Skip to content

v2.25.0
Compare
Choose a tag to compare
@github-actions github-actions released this 13 Mar 05:11
v2.25.0
34dbf36
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Release summary

  • New queries added for the following rule packages: Declarations, OrderOfEvaluation

  • The following changes have been made for this release:
    M8-5-2 - AggregateLiteralEnhancements.qll:

    • recognise aggregate literals initialized with parameters from variadic templates.
    • A7-1-5 - exclude auto variables initialized with an expression of non-fundamental type. Typically this occurs when using range based for loops with arrays of non-fundamental types. For example: 
      void iterate(Foo values[]) {
   for (auto value : values) { // COMPLIANT (previously false positive)
      // ...
   }
}
    • A0-1-1 - address a number of false positive issues:
      • Exclude compiler-generated variables, such as those generated for range-based for loops.
      • Exclude variables in uninstantiated templates, for which we have no precise data on uses.
      • Deviations should now be applied to the useless assignment instead of the variable itself.
    • A15-4-4: remove false positives reported on uninsantiated templates.
    • A2-10-1, RULE-5-3:
      • Reduce false positives by considering point of declaration for local variables.
      • Reduce false negatives by considering catch block parameters to be in scope in the catch block.
    • M6-5-5:
      • Reduce false positives by no longer considering the taking of a const reference as a modification.
      • Improve detection of non-local modification of loop iteration variables to reduce false positives.
    • A7-1-1 - no longer report parameters as contravening this rule. This is inline with the rule intent as described in the referenced C++ Core Guidelines rule CON.1, which states "To avoid confusion and lots of false positives, don’t enforce this rule for function parameters."
    • A2-7-3 - UndocumentedUserDefinedType.ql:
      • Excluding declarations in function scope. The rationale is that these declarations are not exposed outside the scope of the function.
    • M16-1-1 - DefinedPreProcessorOperatorGeneratedFromExpansionFound.ql:
      • Optimize query to improve performance
      • Improve detection of macros whose body contains the defined operator after the start of the macro (e.g. #define X Y || defined(Z)).
      • Enable exclusions to be applied for this rule.
    • The following queries have been updated to address issues with applying deviations:
      • A18-5-11, A23-0-1, A9-3-1, M0-1-2, M3-1-2, M3-2-1, M3-2-3, M3-9-1, M4-5-3, M5-0-2, M5-2-10, A23-0-2, CTR51-CPP, STR52-CPP

  • A3-9-1 - VariableWidthIntegerTypesUsed.ql:

    • Exclude the plain char type. Still includes signed char and unsigned char.
    • Include CV-qualified variable width integer types.

  • A3-9-1 - VariableWidthPlainCharTypeUsed.ql:

    • New query to support fine grained deviation support for the plain char type.
      M5-3-3 - UnaryOperatorOverloaded.ql:
    • Exclude binary user defined operator& from this rule.
      M5-2-10 - IncrementAndDecrementOperatorsMixedWithOtherOperatorsInExpression.ql:
    • only report use of the increment and decrement operations in conjunction with arithmetic operators, as specified by the rule. Notably we no longer report the expressions of the form *p++, which combine increment and dereferencing operations.
  • A4-7-1 - exclude pointer increment and decrement operators from this rule.
    A2-3-1: cpp/autosar/invalid-character-in-string-literal
    • Fixes #311. Exclude wide string literals and utf8 string literal.
      RULE-7-3: c/misra/lowercase-character-l-used-in-literal-suffix
    • Exclude non integer literals. This removes a false positive triggered when analyzing C++ code containing the false literal.
  • Exceptions are no longer propagated from calls to noexcept functions, or calls functions with dynamic exception specifications where the exception is not permitted. This is consistent with the default behaviour specified in [expect.spec] which indicates that std::terminate is called. This has the following impact:
    • A15-4-2, ERR55-CPP - reduce false positives for noexcept functions which call other noexcept function which may throw.
    • A15-2-2 - reduce false positives for constructors which call noexcept functions.
    • A15-4-5 - reduce false positives for checked exceptions that are thrown from noexcept functions called by the original function.
    • DCL57-CPP - do not report exceptions thrown from noexcept functions called by deallocation functions or destructors.
    • A15-5-1, M15-3-1 - do not report exceptions thrown from noexcept functions called by special functions.
      M9-3-3 - MemberFunctionConstIfPossible.ql, MemberFunctionStaticIfPossible.ql:
    • Fixes #413. Exclude deleted member functions.
      A8-4-7 - InParametersForCheapToCopyTypesNotPassedByValue.ql, InParametersForNotCheapToCopyTypesNotPassedByReference.ql:
    • Fixes #397. Exclude user defined operators and move constructors.`
    • Exclude parameters for instantiated templates because the declaration location of the function does not contain enough information about the type used in the instantiation to make an actionable alert.
      A5-0-2 - NonBooleanIfStmt.qll, NonBooleanIterationStmt.qll:
    • Exclude compiler generated conditions.
      A13-3-1 - FunctionThatContainsForwardingReferenceAsItsArgumentOverloaded.ql:
    • Fixes #399. Exclude functions that have different number of parameters.
      A4-7-1: IntegerExpressionLeadToDataLoss.ql
  • Fix #368: Incorrectly reporting /= as a cause for data loss.
  • A8-4-8 - OutParametersUsed.ql
    • Fixes #370 - Non-member user-defined assignment operator and stream insertion/extraction parameters that are required to be out parameters are excluded.
    • Broadens the definition of out parameter by considering assignment and crement operators as modifications to an out parameter candidate.
  • FIO51-CPP - CloseFilesWhenTheyAreNoLongerNeeded.ql:
    • Broadened definition of IStream and OStream types may result in reduced false negatives.
  • A5-1-1 - LiteralValueUsedOutsideTypeInit.ql:
    • Broadened definition of IStream types may result in reduced false positives because more file stream function calls may be detected as logging operations that will be excluded from the results.
      A16-0-1 - PreProcessorShallOnlyBeUsedForCertainDirectivesPatterns.ql:
      • Exclude all preprocessor elses and also consider elifs separately (ie do not affect valid ifs) but not valid if not meeting the same criteria as an ifdef etc.
        A4-5-1: EnumUsedInArithmeticContexts.ql:
      • Address incorrect exclusion of the binary operator &.
      • Address incorrect inclusion of the unary operator &.
      • Fix FP reported in #366.
        A7-1-2 - VariableMissingConstexpr.ql:
      • Fix FP reported in #466. Addresses incorrect assumption that calls to constexpr functions are always compile-time evaluated.
        M9-3-3: MemberFunctionConstIfPossible.ql:
      • Fix FP reported in 467. Excluding candidates in uninstantiated templates.
        A7-1-1 - DeclarationUnmodifiedObjectMissingConstSpecifier.ql
      • Fix FP reported in #372. Exclude compiler generated variables.
  • A2-10-4 - IdentifierNameOfStaticNonMemberObjectReusedInNamespace.ql:
    • Fix FP reported in #385. Addresses incorrect detection of partially specialized template variables as conflicting reuses.
  • A18-0-1 - CLibraryFacilitiesNotAccessedThroughCPPLibraryHeaders.ql:
    • Fix issue #7 - improve query logic to only match on exact standard library names (e.g., now excludes sys/header.h type headers from the results as those are not C standard libraries).
  • M7-3-6 - UsingDeclarationsUsedInHeaderFiles.ql:
    • Address FN reported in #400. Only using-declarations are exempted from class- and function-scope.
      -A15-4-4 - MissingNoExcept.ql:
      • Fix FP reported in #424. Exclude functions calling std::string::reserve or std::string::append that may throw even if their signatures don't specify it.
  • M0-1-4 - SingleUseMemberPODVariable.ql:
    • Address FP reported in #388. Include aggregrate initialization as a use of a member.
    • Include indirect initialization of members. For example, casting a pointer to a buffer to a struct pointer.
    • Reformat the alert message to adhere to the style-guide.
  • M0-1-3 - UnusedMemberVariable.ql, UnusedGlobalOrNamespaceVariable.ql:
    • Address FP reported in #384. Exclude variables with compile time values that may have been used as a template argument.
    • Exclude uninstantiated template members.
    • Reformat the alert message to adhere to the style-guide.
  • A5-1-1 - LiteralValueUsedOutsideTypeInit.ql:
    • Address FP reported in #371. Exclude literals generated by uses of constexpr variables.
    • Exclude literals used in class template instantiations.
    • Update the alert message to adhere to the style-guide.
    • Exclude boolean literals used as template arguments.
    • Exclude u and U prefixed char literals.
    • Exclude literals part of a class aggregate literal.
  • A4-7-1 - IntegerExpressionLeadToDataLoss.ql:
    • Address reported FP in #396. Exclude shift operations guarded to prevent undefined behavior that could lead to dataloss.
  • INT34-C - ExprShiftedbyNegativeOrGreaterPrecisionOperand.ql:
    • Format the alert message according to the style-guide.
  • A5-0-2 - NonBooleanIterationCondition.ql:
    • Address FP reported in #10. Exclude conditions in uninstantiated templates.
  • M5-3-1 - EachOperandOfTheOperatorTheLogicalAndOrTheLogicalOperatorsShallHaveTypeBool.ql:
    • Adjust the alert message to comply with the style guide.
  • M5-14-1 - RightHandOperandOfALogicalAndOperatorsContainSideEffects.ql:
    • Fix FP reported in #375. Addresses incorrect detection of side effects in unevaluated contexts.
  • A16-2-2 - UnusedIncludeDirectives.ql:
    • Address FP reported in #453. Exclude reporting of redundant include directives indirectly included by included files.
  • A8-4-7 - InParametersForNotCheapToCopyTypesNotPassedByReference.ql, InParametersForCheapToCopyTypesNotPassedByValue.ql:
    • Improve coverage of the query by additionally alerting to non-trivially-copyable types being passed by value.
    • Non-trivially-copyable types not passed by value will no longer be incorrectly reported.

Supported versions

  • The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
  • The Code Scanning pack is supported when:
    • Using the CodeQL CLI version 2.14.6 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.14.6.
    • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.14.6.

Appendix: AUTOSAR new queries

New queries added to cover the following rules:

  • A3-9-1 - VariableWidthPlainCharTypeUsed.ql
  • M5-0-2 - InsufficientUseOfParentheses.ql
Assets 8