Skip to content

v2.55.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 06 Mar 23:03
v2.55.0
0b6b922
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release summary

  • New queries added for the following rule packages: Banned1, Classes2, DeadCode11, DeadCode3, DeadCode4, DeadCode5, DeadCode6, DeadCode7, DeadCode8, DeadCode9, Expressions2, Linkage2, Memory2, Memory3, Memory4, Memory5, Memory6, Naming2, Preprocessor, Preprocessor2, SideEffects4, SideEffects5, Toolchain3, Trigraph, Contracts7, Representation
  • The following changes have been made for this release:
    • All queries related to integer suffixes:
      • No visible changes expected: the regex for parsing integer suffixes, and how they are treated after lexing, has been refactored.
    • RULE-18-9 - ArraytoPointerConversionOfTemporaryObject.ql
      • The behavior for finding flow steps of temporary objects (for example, from ternary branches to the ternary expr result) has been extracted for reuse in other rules, no visible changes expected.
    • "Function-like macros"
      • The parameter list of variadic macros previously included the ellipsis in name of the final parameter, potentially leading to incorrect analysis. This has been corrected.
      • The parameter list of function-like macros with no parameters (i.e. MACRO()) was interpreted in a shared library as having a single parameter with an empty name. This does not seem to have had an impact on any existing queries, but has been fixed to correctly show no parameters.
    • M0-1-1, RULE-2-1 - UnreachableCode.ql:
      • Updated detection of compiler generated code to include "handler" blocks, part of EDG's IR.
      • "handler" blocks generated for catch(...) blocks are not excluded for technical reasons related to how the CFG is constructed.
    • M15-3-6, ERR54-CPP - CatchBlockShadowingMisra.ql, CatchBlockShadowingCert.ql:
      • Altered semantics to detect shadowing for a catch block involving type T preceding another catch block involving the same type T, such as catch(T&) shadowing catch(T) and vice versa. Previously, the involved types had to have a subtype relationship.
      • Refactored catch block shadowing into a shared library for use in RULE-0-0-1.
  • M0-1-2 - InfeasiblePath.ql:
    • Refactored to share logic with RULE-0-0-2 while allowing for different exceptional cases. No change in behavior expected.
  • A3-1-1 - ViolationsOfOneDefinitionRule.ql:
    • The query previously would incorrectly allow cases where something was defined with extern and did not use the defined external linkage library to find external linkage. This change may result in the query finding more results. Additionally a typo has been fixed in the alert message which will cause the old alerts for this query to now show up as new ones.
  • RULE-6-0-2, A3-1-4 - ExternalLinkageArrayWithoutExplicitSizeMisra.ql, ExternalLinkageArrayWithoutExplicitSizeAutosar.ql:
    • The queries listed now find flexible member arrays in structs, as those do not have an explicit size.
  • A-23-0-1, A-23-0-2, CTR-51-CPP, CTR-52-CPP, CTR-53-CPP, CTR-54-CPP, CTR-55-CPP, STR-52-CPP - IteratorImplicitlyConvertedToConstIterator.ql, ValidContainerElementAccess.ql, UsesValidContainerElementAccess.ql, GuaranteeGenericCppLibraryFunctionsDoNotOverflow.ql, UseValidIteratorRanges.ql, DoNotSubtractIteratorsForDifferentContainers.ql, DoNotUseAnAdditiveOperatorOnAnIterator.ql, UseValidReferencesForElementsOfString.ql:
    • Iterator access methods rbegin, rend, crbegin, crend are now recognized on containers.
    • Shared library Iterators.qll has been refactored by splitting out container type logic into a separate library and add logic to differentiate types of containers, such as associative, indexed, and strings.
    • Shared library Iterators.qll, used by many queries, has been moved.
  • M0-2-1, RULE-19-1, RULE-8-18-1 - ObjectAssignedToAnOverlappingObject.ql, ObjectCopiedToAnOverlappingObject:
    • The query predicate problem for ObjectCopiedToAnOverlappingObject is now shared across RULE-19-1 and RULE-8-18-1 . Also, the query predicate for ObjectAssignedToAnOverlappingObject is now shared across all of the three rules.
    • Due to the refactor, the queries listed may now emit slightly different results though it is highly unlikely.
  • A0-1-2 - UnusedReturnValue.ql:
    • Refactors the rule implementation into a shared library for usage in MISRA C++ ruleset. No externally visible changes expected.
  • All rules using Linkage.qll:
    • extern const global variables are now properly analyzed as having external linkage, rather than internal linkage.
    • Linkage analysis has been fixed to properly handle nested classes, including anonymous and typedefs of anonymous classes.
    • Linkage for names within classes with internal linkage is now properly inherited as internal, rather than external.
  • M0-1-3, RULE-2-8 - UnusedLocalVariable.ql, UnusedMemberVariable.ql, UnusedGlobalOrNamespaceVariable.ql, UnusedObjectDefinition.ql, UnusedObjectDefinitionStrict.ql:
    • The organization of unused variable analysis has been reorganized to be usable in MISRA C++ rule 0.2.1, with no expected noticeable change in results.
  • A0-1-4, RULE-2-7 - UnusedParameter.ql:
    • Refactored to be able to share most logic between MISRA C, MISRA C++, and AUTOSAR. No visible change in behavior expected.
  • RULE-2-3, A0-1-6 - UnusedTypeDeclarations.ql:
    • Type usage analysis has been improved to find more possible type usages, including:
      • Previous behavior considered anonymous types in variable declarations to be considered used by the variable definition itself. This has been improved to require that a field of the anonymous type is accessed for the type to be considered used.
      • Usages of a template type inside a specialization of that template are no longer considered usages of the template type.
      • Hidden friend declarations are no longer considered usages of the class they are declaring friendship for.
      • Improved exclusions generally, for cases such as nested types and functions within functions. These previously were a source of incorrectly identified type uses.
      • Additional case added to detect template <Enum = Enum::Value> as a usage of Enum, without an explicit tpl<Enum::Value> usage.
  • M5-14-1 - RightHandOperandOfALogicalAndOperatorsContainSideEffects.ql:
    • Implementation has been refactored to share logic with Rule 8.14.1. No observable changes to results expected.
  • A3-3-2 - StaticOrThreadLocalObjectsNonConstantInit:
    • The checks for non-constant initialization have been moved to be usable in other queries, such as MISRA C++23 Rule 6.7.2.
    • No visible changes in query results expected.
  • A5-0-1, EXP50-CPP - ExpressionShouldNotRelyONOrderOfEvaluation.ql, DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.ql:
    • Fixed a bug where some sequenced operations were not detected as such due to an error in the "candidate selection" process. This could have complex effects on results, but should mostly fix false positives. Some unsequenced operations that previously reported one alert may now report two, due to the extra candidates being considered.
    • Sequencing between full expressions no longer requires that the expressions are sequential; expressions in separate if statements, for instance, are not necessarily sequential, but they are still ordered. It is unclear if this change will have any effect on results, but it should be more accurate to the standard.
  • RULE-13-2, A5-0-1, EXP50-CPP, EXP30-C - UnsequencedSideEffects.ql, UnsequencedAtomicReads.ql, ExpressionShouldNotRelyONOrderOfEvaluation.ql, DoNotDependOnTheOrderOfScalarObjectEvaluationForSideEffects.ql, DependenceOnOrderOfScalarEvaluationForSideEffects.ql:
    • Implementation of ordering has been refactored to share more code across specifications (C11-C17, C++14, and C++17 sequencing rules). No change in results is expected from this refactor.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.21.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.21.4.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.21.4.

Appendix: AUTOSAR new queries

New queries added to cover the following rules:

  • M0-2-1 - ObjectAssignedToAnOverlappingObjectAutosarCpp.ql

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

  • RULE-19-1 - ObjectCopiedToAnOverlappingObjectMisraC.ql, ObjectAssignedToAnOverlappingObjectMisraC.ql

Appendix: MISRA-C++-2023 new queries

New queries added to cover the following rules:

  • RULE-0-0-1 - UnreachableStatement.ql
  • RULE-0-0-2 - InvariantCondition.ql
  • RULE-0-1-1 - UnnecessaryWriteToLocalObject.ql
  • RULE-0-1-2 - UnusedReturnValueMisraCpp.ql
  • RULE-0-2-1 - UnusedLimitedVisibilityVariable.ql
  • RULE-0-2-2 - UnusedParameterMisraCpp.ql
  • RULE-0-2-3 - UnusedTypeWithLimitedVisibility.ql
  • RULE-4-1-2 - RedeclarationOfStaticConstexprDataMember.ql, ImplicitDeclarationOfCopyConstructor.ql, ImplicitDeclarationOfCopyConstructorAudit.ql, NoexceptSpecifierThrow.ql, UseOfDeprecatedCHeaders.ql, UseOfDeprecatedStrStreamClass.ql, UseOfUncaughtException.ql, UseOfDeprecatedFunctionBinderTypedefMember.ql, UseOfDeprecatedUnaryOrBinaryNegate.ql, UseOfDeprecatedAllocatorVoid.ql, UseOfDeprecatedStdAllocatorMember.ql, UseOfDeprecatedRawStorageIterator.ql, UseOfDeprecatedTemporaryBuffers.ql, UseOfDeprecatedIsLiteralTypeTraits.ql, UseOfDeprecatedStdIteratorBaseClass.ql, UseOfDeprecatedSharedPtrUnique.ql
  • RULE-4-6-1 - MemoryUsageNotSequenced.ql
  • RULE-5-0-1 - TrigraphLikeSequencesShouldNotBeUsed.ql
  • RULE-5-10-1 - PoorlyFormedIdentifier.ql
  • RULE-5-13-6 - LongLongLiteralWithSingleLSuffix.ql
  • RULE-6-2-4 - ViolationsOfOneDefinitionRuleMisra.ql
  • RULE-6-5-2 - InternalLinkageSpecifiedAppropriately.ql
  • RULE-6-7-2 - GlobalVariableUsed.ql
  • RULE-8-0-1 - MissingPrecedenceClarifyingParenthesis.ql, MissingSizeofOperatorParenthesis.ql
  • RULE-8-1-1 - NonTransientLambdaImplicitlyCapturesThis.ql
  • RULE-8-1-2 - ImplicitCapturesDisallowedInNonTransientLambda.ql
  • RULE-8-7-2 - PointerDifferenceTakenBetweenDifferentArrays.ql
  • RULE-8-9-1 - PointerComparedBetweenDifferentArrays.ql
  • RULE-8-14-1 - ShortCircuitedPersistentSideEffect.ql
  • RULE-8-18-1 - ObjectAssignedToAnOverlappingObjectMisraCpp.ql, ObjectCopiedToAnOverlappingObjectMisraCpp.ql
  • RULE-13-1-1 - VirtualInheritanceNotAllowed.ql
  • RULE-13-3-1 - MemberSpecifiersNotUsedAppropriately.ql
  • RULE-14-1-1 - PrivateAndPublicDataMembersMixed.ql
  • RULE-15-0-2 - InvalidSignatureForSpecialMemberFunction.ql
  • RULE-15-1-3 - NonExplicitConversionMember.ql
  • RULE-16-5-1 - LogicalAndAndLogicalOrOperatorsOverloaded.ql
  • RULE-16-6-1 - InvalidOperatorOverloadedAsMemberFunction.ql
  • RULE-19-0-4 - UndefOfMacroNotDefinedInFile.ql
  • RULE-19-1-1 - InvalidTokenInDefinedOperator.ql, DefinedOperatorExpandedInIfDirective.ql
  • RULE-19-2-1 - NoValidIfdefGuardInHeader.ql, IncludeOutsideGuard.ql
  • RULE-19-2-2 - InvalidIncludeDirective.ql
  • RULE-19-3-4 - UnparenthesizedMacroArgument.ql
  • RULE-19-6-1 - DisallowedUseOfPragma.ql
  • RULE-21-6-2 - DynamicMemoryManagedManually.ql
  • RULE-21-6-3 - AdvancedMemoryManagementUsed.ql
  • RULE-28-6-4 - PotentiallyErroneousContainerUsage.ql
Assets 9
Loading