|
|
|
# 4.0.250415 (April 2025)
|
|
|
|
|
|
|
|
## Major
|
|
|
|
|
|
|
|
* Generation of intermediate data for source code metrics computation is disabled by default. See description of the `--enable-scra/--disable-scra` options of the `svace build` command.
|
|
|
|
* Source code metrics computation is disabled by default. See description of the `--enable-scra/--disable-scra` options of the `svace analyze` command.
|
|
|
|
* Option `svace analyze --light`, which disable all analyses except lightweight AST checkers.
|
|
|
|
|
|
|
|
## General
|
|
|
|
|
|
|
|
* Show information about the license key (including its ID) if the license is expired.
|
|
|
|
* Prediction of likelihood of a warning being true no longer requires absolute paths (`--full-paths` option) on Svacer history server.
|
|
|
|
|
|
|
|
## Build
|
|
|
|
|
|
|
|
* Fixed Linux kernel builds interception failing on unsupported `eu-strip` options.
|
|
|
|
|
|
|
|
## Checkers
|
|
|
|
|
|
|
|
* [sup #1118] Fixed false `BUFFER_OVERFLOW.LOOP` reports.
|
|
|
|
* [sup #1145] Lowered severity from `Major` to `Minor` for `SIMILAR_BRANCHES.SWITCH`.
|
|
|
|
* Fixed crash of `SHADOWED_NAME` checker in case of duplicated parameters.
|
|
|
|
|
|
|
|
## C/C++
|
|
|
|
|
|
|
|
* Implemented `.ARITHM` warning subtypes for many of null dereference checkers, which are emitted when pointer arithmetic is performed on a null pointer without dereference.
|
|
|
|
* Fixed visibility of standard C functions from C++ 23 code.
|
|
|
|
* [sup #1136] Template function instances are now treated as the same function. Statistic checkers now ignore duplicate calls to template instances and treat them as calls to a single function.
|
|
|
|
* [sup #944] Fixed false `INFINITE_LOOP`/`INFINITE_LOOP.MACRO` reports: suppose that a loop control variable may be changed if it is caught by reference by any lambda.
|
|
|
|
* [sup #945] Do not report `RETURN_LOCAL_ADDR` when an address of a caught variable is returned from a lambda.
|
|
|
|
* [sup #954] Implement heusristics for narrowing intervals of variable values based on evaluation of simple conditions.
|
|
|
|
* [sup #1165] A few SQLite-related C/C++ specifications were corrected. It fixed some false `FREE_NONHEAP_MEMORY` reports and changed certain `MEMORY_LEAK` reports related to SQLite into `HANDLE_LEAK` issues instead.
|
|
|
|
|
|
|
|
## Go
|
|
|
|
|
|
|
|
* Enabled `TAINTED_PTR.LDAP_INJECTION` for Go (`github.com/go-ldap/ldap/v3`).
|
|
|
|
* [sup #1072] Added CGO generated files to ignored by default in `svace.ignore`.
|
|
|
|
* [sup #1148] Changed `NO_RECOVER_FOR_PANIC` severity from `Major` to `Normal` and `NO_RECOVER_FOR_PANIC.STRICT` from `Major` to `Minor`.
|
|
|
|
* Fixed a number of false reports of `SIMILAR_BRANCHES.SWITCH` in Go code.
|
|
|
|
* Fixed skipping of analysis for Go files that declare/use alias types.
|
|
|
|
* Fixed UAST build and analysis failures for Go.
|
|
|
|
|
|
|
|
## C\#, VB .NET
|
|
|
|
|
|
|
|
* [sup #1103] Fixed false `CAST_AFTER_CHECK` reports: change heuristic responsible for saving is-conditions.
|
|
|
|
* [sup #911] Fixed `NO_LOCK.STAT` false reports:
|
|
|
|
- don't allow a function that closes an unknown lock to close a known lock;
|
|
|
|
- consider that a function closes the lock only if it always closes it;
|
|
|
|
- made warning message and tracepoints more detailed.
|
|
|
|
* [sup #1104] Supported `op_Equality`, `op_Inequality` for records and abstract records without fields.
|
|
|
|
* [sup #1101] Fix for recursive is-pattern: supported declared symbol, and instance.
|
|
|
|
|
|
|
|
## Known Issues
|
|
|
|
|
|
|
|
* [sup #1136] Statistical checkers (`.STAT`) may display differences between **_Svace_** versions due to the updated algorithm for merging statistics across different instances of the same template function. |
|
|
\ No newline at end of file |
