-01-22
Program corrections-
[CSTAT-362, EWARM-6138] The range of the right-hand side argument of shift operations can in some cases get calculated incorrectly, which in turn might generate false positives for ATH-shift-bounds.
-
[CSTAT-350, EWARM-6090] MISRAC2012-Rule-13.8 does not issue a message when a non-const pointer is assigned or copied to another non-const pointer that in turn is never modified or copied. In this case, both pointers can be declared with the const attribute.
-
[CSTAT-343, EWARM-6074] ARR-inv-index does not check for buffer overflows when the operator & is used, e.g., &arr[i].
-
[CSTAT-346, EWARM-6071] MISRAC2012-Rule-16.1: A case clause is not allowed to have multiple break, goto, or return statements.
-
[CSTAT-345, EWARM-6070] Exception 1 of MISRA C 2012 Rule 10.3 is not applied to array types.
-
[CSTAT-334, EWARM-5920] Calculating & on large numbers can cause C-STAT to produce an internal error.
None
V8.20 2017-10-16
Program corrections-
In EWARM 8.20.2
[EWARM-5989, CSTAT-340] Returning an object that is neither signed nor unsigned can produce an internal error. -
In EWARM 8.20.2
[EWARM-5976, CSTAT-339] MISRAC++2008-7-1-2: Calling a non-const member function of a function parameter is not considered as a potential write operation of that parameter. -
In EWARM 8.20.2
[EWARM-5950, CSTAT-337] Link messages from different checks referring to the same symbol can erroneously get filtered. -
In EWARM 8.20.2
[EWARM-5920, CSTAT-334] Calculating & on large numbers can cause C-STAT to produce an internal error. -
In EWARM 8.20.2
[EWARM-5908, CSTAT-333] MISRAC2012-Rule-8.4 requires the function main to have a separate declaration. -
In EWARM 8.20.2
[EWARM-5867, CSTAT-331] The underlying type of expressions containing an enum or boolean type is evaluated erroneously. -
[EWARM-5848, CSTAT-329] In some rare cases C-STAT might fail to display messages caused by problems in a header file, because of issues with case-sensitivity.
-
[EWARM-5844, CSTAT-328] It is not possible to use the option --exclude with a path that contains directory separators.
-
[EWARM-5843, CSTAT-327] If the option --exclude is used more than once, only the last option has any effect.
-
[EWARM-5808, CSTAT-324, EW26733] MISRAC2012-Rule-10.1_R3 triggers on array access' when the array has elements of type boolean.
-
[EWARM-5807, CSTAT-323, EW26731] The check MISRAC2012-Rule-10.3 disregards array and pointer assignments.
-
[EWARM-5793, CSTAT-322, EW26708] The size of return values are not taken into consideration when calculating their lower and upper bounds.
-
[EWARM-5792, CSTAT-321, EW26706] C-STAT does not identify overflows on memset and related functions when the destination is something other than just an identifier.
-
[EWARM-5781, CSTAT-318, EW26688] These checks might produce false positives when the switch statement is inside a loop: MISRAC2012-Rule-16.3, MISRAC++2008-6-4-5, and MISRAC2004-15.2.
-
[EWARM-5779, EW26681] ATH-overflow may falsely trigger when the left operand of the bit-wise AND operation is of the same size as the result.
-
[EWARM-5746, EW26636] C-STAT considers accessing a volatile object through the -> (arrow) or . (dot) operators as a volatile write operation.
-
[EWARM-5743, EW26630] Link messages are not part of the output of icstat when executing the 'load' command via the command line.
None
V8.11 2017-04-11
Program correctionsC-STAT cannot handle comments with non-ASCII characters if the compiled source file uses the Raw encoding format.
[EW26477]In EWARM 8.11.2:
Global arrays declared with the keywordstatic
are incorrectly assumed to have constant values.
[EW26461]In EWARM 8.11.2:
MISRAC2012-Rule-8.13: C-STAT does not consider sending a variable as a function parameter via operators such as&
(address-of) and[]
(subscript) as a potential use of the variable.
[EW26560]In EWARM 8.11.2:
MISRAC2012-Rule-2.2_b: C-STAT does not consider sending a struct object through an aliased pointer as a potential write operation on the struct's fields.
[EW26562]
- None.
V8.10 2017-03-10
Program correctionsAssignment operations in a separate function on a variable which is passed by reference can lead to false positives produced by MISRAC++2008-0-1-6 and similar C-STAT checks.
[EW26117]It's possible to try to generate a C-STAT report on a project that has not yet been analyzed.
[EW26173]ATH-overflow is unable to detect overflows for shorthand assignment operators.
[EW26194]Projects where the combined absolute paths of all source files exceeds 32,768 characters cause the link analysis to crash.
[EW26217]MISRAC++2008-7-1-1 does not consider 1) calling a non-const member function and 2) taking the address of a struct variable and writing to one of its fields as modifications.
[EW26219]The type of a ternary expression is falsely decided by the type of its first operand.
[EW26243]C-STAT might report that the left-hand side argument of a right-shift operation has a negative interval even though the expression is unsigned.
[EW26258]A non-const pointer using a parameter for an impure function is considered a violation to MISRAC2012-Rule-8.13.
[EW26260]Non-system external functions with return type
void
are not considered as having side effects.
[EW26262]C-STAT erroneously considers accessing a struct field inside a subscript operation on the left hand side of an assignment as writing to that struct field.
[EW26264]C-STAT might report that the right-hand side argument of a left-shift operation has a negative interval even though the expression is unsigned.
[EW26271]Boolean pointers are not considered to have
boolean
type.
[EW26273]Use of global objects are not registered if the use involves implicit casts. This could lead to triggering of false positives for MISRAC2012-Rule-8.9_b.
[EW26275]Literal
0
is interpreted asNULL
by SEC-NULL-literal-pos and PTR-null-literal-pos.
[EW26283]EXP-main-ret-int signals a false positive when the return type of
main()
is atypedef
of typeint
.
[EW26285]Taking the address of a volatile object is not considered as a non-volatile operation.
[EW26302]Using a static global on the right-hand side of a global assignment is not considered a use and can thus trigger false positives for MISRAC2012-Rule-8.9_a.
[EW26304]Comparing values accessed through the
subscript
operator on different arrays is considered as comparisons between different pointers, thus falsely trigger MISRAC2012-Rule-18.3.
[EW26307]A struct field which is a
typedef
with the character sequencebool
,Bool
orBOOL
in its name is not considered to be of boolean type.
[EW26316]Using a struct field which is a typedef consisting of the character sequence
bool
,Bool
orBOOL
as a conditional causes MISRAC2012-Rule-14.4 to generate false positives.
[EW26318]Implicit casts could in some cases cause C-STAT to believe an unsigned variable could have a negative value interval.
[EW26365]C-STAT fails with an Internal error when analyzing code which contains a
char
with a value larger than 31 bits.
[EW26392]When using multiple
--exclude
options, only the last option has any effect.
[EW26438]
- None.
V7.80 2016-10-17
Program correctionsMISRA-C:2004 rule 11.4 does not give a message for casting an array into a pointer.
[EW26207]
V7.70 2016-06-17
Program correctionsC-STAT: MISRAC2004-17.4_b now handles multi-dimensional arrays.
[EW26056]In EWARM 7.70.2:
C-STAT produces false positives for MISRAC2012-Rule-10.1_R2 when a boolean expression contains a nested ternary operator which is essentially boolean.
[EW26082]In EWARM 7.70.2:
The rule MISRAC2012-Rule-12.1 / MISRAC++2008-5-0-2 / MISRAC2004-12.1 generates false positives regarding suggestions to enclosesizeof()
expressions with parentheses for increased clarity.
[EW26083]In EWARM 7.70.2:
Suppressing C-STAT checks over an interval with the use of wildcards does not work as intended.
[EW26092]In EWARM 7.70.2:
The 'underlying type' is sometimes incorrectly determined for the check MISRAC++2008-5-0-6.
[EW26118]In EWARM 7.70.2:
MISRAC2012-Rule-11.9 does not generate messages for implicit(void *)0
casts, e.g.,void *p = 0
[EW26120]In EWARM 7.70.2:
MISRAC2012-Rule-8.13: Pointers that are copied by assignment are no longer required to be const-qualified.
[EW26196]In EWARM 7.70.2:
CERT-EXP19-C generates too many false positives for missing braces for else-if statements.
[EW26198]
- None.
V7.60 2016-03-31
Program corrections-
C-STAT: The C-STAT check CONST-param doesn't handle & parameters.
[EW25294] -
C-STAT: The C-STAT checks doesn't check array initialization inside objects.
[EW25398] -
C-STAT: Code accessing fields of an anonymous union triggers an Internal error.
[EW25776] -
C-STAT: LIB-memcpy-overrun and MISRAC2012-Rule-1.3t may incorrectly calculate the size of the destination memory.
[EW25908]
Extended functionality in C-STAT
The static analysis tool C-STAT has been extended with approximately 150 new checks including 90 new MISRA C:2012 checks and two new packages of checks. There are also new options to enable or disable the false-positives elimination phase of the analysis and to exclude files from the analysis. C-STAT message suppression can now be controlled by directives placed in comments in the source files. For more information see the release notes for the compiler.
V7.50 2015-11-10
Program corrections-
C-STAT might encounter a fatal error if the path to the object file, in the compiler command line, contains certain multibyte characters.
[EW25766]
-
Analysis report generation in C-STAT
It is now possible to generate analysis reports from C-STAT in html format. See C-STAT Static Analysis Guide for more information.
V7.40 2015-02-19
Program corrections-
In EWARM 7.40.2:
C-STAT: Whenicstat
has timed out it does not mention this in any way or form.
[EW25262] -
In EWARM 7.40.2:
C-STAT: The checkATH-div-0-cmp-aft
now uses the analyzed interval ranges, if applicable.
[EW25300] -
In EWARM 7.40.2:
C-STAT: MISRAC2012-Rule-15.6_c does not accept that anelse
immediatley followed byif
should not get a message
[EW25330] -
In EWARM 7.40.3:
C-STAT: The ananlysis does not considerva_start
as an initialization of a variable.
[EW25319] -
In EWARM 7.40.3:
C-STAT: When checking MISRAC2012-Dir-4.10 (include guards), any system header included using"..."
instead of<...>
is considered in violation of the rule.
[EW25321] -
In EWARM 7.40.3:
C-STAT: MISRAC2012-Dir-4.6_a can erroneously be diagnosed as violated in some cases. In particular, using avolatile
orconst
modifier in an array type declaration can cause this behavior.
[EW25323] -
In EWARM 7.40.3:
C-STAT: The interval solver in C-STAT erroneously uses the initialized value of a global or staticvolatile
variable.
[EW25332, EW25389] -
In EWARM 7.40.3:
C-STAT:signed integer
constant expression zero gives an erroneous message for MISRAC2012-Rule-10.1_R7 (the right operand of a shift should be essentially unsigned).
[EW25343] -
In EWARM 7.40.3:
C-STAT: MISRAC2012-Rule-10.3/4 sometimes gives a message erroneously (return of a bool and a compare of abool
withinteger
constants 0 and 1).
[EW25355] -
In EWARM 7.40.3:
C-STAT: Volatile accesses insidesizeof()
expressions are considered as a side effect.
[EW25381] -
In EWARM 7.40.3:
C-STAT: MISRAC++2008-2-13-3 incorrectly flags enumeration constants.
[EW25412] -
In EWARM 7.40.3:
C-STAT: MISRAC++2008-8-5-2 fails for arrays with more than 100 elements even though it uses an initializer with the correct amount of elements.
[EW25422] -
In EWARM 7.40.5:
C-STAT: MISRAC2012-Rule-10.3/4 does not treat theenum
constants 0 and 1 asboolean
.
[EW25370] -
In EWARM 7.40.5:
C-STAT: The checks CONST-param, MISRA-C:2004-16.7, and MISRA C++:2008-7-1-2 do not detect array assignments for parameters.
[EW25547] -
In EWARM 7.40.5:
C-STAT: The check MISRA-C:2004 19.15 can, spuriously, generate messages for source files in directories that are not subdirectories of the project directory ($PROJ_DIR$
).
[EW25549] -
In EWARM 7.40.5:
C-STAT: The detection of whether a macro is coming from a system header or not is faulty. In this case it incorrectly generates a message for the use ofoffsetof
.
[EW25603] -
In EWARM 7.40.5:
C-STAT now reports fewer false positives for the check SPC-volatile-reads.
[EW25607] -
In EWARM 7.40.5:
C-STAT, MEM-stack-global-alias: Assigning a value from an array to a global variable is no longer interpreted as assigning a stack address to it.
[EW25609]
C-STAT
The add-on product C-STAT for static analysis is now supported. C-STAT features innovative static analysis that can detect defects, bugs, and security vulnerabilities as defined by CERT and the Common Weakness Enumeration, as well as help keeping code compliant to coding standards like MISRA C:2012/2004 or MISRA C++:2008. For more information, see C-STAT Static Analysis Guide.