Release summary

• New queries added for the following rule packages: FloatingPoint
• The following changes have been made for this release:
  • RULE-1-4 -EmergentLanguageFeaturesUsed.ql:
    • Allow usage of atomics,thread.h, and_Thread_local as per Misra C 2012 Amendment 4.
  • RULE-21-22,RULE-21-23 -TgMathArgumentWithInvalidEssentialType.ql,TgMathArgumentsWithDifferingStandardType.ql
    • Change type-generic macro analysis for finding macro parameters to be compatible with gcc, by ignoring early arguments inserted by gcc.
    • Change explicit conversion logic to ignore the explicit casts inserted in macro bodies by clang, which previously overruled the argument essential type.
  • RULE-13-2 -UnsequencedAtomicReads.ql:
    • Handle statement expression implementation of atomic operations in gcc.
  • RULE-21-25 -InvalidMemoryOrderArgument.ql:
    • Handle case of where the enummemory_order is declared via a typedef as an anonymous enum.
    • Rewrite how atomically sequenced operations are found; no longer look for builtins or internal functions, instead look for macros with the exact expected name and analyze the macro bodies for the memory sequence parameter.
  • RULE-9-7 -UninitializedAtomicArgument.ql:
    • Handle gcc case whereatomic_init is defined is a call toatomic_store, and take a more flexible approach to finding the initialized atomic variable.
  • DIR-4-15 -PossibleMisuseOfUndetectedInfinity.ql,PossibleMisuseOfUndetectedNaN.ql:
    • Fix issue when analyzing clang/gcc implementations of floating point classification macros, where analysis incorrectly determined thatx inisinf(x) was guaranteed to be infinite at the call site itself, affecting later analysis involvingx.
  • The following query suites have been added or modified for CERT C:
    • A new query suite has been createdcert-c-default.qls to avoid confusion with the CERT C++ query suites. Thecert-default.qls suite has been deprecated, and will be removed in a future releases, and is replaced by thecert-c-default.qls suite.
      • Thecert-c-default.qls suite has been specified as the default for the pack, and will include our most up-to-date coverage for CERT C.
    • One new query suite,cert-c-recommended.qls has been added to enable running CERT recommendations (as opposed to rules) that will be added in the future.
    • The default query suite,cert-c-default.qls has been set to exclude CERT recommendations (as opposed to rules) that will be added in the future.
  • The following query suites have been added or modified for CERT C++:
    • A new query suite has been createdcert-cpp-default.qls to avoid confusion with the CERT C query suites. Thecert-default.qls suite has been deprecated, and will be removed in a future releases, and is replaced by thecert-cpp-default.qls suite.
      • Thecert-cpp-default.qls suite has been specified as the default for the pack, and will include our most up-to-date coverage for CERT C.
    • A new query suite has been createdcert-cpp-single-translation-unit.qls to avoid confusion with the CERT C query suites. Thecert-single-translation-unit.qls suite has been deprecated, and will be removed in a future releases, and is replaced by thecert-cpp-single-translation-unit.qls suite.
  • DIR-4-15 -PossibleMisuseOfUndetectedInfinity.ql,PossibleMisuseOfUndetectedNaN.ql:
    • Add logic to suppress NaNs from the CodeQL extractor in the new restricted range analysis, which can have unexpected downstream effects.
    • Alter the behavior of floating point class guards (such asisinf,isfinite,isnan) to more correctly reflect the branches that have been guarded.
    • Query files have been moved/refactored to share logic across MISRA-C and MISRA-C++; no observable change in behavior from this is expected.
  • All CERT rules now include additional tags to represent theRisk Assessment properties specified on CERT rules.
    • In addition, new query suites are included which allow the selection of queries that represent CERT Rules (not Recommendations) for each of the Levels (1-3). These are calledcert-<lang>-<level>.qls and can be used either directly in the CodeQL CLI, or via the CodeQL Action.
  • Support for MISRA C 2023 is now completed.
    • The default query suites for MISRA C now target MISRA C 2023.
    • The user manual has been updated to list MISRA C 2023 as completed.
    • Themisra-c-2012-third-edition-with-amendment-2.qls query suite can be used to run the queries present in MISRA C 2012 (3rd Edition) and Amendment 2.

Supported versions

• The LGTM pack is not supported on any released version of LGTM without support from GitHub Professional Services.
• The Code Scanning pack is supported when:
  • Using the CodeQL CLI version2.19.4 in conjunction with a copy of the CodeQL standard library for C++ (github/codeql) set to the tagcodeql-cli/v2.19.4.
  • Using the CodeQL Action or CodeQL runner with thecodeql-bundle-v2.19.4.

Appendix: MISRA-C++-2023 new queries

New queries added to cover the following rules:

• DIR-0-3-1 -PossibleMisuseOfInfiniteFloatingPointValue.ql,PossibleMisuseOfNaNFloatingPointValue.ql