Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitff7f991

Browse files
authored
Merge branch 'main' into lcartey/contracts
2 parents337604e +4690ecb commitff7f991

File tree

361 files changed

+6319
-1583
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

361 files changed

+6319
-1583
lines changed

‎.github/workflows/bump-version.yml‎

Lines changed: 0 additions & 33 deletions
This file was deleted.

‎.github/workflows/code-scanning-pack-gen.yml‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,8 +99,8 @@ jobs:
9999
run:|
100100
PATH=$PATH:$CODEQL_HOME/codeql
101101
102-
codeql query compile --threads 0 cpp
103-
codeql query compile --threads 0 c
102+
codeql query compile --precompile --threads 0 cpp
103+
codeql query compile --precompile --threads 0 c
104104
105105
cd ..
106106
zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas

‎.github/workflows/finalize-release.yml‎

Lines changed: 60 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,12 @@ on:
99
inputs:
1010
ref:
1111
description:|
12-
Therelease branchto finalize.
12+
Theref of releaseto finalize (e.g., 'rc/MAJOR.MINOR.PATCH').
1313
required:true
14+
tool-ref:
15+
description:|
16+
The ref to the tooling to use for the finalize (e.g., 'rc/MAJOR.MINOR.PATCH').
17+
required:false
1418

1519
jobs:
1620
finalize-release:
@@ -20,34 +24,56 @@ jobs:
2024
-name:Determine ref
2125
env:
2226
REF_FROM_INPUT:${{ inputs.ref }}
27+
TOOL_REF_FROM_INPUT:${{ inputs.tool-ref }}
2328
REF_FROM_PR:${{ github.event.pull_request.merge_commit_sha }}
2429
BASE_REF_FROM_PR:${{ github.event.pull_request.base.ref }}
2530
run:|
2631
if [[ $GITHUB_EVENT_NAME == "workflow_dispatch" ]]; then
2732
echo "REF=$REF_FROM_INPUT" >> "$GITHUB_ENV"
33+
echo "TOOL_REF=$TOOL_REF_FROM_INPUT" >> "$GITHUB_ENV"
2834
echo "BASE_REF=$REF_FROM_INPUT" >> "$GITHUB_ENV"
2935
else
3036
echo "REF=$REF_FROM_PR" >> "$GITHUB_ENV"
37+
echo "TOOL_REF=$REF_FROM_PR" >> "$GITHUB_ENV"
3138
echo "BASE_REF=$BASE_REF_FROM_PR" >> "$GITHUB_ENV"
3239
fi
3340
3441
-name:Checkout
3542
uses:actions/checkout@v4
3643
with:
3744
ref:${{ env.REF }}
45+
fetch-depth:0
46+
path:release
47+
48+
-name:Checkout
49+
uses:actions/checkout@v4
50+
with:
51+
ref:${{ env.TOOL_REF }}
52+
path:tooling
53+
54+
-name:Install Python
55+
uses:actions/setup-python@v4
56+
with:
57+
python-version:"3.9"
58+
59+
-name:Install dependencies
60+
run:pip install -r scripts/release/requirements.txt
61+
working-directory:tooling
3862

3963
-name:Configure git
4064
run:|
4165
git config user.name "$GITHUB_ACTOR"
4266
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
67+
working-directory:release
4368

4469
-name:Update release tag
4570
run:|
4671
version=${BASE_REF#rc/}
4772
echo "Creating release tag v$version"
4873
49-
git tag -a v$version -m "Release v$version"
50-
git push -f origin v$version
74+
git tag -f -a v$version -m "Release v$version"
75+
git push --force origin v$version
76+
working-directory:release
5177

5278
-name:Finalize release
5379
env:
@@ -57,30 +83,51 @@ jobs:
5783
echo "Finalizing release v$version"
5884
5985
gh release edit "v$version" --draft=false --tag=v$version
86+
working-directory:release
6087

6188
-name:Determine if release was a hotfix release
6289
run:|
6390
version=${BASE_REF#rc/}
64-
echo "HOTFIX_RELEASE=$(python scripts/release/is-hotfix.py $version)" >> "$GITHUB_ENV"
91+
# We are running the script in the tooling directory with the release directory as the working directory
92+
echo "HOTFIX_RELEASE=$(python ../tooling/scripts/release/is-hotfix-release.py $version)" >> "$GITHUB_ENV"
93+
working-directory:release
94+
95+
-name:Determine next release version
96+
if:env.HOTFIX_RELEASE == 'false'
97+
run:|
98+
version=${BASE_REF#rc/}
99+
next_version=$(python scripts/release/next-version.py --component minor --pre-release dev -- $version)
100+
echo "NEXT_VERSION=$next_version" >> "$GITHUB_ENV"
101+
working-directory:tooling
102+
103+
-name:Generate token
104+
if:env.HOTFIX_RELEASE == 'false'
105+
id:generate-token
106+
uses:actions/create-github-app-token@eaddb9eb7e4226c68cf4b39f167c83e5bd132b3e
107+
with:
108+
app-id:${{ vars.AUTOMATION_APP_ID }}
109+
private-key:${{ secrets.AUTOMATION_PRIVATE_KEY }}
110+
owner:${{ github.repository_owner }}
111+
repositories:"codeql-coding-standards"
65112

66113
-name:Bump main version
67114
if:env.HOTFIX_RELEASE == 'false'
68115
env:
69-
GH_TOKEN:${{github.token }}
116+
GH_TOKEN:${{steps.generate-token.outputs.token }}
70117
run:|
71-
version=${BASE_REF#rc/}
72-
next_version="$version-dev"
73-
echo "Bumping main version to $next_version"
118+
echo "Bumping main version to $NEXT_VERSION"
74119
75120
git switch main
76121
git pull --ff-only origin main
77122
78-
git switch -c release-automation/bump-version
123+
git switch -c"release-automation/bump-version-to-$NEXT_VERSION"
79124
80-
./scripts/release/bump-version.sh "$next_version"
125+
# We are running the script in the tooling directory with the release directory as the working directory
126+
../tooling/scripts/release/bump-version.sh "$NEXT_VERSION"
81127
82128
git add -u .
83-
git commit -m "Bump version to $next_version"
84-
git push --set-upstream origin release-automation/bump-version
129+
git commit -m "Bump version to $NEXT_VERSION"
130+
git push --set-upstream origin"release-automation/bump-version-to-$NEXT_VERSION"
85131
86-
gh pr create --repo $GITHUB_REPOSITORY --base main --head release-automation/bump-version --body "Bump the version of main to the dev label of the just released version $next_version" --title "Bump version to $next_version"
132+
gh pr create --repo $GITHUB_REPOSITORY --base main --head "release-automation/bump-version-to-$NEXT_VERSION" --body "Bump the version of main to $NEXT_VERSION" --title "Bump version to $NEXT_VERSION"
133+
working-directory:release

‎.github/workflows/update-release.yml‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ jobs:
3131
uses:actions/checkout@v4
3232
with:
3333
fetch-depth:0# We need the full history to compute the changelog
34+
ref:${{ inputs.head-sha }}
3435

3536
-name:Install Python
3637
uses:actions/setup-python@v4
@@ -59,7 +60,7 @@ jobs:
5960
--layout scripts/release/release-layout.yml \
6061
--repo "$GITHUB_REPOSITORY" \
6162
--github-token "$GITHUB_REPOSITORY:$GITHUB_TOKEN" "github/codeql-coding-standards-release-engineering:$RELEASE_ENGINEERING_TOKEN" \
62-
--skip-checkrun "release-status"
63+
--skip-checkrun "release-status" "Update Release"
6364
6465
-name:Update release notes
6566
env:

‎.vscode/tasks.json‎

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,28 @@
140140
},
141141
"problemMatcher": []
142142
},
143+
{
144+
"label":"🧪 Standards Automation: Build Case Test DB from test file",
145+
"type":"shell",
146+
"windows": {
147+
"command":".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}Scripts${pathSeparator}python.exe scripts${pathSeparator}build_test_database.py ${file}"
148+
},
149+
"linux": {
150+
"command":".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}bin${pathSeparator}python3 scripts${pathSeparator}build_test_database.py ${file}"
151+
},
152+
"osx": {
153+
"command":".${pathSeparator}scripts${pathSeparator}.venv${pathSeparator}bin${pathSeparator}python3 scripts${pathSeparator}build_test_database.py ${file}"
154+
},
155+
"presentation": {
156+
"reveal":"always",
157+
"panel":"new",
158+
"focus":true
159+
},
160+
"runOptions": {
161+
"reevaluateOnRerun":false
162+
},
163+
"problemMatcher": []
164+
},
143165
{
144166
"label":"📝 Standards Automation: Format CodeQL",
145167
"type":"shell",
@@ -249,6 +271,7 @@
249271
"Null",
250272
"OperatorInvariants",
251273
"Operators",
274+
"OrderOfEvaluation",
252275
"OutOfBounds",
253276
"Pointers",
254277
"Pointers1",

‎README.md‎

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,17 +6,19 @@ This repository contains CodeQL queries and libraries which support various Codi
66

77
_Carnegie Mellon and CERT are registered trademarks of Carnegie Mellon University._
88

9-
This repository contains CodeQL queries and libraries which support various Coding Standards for the[C++14](https://www.iso.org/standard/64029.html)programminglanguage.
9+
This repository contains CodeQL queries and libraries which support various Coding Standards for the[C++14](https://www.iso.org/standard/64029.html),[C99](https://www.iso.org/standard/29237.html) and[C11](https://www.iso.org/standard/57853.html)programminglanguages.
1010

1111
The following coding standards are supported:
1212
-[AUTOSAR - Guidelines for the use of C++14 language in critical and safety-related systems (Releases R22-11, R20-11, R19-11 and R19-03)](https://www.autosar.org/fileadmin/standards/R22-11/AP/AUTOSAR_RS_CPP14Guidelines.pdf).
13-
-[MISRA C++:2008](https://www.misra.org.uk) (support limited to the rules specified in AUTOSAR).
1413
-[SEI CERT C++ Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=494932)
14+
-[SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf)
15+
-[MISRA C 2012, 3rd Edition, 1st revision](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/) (incoporating Amendment 1 & Technical Corrigendum 1). In addition, we support the following additional amendments and technical corrigendums:
16+
-[MISRA C 2012 Amendment 2](https://misra.org.uk/app/uploads/2021/06/MISRA-C-2012-AMD2.pdf)
17+
-[MISRA C 2012 Technical Corrigendum 2](https://misra.org.uk/app/uploads/2022/04/MISRA-C-2012-TC2.pdf)
1518

16-
In addition, the following CodingStandardsfor the C programming language areunder development:
19+
##:construction:Standards under development:construction:
1720

18-
-[SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition)](https://resources.sei.cmu.edu/downloads/secure-coding/assets/sei-cert-c-coding-standard-2016-v01.pdf)
19-
-[MISRA C 2012](https://www.misra.org.uk/product/misra-c2012-third-edition-first-revision/).
21+
-[MISRA C++ 2023](https://misra.org.uk/product/misra-cpp2023/) - under development_scheduled for release 2024 Q4_.
2022

2123
##How do I use the CodeQL Coding Standards Queries?
2224

‎c/cert/src/qlpack.yml‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
name:codeql/cert-c-coding-standards
2-
version:2.22.0-dev
2+
version:2.33.0-dev
33
description:CERT C 2016
44
suites:codeql-suites
55
license:MIT

‎c/cert/src/rules/INT34-C/ExprShiftedbyNegativeOrGreaterPrecisionOperand.ql‎

Lines changed: 4 additions & 87 deletions
Original file line numberDiff line numberDiff line change
@@ -15,91 +15,8 @@ import codingstandards.c.cert
1515
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
1616
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
1717
import semmle.code.cpp.controlflow.Guards
18+
import codingstandards.cpp.UndefinedBehavior
1819

19-
/*
20-
* Precision predicate based on a sample implementation from
21-
* https://wiki.sei.cmu.edu/confluence/display/c/INT35-C.+Use+correct+integer+precisions
22-
*/
23-
24-
/**
25-
* A function whose name is suggestive that it counts the number of bits set.
26-
*/
27-
classPopCountextendsFunction{
28-
PopCount(){this.getName().toLowerCase().matches("%popc%nt%")}
29-
}
30-
31-
/**
32-
* A macro which is suggestive that it is used to determine the precision of an integer.
33-
*/
34-
classPrecisionMacroextendsMacro{
35-
PrecisionMacro(){this.getName().toLowerCase().matches("precision")}
36-
}
37-
38-
classLiteralZeroextendsLiteral{
39-
LiteralZero(){this.getValue()="0"}
40-
}
41-
42-
classBitShiftExprextendsBinaryBitwiseOperation{
43-
BitShiftExpr(){
44-
thisinstanceofLShiftExpror
45-
thisinstanceofRShiftExpr
46-
}
47-
}
48-
49-
intgetPrecision(IntegralTypetype){
50-
type.isExplicitlyUnsigned()andresult=type.getSize()*8
51-
or
52-
type.isExplicitlySigned()andresult=type.getSize()*8-1
53-
}
54-
55-
predicateisForbiddenShiftExpr(BitShiftExprshift,stringmessage){
56-
(
57-
(
58-
getPrecision(shift.getLeftOperand().getExplicitlyConverted().getUnderlyingType())<=
59-
upperBound(shift.getRightOperand())and
60-
message=
61-
"The operand "+shift.getLeftOperand()+" is shifted by an expression "+
62-
shift.getRightOperand()+" whose upper bound ("+upperBound(shift.getRightOperand())+
63-
") is greater than or equal to the precision."
64-
or
65-
lowerBound(shift.getRightOperand())<0and
66-
message=
67-
"The operand "+shift.getLeftOperand()+" is shifted by an expression "+
68-
shift.getRightOperand()+" which may be negative."
69-
)and
70-
/*
71-
* Shift statement is not at a basic block where
72-
* `shift_rhs < PRECISION(...)` is ensured
73-
*/
74-
75-
notexists(GuardConditiongc,BasicBlockblock,ExprprecisionCall,ExprlTLhs|
76-
block=shift.getBasicBlock()and
77-
(
78-
precisionCall.(FunctionCall).getTarget()instanceofPopCount
79-
or
80-
precisionCall=any(PrecisionMacropm).getAnInvocation().getExpr()
81-
)
82-
|
83-
globalValueNumber(lTLhs)=globalValueNumber(shift.getRightOperand())and
84-
gc.ensuresLt(lTLhs,precisionCall,0,block,true)
85-
)and
86-
/*
87-
* Shift statement is not at a basic block where
88-
* `shift_rhs < 0` is ensured
89-
*/
90-
91-
notexists(GuardConditiongc,BasicBlockblock,ExprliteralZero,ExprlTLhs|
92-
block=shift.getBasicBlock()and
93-
literalZeroinstanceofLiteralZero
94-
|
95-
globalValueNumber(lTLhs)=globalValueNumber(shift.getRightOperand())and
96-
gc.ensuresLt(lTLhs,literalZero,0,block,true)
97-
)
98-
)
99-
}
100-
101-
fromBinaryBitwiseOperationbadShift,stringmessage
102-
where
103-
notisExcluded(badShift, Types1Package::exprShiftedbyNegativeOrGreaterPrecisionOperandQuery())and
104-
isForbiddenShiftExpr(badShift,message)
105-
selectbadShift,message
20+
fromShiftByNegativeOrGreaterPrecisionOperandbadShift
21+
wherenotisExcluded(badShift, Types1Package::exprShiftedbyNegativeOrGreaterPrecisionOperandQuery())
22+
selectbadShift,badShift.getReason()

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp