Goanna Central User Guide
Contents
1. goanna report Generate C C Project Reports goanna snapshot Upload C C Project Snapshots goanna package Customise C C Project Analysis goanna metrics Calculate C C Project Code Metrics goanna assume Import Export Knowledge Base goannacc and goannac Analyze C C Source Files 11 10goannald C C Link Time Analysis 11 11goreporter Goanna Dashboard Server and Administration Tool Index 37 37 37 37 37 37 38 39 40 41 42 43 43 44 44 44 45 46 47 48 48 49 50 53 54 55 56 58 64 69 71 75 1 System Requirements Before using Goanna please check that your system and project meets the system requirements 1 1 Operating Systems 1 1 1 Microsoft Windows Goanna supports the following versions of Windows e Windows XP Service Pack 2 or higher e Windows Vista e Windows 7 e Windows 8 e Windows 8 1 e Windows 10 e Windows Server 2003 Service Pack 1 or higher e Windows Server 2008 e Windows Server 2008 R2 e Windows Server 2012 e Windows Server 2012 R2 Both 32 bit x86 and 64 bit x86 64 AMD64 versions of Windows are supported except Windows XP and Win dows Server 2003 which we only support 32 bit version Required Software Before installing Goanna you will need to install the following e Microsoft Visual C 2008 Redistributable Download from http www microsoft com en us download details aspx id 5582 e N2. Goanna Central User Guide Version 3 6 4 Linux Windows Edition November 24 2015 2008 2015 Red Lizard Software Copyright 2008 2015 Red Lizard Software All rights reserved This document as well as the software described in it is pro vided under license and may only be used or copied in ac cordance with the terms of such license The information contained herein is the property of NICTA and is made avail able under license to Red Lizard Software It is confidential information as between the Recipient and Red Lizard Soft ware and remains the exclusive property of NICTA No part of this documentation may be copied translated stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or other wise without the prior written permission of NICTA NICTA does not warrant that this document is error free Red Lizard Software Australian Technology Park Level 5 13 Garden Street Eveleigh NSW 2015 Australia Web http www redlizards com Support support redlizards com Contents 1 System Requirements 5 LI JOpErabime Systems x cos essed gor ea dok a a A A a a 5 11i Michisoit Windows sso ds 2 kbar de AAA bus 5 Wiz NO eared ts as as hee eee eR ee Be Ped Sa te De T 5 T13 a A 6 dd aed we Pa dd SE th eas a 5 1 2 Hardware Requirements 0 ee ns 7 Tae Sup potied Compmlers vado ay ase Se a a a ae es PE ae Ps 7 13 1 A Word Ow C90 and Call S
3. license server option and will force Goanna to reserve a single license seat for you for this amount of time In addition this technique can be used to improve license validation time and will allow you to perform Goanna analysis while disconnected from the license server 2 5 Next Steps Performing analysis on your C C project with Goanna Central is a three step process 1 2 3 Setting up your C C project and running a full build on the project using Goanna build integration utility to capture settings of your build Using this information from full build to run analysis Reading and interacting with the analysis results The rest of this documentation explains this process in detail 1 2 The next section section 3 explains how to set up your C C projects to be used with Goanna and to capture settings of your build The section 4 explains how to use this captured settings to run analysis and to read the analysis results 14 The section 5 explains what options are available to control the analysis and how to do so The section 6 explains ways to set up IAR Embedded Workbench or Keil Vision IDEs to run analysis directly from within IDE The section 8 explains how to compute code metrics of your project The section 9 explains how to use the Goanna Dashboard a web based interface to navigate and interact with analysis results and issues found within your projects 15 3 Setting Up Projec
4. If you need rapid results without much depth then turning off interprocedural analysis will provide faster results at the cost of accuracy in some checks To turn off interprocedural analysis use the no ipa option By default interprocedural analysis does two passes in optimized order over each file This provides a good approximation for function behaviours but may miss some complex behaviours that require many passes to ac curately detect Additional precision can be gained by increasing the iteration limit the maximum number of passes Goanna will do To change the interprocedural analysis iteration limit use the ipa iterations option 7 2 AWord on False Positives Goanna considers all possible execution paths in your program and will warn you ifit finds potential defects such as use of an uninitialised variable that occur only on particular execution paths and not others But sometimes the execution path leading to a potential defect is actually not possible when the program is executed If Goanna is able to deduce this through static analysis then it won t warn you But if it can t then you may receive a spurious warning for a defect that isn t really there Such warnings are called false positives Some false positives occur because Goanna currently does not track dependencies between variables in loops For example if you have a loop with two counters and only test one char buffer 11 int i count i 0 co
5. conr es sa a A a hele a a a he a 13 2A License ACHVANION cec ses ee mb eee A CEE A a e sd Ee a 13 2 4 1 Activating Node locked License o nes 13 242 Using Network Floating License ooa c ao ee eet ee hae rek eee be 14 25 NextStep saa if a bee ae RS Be ORE Ee ae ea Ee de Boe eee 14 3 Setting Up Projects for Goanna Analysis 16 SU TOUSEN ls 2 Shae O Be A eet SE ee EA 16 3 2 Intitialisivie the Goana divetiory sees ba eae a Sa RA eae RE REE EO eS De 16 3 2 1 Usingadifferent Goannadirectory o ee te et tenes 17 322 Usinga different project directory jf kde ee ee ee ka 17 3 2 Dertormins D AS e cocer a A Ree a ee aw ee RS Oe 18 4 Running Goanna Analysis AD Introduction 207 ee ie a ee ee ses da AAA en Ee E S 4 2 Running Goanna project analysis using goanna analyse 0000 eee eae 4 2 1 Running Goanna project analysis on a subset of the project 4 3 Reading Analysis Results o a a ee aa 43 1 Ghana OutpubOn The Console 24 2 654 5 ene de eee aes Re Ra eae PR Od 43 2 HTML Reportiot Analysis Results coc 2 ewes 4133 Analysis Results Ii XML PUG iss chases vir a cea dae eo ey eee as ae Pee 4 3 4 Using Goanna Dashboard Web Interface To Interact With Analysis Results 4 4 Running Goanna Analysis using pre 3 4 0tools o oo o Configuring Goanna Analysis Al o A RA 51 1 Listing Checks Packages os dea iras rr a a i 5 12 Enabling Available Checks
6. help Print help message for common options version Print version information Advanced Command Line Options The following options are intended to be used only in cases where your environment requires them In general you do not need to use these options License dir lt directory gt Set directory in which to look for a license file advanced help Print help message for advanced options Return Codes goanna trace returns the return code from the underlying build process 49 11 3 goanna analyse Analyse C C Projects Synopsis goanna analyse options lt path gt Description goanna analyse will analyse a C C project using the build spec created by goanna trace see 11 2 Command Line Options goanna dir lt path gt Specify the location of the Goanna project data default is goanna project dir lt path gt Specify the location of the project root default is If the project dir option is given then goanna dir is also required exclude lt path pattern gt Do not analyse files that match lt path pattern gt match lt path pattern gt Only analyse files that match lt path pattern gt dryrun Instead of analysis output which files and executables will be analysed License server lt server port gt Attempt to contact a license server at address lt server gt lt Port gt is optional de faults to 6200 license borrow hours lt number gt When contacting license server bor
7. 1 goanna init Initialise C C Projects Synopsis goanna init options Description goanna ini t creates a Goanna project data store This file system location is used to group Goanna settings and Goanna analysis data that is associated with the project The project data store is used by the other Goanna commands goanna trace goanna analyse goanna report and goanna package Command Line Options goanna dir lt path gt Specify the location of the Goanna project data default is goanna project dir lt path gt Specify the location of the project root default is If the project dir option is given then goanna dir is also required project name lt name gt Specify the name of the project This is used as an identifier for reporting purposes such as HTML reports By default the project name is determined from the name of the project root directory help Print help message for common options version Print version information Advanced Command Line Options The following options are intended to be used only in cases where your environment requires them In general you do not need to use these options advanced help Print help message for advanced options Return Codes Here is a list of return codes goanna init returns listed as headings Under the headings are a list of modes that provides that return code O Zero A return code of 0 generally means that no errors were encountered and goanna init
8. 26 B Tape dpp 197 o 14 2013 05 29 00 28 42 Showing 1 to 7 of 7 entries 9 4 2 Report Page Once you select a project you are taken to the project s report page This page shows four graphs Snapshot History shows the overall progress of your project over time Each point on the graph is one of your previous snapshots showing the total number of warnings by severity Clicking on any point in the graph will change the report page to show details about warnings in that snapshot By default the most recent snapshot is selected Snapshot History Manage All warnings in putty 400 Warnings 8 0 8 May 10 May 12 May 14 May 16 May 18 May 20 May 22 May 24 May 26 May 28 May Low Medium High Warnings By Category shows all warnings for your snapshot broken down into each warning type Clicking on a wedge will show the break down of warnings of that category Clicking on a subsequent wedge will take you to the warnings browser filtered for that particular warning type Warnings By Category All the warnings for putty broken down by warning category SPC Unspecified Behavior ARR f Array Bounds RED Redundant Code ATH Arithmetic Errors LIB Library Function PTR Pointer Misuse N MEM Memory Usage Top 10 Warnings shows the top ten warning types in this snapshot Clicking on one of the bars in the chart will take you to the warnings browser filtered by that warnin
9. Changing warnings to status Locz Analyse adi Note Assigned to John for investigation Poin Con Update The Export button allows you to export all warnings or visible warnings to a CSV file 40 9 4 5 Code Browser The code browser displays a file and all its Goanna warnings The right hand side shows the source code of the file currently opened with warnings highlighted in three colours based on severity The left hand side has the details of warnings for this file The box at the top of the left hand pane allows you to select a warning to see in more detail Like in the warnings browser you are able to change the status and add a note to each warning in the code browser This can be done by changing the status and or adding a note and pressing Apply Status Fix 7 Apply If there is trace information for a warning it will also appear in this pane You can step through the trace just like a debugger To go to a step in the trace click on it and the source code browser will jump to the corresponding line You can then navigate through the trace using either the up down arrows on top of the trace dialog or by using the up down arrow keys on your keyboard Trace 4 y command_bind_full 155 if rec 0 is false Pointer possibly assigned NULL 161 modrec command_module_get rec module protocol 161 Entering into command_module_get command_module_get 126 return_null co
10. Goanna does not support compilers targetting the MSYS environment shipped as part of msys dvlpr package Note that standard MinGW compilers are supported even in MSYS environment Other Known Limitations and Notes e As of Goanna Central 3 4 0 support for Keil Vision is now available by default The Keil Vision Support Package is no longer required but is still available upon request for backward compatibility 11 2 2 1 Getting Started License Agreement Before installing Goanna Central ensure you read the Goanna license agreement For evaluation trial licenses please refer to http redlizards com license term evaluation license agreement For registered paid licenses please refer to 2 2 http redlizards com license term Installation Linux To install Goanna Central for Linux 1 N Download the Goanna Central for Linux tarball Unpack the downloaded tarball tar zxvf goanna central linux release 3 6 4 tgz This should extract all files needed for installation in a separate directory Navigate to the directory just created cd goanna central linux release 3 6 4 Run the install script instal l goamna to start the installation process The installation process can be run either with sudo i e under root sudo install goanna or without sudo i e under your user account install goanna We recommend that you install Goanna with sudo The following features will not be
11. Summary Report Example of Warnings Report To generate HTML report files use the goanna report command with the warnings subcommand goanna report warnings Found project name example Created new report directory example goanna reports 2015 01 01_00 00 Generated Warnings HTML goanna reports 2015 01 01_00 00 warnings html Generated Summary HTML goanna reports 2015 01 01_00 00 summary html Created latest report directory example goanna reports latest Copied warnings html to latest report directory goanna reports latest Copied summary html to latest report directory goanna reports latest 22 4 3 3 Analysis Results In XML File Goanna can generate XML reports of the analysis results This is useful if you need Goanna to be used in conjunc tion with some other platform or framework and need programmatic access to the analysis result To generate XML report files use the goanna report command with the warnings subcommand goanna report warnings Found project name example Created new report directory example goanna reports 2015 01 01_00 00 Generated Warnings XML goanna reports 2015 01 01_00 00 warnings xml Generated Warnings File goanna reports 2015 01 01_00 00 warnings goannawarnings Created latest report directory example goanna reports latest Copied warnings xml to latest report directory goanna reports latest goanna report warnings will generate the following files e
12. Windows the default character encoding used by your system If your source files are not in any of these encodings you will need to specify the encoding here in order for it to display correctly in the source code browser A link is available in the Project Settings window listing all the encodings supported 43 10 Advanced Features Concepts and Configurations 10 1 Proceed With Caution This section describes a number of advanced Goanna concepts and configuration options In most cases there is no need to know these concepts or use these options We recommend that you use these advanced options only when required Many of these advanced features contain limitations and or caveats if you wish to use any of these features then make sure to read the description carefully to understand these limitations and caveats Important Red Lizard Software may deprecate and later remove any feature within this section in the future releases of Goanna 10 2 Manually Running Analysis On Source Files goannacc and goannac utilities can be used to run Goanna analysis on C or C source file s without first performing build tracing To run Goanna analysis directly on C source files run goannacc nc with cc lt path to C compiler gt db lt path to database gt lt extra arguments to goannacc gt lt arguments to compiler gt To run Goanna analysis directly on C source files run goannac nc with cxx lt path to C compile
13. all checks Note Using all checks option will cause any check checks and checks file options to be ignored 5 2 4 Selecting Checks for a C C Project Information about which checks are enabled for a project can be persisted using the Goanna project data store The goanna package command can also be used to enable disable checks goanna package enable check lt check name gt This will enable lt check name gt for all subsequent project analyses that do not have another check related option For example there may be a desire to make sure a C file has not been included by another C file This check is called INCLUDE c file and it is not enabled by default To enable it for all subsequent analysis runs goanna package enable check INCLUDE c file goanna package enabled check INCLUDE c file for current project Now when goanna analyse is next run INCLUDE c file warnings will also be reported in addition to the checks that are enabled by default 26 goanna analyse Goanna analyzing file foo c foo c 3 warning Goanna INCLUDE c file Severity Low A c file shall not include any c file 5 3 Including Headers Into Analysis By default Goanna analyzes source files only any header files included are read by Goanna but are not analyzed To include user headers generally those included using include syntax into analysis pass user headers option to goanna analyse when running analysi
14. completed execution successfully e goanna init completes execution without errors e goanna init prints help or version information 1 One A return code of 1 generally means that a user provided parameter is invalid e The project dir option was given but the goanna dir option was missing e goanna init was unable to create the Goanna project data store e goanna init encounters an error while parsing command line arguments 48 11 2 goanna trace Monitor C C Project Build Synopsis goanna trace options lt build command gt Description goanna trace will execute lt build command gt and record the compilation and linker processes that were executed in order to build the project Command Line Options goanna dir lt path gt Specify the location of the Goanna project data default is goanna project dir lt path gt Specify the location of the project root default is If the project dir option is given then goanna dir is also required lLicense server lt server port gt Attempt to contact a license server at address lt server gt lt Port gt is optional de faults to 6200 license borrow hours lt number gt When contacting license server borrow license for lt number gt of hours De faults to 1 maximum of 24 force tracing Force build recording even when the specified build spec file already exists Stop processing command line options and treat subsequent options as arguments
15. configured and built and even on what command line options are given to it at run time Goanna utilities are designed to handle all these complexity automatically so that Goanna can fully understand all of your C C source files even if they contain compiler specific syntax extensions or include library headers in other directories When you perform a project wide analysis Goanna automatically does the following things to ensure Goanna can understand your C C source files 1 Goanna switches its C C parsing mode based on information in the build specification Each parsing mode is called dialect in use 2 Goanna detects all predefined macros include paths and any other built in configuration options from var ious sources usually by invoking a compiler in question or fetching information from environment vari ables and 3 Goanna reads all compiler specific command line options and configures the parser accordingly to ensure any syntax related options are applied correctly If you run source file or link time analysis manually by directly calling goannacc goannac or goannald then you need to ensure that you pass with cc lt path to C compiler gt with cxx lt path to C compiler gt and with ld lt path to linker gt options These options specify which compilers and linkers your project uses and ensures that Goanna is configured appropriately for your environment 47 11 Goanna Central Utility Reference 11
16. dir is also required Return Codes Here is a list of return codes goanna package returns listed as headings Under the headings are a list of modes that provides that return code O Zero A return code of generally means that no errors were encountered and goanna package com pleted execution successfully e goanna package completes execution without errors e goanna package prints help or version information 1 One A return code of 1 generally means that a user provided parameter is invalid e The project dir option was given but the goanna dir option was missing e goanna package encounters an error while parsing command line arguments 55 11 7 goanna metrics Calculate C C Project Code Metrics Synopsis goanna metrics options lt path gt Description goanna metrics calculates metrics for a project by using the build spec created by goanna trace Command Line Options goanna dir lt path gt Specify the location of the Goanna project data default is goanna project dir lt path gt Specify the location of the project root default is If the project dir option is given then goanna dir is also required exclude lt path pattern gt Do not analyse files that match lt path pattern gt match lt path pattern gt Only analyse files that match lt path pattern gt License server lt server port gt Attempt to contact a license server at address lt server gt lt Port gt is optional de f
17. during analysis even though Goanna supports relevant syntax extensions 1 3 3 Analog Devices C C Compiler for SHARC Processors cc21k Dialect Goanna supports Analog Devices C C Compiler for SHARC Processors shipped with Analog Devices CrossCore Embedded Studio 1 0 or higher 1 3 4 ARM C C Compiler armcc Dialect Goanna supports the following versions of ARM C C Compiler e RealView Development Suite RVDS versions 2 0 to 4 1 inclusive e DS 5 Development Studio e ARM Compiler versions 4 1 and 5 0 including those shipped with Keil MDK ARM versions 4 and 5 RVDS 1 2 and older ARM Developer Suite ADS versions 1 2 and older and ARM Compiler 6 armc Lang are not supported Known Limitations e Some compiler arguments such as cpp for cpp use c instead kandr_include strict wchar no_wchar wchar16 and wchar32 are not supported Goanna will ignore these argu ments e Goanna will always include RVCT lt version gt INC ARMCC lt version gt INC and ARMINC environment vari ables and lt installation path of compiler gt include into the system include directories even when J option is used 1 3 5 Cosmic Software C Cross Compiler cosmic Dialect Goanna supports all recent versions of CX6808 Compiler part of Cosmic S08 and HC08 Cross Development Tools CX6812 Compiler part of Cosmic 68HC12 and HCS12 Cross Development Tools CX6816 Compiler part of Cosmic 68HC16 Cross Development Tools CX
18. e On Linux goanna trace uses LD_LIBRARY_PATH and LD_PRELOAD environment variables to allow Goanna to monitor the build If your build currently uses these environment variables you need to modify the build to not use these environment variables before running goanna trace e Ifyouare using Cygwin you must setwincmdln option in the CYGWIN environment variable before running goanna trace You can now use goanna analyse to perform a project analysis See 4 2 for more details 18 4 Running Goanna Analysis 4 1 Introduction To perform a project analysis make sure you have completed the steps required to generate a Goanna build spec ification that can be used by goanna analyse 4 2 Running Goanna project analysis using goanna analyse Run goanna analyse to start the whole project analysis It is important to note that the analysis may take a long time if the project contains a large number of files generally 100 or more and or large files then the analysis may possibly take hours to complete To pass additional Goanna analysis options add them to the end of the command For example goanna analyse lt additional analysis options gt Goanna allows various configuration options to fine tuned using analysis options such as e Selecting what check s are enabled A check is a Goanna term for a rule that describes a single type of potential issues that may be found within a project For example ARR inv index is a Goanna check
19. filename RELFILE the filepath and filename RELFILEX the filepath and filename followed by or blank if in the current source file RELPATH the filepath ABSFILE the absolute filepath and filename ABSFILEX the absolute filepath and filename followed by or blank if in the current source file ABSPATH the absolute filepath DBRELFILE the filepath relative to the database file and filename DBRELPATH the filepath relative to the database file FUNCTION the function name LINE the line number TEXT text describing the event on the trace TYPE the type of the trace line EOL a line break a literal The default trace format is LINE TYPE TEXTI EOL Stop processing command line options and treat subsequent options as arguments help Print help message for common options version Print version information Note exclude options will cause errors if match options or lt path gt arguments are given match options are allowed in conjunction with lt path gt arguments Advanced Command Line Options The following options are intended to be used only in cases where your environment requires them In general you do not need to use these options license dir lt directory gt Set directory in which to look for a license file 51 timeout per phase lt n gt Set a timeout in seconds for each phase of analysis This is useful if you have a few functions that take very long t
20. ge z req ne z req lt 1 req le 1 req gt nl req ge nl req le ff req gt min return ec modify errno return pty relative path strconst taint source alloc null chdir chroot impure exit value interval array size interval value true false maybe T bound bound bound integer g An API list file for the export subcommand is also a JSON file containing a list of unmangled names for functions whose results need to be expoted For example my_alloc my free cls foo The following table lists this file format in Backus Naur Form 60 lapi list file T fn name 4 fn name fn name namespace class function namespace class function string Pre defined Properties Goanna provides the following pre defined properties and their leagal values for specifying function parameters ptr read true maybe false Whether the value pointed to by the pointer parameter is read ptr written true maybe false Whether the memory location pointed to by the pointer parameter is written ptr freed true maybe false Whether the pointer parameter is freed ptr deleted true maybe false Whether the pointer parameter is freed by C operator delete null deref maybe false Whether the pointer parameter is dereferenced w
21. its default behaviour To do this goanna assume import goanna knowledge base file goanna assume reset goanna analyse Goannaknowledge base files are in a simple JSON format which is easy to read and modify For example the following Goanna knowledge base file specifies that external function ex_ fun may allocate memory and function foo of class cls in file home user project source cpp does not dereference its first parameter without a NULL test and its return value is between 2 and 0 inclusive includes fn ex_fun pos 1 pty alloc val maybe home user project source cpp fn cls foo pos 0 pty null deref val false fn cls foo pos 1 pty value interval val 2 0 Goanna provides a rich set of pre defined properties for building assumptions about source code Please see 11 8 for detailed useage of goanna assume 5 7 Other Configuration Options In addition to those listed above Goanna provides a range of analysis options to fine tune the analysis For the list of all analysis options see the goanna analyse reference 11 3 Some analysis options may refer to advanced concepts not explained here see 10 for details 28 6 Running Goanna Analysis From Within IDEs Goanna Central supports a limited form of IDE integration with the following IDEs e IAR Embedded Workbench version 5 40 and higher e Keil Vision version 4
22. mem ptr c Comment density 0 10 Goanna CONST mem ptr c Global const declarations 0 Metrics for function test file mem ptr c Goanna AVGLEVEL mem ptr c test Average level of executable statements 1 00 Goanna CALLED mem ptr c test Number of called functions 0 Goanna CASE mem ptr c test Else and case statements 0 Metrics for project Goanna AVGLEVEL Average level of executable statements 1 35 Goanna CASE Else and case statements 4 Goanna COND If and switch statements 16 Selecting Metrics To Compute To specify a set of metrics to be computed pass metric lt metric name gt to goanna metrics For exam ple goanna metrics metric LOC metric VG 35 Alternatively you can enable all metrics by passing all metrics option goanna metrics all metrics 8 2 1 Computing Code Metrics For Subset Of Project You can specify which files in the project to compute the code metrics for by passing either e source file paths as arguments e exc lude option or e match option These options work in the same way as in goanna analyse See 4 2 1 for details on how these options work 8 2 2 Code Metrics Results In XML HTML and CSV Files Goanna can also export the code metrics results into XML HTML and CSV files To generate XML HTML and CSV output run goanna report with metrics subcommand after running goanna metrics goanna report metrics Found project name examp
23. nor e library thirdparty sqlite3 sqlite3 c If a path pattern contains a path separator on linux or on windows then the path pattern will match consecutive directory or file names For example the command goanna analyse exclude thirdparty sqlite3 Will exclude the following files e thirdparty sqlite3 sqlite3 c e libraries thirdparty sqlite3 file c and e libraries thirdparty sqlite3 other c but it will not exclude e athirdparty sqlite3 file c nor e thirdparty sqlite3 3 12 1 1 sqlite3 c Path patterns my also contain and characters with the following effects Match any single character gt gt Match any sub sequence of characters including the empty sequence A Tf this is used as a prefix it means that path patterns will only match from the beginning of the file path For example the command goanna analyse exclude thirdparty sqlite3 will exclude thirdparty sqlite3 sqlite3 c but will not exclude libraries thirdparty sqlit3 sqlite3 c Using the match option The match option works in the same way as the exc lude option except that only files that match the path pattern will be included in the analysis Using path arguments Path arguments have the same effect as match options however they are only matched on paths exactly For instance the command goanna analyse src Will analyse all files in the src directory but none of the files in the Lib src dir
24. perform analysis For more details about these modes see 10 2 Command Line Options absolute path Print absolute paths in warnings all checks Run all available checks overrides all other check related options brief trace Show immediately relevant decisions in trace output not the majority of decisions c Indicate that file s contain C code check lt name gt Run a specific check overrides any checks file checks file lt file gt Use the checks listed in lt file gt instead of the default checks in properties init file checks lt standard gt Run all checks in the specified coding standard For example checks misrac2004 runs all available checks in the MISRA C 2004 standard checks lt standard gt lt rule gt Run the check s corresponding to one rule in the specified coding standard For example checks misrac2004 12 8 runs the check s that implement MISRA C 2004 rule 12 8 color colour Only available on Linux Output in color columns Print column positions in warnings db lt file gt Specify the database file to use for persistent information directory lt dir gt Before doing anything change to lt dir gt force analysis Re analyze files that have not changed since last run help Print help message for common options ignore errors Ignore errors from the compiler License server lt server port gt Attempt to contact a license server at address lt server gt lt
25. return code 56 O Zero A return code of generally means that no errors were encountered and goanna metrics com pleted execution successfully e goanna metrics completes execution without errors e goanna metrics prints help or version information 1 One Areturn code of 1 generally means that a user provided parameter is invalid e The project dir option was given but the goanna dir option was missing e goanna metrics was unable to access the Goanna project data store e goanna metrics encounters an error while parsing command line arguments 57 11 8 goanna assume Import Export Knowledge Base Synopsis goanna assume options help goanna assume options help lt command gt goanna assume options reset goanna assume options import lt goanna knowledge base file gt goanna assume options export options lt goanna knowledge base file gt Description goanna assume is used to import knowledge base about source code to guide Goanna analysis and also export Goanna analysis results for use in future Goanna runs Knowledge base imported by the import subcommand will be persistent for subsequent executions of goanna analyse until another Goanna knowledge base file is imported or the reset subcommand is executed which will clear all previously imported knowledge base Previous Goanna analysis results stored in the project database can be exported in the form of Goanna knowledge base file by executing the export s
26. select a warning to be either Ignore or Not a Problem then these warnings are automatically suppressed Goanna will then ignore these warnings in future analysis runs 9 3 Severity Every check in Goanna has been assigned a static severity of either High Medium or Low These severities are represented throughout the Goanna Dashboard in three colours or a blend of these three colours e High Red e Medium Yellow e Low Green 9 4 Dashboard Views 9 4 1 Project Page The project page is usually where you begin when using the Goanna Dashboard It gives an overview of all projects Goanna has analysed and taken a snapshot of The table provides a high level overview of the current state of all projects including the number of warnings number of new warnings number of files analysed and the last time a snapshot was taken If you do not want to have a project in your dashboard anymore you can use the checkboxes on the left hand side of the table to select the project s you wish to delete then use the Delete Project button in the Dashboard s toolbar 37 Delete Project Search Type filter Project Name Warnings New Warnings Files Change Latest Snapshot D T audacity 1964 o 742 0 2013 05 29 05 50 51 O Cir 147 o 1610 2013 05 29 00 18 32 B Tison 2 o 7 0 2013 05 29 00 03 38 ma Iwip misrac2004 5723 0 74 0 2013 05 29 00 27 14 B T mongodb 1090 6 593 1 2013 05 28 16 03 53 ET putty 376 o 102 0 2013 05 29 00 47
27. 5 1 2 Enabling Available Checks Package To enable an already installed checks package run goanna package enable pkg lt package name gt Note Use this command only for checks packages that are already installed If you wish to enable a checks package that is not installed yet see 5 1 4 for details 24 5 1 3 Disabling Installed Checks Package To disable an enabled checks package run goanna package disable pkg lt package name gt 5 1 4 Installing Custom Checks Package In addition to the pre installed checks packages it is possible to install a custom checks package that is provided ina goannapackage file To install and enable a custom checks package run goanna package install lt package file gt Contact Red Lizard Software for more information about custom checks packages Notes e Installing a custom checks package requires write access to the installation directory of Goanna Generally this means On Windows you need to issue checks package commands from within Command Prompt opened as Administrator On Linux if you have installed Goanna Central with sudo or from within root terminal i e under root privilege then you need to issue checks package commands with sudo or from within root terminal 5 2 Setting Checks 5 2 1 Introduction Goanna provides a set of options to configure what checks or rules to be used in the analysis to control types of issues that Goanna should look for By default Goa
28. 8 Ef 1 43 EPM900 Emulator 185 3 Ey Source Code 186 E E Measure c 187 H REG935 H ana H stdio h 2 Ma ore 190 6 Once the analysis starts a console window appears Wait until this window is automatically closed when the window is closed the analysis is complete Analysis results should be shown in the Build Output window Note goanna analyse will not show any progress information during analysis This is due to technical limitation of Keil Vision 7 You can jump to the line with a Goanna warning by double clicking at the Goanna warning line in the Build Output window 205 getline cmdbuf 0 sizeof cmdbuf input command line 206 gt 2075 for i 0 cmdbufffif o i 4 convert to upper characters 208 cmdbuf 1 toupper cmdbuf i p et 209 rr Ge O Fu 0y7 lt Build Output C Program Files x86 RedLizards Goanna Central 3 3 0 bin gokeil exe output format RELFILES LINENO 3COLUMNS TYPE Goanna CHECKNAME Goanna analyzing file Measure c Numb 25 i used as array index CERT Measure c 2 warning Goanna SEC array access Severity Medium User controlled variable i used as array index CERT INTO C CWE 129 Measure c 221 26 warning Goanna SEC array access Severity Medium User controlled variable idx used as array index CERT INTO C CWE 129 Measure c 222 41 warning Goanna SEC array access Severity Medium User contro
29. C Documents and Settings lt username gt Local Settings Application Data RedLizards Goanna Central Windows Vista Server 2008 and later C Users lt username gt AppData Local RedLizards Goanna Central where lt username gt is the name of the user account who have installed Goanna Central usually it is your Windows user name 2 4 2 Using Network Floating License Ifyou have obtained network floating licenses then you will need to perform the following steps to set up Goanna to use your license 1 2 Set up a license server somewhere on your network with the license file supplied The license server for Goanna is shipped ina separate installation package Contact your distributor to obtain the installer For instructions on how to set up the license server please refer to the separate License Server User Guide Always use lLicense server option when using Goanna Once the license server is up and running to use the license server pass the License server lt server gt op tion to goanna trace goanna analyse goanna metrics and goannacc utilities when capturing build information running Goanna analysis and computing code metrics Borrowing a Network Floating license When you run the Goanna analysis with a network floating license you can optionally specify a borrow duration in the range of 1 to 24 hours This is enabled by using the License borrow hours lt hours gt option in combination with the
30. Created new Goanna Directory at lt current working directory gt goanna This will create a Goanna directory where the information Goanna gathers about your project will be stored All Goanna directory based commands will then search for write to and use the information in the Goanna directory where applicable By default goanna init determines the name of the project from the name of the project root directory This name is used for reporting purposes such as HTML analysis report If you wish to change the name of the project pass project name option to goanna init 3 2 1 Using a different Goanna directory If the default Goanna directory location is undesirable then it can be created in a non default location using the goanna dir command line option goanna init goanna dir lt other dir gt Goanna Directory is lt other dir gt goanna Project Directory is lt current working directory gt Created new Goanna Directory at lt other dir gt goanna In order to use this non default Goanna directory from other Goanna directory based commands it is necessary to also give them the goanna dir command line option 3 2 2 Using a different project directory If the current working directory is not also the project root directory then this can also be specified using the project dir command line option goanna init goanna dir lt other dir gt project dir lt my project dir gt Goanna D
31. ET Framework 2 0 or higher 1 1 2 Linux Goanna supports all major distributions of Linux with glibc GNU C Library 2 4 or higher installed Both 32 bit x86 and 64 bit x86 64 AMD64 versions of Linux are supported Using Goanna with SELinux enabled is not recommended 1 1 3 Other Requirements Some features of Goanna may require additional software or packages Requirements for Goanna Dashboard and HTML Report Goanna Dashboard see 9 and HTML Report see 4 3 2 requires a web browser The following web browsers are supported Internet Explorer 9 or higher Microsoft Edge Mozilla Firefox currently supported versions by Mozilla Google Chrome currently supported versions by Google While not officially supported these features may also work on other modern browsers We also support Internet Explorer 7 and 8 however you may experience slow performance on these browsers using Goanna Central with these browsers is not recommended Requirements for LM X License Manager Goanna uses LM X License Manager 4 4 2 from X Formation for licensing If you wish to use web based UI of the License Manager Important Red Lizard Software does not provide full support for the web based UI the following software must be installed e A modern web browser e Oracle Java Runtime Environment 1 6 or higher e Adobe Flash Player Please refer to X Formation website http docs x formation com display GEN System requirements for web based Uls f
32. In general you do not need to use these options dialect lt file gt Specify the dialect of C C compilers Available dialects are armcc metrowerks c166 microsoft c51 qnx cc21k renesas h8 cosmic renesas rx diab ti armcl gnu ti cl16x jar 8051 ti cl2000 jar arm ti cl430 lar avr ti cl470 jar msp430 ti cl500 jar ml16c ti cl55 69 If you use this option you should also specify wi th cc with cxx and or with ld to specify the paths to the compiler s and linker Ifthese are not specified then Goanna will assume the default name for the specified dialect which may not be what is available on your system If none of dialect with cc with cxx or with 1d are specified then Goanna will assume the default of gnu dialect with gcc C compiler g C compiler and 1d linker error Exit with error status code when warnings emitted exclude lt file gt Exclude the specified lt file gt from analysis Diagnostics Command Line Options The following options are provided for diagnostics purposes only Do not use these options unless directed by Red Lizard Software support team diagnostics mode Any unrecognized options will be passed through to the linker as linker arguments unless nc is specified in which case they will be ignored Return Codes Here is a list of return codes goannald returns listed as headings Under the headings are a list of modes that provides that return code O Zero A ret
33. Instruments Code Composer Studio versions 5 and 6 e CL16X compiler shipped with Texas Instruments Code Composer Studio versions 2 2 3 and 5 Note CL16X compiler shipped with Texas Instruments Code Composer Studio version 4 is not supported e CL2000 compiler shipped with Texas Instruments Code Composer Studio versions 4 and 5 e CL430 compiler shipped with Texas Instruments Code Composer Studio versions 4 and 5 e CL470 compiler shipped with Texas Instruments Code Composer Studio version 5 e CL500 compiler shipped with Texas Instruments Code Composer Studio version 5 and e CL55 compiler shipped with Texas Instruments Code Composer Studio version 5 Note Except for armcl compilers shipped with Texas Instruments Code Composer Studio version 6 are not sup ported Known Limitations e Goanna recognizes compiler intrinsics for CL2000 compiler however they are not used for analysis e Goanna recognizes limited number of compiler intrinsics for armcl compiler however they are not used for analysis e Goanna does not recognize compiler intrinsics for any other Texas Instruments compiler parse errors may occur if your source code uses them e Goanna does not recognize environment variables used to specify command line arguments e Except for armcl Goanna does not recognize environment variables used to specify include paths 1 3 15 Wind River Diab Compiler diab Dialect Goanna supports Wind River Diab Compiler shipped with Wind Rive
34. Package lt lt o 513 Disabling Installed Checks Package 2 0202 2 0 Bnet eed es tot arand gi 5 1 4 Installing Custom Checks Package o o 2 CoCa Lina a a Be Sang da de ee A wa SED MW SductiOt 13 43 2200 06 AA AA AR ses ender sede 5 2 2 Selecting Checks With Command Line Options s secc ea aa ca des kaau rar ss Enabling All Available Cheeks 20a ek pee a eee ee RA a a 5 2 4 Selecting Checks foraC C Project 2 ce ee ee 5 3 Including Headers Into Analysis o ns SA Setting Analysis TiMegu s 2 04 3s eae eae ee cada aa a a RR Ra 5 5 Ignoring Certain Warnings Warning Suppression o o ooo o nee ne 5 6 Using Knowledge Base To Guide Analysis os 1 1 ee ns 5 7 Other Configuration Options es 6005 cek rore enw aA a eae ee ews Running Goanna Analysis From Within IDEs 6 1 Running Goanna Analysis From IAR Embedded Workbench 00 000 oo 6 2 Running Goanna Analysis From Keil DUROS adas e cae den Getting the Best Results from Goanna 7a Taterprocedural Analysis A A A AAA eS Ta A WordOn False POSES Sci RIA RAR a a RA 7 3 Using the _GOANNA Preprocessor Symbol o o 74 Uria essertmatre naed a alee 6 a do awh A E a TE Saniplevode cesos CERN DEES RAMEE ee EG Ee SEH EOS Using Goanna To Compute Code Metrics 8 1 Introduction 2 44206 eeu beled Ce EOP ER ee CERES ER ee eee EES EHS 8 2 Using goanna metric
35. Port gt is optional de faults to 6200 no compite nc Do not run the compiler output checks Output the checks that are currently loaded output format lt format gt Specify a warning format used by Goanna to output warnings The following special strings in lt format gt are expanded FILENAMES the filename RELFILE the filepath and filename RELPATH the filepath ABSFILE the absolute filepath and filename ABSPATH the absolute filepath DBRELFILE the filepath relative to the database file and filename 64 DBRELPATH the filepath relative to the database file LINENO the line number COLUMN the column number CHECKNAME the check identifier SEVERITY the checks severity rating MESSAGE the warning message RULES corresponding rule s from coding standards if any TRACE counter example if any FUNCTION the function name SUPPRESSED a x if the warning is suppressed WARNINGID the hash of this warning EOL a line break 98 a literal The default warning formatis RELFILE LINENO warning Goanna CHECKNAME Severity SEVERITY MESSAGE RULES EOL project dir lt dir gt Only include header files in the given directory quiet Only display warnings and no other output suppress lt warning id gt Suppress warning lt warning id gt suppression status Output suppression status markers without suppressing warnings system headers Process system header files Default no timeout
36. S12X Compiler part of Cosmic 12X and XGATE Cross Development Tools e CXSTM8 Compiler part of Cosmic STM8 Cross Development Tools Note CXXGATE Compiler part of Cosmic 12X and XGATE Cross Development Tools is not supported 1 3 6 Freescale metrowerks Dialect Goanna supports mwccarm compiler shipped with Freescale CodeWarrior Development Studio for Microcon trollers CW MCU version 10 2 or higher 1 3 7 GNU C C Compiler GCC gnu Dialect Goanna supports most versions of GNU C C Compiler GCC Known Limitations e CPATH C_INCLUDE_PATH and CPLUS_INCLUDE_PATH environment variables are not recognized by Goanna e sysroot option is not supported e Goanna ignores all optimisation options to work around known issues in recognising certain macros in GNU libc Goanna may produce unexpected results if your source code relies on __OPTIMIZE OPTI MIZE_SIZE__ or __NO_INLINE__ predefined macros as ee 1 3 8 IAR Toolchain for 8051 ARM AVR MSP430 M16C and RSC iar 8051 iar arm iar avr iar msp430 and iar m16c Dialects Goanna supports IAR Toolchain for 8051 ARM AVR MSP430 M16C and R8C shipped with IAR Embedded Work bench 5 40 or higher Note IAR Toolchain for AVR32 is not supported Known Limitations for IAR Toolchain for AVR compiler iar avr dialect e Goanna does not recognize QCCAVR environment variable e Goanna always recognize IAR syntax extensions e and strict options and pragma language
37. SSAGE RULES9 Note You will need to append Goanna options here to change analysis configurations See Running analysis from Keil Vision section below Goanna amp Build and Capture Goanna amp Run analysis I Prompt for Arguments T Run Minimized Run Independent Command C Program Files lt 86 RedLizards Goanna Central 33 0 bin Initial Folder a Arguments outputfomat WRELFILE4Z 4 LINENO 2 COLUMN 3 oT _ ee 15 Click ok You should now see a new menu item Goanna Initalise Project Goanna Build and Capture and Goanna Run analysis on your Tools menu unless if named differently Running analysis from Keil Vision After setting up your Keil Vision you can follow these steps to run the analysis 1 If it is the first time running Goanna analysis on this project select the Goanna Initalise Project menu item 2 Before running analysis make sure to save any changes to the project or any source files within 3 Youcan proceed to the next step skipping the build specification generation if your project meets all of the following conditions e You have run the analysis on the project before i e there is an existing build specification file e Since the last analysis there are no newly added or removed files e Since the last analysis there are no changes to the project settings Otherwise you will need to build the project and generate the build specification first To
38. about available propeties and their leagal values can be find in the following subsection The following table lists this file format in Backus Naur Form 59 goanna knowledge base file F file spec list y api list file lt IT T fn name 4 fn name file spec list api spec api spec file spec file spec file spec api spec includes includes fn spec list file spec file name filename fn spec list filename string of filename fn spec list fn spec 4 fn spec fn spec fn fi name pos pos pty pty val value fn name namespace class function namespace class function string pos return pos param pos return pos 1 param pos zero indexed parameter position pty param pty return pty param pty ptr read ptr written ptr freed ptr deleted null deref divisor file closed file written file path lib path relative path strconst xpath query sql statement os command credential format str strcpy source taint source taint overwritten ldap query loop cond var memcpy arg alloc size array access buffer offset value interval array size interval req gt z req
39. and higher If you use one of the above IDEs you can configure the IDE to allow Goanna to run analysis from within the IDE This provides a convenient method to perform analysis while working on the project without falling back to the command line Note Goanna Central does not provide full IDE integration in the sense that it does not provide a full GUI to configure analysis Such configurations generally need to be done through command line options similar to command line analysis 6 1 Running Goanna Analysis From IAR Embedded Workbench To set up IAR Embedded Workbench IDE to trace and analyse a Embedded Workbench project follow these steps 1 Start IAR Embedded Workbench Og IAR Embedded Workbench IDE File Edit View Project Window Help Duda Options menace Configure Tools E Filename e Files amp Configure Viewers Goanna 2 From the Tools menu select Configure Tools es In the Configure Tools dialog that follows click the New button For the Menu Text of the new menu item type Goanna amp Init Next to Command type goanna init exe Leave Arguments empty Next to Initial Directory type SPROJ_DIRS Check Redirect to Output Window Click ok 10 In the Configure Tools dialog that follows click the New button 11 For the Menu Text of the new menu item type Goanna Trace SENDAY 12 Next to Command type goanna trace exe 13 Next to Arguments copy and paste the followin
40. atabase Goanna Dashboard uses its own database called summary database or summary DB to store details about your project By default this database is stored in e lt installed directory gt reporter on Linux where the Goanna installation directory is lt installed directory gt or e C Documents and Settings lt username gt Local Settings Application Data RedLizards Goanna Central for Windows XP and Server 2003 or e C Users lt username gt AppData Local RedLizards Goanna Central for Windows Vista Server 2008 and later where lt username gt is the name of the user account who installed Goanna Central It is possible to change where the summary database is stored by using the summary db lt path gt flag However if you do change the default summary database location be sure to specify new location of the database with either e through summary db flag when you run Goanna commands or e by specifying the new location in the goreporter configuration file Integrating Reporting into Your Build To capture an anlysis snapshot use the tool goanna snapshot Important Once the snapshot is taken make sure that the project database stays at the same location This is because some features of the Goanna Dashboard relies on the project database being always available at the same location Command Line Arguments start server summary db lt file gt The database in which to save snapshots port lt port number gt Por
41. ated to providing coverage for popular C C standards Controlling which checks are available to the current project is done by using the goanna package command When additional packages are enabled the checks they provide can be selected for analysis by using the check selection options described in Section 5 2 Goanna Central ships with the following checks packages e stdchecks enabled by default Goanna Core checks This checks package contains a set of checks for common C C issues security Checks that are targetting well known security vulnerabilities misrac2004 Dedicated checks for MISRA C 2004 coding standard e misrac 2008 Dedicated checks for MISRA C 2008 coding standard misrac2012 Dedicated checks for MISRA C 2012 coding standard Notes e Goanna does not provide an option to use checks package for a single analysis run only if you wish to do this you must first enable a checks package run analysis and then disable the checks package 5 1 1 Listing Checks Packages To see which checks packages are installed or available run goanna package list This will give you the list of installed and enabled checks packages for example Installed packages misrac 2008 misrac2004 misrac2012 security stdchecks If the command is run from within a project or one is specified using the goanna di r option then you will see additional output Packages enabled for this project stdchecks
42. ation CWE misrac2004 Motor Industry Software Reliability Association MISRA C 2004 misrac 2008 Motor Industry Software Reliability Association MISRA C 2008 misrac2012 Motor Industry Software Reliability Association MISRA C 2012 In addition to the above list there is a special standard called default on which if specified will enable the Goanna default set of checks Like check option you can pass checks option multiple times to specify a set of multiple coding standards or coding standard rules It is also possible to pass a mix of check and checks options to select all of chosen checks coding standards and coding standard rules 5 2 3 Enabling All Available Checks Generally you should only enable Goanna checks that are relevant to your environment Goanna analysis engine is designed to perform some computationally expensive checking algorithm only when required by the enabled checks if you have unnecessary checks turned on this may cause the analysis to take substantially longer In addition some Goanna checks are either syntactic or specialized to particular rules within coding standards If you have these checks turned on this may result in a large number of spurious warnings Nevertheless Goanna provides an option to enable all available Goanna checks if this is required To enable all available Goanna checks pass all checks to goanna analyse when running analysis For example goanna analyse
43. aults to 6200 license borrow hours lt number gt When contacting license server borrow license for lt number gt of hours De faults to 1 maximum of 24 jobs lt number gt The number of parallel jobs 1 20 to run simultaneously Default is the number of CPU cores detected on your system note that running goanna help will display the number of detected cores as the default ungroup With jobs 2 or more print all output immediately instead of grouped by job This reduces latency and memory usage but may cause output from different jobs to be mixed metric lt name gt Runa specific metric all metrics Run all available metrics Stop processing command line options and treat subsequent options as arguments help Print help message for common options version Print version information Note exclude options will cause errors if match options or lt path gt arguments are given match options are allowed in conjunction with lt path gt arguments Advanced Command Line Options The following options are intended to be used only in cases where your environment requires them In general you do not need to use these options license dir lt directory gt Set directory in which to look for a license file advanced help Print help message for advanced options Return Codes Here is a list of return codes goanna metrics returns listed as headings Under the headings are a list of modes that provides that
44. c using gcc and then performs analysis on that file Note Goanna will not perform analysis in this mode if the specified files fail to compile If this behaviour is not desirable pass ignore errors option Please note that if the files fail to compile because of syntax errors then Goanna analysis may fail to run even with ignore errors option 44 10 3 Manually Running Link Time Analysis On Object Files Similar to source files it is possible to perform link time analysis directly using goannald Because link time analysis relies on information in the project database about source files you must first run source file analysis on all relevant source files before running link time analysis Once source file analysis is complete run the following command to run link time analysis goannald nc with 1d lt path to linker gt db lt path to database gt lt extra arguments to goannald gt lt arguments to linker gt For example to run analysis on src main o object file when using GNU Linker 1d goannald nc with ld ld db myfiles goannadb src main o This will run link time analysis on src main o and outputs the result to the console Note The following features are not available if you run link time analysis directly e Knowledge base e HTML analysis report e XML analysis report e Publish to Goanna Dashboard e Publish to SonarQube Link and Run Link Time Analysis At The Same Time Like goannacc goanna
45. cution path leading to a warning this is called a warning trace This is useful to identify important events during the execution and understand why the warning was issued The following is an example of warning output with a trace 21 foo c 254 warning Goanna PTR null fun pos Severity High Function call get_obj o is immediately dereferenced without checking for NULL CERT EXP34 C CWE 476 252 if flags SOME_CONDITION is false 254 possible_null 254 gt Entering into get_obj 315 A if lo is false 316 4 switch o gt 0_ty 320 Return NULL To display traces for warnings pass trace option to goanna analyse when running analysis 4 3 2 HTML Report of Analysis Results Goanna can generate an HTML report of the analysis results There are two types of HTML reports e Summary Report which shows a summary of the analysis result including Basic statistics such as the number of files analyzed Per category and per severity warnings pie chart Bar charts of the top 10 warnings per check and top 10 files with warnings and List of warning numbers per check This report shows the high level statistics of the analysis results in an easy to see format and e Warnings Report which shows a table of all warnings found this table is interactive and supports filtering wireshark_1_8 0 Analysis Si soanna Analysis Statistics Analysis Results Example of
46. d Certificate Provides X 509 certificate and Manual Local System i HomeGroup Listener Makes local computer chang Started Manual Local System HomeGroup Provider Performs networking tasks as Started Local Service Human Interface Device Ac Fnables neneric innut access t Local Sustem Extended Standard Configuration File To point goreporter to a configuration file use the following command goreporter start server config goreporter conf Where goreporter conf is the name of your configuration file goreporter configuration files support all the options specified on the command line The most commonly used of these options are summary db the location of the summary database port the port to run the server on log the location to put the goreporter log file They are specified as lt option gt lt value gt pairs with used for comments Running the Dashboard as a Standalone Web Server The Goanna Dashboard server can be run as a web server for local intranet or remote access in two ways If you want to run the server on a machine with no other web server running on it the simplest way to set up a GoReporter server is to run the server either as a service or as a standalone instance with the port set to 80 standard web port Provided no firewall or similar is blocking access the Goanna Dashboard will now be visible by browsing to http lt yourserveraddress gt If you run the server standal
47. directive are ignored e C support for this compiler is limited If your source code uses some standard library headers such as lt vector gt parse errors may occur Additionally ec or eec option causes Goanna to recognize full C language features rather than Embedded C subset 1 3 9 Keil Cx51 and C166 Optimizing C Compiler c51 and c166 Dialects Goanna supports all recent versions of Keil Cx51 and C166 Optimizing C Compiler 1 3 10 Microsoft Visual C microsoft Dialect Goanna supports Microsoft Visual C compiler shipped with Microsoft Visual Studio 6 0 or higher Known Limitations e Managed C C CLI and C CX syntax extensions and CLR Common Language Runtime related com piler options are not supported 1 3 11 QNX QCC qnx Dialect Goanna supports QNX QCC shipped with QNX Momentics 4 7 0 or higher 1 3 12 Renesas H8S H8 300 Series C C Compiler renesas h8 Dialect Goanna supports ch38 compiler shipped with Renesas C C Compiler Package for H8SX H8S H8 Family also called H8S H8 300 Series C C Compiler version 7 00 or higher 1 3 13 Renesas RXC Toolchain renesas rx Dialect Goanna supports CC RX compiler shipped with Renesas C C Compiler Package for RX Family version 1 02 or higher 1 3 14 TIBuild Tools ti armcl ti cl16x ti cl2000 ti cl430 ti cl470 ti cl500 andti cl55 Dialects Goanna supports the following Texas Instruments compilers armcl compiler shipped with Texas
48. do so follow these steps 31 a Make sure that your desired target is selected To select a different target you can use the drop down selection in the Keil Vision s toolbar b Go to Tools menu and click Goanna Build and Capture This will rebuild your project and generate the build specification c A console window appears and the build starts Wait until this windows is automatically closed when the window is closed the build is complete 4 To run the analysis with default settings or custom settings saved from the last analysis see below go to Tools menu and click Goanna Run analysis 5 Alternatively you can change the analysis option before running the analysis To do so follow these steps a Go to Tools menu and click Customize Tools Menu b Select Goanna Run analysis from the menu list c Add any extra Goanna options you would like to add at the end of Arguments text box You can also remove options that are no longer needed Changes made here will be saved for any subsequent analysis Tips If you frequently change the analysis options you can enable Prompt for Arguments option to make Keil Vision ask for Goanna analysis options every time d Press ok e Now open Tools menu again and click Goanna Run analysis to run the analysis File Edit View Project Flash Debug Peripherals Tools SVCS Window Help sas a e Set up PC Lint args_size e iff amp 8 epms00 Emulator
49. e can a special member with the name includes containing specifications for external API functions to be used in Goanna analysis A function specification specifies a property and its associated value for a function parameter when the value of pos is zero indexed parameter position or a function s return value side effect when the value of pos is 1 A property generally have a value of true When users want to inform Goanna that the property is valid for the code specified maybe When users want to inform Goanna that the property may be valid for the code specified false When users want to inform Goanna that the property is not valid for the code specified 58 The only exception is for interval properties which have values in the format of lb ub where lb and ub are integers representing the lower and upper bounds of the closed interval specified For example the following Goanna knowledge base file specifies that external function ex_fun may allocate memory and function foo of class cls in file home user project source cpp does not dereference its first parameter without a null test and its return value is between 2 and 0 inclusive includes fn ex_fun pos 1 pty alloc val maybe home user project source cpp fn cls foo pos 0 pty null deref val false fn cls foo pos 1 pty value interval val 2 0 Details
50. e gt Append warning messages to a specified file output spec lt file gt Use the contents of lt file gt as the output format parse error log lt file gt Log parse errors to the specified file instead of stderr timeout error lt value gt Exit with status code lt value gt when too many timeouts occur timeout Limit lt value gt Maximum number of per phase timeouts Default 3 Important Setting this value to 0 meaning infinite is discouraged this may cause Goanna to not terminate t imeout per phase lt n gt Set a timeout in seconds for each phase of analysis This is useful if you have a few functions that take very long to analyze and you would like to limit the time spent on these while still getting as many results as possible on everything else Default 60 Important Setting this value to 0 meaning infinite is discouraged this may cause Goanna to not terminate Diagnostics Command Line Options The following options are provided for diagnostics purposes only Do not use these options unless directed by Red Lizard Software support team alias configure lt dialect gt dialect mod lt dialect mod gt dataflow diagnostics mode no alias no dataflow no default packages package lt package gt package dir lt directory gt Any unrecognized options will be passed through to the compiler as compiler arguments unless no compile is specified in which case they will be ignored R
51. ecting the analysis of the callers of the function Thus they should not be used on API functions under the filename includes value interval lower bound upper bound The range of the parameter s possible input value represented by its lower and upper bounds in integers array size interval lower bound upper bound When the parameter is an array pointer the range of the input array size represented by its lower and upper bounds in integers Goanna provides the following pre defined properties and their leagal values for specifying function side effects and return values relative path true false Whether the function returns a Win32 relative path strconst true false Whether the function returns a string constant taint source true false Whether the function returns a value tainted by user input alloc maybe false Whether the function allocates memory and returns a pointer to the allocated memory null maybe false Whether the function returns NULL 62 chdir true false Whether the function calls chdir chroot true false Whether the function calls chroot impure true false Whether the function is impure exit true maybe false Whether the function terminates the calling process immediately value interval lower bound upper bound The range of the function s return value represented by its lower and upper bounds in integers array size interval lower bound upper bound When r
52. ectory 4 3 Reading Analysis Results The results of Goanna analysis will be made available in several places e During analysis Goanna will show the name of the file s being analyzed and any issues found within that file to the console see 4 3 1 for details e After analysis is complete goanna report can be used to generate reports in several formats HTML warnings and summary report see 4 3 2 XML warnings report see 4 3 3 20 4 3 1 Goanna Output On The Console The simplest way to see the result of the analysis is the output message on the console stderr by default The following is an example of the output message from Goanna Goanna analyzing file foo c Number of functions 20 foo c 200 warning Goanna MEM free no alloc Severity Medium Pointer tmp is freed without being allocated memory foo c 211 warning Goanna ATH cmp float Severity Low Comparison with a float using or CERT FLP06 C CERT FLP35 CPP MISRAC2004 13 3 MISRAC 2008 6 2 2 foo c 222 warning Goanna ATH cmp float Severity Low Comparison with a float using or CERT FLP06 C CERT FLP35 CPP MISRAC2004 13 3 MISRAC 2008 6 2 2 Any issues in the project found by Goanna are called warnings or Goanna warnings In this example Goanna shows three warnings one from MEM free no alloc check and two from ATH cmp float check By default Goanna shows the following information for each warning e File name and line number of
53. es Important Notes We recommend that you take a backup of the database before applying any of the upgrade The database is located in the following location e On Windows XP and Windows Server 2003 C Documents and Settings lt name of user who installed goanna gt Local Settings Application Data RedLizards Goanna Central summary goannadb e On Windows Vista Windows Server 2008 and all later versions of Windows C Users lt name of user who installed goanna gt AppData Local RedLizards Goanna Cen tral summary goannadb e On Linux lt installation directory gt reporter summary goannadb You should not run Goanna analysis interact with the Goanna Dashboard or otherwise run any Goanna com mands until the upgrade is complete Performing upgrade will take a long time depending on the size of the database If your database is significantly large this may take hours to complete 42 9 6 Project Settings Advanced In general the Goanna Dashboard should work for your project out of the box However there are a few advanced settings available if you want to customise the behaviour Settings are applied on a per project basis To access your project s settings click the gear menu in the top right hand corner after loading your project through the project page and select Project Settings 9 6 1 Code Browser Character Encodings By default the Dashboard will recognize source files in ASCII and UTF 8 and additionally on
54. eturn Codes Here is a list of return codes goannacc returns listed as headings Under the headings are a list of modes that provides that return code O Zero A return code of 0 generally means that no errors were encountered and goannacc completed exe cution successfully goannacc completes execution without errors goannacc configures the default dialect goannacc prints help or version information goannacc invokes the C C compiler but is configured to ignore the compiler return code goannacc returns 0 even if the compiler returns an error e goannacc finds code warnings from source code analysis and is not configured to return an error in the presense of code warnings this is the default setting also see return code 1 One _ 1 One A return code of 1 generally means that a user provided parameter is invalid e goannacc attempts to create or change into a directory that does not exist or a permission error occurred e goannacc performs an operation that requires the project database but the database is not provided or not found e An invalid license server is provided to goannacc e Anargument to goannacc needs to be a positive integer but the user provided value is not a positive inte ger For example the number of IPA iterations or timeout values 2Inter Procedural Analysis 67 e goannacc encountered an error while parsing command line arguments or the dialect file e goannacc finds code warnings from source code a
55. eturning an array pointer the range of the array size represented by its lower and upper bounds in integers return ec true false Whether the function returns an error code modify errno maybe false Whether the function modifies er rno defined in errno h Return Codes Here is a list of return codes goanna assume returns listed as headings Under the headings are a list of modes that provides that return code 0 Zero Areturn code of generally means that no errors were encountered and goanna assume completed execution successfully e goanna assume completes execution without errors e goanna assume prints help or version information 1 One Areturn code of 1 generally means that a user provided parameter is invalid e The project dir option was given but the goanna dir option was missing e goanna assume encounters an error while parsing command line arguments 63 11 9 goannacc and goannac Analyze C C Source Files Synopsis goannacc options compiler options file goannac options compiler options file Description goannacc and goannac are the utilities that analyze individual C and C source files In general goannacc should be used for C source files and goannac for C files goannacc and goannac can operate in two modes e Analysis Only Perform analysis on the specified source files only e Compile Analyze Compile the specified source files and then
56. g text force tracing iarbuild exe PROJ_FNAME ewp build CONFIG_NAMES Note iarbuild exe must be in your PATH Otherwise please specify the full path to iarbuild exe 14 Next to Initial Directory type SPROJ_DIRS 15 Check Redirect to Output Window 16 Click ok Configure Tools Menu Content bGoanna Cancel New Delete Menu Text Goanna Command goannaiarbuild exe Browse Argument PROJ_FNAMES ewp build Release ou Initial Directory SPROJ_DIR Y Redirect to Dutput Window Prompt for Command Line Tool Available Always y L 29 17 In the Configure Tools dialog click the New button again 18 For the Menu Text of the new menu item type Goanna Analysis 19 Next to Command type goanna analyse exe 20 Next to Arguments copy and paste the following text make sure you remove any accidental line breaks output format SOH RELFILE LINENO SOH warning Goanna CHECKNAMES Severity SEVERITY MESSAGE RULES EOL 21 Next to Initial Directory type PROJ_DIR 22 Check Redirect to Output Window 23 Click ok You should now see a new menu items Goanna Init Goanna Trace and Goanna Analysis in your Tools menu Click the Goanna Init menu entry to create a Goanna project store for the following Trace and Analysis commands You should only need to run this tool once per project Clicking the Goanna Trace menu entr
57. g type 38 Top 10 Warnings The top 10 warning types for putty cise e PTR cus a assign RED ocal hides a local ATH neg check nonneg ARR inv index pos i ATH shift bounds MN PTR null assign fun pos PTR nulkiteral pos Mill SPC uninit var some RED Jocal hides param a o 50 100 150 Warnings Warnings By Directory shows the concentration of warnings in your directory structure A red node means that there are more than 10 warnings per file average in the directory a green one means there are zero warnings per file average Clicking on a node will load the directory browser in that folder Warnings By Directory Concentration of wamings by directory for mongodb Global filters can be applied from the toolbar to filter by warning severity and or bug status These filters apply to all charts 9 4 3 Directory Browser Show Snapshot History Filter Bug Status Filter Severity Ds k E Demos AA A E Bonnie M E misce E nocproxve El nogsse The directory browser is a way to browse through your project s directory structure to see what files and folders have what warnings Total number of warnings per file or folder are broken down into warning categories and displayed in a bar chart 39 The directory browser allows you to browse through your source tree in a few ways The location bar above the chart allows you to see the path to your current location Clic
58. in the run These snapshots are used to track the history of your project in the Goanna Dashboard 9 1 Getting to the Goanna Dashboard On Windows and also on Linux when Goanna Central was installed under sudo or from within the root terminal the Goanna Dashboard is configured to start automatically at the computer startup In this case you can simply navigate to http localhost 1197 to access the Goanna Dashboard This will show the Project Page with all projects Goanna has taken a snapshot of Otherwise you need to start the Goanna Dashboard server first See 11 11 for instructions on how to do this Projects y Delete Project OS Warnings New Warnings Files Change Latest Snapshot No data available in table If you load the Goanna Dashboard without first taking a snapshot you will see an empty table with the text No data available in table To use the Goanna Dashboard you must first take a snapshot refer to 11 11 9 2 Bug Statuses The Goanna Dashboard allows you to classify bugs into one of five statuses Unclassified This is the default status for when a new warning is added to the Goanna Dashboard Ignore Ignore this warning useful when the warning is valid but does not require immediate attention Analyse This warning need to be investigated further before it can be classified properly Fix This warning is a problem that needs to be fixed Not a Problem This is warning is not a real bug false positive If you
59. ink time analysis only e Link amp Analyze Link the specified object files and then perform link time analysis For more details about these modes see 10 2 Command Line Options all checks Run all available checks overrides all other check related options check lt name gt Run a specific check overrides any checks file checks file lt file gt Use the checks listed in lt file gt instead of the default checks in properties init file checks lt standard gt Run all checks in the specified coding standard For example checks misrac2004 runs all available checks in the MISRA C 2004 standard checks lt standard gt lt rule gt Run the check s corresponding to one rule in the specified coding standard For example checks misrac2004 12 8 runs the check s that implement MISRA C 2004 rule 12 8 color colour Only available on Linux Output in color columns Print column positions in warnings db lt file gt Specify the database file to use for persistent information help Print help message for common options no compite nc Do not run the compiler verbose Display additional output information version Print version information warning ids Output warning hashes with 1d lt linker gt Specify the C C linker executable to run if nc is not specified Advanced Command Line Options The following options are intended to be used only in cases where your environment requires them
60. installed ifyou do not install Goanna with sudo e The Goanna Dashboard daemon if the daemon is not installed then to access the Goanna Dashboard you will need to start the server manually See 9 for details Follow the instructions of the install script to complete installation By default Goanna Central will be installed to e usr local goanna if installed with sudo or e SHOME goanna if installed without sudo If you wish to install Goanna Central to other location provide a desired location when the install script asks for the installation path To use Goanna Central from the command line you should set your PATH environment variable to include Goanna s bin directory The install script will show you how to do this at the end of installation For example if you installed Goanna in usr local goamna you can add export PATH PATH usr local goanna bin to your profile file 12 2 3 Installation Windows To install Goanna Central for Windows 1 Download the Goanna Central for Windows installer 2 Double click the installer msi file 3 Follow the instructions of the installer to complete installation 2 4 License Activation Whether you are just evaluating Goanna or have purchased the full version you must activate your license before you can use Goanna 2 4 1 Activating Node locked License If you have obtained node locked licenses you should have received an email containing your license informa
61. ion file located at etc goreporter conf This file is used to configure the server and takes the same options that the goreporter executable does The service is installed in either etc init d or etc rc d depending on your distribution To start the service on a distribution using init d use etc init d goreporterd start stop reset restart force restart 71 Windows Service The Windows service is installed and started on installation of Goanna Central A configuration file is stored in the same location as your summary database To change settings with the service modify the configuration file and then restart the service through the Windows Service Manager A esos Bra aun 5 Services Local a Goanna Dashboard Service i Description Status Startup Type Log On As i Extensible Authentication P The Extensible Authentication Started Manual Local System Stop the service Ch Fax Enables you to send and recei Manual Network Service Restart the service FLEXnet Licensing Service This service performs licensin Manual Local System Function Discovery Provide The FDPHOST service hosts Started Manual Local Service Description Function Discovery Resourc Publishes this computer andr Started Automatic Local Service oa aae Es Goanna Dashboard Service Goanna Dashboard Service Automatic Local System Group Policy Client The service is responsible for Started Automatic Local System Health Key an
62. irectory is lt other dir gt goanna Project Directory is lt my project dir gt Created new Goanna Directory at lt other dir gt goanna The project dir option cannot be given without also using the goanna dir option If the non default project directory is used then both options also need to be given to Goanna directory based commands 17 3 3 Performing a build trace The command goanna trace is used to monitor a build and produce a build specification inside the Goanna directory Using goanna trace To Capture The Build Settings After the project has been cleaned the command to run the build and capture the build settings is goanna trace lt build command gt This will execute lt build command gt and monitor the processes that are created For example If the project is a GNU Makefile project and it contains the following content example o example c gcc c o lt example example o ld o e lt Then executing the command goanna trace make example will execute the following build steps gcc c 0o example o example c ld o example example o which will be captured in the Goanna build specification Notes e Ifyour build system is a script e g shell script Python script you may need to specify the shell or the inter preter in the build command e g goanna trace bash lt path to script gt instead of goanna trace lt path to script gt
63. is the command line utility used to drive the Goanna Dashboard It has a number of commands start server Starts the Goanna Dashboard server stop server Stops the Goanna Dashboard server when started with the start server command db upgrade Perform the database upgrade see 9 5 for details about this feature Running The Goanna Dashboard The Goanna Dashboard is accessible through the embedded web server goreporter The server can be run in two ways either as a standalone binary being executed from the command line or as a Linux or Windows Service Standalone Use To start the server run the following command goreporter start server When goreporter starts the server it will display the port the server is running on The port can be specified by using the port flag By default the server starts at 1197 and increments until it finds a free port It is only possible to run one server instance at a time using this command To access the server open a web browser and browse to http localhost lt port gt where lt port gt is the port number goreporter starts the server on To stop the server run the command goreporter stop server Linux Service Note Using Linux service feature requires Goanna Central to be installed under root often with sudo com mand A service script for the web server is installed as part of the Goanna installation process if installed with sudo or from within the root terminal It uses the configurat
64. ithout a null test divisor true false Whether the parameter is used as a divisor strconst true false Whether the memory location pointed to by the pointer parameter is written with a string constant file closed true false Whether the file pointed to by the pointer parameter is closed file written true false Whether the file pointed to by the pointer parameter is written file path true false Whether the parameter is used as a path to a file lib path true false Whether the parameter is used as a path to a dynamic library relative path true false Whether the memory location pointed to by the pointer parameter is written with a Win32 relative path sql statement true false Whether the parameter is used in an SQL query os command true false Whether the parameter is used to run command on system credential true false Whether the parameter is used as a credential format str true false Whether the parameter is used as a format string in functions such as printf xpath query true false Whether the parameter is used as an XPath query strcpy source true false Whether the parameter is used as string copy source taint source true false Whether the memory location pointed to by the pointer parameter is written with a value tainted by user input taint overwritten true false Whether the parameters taint attribute is overwritten in the function 61 ldap query true false Whether the pa
65. king on an item in the location bar will take you there in the directory browser Similarly clicking on a directory name in the chart will reload the directory browser with the contents of that folder To view the contents of a source file click on its name to load the code browser To see the details about a particular warning category for a file click on the segment for that category in the bar of the file or folder to load the warnings browser filtered for your selection The chart can be filtered in two ways The sidebar allows for particular warning types or warning categories to be turned on and off In addition the global filters in the toolbar severity and bug status also apply to this chart 9 4 4 Warnings Browser E o e e e e e o Q e e The warnings browser shows details of all the warnings in your project Filtering is possible through the filter boxes in the header of the warnings table The arrows in the table header allow for sorting Clicking on a directory name will take you to the directory browser for that directory A file name or line number will take you to the source code browser for that file and warning Clicking on a Rule or Warning name will give you a description of that rule Selecting warnings then clicking Edit Warnings button opens a dialog where you can change their status and also add a note to the warnings Clicking Update saves these changes rula 29 4 asa Change Warning Status x Boin
66. l open Navigate to the directory where Goanna Central is installed and choose goanna init exe 6 Leave the Arguments field blank 7 Click the New Insert button again to create a new menu entry to run goanna analysetorunthe analysis 8 Type Goanna amp Build and Capture and press Enter Again you can assign different name here if you wish 9 Click Browse button next to Command entry A file selection dialog will open Navigate to the directory where Goanna Central is installed and choose goanna trace exe 10 Next to Arguments copy and paste the following text force tracing X jO r P 30 Note If your project requires additional Keil Vision options to build then you will need to append these here See Description section above Menu Content Goanna amp Build and Capture Prompt for Arguments Run Minimized I Run Independent CAProgram Files x86 RedLizards Goanna Central 3 3 0 bin forcetracing X 401 P cor 12 Type Goanna amp Run analysis and press Enter Again you can assign different name here if you wish 13 Click Browse button next to Command entry Navigate to the directory where Goanna Central is installed and choose goanna analyse exe 14 Next to Arguments copy and paste the following text make sure to remove any line breaks output format RELFILE LINENO COLUMN2 2 TYPE Goanna CHECKNAME Severity SEVERITY9 ME
67. ld can also act as a linker wrapper to link object files and perform link time analysis at the same time To link and run link time analysis at the same time run the same command as above but without nc option For example goannald with ld ld db myfiles goannadb src main o This will perform linking with an object file src main o using ld and then performs link time analysis on that object file Note Goanna will not perform link time analysis in this mode if the specified object files fail to link If this behaviour is not desirable pass ignore errors option 45 10 4 The Project Database When analyzing a whole project Goanna stores information about the project in a database file called project database or project DB that is used by all the goanna analysis commands The project database is also used by goreporter to summarize information for the Goanna Dashboard The project database file by convention has the extension goannadb and usually resides inside your goanna directory Goanna stores the following information in the project database e Interprocedural or whole program analysis information that is information about bugs that occur as a result of calls between functions e Cached information about your source files which enables incremental analysis that is re analysis of a project after small changes to be performed much faster e Suppression information if you have suppressed warnings You sho
68. les Created new metrics directory home user examples goanna metrics 2015 08 13_11 17 Generated Metrics File goanna metrics 2015 08 13_11 17 metrics goannametrics Generated Metrics HTML File goanna metrics 2015 08 13_11 17 metrics html Generated Metrics CSV File goanna metrics 2015 08 13_11 17 metrics html Created latest directory home user examples goanna metrics latest Copied goanna metrics 2015 08 13_11 17 metrics goannametrics to latest directory goanna metrics latest Copied goanna metrics 2015 08 13_11 17 metrics html to latest directory goanna metrics latest Copied goanna metrics 2015 08 13_11 17 metrics csv to latest directory goanna metrics latest goanna report metrics will generate the following files e metrics goannametrics XML file of the last run Goanna code metrics results e metrics html HTML file of the last run Goanna code metrics results e metrics csv CSV file of the last run Goanna code metrics results By default each column in this CSV file is separated with a comma You can use delimiter option to specify an alternative separator character 36 9 Using the Goanna Dashboard Goanna Dashboard allows you to store and visualise the history of your Goanna results It includes a web server goreporter used to display these results in a web browser Each of your analysis runs is captured in a snapshot which comprises of the warnings for that run as well as the source code analysed
69. lled variable idx used as array index CERT INTO C CWE 129 Goanna analyzing file Mcommand c Number of functions 3 Goanna analyzing file Getline c Number of functions 1 32 7 Getting the Best Results from Goanna 7 1 Interprocedural Analysis Goanna s interprocedural analysis propagates information about function behaviour to other functions This in formation includes parameter values return values and function effects that may impact other parts ofthe code This enables Goanna to detect things in your program such as freeing of memory through function calls functions that never return and input values to some functions Interprocedural analysis is not limited to a specific set of checks but rather enhances the precision of many checks An example of what interprocedural analysis can find can be seen in the sample of function myAlloc void myAlloc int param void p malloc param if p return p else return NULL int main int argc char argv int x n n intx myAlloc sizeof int 10 n 0 5 this may be a dereference of NULL return xn Here Goanna learns that myAlloc may return NULL This means that when the return value of myAlloc is assigned to n Goanna knows this value may be NULL Therefore the expression n may be dereferencing a NULL pointer and Goanna will warn accordingly There is some additional computation overhead in running interprocedural analysis
70. lt n gt Set a timeout in seconds for analysis of each source file Default 240 Important Setting this value to 0 meaning infinite is discouraged this may cause Goanna to not terminate trace Prints out a trace through the function that leads to the warning This is helpful for understanding why the warning occurs trace format lt format gt Specify the format to output traces The following special strings are used in the trace format FILENAMES the filename RELFILE the filepath and filename RELFILEX the filepath and filename followed by or blank if in the current source file RELPATH the filepath ABSFILE the absolute filepath and filename ABSFILEX the absolute filepath and filename followed by or blank if in the current source file ABSPATH the absolute filepath DBRELFILE the filepath relative to the database file and filename DBRELPATH the filepath relative to the database file FUNCTION the function name LINE the line number TEXT text describing the event on the trace TYPE the type of the trace line EOL a line break 98 a literal The default trace format is LINE TYPE TEXTI EOL unsuppress lt warning id gt Unsuppress warning lt warning id gt user headers Process user header files Default no verbose Display additional output information version Print version information warning ids Output warning hashes with cc lt compiler gt Specify the C compile
71. mmand_bind_full 161 Exiting from command_module_get 166 Dereference of pointer modrec 41 9 5 Database Upgrades If you have upgraded from an older version of Goanna Goanna may offer you to perform optional database upgrades to improve the performance of the Goanna Dashboard When you open Goanna Dashboard with the existing database you may see the following notification Clicking the link will show a list of available optional upgrades In this version of Goanna the following optional upgrades called features may be available e auto_vacuum In Goanna 3 2 4 and before deleting a snapshot or a project did not immediately delete corresponding data from the database This may result in the database size to never shrink Performing this upgrade causes Goanna to delete all residual data from removed snapshots and projects and set up the database so that when a snapshot or a project is removed Goanna removes corresponding data immediately This ensures that the database size is always minimal This upgrade was introduced in Goanna 3 3 0 e warning_index Performing this upgrade causes Goanna to apply optimizations to database indexes re sulting in improved performance especially when loading Warnings Browser view This upgrade was introduced in Goanna 3 3 0 To apply an upgrade click Upgrade button next to a desired feature Alternatively clicking Upgrade All button will apply all available upgrad
72. nalysis and is configured to return an error in the pre sense of code warnings 127 e goannacc encounters an error when trying to invoke the compiler for example if the compiler cannot be found e goannacc attempts to call goannald but goannald does not exist or cannot be found Inherited Return Values e If goannacc invokes the C C compiler it returns the compilers s return code unless explicitly configured otherwise e If goannacc invokes goannald it returns goannald s return code unless explicitly configured otherwise Configurable Return Values The following error modes have configurable return values e Internal Error Goanna encounters an error internally and cannot complete analysis e Parser Error The Goanna C C parser cannot parse the input source code file This is often attributed to syntax errors in the source code or uncommon C C language constructs that the Goanna parser does not recognise e License Expired Error The Goanna License has expired e Timeout Error Goanna is unable to complete before the timeout expired 68 11 10 goannald C C Link Time Analysis Synopsis goannald options linker options file Description goannaldis the utility that performs link time analysis on a whole program consisting of multiple source and or object files that have already been individually analyzed with goannacc and goannac goannald can operate in two modes e Analysis Only Perform l
73. nna runs analysis with the default set of checks which is designed to find many common issues for most domains of application in the short time Goanna checks are identified by names such as ATH div 0 and MEM leak alias Refer to the Goanna Reference Guide for the list of available and default checks and their full description and code examples 5 2 2 Selecting Checks With Command Line Options To specify a set of checks to be used during analysis pass check lt check name gt to goanna analyse when running analysis For example goanna analyse check ATH div 0 check MEM leak alias You can pass this option multiple times to specify a set of multiple checks Selecting All Checks Within The Coding Standard Goanna also provides checks lt name of standard gt option note the extra s to specify whole group s of checks from popular coding standards For example running the following command goanna analyse checks misrac2004 25 causes Goanna to run analysis with all available checks for MISRA C 2004 coding standard It is also possible to specify a particular rule within the coding standard For example to run only the check s corresponding to MISRA C 2004 Rule 12 8 run goanna analyse checks misrac2004 12 8 The available coding standards in this version of Goanna Central are as follows Standard code Standard name cert Computer Emergency Response Team CERT C C Coding Standard cwe Common Weakness Enumer
74. ntered and goanna snapshot com pleted execution successfully e goanna snapshot completes execution without errors e goanna snapshot prints help or version information 1 One A return code of 1 generally means that a user provided parameter is invalid e The project dir option was given but the goanna dir option was missing e goanna snapshot was unable to access the Goanna project data store e goanna snapshot encounters an error while parsing command line arguments 54 11 6 goanna package Customise C C Project Analysis Synopsis goanna package options help goanna package options help lt command gt goanna package options list goanna package options install lt goanna package file gt goanna package options enable pkg lt package name gt goanna package options disable pkg lt package name gt goanna package options enable check lt check name gt goanna package options disable check lt check name gt Description goanna package is used to access and modify configuration options relating to which Goanna checks packages will be used by goanna analyse The configuration is on a per project basis using the Goanna project data store created by goanna init Command Line Options goanna dir lt path gt Specify the location of the Goanna project data default is goanna project dir lt path gt Specify the location of the project root default is If the project dir option is given then goanna
75. o analyze and you would like to limit the time spent on these while still getting as many results as possible on everything else Default 60 Important Setting this value to 0 meaning infinite is discouraged this may cause Goanna to not terminate issue report lt type gt Control generation of issue report files never Never on failure On failures only on error On failures and analysis errors timeout On failures errors and timeouts always Always even if successful advanced help Print help message for advanced options Return Codes Here is a list of return codes goanna analyse returns listed as headings Under the headings are a list of modes that provides that return code O Zero A return code of generally means that no errors were encountered and goanna analyse com pleted execution successfully e goanna analyse completes execution without errors e goanna analyse prints help or version information 1 One Areturn code of 1 generally means that a user provided parameter is invalid e The project dir option was given but the goanna dir option was missing e goanna analyse was unable to access the Goanna project data store e goanna analyse encounters an error while parsing command line arguments 52 11 4 goanna report Generate C C Project Reports Synopsis goanna report options lt warnings gt goanna report options lt metrics gt Description goanna report will produce reports in various output fo
76. ode when warnings emitted exclude lt file gt Exclude the specified lt file gt from analysis input encoding lt type gt Specify the character encoding of the source file us ascii ASCII default utf 8 UTF 8 ansi Available on Windows only default character encoding of the system internal error lt value gt Exit with lt value gt on internal error ipa iterations lt value gt Specify the number of times interprocedural analysis iterates towards a fixed point The default is 2 Important Setting this value to 0 meaning keep iterating until a fixed point is reached is discouraged this may cause Goanna to not terminate ipa trace depth lt value gt How many levels of inlining are performed for interprocedural traces Default 5 Important Setting this value to 1 meaning infinite is discouraged this may cause Goanna to not termi nate issue report lt type gt Control generation of issue report files never Never on failure On failures only on error On failures and analysis errors timeout On failures errors and timeouts always Always even if successful license borrow hours lt number gt When contacting license server borrow license for lt number gt of hours De faults to 1 maximum of 24 license dir lt directory gt Set directory in which to look for a license file no globats Do not analyze global integer variables no ipa Disable interprocedural analysis 66 output file lt fil
77. on without errors e goanna report prints help or version information 1 One A return code of 1 generally means that a user provided parameter is invalid e The project dir option was given but the goanna dir option was missing e goanna report was unable to access the Goanna project data store e goanna report encounters an error while parsing command line arguments 53 11 5 goanna snapshot Upload C C Project Snapshots Synopsis goanna snapshot options Description goanna snapshot will upload the analysis information created by goanna analyse see 11 3 as a snapshot into the Goanna Dashboard see 9 Command Line Options goanna dir lt path gt Specify the location of the Goanna project data default is goanna project dir lt path gt Specify the location of the project root default is If the project dir option is given then goanna dir is also required help Print help message for common options version Print version information Advanced Command Line Options The following options are intended to be used only in cases where your environment requires them In general you do not need to use these options advanced help Print help message for advanced options Return Codes Here is a list of return codes goanna snapshot returns listed as headings Under the headings are a list of modes that provides that return code O Zero A return code of generally means that no errors were encou
78. one and the computer you re running the server on is restarted the Goanna Dashboard server will not automatically be reset Running the Dashboard through Apache It is also possible to use the Goanna Dashboard server in conjunction with your existing web server The following example shows how to do this with Apache web server The way to run the Goanna Dashboard with existing Apache installation is to run goreporter on the different port than Apache Apache normally uses port 80 and then use Apache s mod_proxy to forward all traffic on the special Dashboard URL to goreporter Firstly modify your httpd conf to allow proxy access For example if your site is located at http mysite com and you want to navigate to the Dashboard through the url http mysite com reporter then add these lines into httpd conf 72 LoadModule proxy module modules mod proxy so LoadModule proxy http module modules mod proxy http so ProxyRequests Off ProxyPass reporter http localhost 1197 ProxyPassReverse reporter http localhost 1197 Then restart Apache You can then start the Goanna Dashboard server either as a service or as a standalone instance using the port 1197 It is important to specify the port number when running goreporter in this instance as Apache has been con figured to only connect to goreporter on this port The Goanna Dashboard is now available at http mysite com reporter Goanna Dashboard Database Summary D
79. or more information Requirements for SonarQube Integration Important Red Lizard Software only provides support for Goanna SonarQube plugin not for SonarQube itself If you require assistance in setting up or using SonarQube dashboard please refer to SonarQube website at http www sonarqube org Red Lizard Software provides a separate SonarQube plugin to publish the analysis result to SonarQube dashboard previously called Sonar You can download this plugin and the user manual from http www redlizards com customer portal You will need customer user account to download Please refer to the SonarQube plugin manual for requirements to use this plugin For requirements for SonarQube please refer to SonarQube website at http www sonarqube org Notes e SonarQube integration for projects using deprecated goanna or gokeil commands is no longer available as of Goanna Central 3 5 0 e SonarQube integration for SonarQube 4 2 and older is no longer available as of Goanna Central 3 5 0 If you are using these old versions of SonarQube you will need to upgrade your installation of SonarQube e Goanna Central no longer bundles Goanna customised version of SonarQube as of Goanna Central 3 5 0 If you are using this version of SonarQube you will need to upgrade to the official distribution of SonarQube 4 3 or higher 1 2 Hardware Requirements Goanna requires at the minimum the following hardware e Processor Intel Pentium 4 o
80. ore details 5 6 Using Knowledge Base To Guide Analysis In some circumstances Goanna may generate less accurate analysis results because programs may call external APIs whose source code is not avilable for Goanna analysis or Goanna may derive inaccurate properties from source code due to limitations of static analysis To increase analysis accuracy in these cases Goanna provides goanna assume command to import user defined assumptions called knowledge base about source code and or external APIs to guide Goanna analysis To use a knowledge base when analysing your project you must import a Goanna knowledge base file This can be done by goanna assume import goanna knowledge base file goanna analyse 27 goanna assume also supports exporting Goanna analysis result to Goanna knowledge base files which can be imported by Goanna later so that users can e check whether Goanna has derived accurate properties about their code make correction and re import to override Goanna s default behaviour when needed or e speed up their analysis by analysing a shared library for once and reuse the exported analysis results multiple times without repeatedly analysing the library code To export Goanna analysis results to a knowledge base file simply run goanna analyse goanna assume export goanna knowledge base file goanna assume also has a reset command to clear previously imported assumptions This will restore the following Goanna analysis to
81. oved from the project or e When the project build settings themselves change such as adding new include paths or predefined macros or upgrading to a newer version of compiler then the full build and build recording process should be performed again to ensure the build specification reflects the changes made to the project Use The Same Machine For Build Tracing And Project Analysis To ensure that Goanna has an accurate understanding of the source files Goanna needs access to not only the source files but other extra build specific information such as e All used header files e Configuration of the compiler used This means that Goanna requires that the machine used to analyze the project also has e The same version of the compiler used e The same versions of all used libraries and e The same version of the build program used It is therefore recommended to run analysis on the same machine used to build the project 3 2 Initialising the Goanna directory Before performing a build trace itis necessary to initialise a Goanna project information storage directory Goanna directory In the project root directory run the following command goanna init 1 Goanna also provides other methods to perform analysis See 10 for details 16 Goanna Directory is lt current working directory gt goanna Project Directory is lt current working directory gt Detected Project name lt current working directory gt
82. r Workbench 3 3 or higher 1 4 Supported Build Systems There is no specific requirement on a build system you can use except for certain build systems listed below Goanna Central comes with a generic build integration system that allows Goanna to integrate with most build systems In addition Goanna Central provides a mechanism to run analysis from the following IDEs e IAR Embedded Workbench 5 40 or higher see 6 1 for instructions e Keil Vision 4 or higher see 6 2 for instructions Build Systems with Special Requirements Goanna Central also supports the following build systems but the special requirements apply 10 Cygwin Windows only e Goanna requires Cygwin 1 7 23 or higher e Goanna requires cygpath exe to be present inside usr bin directory The official Cygwin installer should have installed this binary by default Parse errors may occur if this binary is not present e All file and directory path options to Goanna utitilies must be specified in Windows format Goanna utilities do not accept Cygwin style paths e wincmdln option in CYGWIN environment variable must be set prior to using Goanna to ensure Goanna can capture build information correctly MSYS2 Windows only e Goanna does not support compilers targetting the MSYS2 environment such as in gcc package Note that standard MinGW compilers such as in mingw w64 1686 gcc package are supported even in MSYS2 environment MSYS Windows only e
83. r executable to run if nc is not specified Also affects the default dialect when no dialect is specified with cxx lt compiler gt Specify the C compiler executable to run if nc is not specified Also affects the de fault dialect when no dialect is specified 65 Advanced Command Line Options The following options are intended to be used only in cases where your environment requires them In general you do not need to use these options 32 Analyze code for 32 bit targets longs and pointers are 32 bits wide 64 Analyze code for 64 bit targets longs and pointers are 64 bits wide advanced help Print help message for advanced options dialect lt file gt Specify the dialect of C C compilers Available dialects are armcc metrowerks c166 microsoft c51 qnx cc21k renesas h8 cosmic renesas rx diab ti armcl gnu ti cl16x jar 8051 ti cl2000 jar arm ti cl430 jar avr ti cl470 jar msp430 ti cl500 jar ml16c ti cl55 If you use this option you should also specify wi th cc with cxx and or with Ld to specify the paths to the compiler s and linker If these are not specified then Goanna will assume the default name for the specified dialect which may not be what is available on your system If none of dialect with cc with cxx or with 1d are specified then Goanna will assume the default of gnu dialect with gcc C compiler g C compiler and 1d linker error Exit with error status c
84. r gt db lt path to database gt lt extra arguments to goannac gt lt arguments to compiler gt For example to run analysis on src main c when the source file is written for gcc compiler goannacc nc with cc gcc db myfiles goannadb src main c This will run analysis on src main c and outputs the result to the console Additionally this command stores information about the analysis into a specified project database file via db lt path to database gt option see 10 4 for details Passing db option is essential to ensure the max imum accuracy of the analysis and allows Goanna to cache some information to speed up subsequent analysis You can pass most analysis configuration options such as check option to goannacc or goannac to control the analysis See 11 9 for the complete list of available options Note The following features are not available if you run analysis directly on C C source files Knowledge base HTML analysis report e XML analysis report Publish to Goanna Dashboard Publish to SonarQube Compile and Run Analysis At The Same Time goannacc and goannac can also act as compiler wrappers that is they can be used to compile source files and perform analysis on these files at the same time To compile and run analysis at the same time run the same command as above but without ne option For example goannacc with cc gcc db myfiles goannadb src main c This will compile src main
85. r higher e Memory 1 GB or more e Storage Minimum 1 GB of free disk space For optimal analysis performance we recommend at least the following e Processor Intel Core 2 Duo or later CPU with minimum speed 2 GHz Multi core CPUs are recommended e Memory 4 GB or more e Storage 5 GB or more of free disk space For large projects Goanna may require more RAM and disk space than the ones shown here 1 3 Supported Compilers Goanna currently supports the following compilers Compiler Name Goanna Dialect Name Common Compiler Executables Analog Devices C C Compiler for SHARC Processors cc21k cc21k ARM C C Compiler armcc armcc armlink Cosmic Software C Cross Compiler cosmic cx6808 cx6812 cx6816 cxs12x cxstm8 Freescale formerly Metrowerks metrowerks mwccarm mwccmcf GNU gnu gcc g ld IAR Toolchain for 8051 jar 8051 icc8051 IAR Toolchain for ARM jar arm iccarm IAR Toolchain for AVR jar avr iccavr IAR Toolchain for MSP430 jar msp430 icc430 IAR Toolchain for M16C and R8C jar m16c iccm16c Keil Cx51 Optimizing C Compiler c51 c51 cx51 bl51 lx51 Keil C166 Optimizing C Compiler c166 c166 1166 Microsoft Visual C microsoft cl link QNX QCC qnx qcc Renesas H8S H8 300 Series C C Compiler renesas h8 ch38 Renesas RXC Toolchain renesas rx ccrx TI Build Tools armcl ti armcl armcl TI Build Tools CL16X ti cl16x cl6x TI Build Tools CL2000 ti cl2000 cl2000 TI Build Tools MSP430 ti cl430 cl430 TI Build Tool
86. rameter is used in an LDAP query loop cond var true false Whether the parameter is used in a loop condition memcpy arg true false Whether the parameter is used as memory copy length alloc size true false Whether the parameter is used as a size in memory allocation array access true false Whether the parameter is used as an array index buffer offset true false Whether the parameter is used as a pointer offset req gt z true false Whether the parameter p needs to be checked for p gt 0 before the call req ge z true false Whether the parameter p needs to be checked for p gt 0 before the call req ne z true false Whether the parameter p needs to be checked for p 0 before the call req 1t 1 true false Whether the parameter p needs to be checked for p lt 1 before the call req le 1 true false Whether the parameter p needs to be checked for p lt 1 before the call req gt n1 true false Whether the parameter p needs to be checked for p gt 1 before the call req ge n1 true false Whether the parameter p needs to be checked for p gt 1 before the call req le ff true false Whether the parameter p needs to be checked for p lt 255 before the call req gt min true false Whether the parameter p needs to be checked for p gt INT_MIN before the call The following two properties on function parameters are used to guide the analysis of the specified function itself instead of aff
87. rations 33 66 ipa trace depth 66 issue report 52 66 jobs 50 56 latest 53 license borrow hours 49 50 56 66 license dir 49 51 56 66 license server 49 50 56 64 log 73 log file 73 match 50 51 56 metric 56 nc 65 69 70 no alias 67 no compile 67 no compile nc 64 69 no dataflow 67 no default packages 67 no globals 66 no header protos 50 no ipa 33 66 no system headers 50 no user headers 50 output checks 64 output file 67 output format 50 64 output spec 67 package 67 package dir 67 parse error log 67 port 73 progress 74 project dir 48 50 52 58 63 65 project name 48 quiet 65 rel path 58 report group 53 summary db 73 suppress 65 suppression status 65 system headers 50 65 timeout 50 65 timeout error 67 75 timeout limit 67 timeout per phase 52 67 trace 51 65 trace format 51 65 ungroup 50 56 unsuppress 65 user headers 50 65 verbose 65 69 version 48 49 51 53 54 56 65 69 warning ids 65 69 with cc 65 with cxx 65 with ld 69 Common Weakness Enumeration CWE 26 Computer Emergency Response Team CERT C C Coding Standard 26 Database Project 46 Summary 73 Dialect 47 False positives 33 Bug status 37 Goanna Dashboard 37 Bug status 37 Server 71 Snapshot generation 73 Views 37 Installa
88. rmats for a C C project using the analysis informa tion created by goanna analyse or goanna metrics see 11 3 Command Line Options goanna dir lt path gt Specify the location of the Goanna project data default is goanna project dir lt path gt Specify the location of the project root default is If the project dir option is given then goanna dir is also required report group lt group gt Optionally specify a group for reports to be generated in latest lt name gt Optionally specify the name of the lt Latest gt copy of the current report delimiter lt character gt Specify a delimiter to be used to separate each column in CSV output by default this is acomma This option has no effect when generating analysis reports when running goanna report with warnings subcommand help Print help message for common options version Print version information Advanced Command Line Options The following options are intended to be used only in cases where your environment requires them In general you do not need to use these options advanced help Print help message for advanced options Return Codes Here is a list of return codes goanna report returns listed as headings Under the headings are a list of modes that provides that return code 0 Zero A return code of 0 generally means that no errors were encountered and goanna report completed execution successfully e goanna report completes executi
89. row license for lt number gt of hours De faults to 1 maximum of 24 jobs lt number gt The number of parallel jobs 1 20 to run simultaneously Default is the number of CPU cores detected on your system note that running goanna help will display the number of detected cores as the default ungroup With jobs 2 or more print all output immediately instead of grouped by job This reduces latency and memory usage but may cause output from different jobs to be mixed force analysis Re analyze files that have not changed since last run all checks Run all available checks overrides all other check related options check lt name gt Run a specific check overrides any checks file checks lt standard gt Run all checks in the specified coding standard For example checks misrac2004 runs all available checks in the MISRA C 2004 standard checks lt standard gt lt rule gt Run the check s corresponding to one rule in the specified coding standard For example checks misrac2004 12 8 runs the check s that implement MISRA C 2004 rule 12 8 no user headers Do not process user header files user headers Process user header files Default no no system headers Do not process system header files system headers Process system header files Default no header protos Process header files as if they only had prototypes Default no no header protos Treat header files normally instead of processing them as ha
90. s CL470 ti cl470 cl470 TI Build Tools CL500 ti cl500 cl500 TI Build Tools CL55 ti cl55 cl55 Wind River Diab Compiler diab dcc Notes e Green Hills compiler is no longer supported as of Goanna 3 1 0 e As of Goanna 3 4 0 support for Tasking C166 compiler is only available upon request Contact support redlizards com if you require support for this compiler e Goanna also ships with cygwin gnu 4 4 4 and ti dialects However these dialects exist only for back ward compatibility We strongly recommend that you do not use these dialects 1 3 1 A Word On C99 and C 11 Support Goanna strives to support most C99 and C 11 features as long as the compilers used in your projects also accept them However please note that for C 11 extensions the analysis engine generally does not make use of these extensions or any information derived from usage of these extensions For example Goanna does not perform any pointer or memory use related analysis on C 11 std shared_ptr 1 3 2 A Word On Compiler Specific Syntax Extensions Goanna strives to support most compiler specific C C syntax extensions for supported compilers However please note that even in cases where Goanna supports compiler specific C C syntax extensions the analysis engine will generally not make use of these extensions or any information derived from usage of these extensions For example Goanna does not take Keil Cx51 Memory Models or Memory Types into account
91. s For example goanna analyse user headers To include system headers generally those included using include lt gt syntax such as C and C standard header files into analysis pass system headers option to goanna analyse when running analysis For example goanna analyse system headers Please note that using these options may increase time needed to run analysis 5 4 Setting Analysis Timeouts By default Goanna has a timeout of 240 seconds to spend in each analysis phase within one source file To change the timeout pass t imeout lt timeout in seconds gt to goanna analyse when running analysis For example goanna analyse timeout 60 Generally speaking increasing timeout may result in more accurate results but will take longer to complete the analysis Decreasing timeout will improve the running time but may result in less accurate results Due to the underlying technology of the Goanna analysis engine this timeout is essential 5 5 Ignoring Certain Warnings Warning Suppression If you run Goanna frequently on the same project in some cases you may wish to ignore some warnings that do not require immediate attention Goanna provides a mechanism to allow you to manually specify such warnings to be ignored these warnings will then not be reported in subsequent analysis This is called warning suppression The recommended way to specify warnings to be suppressed is the Goanna Dashboard See 9 2 for m
92. s To Compute Metrics s ee ek 8 2 1 Computing Code Metrics For Subset Of Project oo eccerre ao 8 2 2 Code Metrics Results In XML HTMLandCSVFiles 0 000 ee a 19 19 19 19 20 21 22 23 23 23 24 24 24 24 25 25 25 25 25 26 26 27 27 27 27 28 29 29 30 33 33 33 34 34 34 9 Using the Goanna Dashboard 9 1 9 2 9 3 9 4 95 9 6 Getting tothe Goanna Dashboard BUS StAtUSeS corra a A OS SE A SENETIN 2464 bw ir bbe ee eee ow Saws Dashboard Views gal Projet ase oe sek eG Boe Se es alee A 94 2 Report Page ie a eek cas 943 Directory Browser cretos 2 das es ewes 9 4 4 WarningsBrowser 00 eee enue 945 Code BYOWSEr es cucca eaa s henaa b GSS Database Upgrades 2 cece bev ede she eara Project Settings Advanced 9 6 1 Code Browser Character Encodings 10 Advanced Features Concepts and Configurations 10 1 10 2 10 3 10 4 10 5 Proceed With Caution sers 83 bs 24 es 85 ba 24 Manually Running Analysis On Source Files Manually Running Link Time Analysis On Object Files The Project Database 2 4 23 a3 ee eevee ewes How Goanna s Compiler Support Work 11 Goanna Central Utility Reference 11 1 11 2 11 3 11 4 11 5 16 I7 11 8 119 goanna init Initialise C C Projects goanna trace Monitor C C Project Build goanna analyse Analyse C C Projects
93. t number default 1197 if 1197 is not available then 1198 1199 If this option is set and the specified port is unavailable then the server will quit log lt true false gt Port number default 1197 if 1197 is not available then 1198 1199 Toggles log ging to stdout Default true log file lt path to log file gt Toggles logging to a file config lt path to configuration file gt When specified overwrites the given options with those specified in the file db upgrade Note See 9 5 for details about this feature summary db lt file gt The database in which to save snapshots 73 progress lt path to progress gt Specify the file to write progress information into feature lt feature gt Specify the feature s to upgrade valid values are auto_vacuum and warn ing_index Return Codes O Zero A return code of generally means that no errors were encountered and goreporter completed execution successfully e goreporter completes execution without errors e goreporter prints help or usage information 1 One A return code of 1 generally means that a user provided parameter is invalid e goreporter encounters an error while parsing command line arguments e goreporter attempts to read or write to a file but the file cannot be found or goreporter does not have the correct permissons e goreporter is given a database argument but the database is not a valid Goanna project database e goreporter attempts to s
94. tart the web server process on a particular TCP IP port but the port is already in use e goreporter encounters an unexpected or internal error when processing a subcommand 74 Index _GOANNA preprocessor symbol 34 goanna assume 58 assert macro 34 goanna analyse 50 goanna 1init 48 goanna metrics 56 goanna package 55 goanna report 53 goanna snapshot 54 goanna trace 49 goannac 64 goannacc 64 goannald 69 goreporter 71 GoannaKnowledge Base File Format 58 GoannaKnowledge Base Properties 61 Checks Changing check set 25 Custom Packages 25 Disabling Packages 25 Enabling Packages 24 Listing Packages 24 Packages 24 Setting 25 Command Line Options 49 51 56 32 66 64 66 absolute path 64 advanced help 48 49 52 54 56 66 alias 67 all checks 50 64 69 all metrics 56 api list 58 as api 58 brief trace 64 C 64 check 50 64 69 checks 50 64 69 checks file 64 69 color colour 64 69 columns 64 69 config 73 configure 67 dataflow 67 db 64 69 delimiter 53 diagnostics mode 67 70 dialect 65 66 69 dialect mod 67 directory 64 dryrun 50 error 66 70 exclude 50 51 56 66 70 feature 74 force analysis 50 64 force tracing 49 goanna dir 48 50 52 58 63 header protos 50 help 48 49 51 53 54 56 64 69 ignore errors 64 input encoding 66 internal error 66 ipa ite
95. that detects attempts to read a value from an array with an invalid out of range index By default Goanna uses built in default set of checks which contains rules for many common issues Using the checks selection options allows you to choose exactly which checks or rules that Goanna should look for See 5 2 for more details e Whether to analyse the content of system and or user header files during the analysis 4 2 1 Running Goanna project analysis on a subset of the project The build process that is traced using goanna trace may have also collected unnecessary build information such as third party libraries or code related to dynamic testing It may be desirable to perform project analysis on only the files that are part of your project This can be achieved by using either e path arguments or e exc lude options or e match options Using the exclude option If exclude options are used then the analysed set of files must not match any of the patterns given to the exc lude options For example the command goanna analyse exclude thirdparty Will exclude any file that has thirdparty as part of its project relative path This includes e thirdparty sqlite3 sqlite3 c or e libraries thirdparty xerces c xerces c or e other path thirdparty file c 19 This will not exclude the following files because path patterns need to match full directory or file names e thirdparty c nor e library thirdparty c
96. the warning e Name of the check which generated this warning e Severity ofthe warning which is one of Low Medium and High Severity is determined on per check basis and is not affected by the actual code analyzed e Warning message explaining why this warning is shown e A list of Goanna recognized C C standard rules that may be violated with this warning For example in the above example the following output message of the first warning from ATH cmp float foo c 211 warning Goanna ATH cmp float Severity Low Comparison with a float using or CERT FLP06 C CERT FLP35 CPP MISRAC2004 13 3 MISRAC 2008 6 2 2 Indicates that e On foo c line 211 there is a comparison on a variable or a constant value of a type float or double using equality operators e This warning is determined by Goanna to have Low severity e This warning comes from a Goanna check called ATH cmp float and e The presence of this warning may mean that the project does not satisfy requirements imposed by one or more of the following rules CERT C Secure Coding Standard Rule FLP06 C CERT C Secure Coding Standard Rule FLP35 CPP MISRA C 2004 Guideline Rule 13 3 MISRA C 2012 Guideline Rule 6 2 2 It is possible to customize the format of the output message with output format option See the goanna analyse reference 11 3 for details about this option Warning Traces Goanna also has an ability to show a trace through the exe
97. tion Linux 12 Windows 13 Interprocedural analysis 33 License 12 Activation 13 Motor Industry Software Reliability Association MISRA C 2008 26 Motor Industry Software Reliability Association MISRA C 2004 26 Running analysis from IAR Embedded Workbench 29 Running analysis from Keil Vision 31 Sample Code 34 Standards 26 Traces Dashboard 41 Warning Suppression 37 40 76
98. tion from Red Lizard Software This email will contain an Order Number which is required to complete the activation process Before activating your node locked license you will need a challenge key for your computer To obtain the challenge key run goanna key Now to activate your node locked license follow these steps 1 Go to the activation page at http www redlizards com purchase activate license Goanna Static Analysis Activate License Mozilla Firefox amp Goanna Static A redlizards com vc S goanna PRODUCTS COMPLIANCE LICENSING TRIAL Q GOANNA STATIC ANALYSIS PURCHASE Enter the following details Email Address The email address you provided when purchasing Goanna 13 Order Number The order number provided in the Goanna purchase confirmation email Challenge The challenge key of the computer you wish to activate the license for Read the license agreement Check I accept the License Conditions and click Activate to accept the license agreement and activate your license The resulting license file called goanna_license lic will be sent to the email address you provided You will also be taken to a page where you can download the license file by clicking on Download your license Save the goanna_license lic file to the following location Linux HOME Home directory of the user running Goanna or etc goanna Windows XP and Server 2003
99. ts for Goanna Analysis 3 1 Introduction The most basic way to perform Goanna analysis on the source code is project wide analysis Project wide analysis scans and identifies potential issues within the whole project based on information about how the project is built To perform project wide analysis the following steps should be taken 1 First you need to ensure that the project compiles successfully with no syntax errors Goanna analysis engine relies on the source code being syntactically correct 2 Clean your projects source tree This will ensure Goanna detects all of the project source files during build tracing 3 Initialise a Goanna directory This directory is used by Goanna to store information about your project 4 Runa Goanna build tracing utility This utility runs and monitors a full build of the project and captures all necessary information for Goanna to understand the source files This process is called build tracing and the result of this process is stored in a file called build specification 5 Run the project analysis utility with the generated build specification to perform project analysis The generated build specification file can be re used for future Goanna analysis so that you do not have to re run full build before every analysis However if the structure or settings of the project changes such as e When anew source file has been added to the project or e When an existing source file has been rem
100. ubcommand By default this command generates results for all functions and groups results by source file However it will only generate results for non static functions when as api or api list options are used Important Using import or reset subcommand causes Goanna to delete all analysis data currently stored meaning that next analysis will be slower If you have suppressed warnings this information will also be deleted Command Line Options goanna dir lt path gt Specify the location of the Goanna project data default is goanna project dir lt path gt Specify the location of the project root default is If the project dir option is given then goanna dir is also required rel path Use project relative path in file names export as api Instead of grouping function analysis results by source file export results for all non static functions in the API section api list lt api list file gt Only export function analysis results for functions listed in lt api list file gt If the api list option is given then as api is also enabled File Format A Goanna knowledge base file is a JSON file containing an associative list with each member of the list specifying functions in a particular file The name of the member is the file name specified with an absolute path by default or project directory relative path if option rel path is used and the value is a list of function specifications Optionally ther
101. uld not delete this database file unless when required If you delete this database file then the next analysis run will take much longer due to cached information being removed and you will also lose warnings suppression information Unlike other Goanna utilities if you use goannacc goannac or goannald directly to perform analysis see 10 2 then you must explicitly specify the location of the project database with db lt file gt option Not specifying this option causes e Goanna analysis to produce inaccurate results because information needed for interprocedural analysis be comes unavailable e Link time analysis to become unavailable link time analysis relies on the project database and e Warnings suppression functionality to not work 46 10 5 How Goanna s Compiler Support Work Most C C code uses non standard language extensions to some extent Even if your own code is 100 percent standard compliant you must almost certainly include libraries and header files that use non standard extensions provided by the compiler Goanna analyzes C C code at a very deep semantic level In order to do this it must analyze your source code exactly as understood by your compiler including all the same system headers built in predefined macros and language extensions In some dialects the macros and include paths predefined in the compiler are not fixed but vary depending on your operating system how the compiler has been
102. unt 10 while count gt 0 va buffer i x buffer i 0 Goanna may issue a false positive warning because it doesn t deduce that i 10 when the loop terminates Such false positives can often be suppressed with the assert macro sec 7 4 Otherwise you can suppress false positives using the Goanna Dashboard see 9 2 33 7 3 Usingthe _GOANNA Preprocessor Symbol Goanna has a built in preprocessor definition defined by the macro define GOANNA 1 This allows code to be explicitly included in or excluded from analysis by Goanna For example ifdef GOANNA Code only to be included while the program is being analysed endif ifndef GOANNA Code not to be analyzed by Goanna endif 7 4 Using the assert macro Goanna can sometimes use information provided by assert to refine its analysis of numerical and pointer values It does this by using assert statements as assumptions for value ranges and pointer validity For example in the code below void my fun void int my_array 20 int x rand assert x 10 f my_array x the assert means that the array reference must be in bounds even though the index variable x has a randomly assigned value Therefore Goanna does not issue an out of bounds warning 7 5 Sample Code A package containing a number of sample C and C files is available on our website Go to http redli
103. upport 2 is asreicas eae aeaeee eee sew aes Dau 7 1 3 2 A Word On Compiler Specific Syntax Extensions 0 0 eee eee ene 8 1 3 3 Analog Devices C C Compiler for SHARC Processors cc21k Dialect 8 1 3 4 ARMC C Compiler armcc Dialect oea t ee ens 8 1 3 5 Cosmic Software C Cross Compiler cosmic Dialect 8 13 6 Freescale metrowerks Dialect 2 246564 06 03 20 eee danara sa raaraa 8 13 7 GNU C C Compiler GCC anu Dialect 064 dee ee ee kes 8 1 3 8 IAR Toolchain for 8051 ARM AVR MSP430 M16C and R8C ar 8051 iar arm iar avr iar msp430 and iar ml6c Dialects 9 1 3 9 Keil Cx51 and C166 Optimizing C Compiler c51 and c166 Dialects 9 1 33 10 Microsoft Visual C microsoft Dialect oa oio ea aara 6 RS ee wee SEE paa 9 1310 ON OCC Lane Dialect oo a oss a ic ee ah Oa eS 9 1 3 12 Renesas H8S H8 300 Series C C Compiler renesas h8 Dialect 9 1 3 13 Renesas RXC Toolchain renesas rx Dialect 9 1 3 14 TI Build Tools ti armcl ti cl16x ti cl2000 ti c1430 ti cl470 ti cl500 ba de Dideds kk ee ee CN KEKE ERED SE SORE REEEEEES Ew S 10 1 3 15 Wind River Diab Compiler diab Dialect o o 10 14 Supported Build Systems ci a AS Wael ee A RA 10 2 Getting Started 12 21 License Agreement alicia a A AA A Belew Bo Bae 12 23 Instala tio AOS fc ti dd A we Ree ee A ae a ae eS 12 23 Testallation WindowB
104. urn code of 0 generally means that no errors were encountered and goannald completed exe cution successfully goannald completes execution without errors goannald prints help or version information goannald invokes the C C linker but is configured to ignore the linker return code goannald returns O even if the linker returns an error goannald finds code warnings from source code analysis and is not configured to return an error in the presense of code warnings this is the default setting also see return code 1 One _ 1 One Areturn code of 1 generally means that a user provided parameter is invalid e goannald encountered an error while parsing command line arguments e goannald performs an operation that requires the project database but the database is not provided or not found e goannald finds code warnings from source code analysis and is configured to return an error in the pre sense of code warnings Inherited Return Values e If goannald invokes the C C linker it returns the linker s return code unless explicitly configured other wise Configured Return Values The following error modes have configurable return values e Internal Error Goanna encounters an error internally and cannot complete analysis 70 11 11 goreporter Goanna Dashboard Server and Administration Tool Synopsis goreporter start server options goreporter stop server options goreporter db upgrade options Description goreporter
105. ving only prototypes timeout lt n gt Set a timeout in seconds for analysis of each source file Default 240 Important Setting this value to 0 meaning infinite is discouraged this may cause Goanna to not terminate output format lt format gt Specify a warning format used by Goanna to output warnings The following special strings in lt format gt are expanded FILENAMES the filename RELFILE the filepath and filename RELPATH the filepath ABSFILE the absolute filepath and filename 50 ABSPATH the absolute filepath DBRELFILE the filepath relative to the database file and filename DBRELPATH the filepath relative to the database file LINENO the line number COLUMN the column number CHECKNAME the check identifier SEVERITY the checks severity rating MESSAGE the warning message RULES corresponding rule s from coding standards if any TRACE counter example if any FUNCTION the function name SUPPRESSED a x if the warning is suppressed WARNINGID the hash of this warning EOL a line break 98 a literal The default warning formatis RELFILE LINENO warning Goanna CHECKNAME Severity SEVERITY MESSAGE RULES EOL trace Prints out a trace through the function that leads to the warning This is helpful for understanding why the warning occurs trace format lt format gt Specify the format to output traces The following special strings are used in the trace format FILENAME the
106. warnings goannawarnings XML file of the last run Goanna analysis results e warnings xml Legacy XML output of the last run Goanna analysis results using the old XML format that was used in Goanna 3 5 1 and before 4 3 4 Using Goanna Dashboard Web Interface To Interact With Analysis Results Goanna comes with the Goanna Dashboard a web based interface that allows you to read and interact with the analysis results To upload analysis results to the Goanna Dashboard use the goanna snapshot command goanna snapshot goreporter Taking snapshot goreporter Project ID 1 goreporter Snapshot ID 1 goreporter To browse a snapshot of this analysis run go to goreporter http localhost 1197 index html project_id 1 amp snapshot_id 1 snapshot For more details about this feature see Section 9 4 4 Running Goanna Analysis using pre 3 4 0 tools The analysis steps out lined in this document describe the preferred tools that were released in Goanna Central 3 4 0 If you have projects that you were analysing with an older version of Goanna Central and you wish to continue using those tools please refer to the deprecated userguide http redlizards com resources user manuals 23 5 Configuring Goanna Analysis 5 1 Checks Packages Goanna Central provides over 180 individual checks out of the box that can be used to analyse your C C source code It is also possible to enable an additional 450 checks that are dedic
107. y runs a full build while collecting the compilaton processes and recording them for later analysis You will only need to use Goanna Trace when the details of your project change such as adding removing a file or changing compilation options Click the Goanna Analysis menu entry will then run a project analysis with the results appearing in the Output window 6 2 Running Goanna Analysis From Keil VisionO Note This procedure works only for a single project If you use this method on a multi project workspace then the analysis will be performed only on the active project To set up Keil Vision IDE follow these steps 1 Start Keil Vision 2 From the Tools menu select Customize Tools Menu w File Edit View Project Flash Debug Peripherals Tools SVCS Window Help sas a Set up PC Lint 28 args_size Lint S i g Y EPM900 Emulator y BR 28 4 Measure c 141 EPM900 Emulator Eme D 5 Source Code E Measure c 2 Mcommand c Getline c 2 3 4 Copyright 1995 2005 Keil Software Inc 5 6 3 In the Customize Tools Menu dialog that follows click the New Insert 2 button This will create a new menu entry to run goanna trace to capture the build 4 Type Goanna amp Initalise Project and press Enter This will become the name of the new menu entry You can assign different name here if you wish 5 Click Browse button next to Command entry A file selection dialog wil
108. zards com resources example code and download the Goanna Central Sample Code package The files contained in this package may be useful for practicing using Goanna or ensuring that it is working correctly To run analysis on this sample code package run goanna init goanna trace make goanna analyse You will need to install gcc GNU C Compiler and make sure that PATH environment variable contains a path to where gcc is installed before running analysis on this sample code package 34 8 Using Goanna To Compute Code Metrics 8 1 Introduction Code metrics is a set of measurements on various properties of the source code which can help you to determine the size complexity and quality of your project Goanna Central has a separate utility to compute the code metrics called goanna metrics 8 2 Using goanna metrics To Compute Metrics First please ensure that you have initialised a Goanna directory 3 2 and performed build tracing 3 3 Once the build tracing is complete run goanna metrics to calculate metrics for all files in a project Code metrics will appear on the console stdout by default grouped by e Code metrics for each file e Code metrics for each function in each file and e Code metrics for the entire project The following is an example of the output message from goanna metrics Metrics for file mem ptr c Goanna AVGLEVEL mem ptr c Average level of executable statements 1 00 Goanna COMF
Download Pdf Manuals
Related Search