Release summary

• New queries added for the following rule packages: Concurrency9, EssentialTypes2, FloatingTypes2, Generics, Contracts, Pointers1
• The following changes have been made for this release:
  • Concurrency.qll - for all queries using this library
    • This has been refactored into a set of smaller utility files. No impact on query results or performance expected.
  • All rules usingType.qll,TypeUses.qll,Pointers.qll,TrivialType.qll,VariablyModifiedTypes.qll:
    • Files moved intocpp/common/types directory. No external changes in behavior expected.
• RULE-2-8 -UnusedObjectDefinition.ql,UnusedObjectDefinitionStrict.ql:
  • Refactor to allow additional parameters in non-macro results for libraryDeduplicateMacroResults.qll.
  • Refactor to replaceLocation withLocatable in API of libraryDeduplicationMacroResults.qll.
  • No observable difference in behavior expected.
• EssentialType - for all queries related to essential types:
  • Updated the way essential types of expressions with "conversions" (including explicit casts, parenthesis, and implicit conversions such as array-to-pointer conversions) are handled, to get proper essential types when parenthesis, casts, and generics interact.
• RULE-8-3 -DeclarationsOfAFunctionSameNameAndType.ql,DeclarationsOfAnObjectSameNameAndType.ql:
  • New shared module used to fix false positives for compound types referring to the same basic integer types under a different name, e.g., query will not report forsigned[4] used in place ofint[4] as per MISRA spec.
  • Now query will report incompatibilities for two functions of the same name with a different number of parameters.
  • Query result string updated to not use the word "Compatible," which is confusing, as it may falsely appear that the query is testing for compatibility as defined by C17.
• RULE-8-4,DCL-40C -CompatibleDeclarationFunctionDefined.ql,CompatibleDeclarationObjectDefined.ql,IncomptatibleFunctionDeclarations.ql:
  • New shared module used to fix false positives by updating "compatible" type checks to more closely match the C17 standard. For instance,int[3] andint[] are compatible declarations (whileint[3] andint[4] are not), and typedefs are now resolved as well. Some false positives may still occur regarding structs from different compilation units.
• DIR-4-9 -FunctionOverFunctionLikeMacro.ql:
  • Macros with_Generic now no longer reported.
• RULE-1-4 -EmergentLanguageFeaturesUsed.ql:
  • Ban on usage of_Generics removed.
• RULE-18-6 -ThreadLocalObjectAddressCopiedToGlobalObject.ql:
  • New query added to detect thread local objects assigned to static storage duration objects.
• RULE-21-12 -ExceptionHandlingFeaturesOfFenvhUsed.ql:
  • Added reports for#includeing "fenv.h", and for usingfesetenv,feupdatenv, andfesetround.
  • Report message altered to handle new cases.
• TheDeviationsSuppression.ql query has been restored after being incorrectly deleted in a previous release.
• DIR-4-11 -LowPrecisionPeriodicTrigonometricFunctionCall.ql:
  • New query within rule added to detect calls to periodic trigonometric functions with values outside of pi*k for k that depends on implementation and application precision goals, assuming k=1 for 32 bit floating types and k=10 for 64 bit floating types.
• RULE-8-3,RULE-8-4,DCL40-C,RULE-23-5:DeclarationsOfAFunctionSameNameAndType.ql,DeclarationsOfAnObjectSameNameAndType.ql,CompatibleDeclarationOfFunctionDefined.ql,CompatibleDeclarationObjectDefined.ql,IncompatibleFunctionDeclarations.ql,DangerousDefaultSelectionForPointerInGeneric.ql:
  • Added pragmas to alter join order on function parameter equivalence (names and types).
  • Refactored expression which the optimizer was confused by, and compiled into a cartesian product.
  • Altered the moduleCompatible.qll to compute equality in two stages. Firstly, all pairs of possible type comparisons (including recursive comparisons) are found, then those pairwise comparisons are evaluated in a second stage. This greatly reduces the number of comparisons and greatly improves performance.
• RULE-23-5:DangerousDefaultSelectionForPointerInGeneric.ql:
  • Altered the moduleSimpleAssignment.qll in accordance with the changes toCompatible.qll.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version2.19.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tagcodeql-cli/v2.19.4.
  • Using the CodeQL Action or CodeQL runner with thecodeql-bundle-v2.19.4.

Appendix: MISRA-C-2012 new queries

New queries added to cover the following rules:

• DIR-4-11 -LowPrecisionPeriodicTrigonometricFunctionCall.ql
• DIR-4-15 -PossibleMisuseOfUndetectedInfinity.ql,PossibleMisuseOfUndetectedNaN.ql
• DIR-5-1 -PossibleDataRaceBetweenThreads.ql
• RULE-18-6 -ThreadLocalObjectAddressCopiedToGlobalObject.ql
• RULE-21-22 -TgMathArgumentWithInvalidEssentialType.ql
• RULE-21-23 -TgMathArgumentsWithDifferingStandardType.ql
• RULE-22-15 -ThreadResourceDisposedBeforeThreadsJoined.ql
• RULE-22-17 -InvalidOperationOnUnlockedMutex.ql
• RULE-22-18 -NonRecursiveMutexRecursivelyLocked.ql,NonRecursiveMutexRecursivelyLockedAudit.ql
• RULE-22-19 -ConditionVariableUsedWithMultipleMutexes.ql
• RULE-22-20 -ThreadStorageNotInitializedBeforeUse.ql,ThreadStoragePointerInitializedInsideThread.ql
• RULE-23-1 -GenericSelectionNotExpandedFromAMacro.ql,GenericSelectionDoesntDependOnMacroArgument.ql
• RULE-23-2 -GenericSelectionNotFromMacroWithSideEffects.ql
• RULE-23-3 -GenericWithoutNonDefaultAssociation.ql
• RULE-23-4 -GenericAssociationWithUnselectableType.ql
• RULE-23-5 -DangerousDefaultSelectionForPointerInGeneric.ql
• RULE-23-6 -GenericExpressionWithIncorrectEssentialType.ql
• RULE-23-7 -InvalidGenericMacroArgumentEvaluation.ql
• RULE-23-8 -DefaultGenericSelectionNotFirstOrLast.ql