v2.44.0

Release summary

• New queries added for the following rule packages: Concurrency9, EssentialTypes2, FloatingTypes2, Generics, Contracts, Pointers1
• The following changes have been made for this release:
  • Concurrency.qll - for all queries using this library
    • This has been refactored into a set of smaller utility files. No impact on query results or performance expected.
  • All rules using Type.qll, TypeUses.qll, Pointers.qll, TrivialType.qll, VariablyModifiedTypes.qll:
    • Files moved into cpp/common/types directory. No external changes in behavior expected.
• RULE-2-8 - UnusedObjectDefinition.ql, UnusedObjectDefinitionStrict.ql:
  • Refactor to allow additional parameters in non-macro results for library DeduplicateMacroResults.qll.
  • Refactor to replace Location with Locatable in API of library DeduplicationMacroResults.qll.
  • No observable difference in behavior expected.
• EssentialType - for all queries related to essential types:
  • Updated the way essential types of expressions with "conversions" (including explicit casts, parenthesis, and implicit conversions such as array-to-pointer conversions) are handled, to get proper essential types when parenthesis, casts, and generics interact.
• RULE-8-3 - DeclarationsOfAFunctionSameNameAndType.ql, DeclarationsOfAnObjectSameNameAndType.ql:
  • New shared module used to fix false positives for compound types referring to the same basic integer types under a different name, e.g., query will not report for signed[4] used in place of int[4] as per MISRA spec.
  • Now query will report incompatibilities for two functions of the same name with a different number of parameters.
  • Query result string updated to not use the word "Compatible," which is confusing, as it may falsely appear that the query is testing for compatibility as defined by C17.
• RULE-8-4, DCL-40C - CompatibleDeclarationFunctionDefined.ql, CompatibleDeclarationObjectDefined.ql, IncomptatibleFunctionDeclarations.ql:
  • New shared module used to fix false positives by updating "compatible" type checks to more closely match the C17 standard. For instance, int[3] and int[] are compatible declarations (while int[3] and int[4] are not), and typedefs are now resolved as well. Some false positives may still occur regarding structs from different compilation units.
• DIR-4-9 - FunctionOverFunctionLikeMacro.ql:
  • Macros with _Generic now no longer reported.
• RULE-1-4 - EmergentLanguageFeaturesUsed.ql:
  • Ban on usage of _Generics removed.
• RULE-18-6 - ThreadLocalObjectAddressCopiedToGlobalObject.ql:
  • New query added to detect thread local objects assigned to static storage duration objects.
• RULE-21-12 - ExceptionHandlingFeaturesOfFenvhUsed.ql:
  • Added reports for #includeing "fenv.h", and for using fesetenv, feupdatenv, and fesetround.
  • Report message altered to handle new cases.
• The DeviationsSuppression.ql query has been restored after being incorrectly deleted in a previous release.
• DIR-4-11 - LowPrecisionPeriodicTrigonometricFunctionCall.ql:
  • New query within rule added to detect calls to periodic trigonometric functions with values outside of pi*k for k that depends on implementation and application precision goals, assuming k=1 for 32 bit floating types and k=10 for 64 bit floating types.
• RULE-8-3, RULE-8-4, DCL40-C, RULE-23-5: DeclarationsOfAFunctionSameNameAndType.ql, DeclarationsOfAnObjectSameNameAndType.ql, CompatibleDeclarationOfFunctionDefined.ql, CompatibleDeclarationObjectDefined.ql, IncompatibleFunctionDeclarations.ql, DangerousDefaultSelectionForPointerInGeneric.ql:
  • Added pragmas to alter join order on function parameter equivalence (names and types).
  • Refactored expression which the optimizer was confused by, and compiled into a cartesian product.
  • Altered the module Compatible.qll to compute equality in two stages. Firstly, all pairs of possible type comparisons (including recursive comparisons) are found, then those pairwise comparisons are evaluated in a second stage. This greatly reduces the number of comparisons and greatly improves performance.
• RULE-23-5: DangerousDefaultSelectionForPointerInGeneric.ql:
  • Altered the module SimpleAssignment.qll in accordance with the changes to Compatible.qll.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version 2.19.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tag codeql-cli/v2.19.4.
  • Using the CodeQL Action or CodeQL runner with the codeql-bundle-v2.19.4.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• DIR-4-11 - LowPrecisionPeriodicTrigonometricFunctionCall.ql
• DIR-4-15 - PossibleMisuseOfUndetectedInfinity.ql, PossibleMisuseOfUndetectedNaN.ql
• DIR-5-1 - PossibleDataRaceBetweenThreads.ql
• RULE-18-6 - ThreadLocalObjectAddressCopiedToGlobalObject.ql
• RULE-21-22 - TgMathArgumentWithInvalidEssentialType.ql
• RULE-21-23 - TgMathArgumentsWithDifferingStandardType.ql
• RULE-22-15 - ThreadResourceDisposedBeforeThreadsJoined.ql
• RULE-22-17 - InvalidOperationOnUnlockedMutex.ql
• RULE-22-18 - NonRecursiveMutexRecursivelyLocked.ql, NonRecursiveMutexRecursivelyLockedAudit.ql
• RULE-22-19 - ConditionVariableUsedWithMultipleMutexes.ql
• RULE-22-20 - ThreadStorageNotInitializedBeforeUse.ql, ThreadStoragePointerInitializedInsideThread.ql
• RULE-23-1 - GenericSelectionNotExpandedFromAMacro.ql, GenericSelectionDoesntDependOnMacroArgument.ql
• RULE-23-2 - GenericSelectionNotFromMacroWithSideEffects.ql
• RULE-23-3 - GenericWithoutNonDefaultAssociation.ql
• RULE-23-4 - GenericAssociationWithUnselectableType.ql
• RULE-23-5 - DangerousDefaultSelectionForPointerInGeneric.ql
• RULE-23-6 - GenericExpressionWithIncorrectEssentialType.ql
• RULE-23-7 - InvalidGenericMacroArgumentEvaluation.ql
• RULE-23-8 - DefaultGenericSelectionNotFirstOrLast.ql