CodePeer 19 Release Notes¶
We present here a few highlights of the new features in CodePeer 19. You can access the complete list here.
CodePeer comes with a completely redesigned web interface that uses
state-of-the-art web technology. It provides real-time updating of
message filters and manual reviews, among other new capabilities. This new
interface can be generated via the new
The old HTML interface is kept temporarily to help with the transition,
and remains available via the
CodePeer now integrates a collection of lightweight checkers based on Libadalang. These checkers complement CodePeer’s traditional analysis. They are much faster and typically lead to fewer false positives.
Each checker performs a specialized analysis, aimed at detecting a very specific
bug or suspicious code pattern. Some of those checkers provide analyses that are
similar to (some parts of) CodePeer’s main analysis (such as
test_always_true). These checkers are much faster
than the main analysis but focus on specific kinds of errors and are likely to
miss many errors detected by CodePeer’s more general analysis. The benefit of
this feature is to allow much faster analysis with fewer false positive
Other checkers look for common mistakes. Among those, the checker bad_unequal only looks for tests of the form “X /= A or X /= B” and emits a message indicating test always true:
1 2 3 4 5 6 7 8 9 10 11
function Always (X : Integer) return Integer is procedure Compute with Import; begin if X /= 0 or X /= 1 then -- Always True Compute; return 1; end if; return 0; end Always;
With the code above CodePeer outputs:
always.adb:4:17: medium warning: test always true (LAL checker): expression always true: 'X' /= 0 or 1
As another example, the checker
duplicate_branches looks for branching
expressions (if-then-else or case expressions) that contain syntactically
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
function Dup (X : Integer) return Integer is begin if X > 0 then declare A : Integer := X; B : Integer := A + 1; C : Integer := B + 1; D : Integer := C + 1; begin return D; end; else declare A : Integer := X; B : Integer := A + 1; C : Integer := B + 1; D : Integer := C + 1; begin return D; -- Suspicious duplicated code end; end if; end Dup;
For which CodePeer will flag:
dup.adb:13:7: medium warning: code duplicated (LAL checker): code duplicated with line 4
These new analyses are either run in parallel with CodePeer’s traditional analysis (at levels 1 to 4) or alone (at level 0).
You can get more information on these checkers with the switch
--lal-checkers-help. You can also look at the two blog posts, Going After
the Low Hanging Bug
and (Many) More Low Hanging Bugs, that describe the work
at the heart of the new Libadalang checkers.
In order to provide a smoother initial experience to users, and offer gradual added capabilities, level 0 is now the default analysis level (compared to level 3 previously), and is Libalang checkers only. Hence, if you launch CodePeer on a new project without specifying a level you will get a fast analysis with very few false positives.
In addition, level 0 comes with the new Simple Project setup: CodePeer now
provides a very simple project file setup where you only need to provide a list
of source directories and optionally a list of filename patterns to get initial
results. In particular, the project does not need to be compilable at this
level. This capability is enabled via a new switch
levels still require a complete setup of your project file (.gpr).
You can use CodePeer to perform a security-oriented analysis and generate a
separate report, taking advantage in particular of its CWE support, with the
This report is tailored for security engineers. It is aimed at non-Ada experts and focuses on security objectives.
The report is generated as an HTML page that you can either use as is, or convert to e.g. PDF, and include in a larger report as part of your security assessment:
We reorganized the CodePeer User’s Guide. In particular we documented many cases
of user workflow in the new section
CodePeer Workflows. And we improved the
documentation of the messages issued by CodePeer by adding examples for each
category of message. You can find them in the section
Following the integration of warnings from GNAT in CodePeer 18, we now also integrate the coding-standard checker GNATcheck into CodePeer. As a result, CodePeer can automatically launch GNATcheck, collect its messages, add them into its database, and report them as for any other CodePeer message. In particular, this allows you to compare the last GNATchek run with a baseline run and review the messages, similarly to what you can do with any CodePeer message.
A Client/Server interface to CodePeer is now provided as part of the GPS IDE. This new mode allows users to manually access and review the messages of a CodePeer analysis from a remote workstation.
The backtrace information associated with precondition messages is now available directly in the Locations view for easier access. The previously available Backtraces view has been removed. In addition, a new preference has been introduced to enable/disable this extra information.
The analysis time for each file is now displayed in CodePeer’s default output, making it easier to identify which units CodePeer is spending the most time on, and possibly allowing users to fine-tune the analysis or exclude files from analysis when speed matters more than completeness of results:
analyzed admin.scil in 1.21 seconds analyzed msgproc__body.scil in 0.09 seconds analyzed msgproc.scil in 0.00 seconds analyzed cryptotypes.scil in 6.02 seconds
A new switch
-show-added is provided to highlight messages that are new
compared to the baseline run, via the
[added] marker, for easy retrieval.
To use this switch on a project, say
prj, use the command:
codepeer -Pprj -output-msg-only -show-added
The output would then be something like:
file1.adb:16:10: [added] low: access check might fail: requires Ptr /= null file2.adb:8:10: medium warning: loop does not complete normally file2.adb:28:19: low: overflow check might fail: requires BP <= Integer_32'Last-1 file2.adb:29:21: [added] medium: array index check might fail: requires (BP-1) <= (Buf.all'Last) file3.adb:24:9: [added] high: validity check: X is uninitialized here file3.adb:61:4: medium warning: unused assignment into Y
It is now possible to perform comparison between two arbitrary runs, in text and
CSV mode, with the new switch
-current. As an example, in combination with
the new switch
-show-added and the switch
-cutoff, you can display the
new messages in, say, run 4 of
prj with the following command:
codepeer -Pprj -output-msg-only -current 4 -cutoff 3 -show-added
This might display something like:
file1.adb:16:10: [added] low: access check might fail: requires Ptr /= null file2.adb:8:10: medium warning: loop does not complete normally file2.adb:28:19: low: overflow check might fail: requires BP <= Integer_32'Last-1 file2.adb:29:21: medium: array index check might fail: requires (BP-1) <= (Buf.all'Last) file3.adb:61:4: medium warning: unused assignment into Y
The new switch
--be-messages=[...] allows users to specify a set of message
kinds, and directs CodePeer to only emit and save a message when its kind is
part of the specified message kinds. You can then launch a new run on
and decide to filter out all warning messages and validity checks with the
codepeer -Pprj -output-msg -show-added --be-messages=-warnings,-validity_check
This would display:
file1.adb:16:10: [added] low: access check might fail: requires Ptr /= null file2.adb:28:19: low: overflow check might fail: requires BP <= Integer_32'Last-1 file2.adb:29:21: [added] medium: array index check might fail: requires (BP-1) <= (Buf.all'Last)
To terminate the analysis of complex subprograms, CodePeer formerly used timeouts. The problem with a timeout is that it does not ensure reproducibility of results. To address this, CodePeer now uses a notion of steps. While analyzing a subprogram, CodePeer deterministically increments a counter. If the counter exceeds a default or specified limit, CodePeer terminates analysis of the subprogram and continues analyzing the rest of the source code.
--import-reviews switch now supports importing a CSV file
(in addition to an XML file) to allow manual review of messages via a
We improved the algorithm that computes partitions for the analysis of large projects. The new algorithm increases the number of cases where the units containing a caller and its callee are assigned to the same partition. This also increases the number of subprogram calls that CodePeer can precisely analyze when partitions are involved.