Flag Deprecated or Unsafe Functions, Keywords, or Macros Using Bug Finder Checkers

This topic shows how to create a custom list of forbidden functions, keywords or macros and check for use of these items in your code using Polyspace^® Bug Finder™.

Identify Need for Extending Checker

Before creating or extending a checker, identify if an existing checker meets your requirements. For instance, these checkers flag the use of specific functions:

Use of dangerous standard function: The checker flags functions that introduce the risk of buffer overflows and have safer alternatives.
Use of obsolete standard function: The checker flags functions that are deprecated by the C/C++ standard.
Unsafe standard encryption function, Unsafe standard function: The checkers flag functions that are unsafe to use in security-sensitive contexts.
Inefficient string length computation, std::endl may cause an unnecessary flush: The checkers flag functions that can impact performance and have more efficient alternatives.

However, you might want to block functions that are not covered by an existing checker. For instance, you might want to forbid the use of signal handling functions such as std::signal:

#include <csignal>
#include <iostream>

namespace
{
  volatile std::sig_atomic_t gSignalStatus;
}

void signal_handler(int signal)
{
  gSignalStatus = signal;
}

int main()
{
  // Install a signal handler
  std::signal(SIGINT, signal_handler);

  std::cout << "SignalValue: " << gSignalStatus << '\n';
  std::cout << "Sending signal " << SIGINT << '\n';
  std::raise(SIGINT);
  std::cout << "SignalValue: " << gSignalStatus << '\n';
}

Likewise, you might want to block keywords that are not forbidden by an existing checker.

Extend Checker

If the functions, keywords or macros that you want to block are not covered by existing checkers, use one or more of these checkers:

To create a blocklist for the checker:

List functions, keywords and macros in an XML file in a specific syntax.
Copy the template file code-behavior-specifications-template.xml from the folder polyspaceroot\polyspace\verifier\cxx to a writable location and modify the file.
- Enter each forbidden function in the file using the following syntax after existing similar entries:
```
<function name="funcname">
    <behavior name="FORBIDDEN_FUNC"/>
</function>
```
  where funcname is the name of the function you want to block. Remove previously existing entries in the file to avoid warnings.
- Enter each keyword in the file using the following syntax after existing similar entries:
```
<token name="keywordname" kind="keyword">
      <behavior name="FORBIDDEN_KEYWORD"/>
</token>
```
  where keywordname is the name of the keyword you want to block.
- Enter each macro in the file using the following syntax after existing similar entries:
```
<token name="macroname" kind="macro">
      <behavior name="FORBIDDEN_MACRO"/>
</token>
```
  where macroname is the name of the macro you want to block.
Note that you can use the * wildcard for functions and keywords (but not for macros). For instance, to forbid all functions whose names contain DEBUG, you can enter:
```
<function name="*DEBUG*">
      <behavior name="FORBIDDEN_FUNC"/>
</function>
```
To use regular expressions in macro specifications, set an additional attribute regex to true. For instance, to forbid all macros starting with DEFINED_, enter:
```
<token name="DEFINED_.*" kind="macro" regex="true">
    <behavior name="FORBIDDEN_MACRO"/>
</token>
```
Specify this XML file as argument for the option -code-behavior-specifications.

Checkers That Can Be Extended

The following checkers can be extended in this way: